Ask Laura: Should we allow tagged addresses?

AmsCanal1

Hi Laura,
First of all, I’d like to thank you for the amazing blog. It helps me a lot and I have much fun to read it.
Now I have a question to the google alias addresses.
As you must have known, Google offers alias addresses and you can put any thing between the local part and @gmail.com with a “+” sign
What do you think, what should the onlineshops deal with such address for newsletters?
Should they be acceptable globally? Even “+trash”? Or better we do not use it?
Thanks in advance and best wishes from Germany.
Trash the Tags

Hi, Tags
Thanks for your kind words and for being a loyal blog reader.
Tagged addresses are a subject near and dear to my heart. I’ve been using tagged addresses for almost 20 years now and I love how they help me manage my incoming email and my online identity. I have found so many advantages to using tagged addresses, I can’t imagine ever not using them.

  • Tagged addresses let me filter mail effectively. In this case, they make sure I don’t lose mail I want. Every few weeks I go through my inbox and look at what tags are delivering there. I pull them out and update my filters so those messages will bypass spam assassin and my mail client filters and be delivered exactly where I want them to be. Newsletters go into one folder, marketing goes into another, social media notifications go into a third, different mailing lists go into their respective folders. I could not do this as effectively as I do without tags.
  • Tagged addresses let me identify phishing. All of my online accounts have tagged addresses. If I get mail “from” that online service and it’s not to that tagged address I know it’s not legitimate and I should not give them any information or click any links.
  • Tagged addresses let me keep an eye on spam. There are tagged addresses that I used and stopped using for various reasons. Some were scraped from websites, some were leaked by vendors, others were stolen from ESPs, the list goes on. If I get messages to certain groups of addresses I can monitor a small part of the spam ecosystem. I can see who is scraping the web, buying stolen lists, or other nefarious behavior.

To answer your question, I absolutely think that tagged addresses should be globally acceptable, even when they’re things like +trash. This goes back to senders respecting recipients and being aware that email is a very personal way of interacting with customers. You’re entering their home and their inbox, treat the space with respect.
When people hand over email addresses, the permission that they’re giving you is tied directly to that email address. Permission isn’t transitive. While it may sound appealing, stripping the tag is the same as creating a different address for that person. It’s not a good idea to assume you know better about that person than they do.
You can think about it as compared to phone numbers. I contact your sales team and ask some questions. I leave my work number for followup discussions. An aggressive sales person decides that he isn’t satisfied with talking to me during business hours. Instead, he goes out and discovers my home phone number. Now he starts calling me at home at dinner time to discuss his offer.  Most folks would consider that extremely rude, right? Same thing with tagged addresses. I gave you this address to contact me, don’t make changes to it or attempt to contact me at another address.
The other thing to think about is that often folks who use tagged addresses are the most sensitive to spam. They’re reasonably technically savvy, enough to know tagged addresses are a thing and how to use them. If you strip the tag they are not going to treat it very well. I know for me, whenever I get a message to an untagged address I immediately view it as spam. If someone is mailing an untagged address they don’t have permission and they’re spamming. If I received mail at a provider with a “this is spam” button I would hit it. That dings the sender’s reputation and, if enough people do it, can affect inbox delivery.
Respect the tags,
Laura

Vague reports of Yahoo problems
Affiliates can be liable for fraud

Related Posts

Abuse it and lose it

Last week I blogged about the changes at ISPs that make “ISP Relations” harder for many senders. But it’s not just ISPs that are making it a little more difficult to get answers to questions, some spam filtering companies are pulling back on offering support to senders.
For instance, Cloudmark sent out an email to some ESPs late last week informing them that Cloudmark was changing their sender support policies. It’s not that they’re overwhelmed with delisting requests, but rather that many ESPs are asking for specific data about why the mail was blocked. In December, Spamcop informed some ESPs that they would stop providing data to those ESPs about specific blocks and spam trap hits.
These decisions make it harder for ESPs to identify specific customers and lists causing them to get blocked. But I understand why the filtering companies have had to take such a radical step.
Support for senders by filtering companies is a side issue. Their customers are the users of the filtering service and support teams are there to help paying customers. Many of the folks at the filtering companies are good people, though, and they’re willing to help blocked senders and ESPs to figure out the problem.
For them, providing information that helps a company clean up is a win. If an ESP has a spamming customer and the information from the filtering company is helping the ESP force the customer to stop spamming that’s a win and that’s why the filtering companies started providing that data to ESPs.
Unfortunately, there are people who take advantage of the filtering companies. I have dozens of stories about how people are taking advantage of the filtering companies. I won’t share specifics, but the summary is that some people and ESPs ask for the same data over and over and over again. The filtering company rep, in an effort to be helpful and improve the overall email ecosystem, answers their questions and sends the data. In some cases, the ESP acts on the data, the mail stream improves and everyone is happy (except maybe the spammer). In other cases, though, the filtering company sees no change in the mail stream. All the filtering company person gets is yet another request for the same data they sent yesterday.
Repetition is tedious. Repetition is frustrating. Repetition is disheartening. Repetition is annoying.
What we’re seeing from both Spamcop and Cloudmark is the logical result from their reps being tired of dealing with ESPs that aren’t visibly fixing their customer spam problems. Both companies are sending some ESPs to the back of the line when it comes to handling information requests, whether or not those ESPs have actually been part of the problem previously.
The Cloudmark letter makes it clear what they’re frustrated about.

Read More

AHBL Wildcards the Internet

AHBL (Abusive Host Blocking List) is a DNSBL (Domain Name Service Blacklist) that has been available since 2003 and is used by administrators to crowd-source spam sources, open proxies, and open relays.  By collecting the data into a single list, an email system can check this blacklist to determine if a message should be accepted or rejected. AHBL is managed by The Summit Open Source Development Group and they have decided after 11 years they no longer wish to maintain the blacklist.
A DNSBL works like this, a mail server checks the sender’s IP address of every inbound email against a blacklist and the blacklist responses with either, yes that IP address is on the blacklist or no I did not find that IP address on the list.  If an IP address is found on the list, the email administrator, based on the policies setup on their server, can take a number of actions such as rejecting the message, quarantining the message, or increasing the spam score of the email.
The administrators of AHBL have chosen to list the world as their shutdown strategy. The DNSBL now answers ‘yes’ to every query. The theory behind this strategy is that users of the list will discover that their mail is all being blocked and stop querying the list causing this. In principle, this should work. But in practice it really does not because many people querying lists are not doing it as part of a pass/fail delivery system. Many lists are queried as part of a scoring system.
Maintaining a DNSBL is a lot of work and after years of providing a valuable service, you are thanked with the difficulties with decommissioning the list.  Popular DNSBLs like the AHBL list are used by thousands of administrators and it is a tough task to get them to all stop using the list.  RFC6471 has a number of recommendations such as increasing the delay in how long it takes to respond to a query but this does not stop people from using the list.  You could change the page responding to the site to advise people the list is no longer valid, but unlike when you surf the web and come across a 404 page, a computer does not mind checking the same 404 page over and over.
Many mailservers, particularly those only serving a small number of users, are running spam filters in fire-and-forget mode, unmaintained, unmonitored, and seldom upgraded until the hardware they are running on dies and is replaced. Unless they do proper liveness detection on the blacklists they are using (and they basically never do) they will keep querying a list forever, unless it breaks something so spectacularly that the admin notices it.
So spread the word,

Read More

Looking for message labs help?

There’s a common bounce error from the Message Labs’ filtering appliance that goes no where.

Read More