Spamhaus answers marketer questions

A few months ago, Ken Magill asked marketers, including the folks at Only Influencers to provide him with questions to pass along to Spamhaus. Spamhaus answered the first set in March, but then were hit with the Stophaus attack and put answering further questions on hold. Last week, they provided a second set of answers and this week they provided a third.
Nothing in there is surprising, but it’s worth folks heading over and reading.
There are a couple useful things that I think are worth highlighting.
When discussing spamtraps and how Spamhaus handles the traps.

[A]ll the emphasis on spamtraps is rather misplaced. While traps are one way to detect spam problems, the goal of legitimate mailers should be to only send to fully opt-in subscribers, not simply to avoid spamtraps. If only spamtraps received spam and user mailboxes were completely free of it, Spamhaus would have no reason to exist. Part 2

When discussing proving that senders are using an opt in process.

Most systems log email address, connecting IP, timestamp, and origin of the subscription (where the address was collected). Name and other personal info may also be collected. That’s all good for your own use, but all such evidence can also be forged so it really doesn’t help in resolving an SBL. Besides, we understand that you may not be able to share private information. The important thing to show us is not the historic logs, although they might help in some case, but a documented process of address acquisition, for example a process where we could confirm a subscription for our own test address. Part 3

The overall theme of the answers is that Spamhaus’ responsibility is to their users. They take that responsibility very seriously and use whatever tools they have available to identify mail sent without recipient permission.
On a more administrative level: July has been busy and I’ve been swamped with client work. I’m working on a couple long blog posts and hoped to have one of them done today, but the world did not cooperate. But I will have posts up later this week.

Related Posts

Some thoughts on permission

A lot of email marketing best practices center around getting permission to send email to recipients. A lot of anti-spammers argue that the issue is consent not content. Both groups seem to agree that permission is important, but more often than not they disagree about what constitutes permission.
For some the only acceptable permission is round trip confirmation, also known as confirmed opt-in or double opt-in.
For others making a purchase constitutes permission to send mail.
For still others checking or unchecking a box on a signup page is sufficient permission.
I don’t think there is a global, over arching, single form of permission. I think context and agreement matters. I think permission is really about both sides of the transaction knowing what the transaction is. Double opt-in, single opt-in, check the box to opt-out area all valid ways to collect permission. Dishonest marketers can, and do, use all of these ways to collect email addresses.
But while dishonest marketers may adhere to all of the letters of the best practice recommendations, they purposely make the wording and explanation of check boxes and what happens when confusing. I do believe some people make the choices deliberately confusing to increase the number of addresses that have opted in. Does everyone? Of course not. But there are certainly marketers who deliberately set out to make their opt-ins as confusing as possible.
This is why I think permission is meaningless without the context of the transaction. What did the address collector tell the recipient would happen with their email address? What did the address giver understand would happen with their email address? Do these two things match? If the two perceptions agree then I am satisfied there is permission. If the expectations don’t match, then I’m not sure there is permission involved.
What are your thoughts on permission?

Read More

Spamhaus and Gmail

Today’s been chock full of phone calls and dealing with clients, but I did happen to notice a bunch of people having small herds of cows because Spamhaus listed www.gmail.com on the SBL.
“SPAMHAUS BLOCKS GOOGLE!!!” the headlines scream.
My own opinion is that Google doesn’t do enough to police their network and their users, and that a SBL listing isn’t exactly a false positive or Spamhaus overreaching. In this case, though, the headlines and the original article didn’t actually get the story right.
Spamhaus blocked a range of IP addresses that are owned by Google that included the IP for www.gmail.com. This range of IP addresses did not include the gmail outgoing mailservers.
Spamhaus says

Read More

Equivocating about spamtraps

What is a spamtrap? According to a post I saw on Twitter:

Read More