Looking forward

The nice folks over at Sparkpost asked me and other email experts for some thoughts on what we think the most important issues in email will be in 2016.
I do think security is going to be a major, major change in delivery. From what I’ve seen there’s been a shift in the mindset of a lot of people. Previously a lot of folks in the email space were very accommodating to old systems and unauthenticated mail and were not quite ready to cut off senders that didn’t meet modern standards.
shareasimage
There were a lot of people who didn’t want to take any action that would break email. There are still a lot of people who think that breaking email is a bad thing and changes should be backwards compatible.
Then people started realizing not every change had to be backwards compatible.
 
There are a few reasons I think this attitude shift happened.

Email is a malicious channel.

I’ve mentioned this before, but email is an incredibly malicious channel and much of the email traffic out there is actively trying to hurt or steal from people. People have been fighting this malicious traffic for almost 2 decades. Some of the same folks who were doing this when I first started are still doing this. What they’ve done so far has mitigated many of the damages, but the problem isn’t under control. Now we’re looking at more than just a few tens of dollars paid to a spammer, but tens of thousands of dollars wired from businesses.
Internet crime is not “virtual” any longer. It’s real and it’s toxic.

The rise of Social Media.

Even a decade ago email lists were the way to chat with friends. Yes, there were some web based forums, but a lot of how we interacted with each other online was through email. Now, we have social media to communicate with folks. And it gives us a lot more flexibility. One of the things that seemed to happen on mailing lists, particularly large ones, is off topic posts and side conversations. People split off private lists as friendships (and even cliques) developed. This is so much easier with social media!
Social media has created an environment where email is not the only way to communicate and is often not the best way to communicate.

Yahoo broke email, and we all survived.

Then, 18 months ago, Yahoo flipped the p=reject switch for the yahoo.com domain. That did break email. A lot of people ended up scrambling very, very hard and fast to cope with how much this broke email. Even now, the problems created by Yahoo (and then AOL and soon Gmail) requiring all mail using their domains to come from their servers are not yet completely mitigated. But work arounds and fixes are being implemented.
I think this convinced a lot of people that “breaking email” wasn’t necessarily a bad thing. Three or so years ago, I made the statement I didn’t see the webmail providers implementing p=reject, because I really didn’t. It would force users to change how they use email. But, they did and   we could force a higher level of security, and even if it did break email the problems would be addressed and people would adapt.

IPv6 will change everything.

Even though most mail isn’t currently using IPv6 people are planning for it. They also realized they didn’t have to account for old, legacy systems that weren’t updated. Delivery standards could be set, like having rDNS or requiring authentication, and senders would have to cope. And people coped.
All in all, email security is going to be A Big Deal in 2016 and beyond.

Related Posts

Strangers, connections and social media

One of the major challenges of social media is letting people connect with folks they don’t know while preventing abuse. Most of the major social networks are trying.
Let’s look at LinkedIn and the tools they give users to stop abuse. Overall, they are pretty good about stopping their platform from being abused, but don’t have many processes to stop folks from harvesting connection addresses off LinkedIn and then adding those addresses to marketing lists. Does it happen frequently? No. But it does happen.
I have a pretty liberal “accept an invite” policy on LinkedIn. If people want to connect with me there and they have real profiles and they’re in a relevant space, I generally accept their invites. This means there are times when I connect with people I don’t know. I’m OK with this, LinkedIn is a great way to meet an interact with colleagues. It also means that sometimes people connect with me, take my information and add it to their marketing lists.
This morning I got an invite from Greg Williams. The name and profile looked like one I’d seen before, so I dug through my mail to see why this raised my hackles. I figured it out. Greg is president of some Tuscon area scholarship fund. A year or so ago he decided to ask all his LinkedIn connections to donate thousands of dollars to his non-profit. I decided this was not a connection I really needed on LinkedIn and removed him.
I don’t really have a connection with Mr. Williams. We didn’t go to the same schools, we don’t work in similar fields. LinkedIn tells me that we have two connections in common. I know nothing about him except that the last time I connected with him on LinkedIn he decided to take this as an invitation to spam me with money requests for his foundation. A foundation he didn’t really tell me anything other than “we give money for scholarships.”
Even more crazy is that Mr. Williams sent me an invite that says “I trust you and I’d like you to be part of my LinkedIn network.” I’m not sure who you are or who you think I am, but I don’t think you know me well enough to trust me.
I’m not against reconnecting with Mr. Williams again, but I want to be sure he understands that just because we connect on LinkedIn doesn’t mean I want to be added to his begging list. I looked for a way through LinkedIn to send Mr. Williams a response. But I can’t. My two choices are to ignore him or report spam. I think I’ll ignore him, for now.
One thing LinkedIn does to stop this problem is get feedback from users. When I click Ignore on the invite I get the opportunity to tell LinkedIn “I don’t know this person.” Hopefully, telling them I don’t know this person will stop future invites.
Social networks are a great thing and allow people to connect and create communities and interact with one another. Stopping users from abusing other members of the network is an important part of that community building framework.
 

