March 2017: The Month in Email

It’s that time again… here’s a look at our last month of blog posts. We find it useful to recap each month, both to track trends and issues in email delivery and to provide a handy summary for those who aren’t following along breathlessly every single day. Let us know if you find it useful too!

As always, I wrote about email filters. It’s so important to recognize that filters aren’t arbitrary — they’re detailed instructions that help meet specific user needs, and the more you are cognizant of that, the better you’ll be able to work with them. Additionally, filters aren’t perfect and likely never will be. False positives and false negatives are frustrating, but as long as spam is still a viable business for spammers, they’ll continue to figure out how to work around filters. As such, we can’t expect filters to be 100% accurate in determining what constitutes wanted and unwanted mail.
Part of this, of course, is due to the problem of fraudulent signups. Companies aren’t particularly vigilant about address acquisition and hygiene, and as a result, they’ll claim you “signed up” for their email when you did not. Some people believe that a confirmed opt-in (COI) will solve this problem, but our experience is companies are reluctant to leave revenue on the table, and that they will continue to mail to addresses that have not confirmed.
Address sharing and co-reg is also part of the problem. As we saw in the extensive RCM data breach, many major brands continue to work with third-party senders to send mail in ways that are quite clearly spam. And in more criminal activity, I looked at the rise of botnets and how some of those criminals were brought to justice. In other justice news, there’s been an indictment in the Yahoo breach and another CASL enforcement action.
I wrote a post about bounce handling and “relaying denied” error messages, which are quite rare. It’s useful to have an understanding of these and other error messages, since bounces are sometimes indicative of a larger technical issue, such as when AOL accidentally bounced all messages for a short period last week. Speaking of AOL, we noted that there’s no official timeline for the move from Verizon addresses to AOL addresses following the 2015 acquisition, but it may be worth considering asking your customers to update their addresses.
Spam and filters aren’t the only factors of course. It can be challenging to figure out the multiple factors that make up the black box of delivery. And of course, the most important part of delivery continues to be engagement, engagement, engagement.
I wrote a few posts this month on why I do what I do, and why it’s so important to me. First, I wrote about A Day Without A Woman, and my choice not to participate in offering advice and guidance for that day. The truth is that I enjoy sharing what I know and helping people solve problems. I was honored to be named one of 11 Innovators in Email, and I know that my volunteer work in the industry and my unpaid blogging work is a big part of that. It may sound corny, but I really do believe we are on the front lines of the fight of good vs. evil online, and despite the distractions of politics and world events, we must all continue to do our part.

Related Posts

October 2016: The Month in Email

We’ve returned from London, where I spoke at the Email Innovations Summit and enjoyed a bit of vacation. My wrap-up post also mentions an article I wrote for the Only Influencers site, which looks at questions I get asked frequently: “Why does spam make it to the inbox and our legitimate marketing email doesn’t? Should we just copy their tactics?”
Parliament2ForBlog
In industry news, Yahoo caught our attention for two surprising moves: disabling forwarding and — much more disturbing — creating software for intelligence agencies to search customer email.
Some legal updates this month: The Second Court of Appeals upheld an earlier ruling that companies are in fact liable for the activities of their affiliates, including spam and fraudulent claims. This is important, as we often see spammers and cybercriminals use affiliates to distance themselves from these activities. We also saw another fine assessed for a violation of CASL, and noted with appreciation the transparency and thoughtful process that the Canadian Radio-television and Telecommunications Commission (CRTC) demonstrates in explaining their actions.
Another excellent report is the one created by the Exploratorium to explain their recent experience with being phished. It’s a good piece to share with your organization, in that it reminds us that these cybercriminals are exploiting not just our technology but our trust-based connections to our friends and colleagues. It’s important to raise awareness about social engineering as a part of information security. And speaking of email security, we were delighted to note that André Leduc received the 2016 J.D. Falk award this month at M3AAWG for his excellent work on this topic. It’s a fitting legacy to our friend, J.D., who died five years ago this month. We miss him.
Finally, we’d be remiss in observing Halloween without a post about zombies. Feel free to read it aloud in your spookiest voice.

Read More

AOL accidentally hard bounces valid mail

Last night (Mar 29, 2017) between about 8pm Eastern and 9:30pm Eastern AOL suffered a technical issue. Every email sent to them received a “Recipient address rejected” reply.  One example of the error message:
Mar 29 20:45:12 p2-lvmail11 lsb1-99-208-250/smtp[22251]: A88DFC2DBE9: to=<redacted@aol.com>, relay=mailin-01.mx.aol.com[64. 12.91.195]:25, delay=0.18, delays=0.01/0/0.14/0.03, dsn=5.1.1, status=bounced (host mailin-01.mx.aol.com[64.12.91. 195] said: 550 5.1.1 <redacted@aol.com>: Recipient address rejected: aol.com (in reply to RCPT TO command))
The issue was brought to AOLs attention and things were fixed rapidly after that. An AOL representative has stated that these were invalid replies and that addresses do not need to be removed from future emails.
Most of the ESPs are aware of this and are working to restore any bounced addresses to their users. At some places this requires manual intervention, so it’s taking some time to get all the addresses restored.
This is one of the reasons that our best bounce handling recommendations are not to remove an address for a single bounce – sometimes the ISPs have technical problems. Like the time a routing failure meant a major ISPs MX machines couldn’t reach their authentication servers to get the list of active users. Or the time all an ISPs MXs were removed from DNS. A lot of the internet is still managed manually, and despite extensive safeguards put in place bad things can, and do, still happen. Usually these problems are resolved quickly and mail starts flowing again.
Morning advice: Do not deactivate addresses that bounced at AOL last night.
 

Read More

What about the botnets?!

Botnets are a huge problem for a number of reasons. Not only are they used to send spam, they’re also used in criminal activities. One of the major challenges in dealing with botnets is finding and stopping the people who create and use them. Why? Because the internet is global and crime tends to be prosecuted within local jurisdictions.

Read More