Spamhaus answers marketer questions

A few months ago, Ken Magill asked marketers, including the folks at Only Influencers to provide him with questions to pass along to Spamhaus. Spamhaus answered the first set in March, but then were hit with the Stophaus attack and put answering further questions on hold. Last week, they provided a second set of answers and this week they provided a third.
Nothing in there is surprising, but it’s worth folks heading over and reading.
There are a couple useful things that I think are worth highlighting.
When discussing spamtraps and how Spamhaus handles the traps.

[A]ll the emphasis on spamtraps is rather misplaced. While traps are one way to detect spam problems, the goal of legitimate mailers should be to only send to fully opt-in subscribers, not simply to avoid spamtraps. If only spamtraps received spam and user mailboxes were completely free of it, Spamhaus would have no reason to exist. Part 2

When discussing proving that senders are using an opt in process.

Most systems log email address, connecting IP, timestamp, and origin of the subscription (where the address was collected). Name and other personal info may also be collected. That’s all good for your own use, but all such evidence can also be forged so it really doesn’t help in resolving an SBL. Besides, we understand that you may not be able to share private information. The important thing to show us is not the historic logs, although they might help in some case, but a documented process of address acquisition, for example a process where we could confirm a subscription for our own test address. Part 3

The overall theme of the answers is that Spamhaus’ responsibility is to their users. They take that responsibility very seriously and use whatever tools they have available to identify mail sent without recipient permission.
On a more administrative level: July has been busy and I’ve been swamped with client work. I’m working on a couple long blog posts and hoped to have one of them done today, but the world did not cooperate. But I will have posts up later this week.

Related Posts

Spamhaus and Gmail

Today’s been chock full of phone calls and dealing with clients, but I did happen to notice a bunch of people having small herds of cows because Spamhaus listed www.gmail.com on the SBL.
“SPAMHAUS BLOCKS GOOGLE!!!” the headlines scream.
My own opinion is that Google doesn’t do enough to police their network and their users, and that a SBL listing isn’t exactly a false positive or Spamhaus overreaching. In this case, though, the headlines and the original article didn’t actually get the story right.
Spamhaus blocked a range of IP addresses that are owned by Google that included the IP for www.gmail.com. This range of IP addresses did not include the gmail outgoing mailservers.
Spamhaus says

Read More

Confirming addresses for transactional mail

A colleague was asking about confirming transactional mail today. It seems a couple of big retailers got SBLed today for sending receipts to spamtraps. I talked a few weeks ago about why it’s important to let people unsubscribe from transactional email, and many of those same things apply to confirming receipts.

Read More

Are you sure you didn't opt in?

Yes, really. I’m sure I didn’t opt-in.
I get a lot of spam. I get a lot of spam to addresses that aren’t used to sign up for mail. But it seems inevitable that when I bring up examples of receiving spam I inevitably get asked, “Are you sure you didn’t opt-in?”
On one level I can understand the question when I send in a complaint to an abuse desk and they’re dealing with a customer who swears all their mail is opt-in. It makes sense when an ESP is working to identify what may have happened so they can correct their customers’ behaviour.
But when it’s a client who has hired me to investigate their email delivery problems and I provide examples of spam sent to me? Why, WHY would I lie to you? Why would I claim I’m getting spam if I wasn’t? What use is that? How does me forgetting I subscribed actually help fix your delivery?
And even if I did forget, shouldn’t that be a sign that maybe there is some issue with your mail program that people sign up and forget?
I am not sure what causes clients to think I would tell them they’re spamming me when they’re really not. I certainly do tell clients when I opt-in and enjoy their mail while offering advice on how to improve their marketing program. I’m not sure what’s going through their heads when I say, “Oh, you (or your affiliate) is sending me a lot of spam,” that prompts them to ask, “Are you sure you didn’t opt-in?”

Read More