The death of IP based reputation

T

Back in the dark ages of email delivery the only thing that really mattered to get your email into the inbox was having a good IP reputation. If your IP sent good mail most of the time, then that mail got into the inbox and all was well with the world. All that mattered was that good IP reputation. Even better for the people who wanted to game the system and get their spam into the inbox, there were many ways to get around IP reputation.
Every time the ISPs and spam filtering companies would work out a way to block spam using IP addresses, spammers would figure out a way around the problem. ISPs started blocking IPs so spammers moved to open relays. Filters started blocking open relays, so spammers moved to open proxies. Filters started blocking mail open proxies so spammers created botnets. Filters started blocking botnets, so spammers started stealing IP reputation by compromising ESP and ISP user accounts.  Filters were constantly playing catchup with the next new method of getting a good IP reputation, while still sending spam.
While spammers were adapting and subverting IP based filtering a number of other things were happening. Many smart people in the email space were looking at improving authentication technology. SPF was the beginning, but problems with SPF led to Domains Keys and DKIM. Now we’re even seeing protocols (DMARC) layered on top of DKIM. Additionally, the price of data storage and processing got cheaper and data mining software got better.
The improvement in processing power, data mining and data storage made it actually feasible for ISPs and filtering companies to analyze content at standard email delivery speeds. Since all IPv4 addresses are now allocated, most companies are planning for mail services to migrate to IPv6. There are too many IPv6 IPss to rely on IP reputation for delivery decisions.
What this means is that in the modern email filtering system, IPs are only a portion of the information filters look at when making delivery decisions. Now, filters look at the overall content of the email, including images and URLs. Many filters are even following URLs to confirm the landing pages aren’t hosting malicious software, or isn’t content that’s been blocked before. Some filters are looking at DNS entries like nameservers and seeing if those nameservers are associated with bad mail. That’s even before we get to the user feedback, in the form of “this is spam” or “this is not spam” clicks, which now seem to affect both content, domain and IP reputation.
I don’t expect IP reputation to become a complete non-issue. I think it’s still valuable data for ISPs and filters to evaluate as part of the delivery decision process. That being said, IP reputation is so much less a guiding factor in good email delivery than it was 3 or 4 years ago. Just having an IP with a great reputation is not sufficient for inbox delivery. You have to have a good IP reputation and good content and good URLs.
Anyone who wants good email delivery should consider their IP reputation, but only as one piece of the delivery strategy. Focusing on a great IP reputation will not guarantee good inbox delivery. Look at the whole program, not just a small part of it.

About the author

13 comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Well, content filtering in addition to IP reputation was there from quite a long time. At AOL and Cloudmark they do content filtering and that is why we get hvu b1 bounce back from AOL and content bounce back from Cloudmark. These days, ISP’s are more focused on user engagement. I agree that you will get engagement when that mail goes to inbox or spam folder. But the more positive UE we have, chances are more mail goes to inbox. Nice article, Laura. Thanks.

  • er… Yeah! IPv5. That transitional step between v4 and v6. Or… um… Thanks for pointing out the dumb typo, I fixed it.

  • Thanks, Laura. This is a great review of the IP reputation ‘contortions’ and evolution.
    I believe IP reputation is still more of a spammer’s problem though. For legitimate email marketing, is much more the issue of user engagement.
    Isn’t it?
    Cheers,
    ~Steve

  • Laura, I am curious why you think all IP V4 addresses have been allocated? According to the 5 RIR’s they have multiple /8’s.

  • ICANN allocated the last couple of blocks of general usage IPv4 addresses to APNIC [Jan 31, 2011].
    There are just five usable blocks of addresses left, and they’re reserved by IANA policy for the final phase of IPv4 exhaustion, one for each RIR.
    We have no IPv4

  • ARIN has over 2 /8’s alone which is about 35 million IP’s left to allocate. That’s just one of the 5. There are still a ton of IP’s out there to allocate.

  • There is a very simple solution to this.
    IP based reputation can’t work with IPv6 if a spammer can change IP 20 million times a day and not run our of IPs.
    But flip this round:
    Random access IPv6 ips are perfect for mobile users and other networked devices which need internet connections; but instead of just throwing away all of the infrastructure and data for dealing with IPv4-originated emails; we simply reserve the 3 billion IPv4 IPs for services, processes and products (like email) which rely on static-IP monitoring.

By laura

Recent Posts

Archives

Follow Us