Listbombing Webinar

Earlier this week I gave a webinar hosted by the EEC and the DMA discussing the listbombing problem. They will be making the recording available later this week and I will link to it then.
I wish I could say the issue was done and over with and that it was something we don’t have to worry about any longer. Unfortunately, that’s just not the case. Attacks are ongoing. Many of them are being caught and mitigated, but they’re still occurring.
We can’t let up our guard, though. Attackers will adapt to the mitigations and negate them.
And remember, listbombing is a sign that your subscription process is not collecting accurate data. If Evil Bob or Dumb Bob can give you Real Bob’s address then your data is all suspect. The problem is somewhat in the form, but it’s also in the whole process. What steps can you take to verify data without creating too much friction in the process?
This is an opportunity for forward thinking companies to reconsider their subscription and address acquisition processes. How do we get Bob’s address and information without Evil Bob or Dumb Bob giving us bad data and without contributing to the overall abuse online.
 

Is your website up? Are you sure?
Poor delivery at Gmail but no where else

Related Posts

Spamhaus and subscription bombing

Spamhaus released a blog post today discussing the recent subscription bombing: Subscription bombing COI captcha and the next generation of mail bombs.
As I mentioned in my initial posts, this abusive behavior goes beyond spamming. This is using email to harass individuals. Spamhaus even mentions a potential service that can be used to do these kinds of mailbombing.
Things folks need to know is that this is not just about ESPs and commercial mail. One of the big targets was WordPress admin forms. As Spamhaus says:

Read More

Ongoing subscription form abuse

Last week Spamhaus posted information on the ongoing subscription attacks. They provided a more information about them that was not make public previously, including some information about the volume of mail some targets received.
Today SendGrid also blogged about this, going into a little more detail about why senders should care about this. They also provided a number of suggestions for how to mitigate the risk of being part of an attack.
Many abstract images on the theme of computers, Internet and high technology.
There are a couple of things I think it’s important for folks to realize.

Read More

July 2016: The Month in Email

We got to slow down — and even take a brief vacation — in July, but we still managed to do a bit of blogging here and there, which I’ll recap below in case you missed anything.
Sonoma1
At the beginning of the month, I wrote about email address harvesting from LinkedIn. As you might imagine, I’m not a fan. A permissioned relationship on social media does not equate to permission to email. Check out the post for more on mailing social media contacts.
Even people who are collecting addresses responsibly can face challenges. One of the most important challenges to address is paying attention to your existing subscription processes, testing them regularly, evaluating effectiveness and optimizing as needed.
Our most commented-upon post this month was a pointer to a smart writeup about Hillary Clinton’s email server issues. Commenters were pretty evenly split between those who agreed that they see this kind of workaround frequently, and those who felt like regulatory processes do a good job managing against this kind of “shadow IT” behavior. I wrote a followup post on why we see this kind of workaround frequently in email environments, even in regulated industries, and some trends we’re seeing as things improve.
In other election-related email news, we saw the challenges of campaign email being flagged as spam. As I pointed out, this happens to all campaigns, and is nothing unique to the Trump campaign. Still, there are important lessons for marketers here, too, in terms of list management, email content, frequency, and engagement — all of which are inextricably linked to deliverability.
Speaking of spam and engagement, Steve took a look at some clickthrough tracking revealed through a recent spam message I received — and why legitimate marketers should avoid using these sorts of URL referrers.
On the topic of authentication, I wrote a quick post about how seeing ?all in the SPF record tells me one thing: the person managing the record isn’t doing things properly. Need a refresher on authentication? Our most-read blog post of all time can help you out.
And as always, send me your interesting questions and I’ll be happy to consider them as I resume my Ask Laura column in August.

Read More