Do you have an abuse@ address?

I’ve mentioned multiple times before that I really don’t like using personal contacts until and unless the published or official channels fail. I don’t hold this opinion just about resolving delivery issues, but also use official channels when reporting spam to one of my addresses or spam traps.
My usual complaints contain a plain text copy of the mail, including full headers and a short summary of the email address it was sent to. “This is an address that was part of a leak from…” or “This is an address scraped off my website. It’s been removed from the website since 2004” or “This address isn’t used to sign up for any mail.”
Sadly, there are a number of “legitimate” ESPs that don’t have or don’t monitor their abuse address. In some cases it’s an oversight or a break down of internal mail handling. But in most cases, it’s a sign that the ESP doesn’t actually handle abuse.
It’s frustrating to watch an ESP post long blog posts about “best practices” and “effective delivery” and “not spamming” and yet not be able to actually stop their own customers from spamming. It’s not even that I necessarily want them to disconnect their spamming customers (although that would be nice) but suppressing the address that I’ve told them was a spamtrap seems trivial. And yet, a month after my first complaint and weeks after escalating to a personal contact, I’m still getting spam.
The 5 things every ESP should do to handle spam complaints.

  1. Create an abuse address for mail domains. This includes abuse@corporate domain, abuse@ MTA domains, abuse@ return path domain. If it’s in the headers and it accepts mail, it should have an abuse@ address. 
  2. Confirm the abuse@ addresses get to the correct team. I’ve talked with some ESP reps who just have no idea where abuse@ one or more of their domains go. In some cases, they just get lost inside the company.
  3. Customize filters on the abuse@ addresses so reports of spam don’t get bounced with “blocked for spam.” Yes, I know it’s spam, it came from that network and I’m telling you. Telling me it’s spam is not a surprise. Not accepting the spam back, though, is just rude.
  4. Suppress the addresses of people who complain. Even if the customer isn’t disconnected, there is no reason to keep spamming someone who has sent in a complaint.
  5. Pay attention to people who actually tell you the addresses are spamtraps. Put those traps in upload and send filters. I am pretty open about a number of my traps here on the blog and on some mailing lists. When I get spam from companies that I know have reps on those lists, I just think the companies don’t care that their customers spam.

Handling complaints about abuse or spam from a network is part of being a good service provider. Don’t leave the handling to chance, actually test abuse@ addresses. Feedback loops are great and all, but a number of us still send hand crafted abuse complaints because we think a company will act on them. When the company consistently ignores complaints and lets customers continue to spam they eventually turn into just another spam supporter.

Related Posts

Should you respond to complaints

David Spinks asks on twitter:

Should you ever contact someone who made an abuse complaint about your newsletter to find out why

Read More

Spamhaus and Gmail

Today’s been chock full of phone calls and dealing with clients, but I did happen to notice a bunch of people having small herds of cows because Spamhaus listed www.gmail.com on the SBL.
“SPAMHAUS BLOCKS GOOGLE!!!” the headlines scream.
My own opinion is that Google doesn’t do enough to police their network and their users, and that a SBL listing isn’t exactly a false positive or Spamhaus overreaching. In this case, though, the headlines and the original article didn’t actually get the story right.
Spamhaus blocked a range of IP addresses that are owned by Google that included the IP for www.gmail.com. This range of IP addresses did not include the gmail outgoing mailservers.
Spamhaus says

Read More

Spamtraps

There is a lot of mythology surrounding spamtraps, what they are, what they mean, how they’re used and how they get on lists.
Spamtraps are very simply unused addresses that receive spam. They come from a number of places, but the most common spamtraps can be classified in a few ways.

Read More