Read More

Social invading everything

I discovered, inadvertently, that there is a business networking site modeled after dating site. If you’re selling something you go on the site and register as a seller. If you’re buying something you go on the site and register as a buyer. Buyers can post RFIs and sellers can respond.
Decent enough business model, they’ve even fleshed it out so the site itself acts as an invoicing and billing mechanism.
That’s how I discovered it, one of our very large international telco customers decided they wanted to use this site for billing. Many large telcos expect vendors to use their proprietary site, so I wasn’t that surprised when they asked. And, given they’re international being able to bill them electronically just means I don’t have to remember to use the international stamps.
At the behest of our customer, I signed up at the website. It’s like most social networking sites, create a profile, categorize yourself, make everything public. The thing is, I don’t want to use this site to find new customers. I am just using it because one of my current customers is expecting it. Don’t get me wrong, Abacus is a great product and our customers are extremely happy with it, but it’s pretty niche. It’s not something that’s going to be searched for on a generic website.
I thought that when I set my profile to private that would be some sort of signal to keep me out of the main directory of the site. This morning I realized that wasn’t true when I got a bunch of emails telling me about all these companies looking for “business software” (the closest category I could find).
Getting a bunch of irrelevant mail was annoying enough. Even worse, there was no unsub link in the email. Eventually, I discovered an entire page of email options that were not made clear to me up front. I also sent mail to support and suggested that they talk to their lawyers to clarify whether their opt-out option was consistent with CAN SPAM. I’m pretty sure it doesn’t, but I am not a lawyer.
To the company’s credit, they did have good support and my questions through support were answered in a timely fashion. One of their support reps even called me on the phone to clarify what it was that I wanted to happen and walk me through their email options. She was very upfront about yes, they opted everyone in to all the mail at the very beginning of the process. “We’re like match.com for businesses!”
I’m sure there are some businesses that will find this service to be great. But it’s not what I want or need. Despite the fact that their support was so helpful, I don’t have a great feeling about this company. It seems a bit dishonest that I thought I was signing up for a billing portal, but was actually joining “match.com for businesses. Why couldn’t they make that clear in the 7 emails in 2 days “inviting” me to sign up?
I know I’m a little more sensitive to bad mailing processes than most people, but this was quite an unpleasant experience from the multiple identical emails and reminders before I signed up to the irrelevant stuff I got afterwards.

Read More

Social media the Home Depot way

I’ve been following Richard the Cat on Twitter for a while. It’s the story of a family and their trials and tribulations with their yard as told by their cat.
The twitter feed (and Richard’s tumblr) are a product of the Home Depot marketing department. And it’s great. Richard has awesome comments on his humans and their struggle to create a happy yard. The tweets are low key and not overly home depot branded, but every Richard tweet I see, I think about the yard and things we might need from Home Depot.
And, of course, who on the internet doesn’t love a cat meme?
To my mind this is one of the better examples of brand social media. There is a theme. The tweets and tumblr does remind followers of the brand – Richard is an orange cat after all. The process is participatory, followers can upload cat photos on the Tumblr and tweet with Richard on Twitter.
Social media is social; a two way street. A lot of brands fail with the social part in that they treat it as a one way street. Home Depot doesn’t do that with Richard.

Read More