I’ve written about B2B filtering in the past, but I don’t blog too much about corporate filtering overall. The reason for this is that the corporate landscape is a lot broader and less consistent than the consumer space. That makes it much more difficult to tell senders how to handle corporate filtering, because each corporation is different.
But as I think I about it, I realize that’s not necessarily true. In the corporate space there are a few big filtering providers, a couple major hosting systems and a major open source package. While the overall goals of business filtering are slightly different, many businesses have similar goals for their inbound filtering.
- Protect the business from malicious emails.
- Boost the bottom line.
- Protect employees from a hostile work environment.
- Keep management and “higher ups” happy.
One of the easy ways to think about the differences is to consider that many of the major email providers have completely separate mail systems for their employees and their users. How they treat mail for their employees is very different from how they treat mail for their users.
Some of the separation is to distinguish “official” from “unofficial” communications and to make it clear to users and outsiders which accounts speak for the company and which accounts are simply users. But in almost every case the filtering is different as well.
Of course, corporate filters aren’t that different. Filters, particularly those outsourced to a filtering company or using a managed service look at complaints, content, bounces and spamtraps just like ISP filters. But they look a lot harder at malicious content to protect the corporate network. Corporations don’t really care if employees “want” mail or if they’re engaged with mail, so many of the engagement recommendations don’t apply.
In terms of getting blocked at a corporation there are a couple things to remember. Mail the wrong person (senior management) the wrong thing and they may be able to get all your mail blocked for all their employees. But this is usually a high bar, most people are too busy to figure out how to block mail from a sender and so they’ll just delete and ignore.
I’ve never heard anyone tell me they like getting unsolicited emails at work any more than they like getting unsolicited emails at home. The differences in corporate filtering makes some senders think purchasing lists, harvesting and even creating addresses is OK. If they’re not getting blocked, then it’s all OK. Most businesses will tell you they don’t want senders spamming their employees, but they don’t spend a lot of time blocking mail. They have better things to do.
The problem is of course that quite a few more businesses have wannabe bofhs running email, or horribly designed corporate filters, than ISPs do.
Or the admins are so overworked that they’re like – “Mail with any Received: header that has a CBL IP in it? Send it to /dev/null – don’t bounce it, because some random CISSP claims it exposes our internal hostnames to the world and should be avoided”
Of course absolutely no channel for any sort of redressal. And nobody at the listed front office for the company has a clue about who runs their email – quite often it is a totally different company operating their servers on contract.
Deliverability in the corporate world is a major pain.