BLOG

Reading between the lines

Reading between the lines an important skill in deliverability.

Why? Over the last few years there’s been an increasing amount of collaboration between deliverability folks at ESPs and ISPs. This is great. It’s a vast improvement on how things were 10 years ago. However, there are still ongoing complaints from both sides. There probably always will be. And it’s not like a blog post from me is going to fix anything. But I see value in talking a bit about how we can improve our ability to collaborate with one another.

Can’t say officially

When we’re addressing deliverability issues, we’re often dealing with representatives of large corporate entities. Most of the widely used filters and blocklists are subsidiaries of large companies. The big exception is Spamhaus, but even they have rules and processes on releasing data.  Every participant in the conversation has internal processes and directives to follow.

In some cases an employee is not authorized to release information even though that information isn’t secret or private. We often have meetings, where some employees are sharing data about how filters work without their PR department approving every bit of the statement. A few years ago I asked someone who’d just finished on a panel if the information they shared could be shared outside the room. They looked me in the eye and said, “I really wish you wouldn’t ask me that, as I have to then go talk to people if you do.”

OK. Message Received. Loud and Clear.

This is only one example, in a long line of examples, where ISP reps have made statements about their systems without direct attribution. I’m sure astute readers read between my lines in these kinds of cases.

Lawyers are involved

Twenty years ago, when I first started fighting spam, there was a community of folks who fought spam. Many of them, like me, started because we were trying to defend our inboxes. Other folks in the community actually handled abuse@ for some of the ISPs. Brian Williams wrote about a lot of the personalities in Spam Kings. There wasn’t anything called deliverability then. There weren’t postmaster pages and FBLs. We were just a group of people trying to fight spam and protect our mailboxes.

Things are significantly different now. Filtering is a formal part of ISP product development. Twenty years of case history proves filtering is legal, but some folks will still sue for filtering. How an ISP communicates their filtering has legal implications. Thus, the lawyers stepped in.

In practical terms the legal oversight restrains responses. I know that legal teams participate in complaint and customer handling processes a ESPs and ISPs. There is a process and process must be followed. In some companies, legal approves communications individually. In other companies they dictate language and boilerplates.

Legal oversight means we sometimes have to read between the lines on boilerplates and responses. The ISP reps may not be able to give us the actual information, but they may also drop broad hints that can lead us to the right solution. Sometimes the boilerplates specifically say things like “we see no problems with your mail delivery.” Often senders read this and wonder why the mail is going to bulk. Deliverability experts must read between the lines and know this means more work to get to the inbox.

Privacy policies apply

Sharing customer information is a violation of most privacy policies. This includes an abuse desk explaining the actions taken against a customer. Back in the community era, abuse@ often sent personal replies to complaints. One abuse person, in particular, was famous for entertaining descriptions of how the spammer was handled. There’s no way they could do this now. I kinda miss the community, but the change reflects how critical the Internet is and how important it for commercial use.

As abuse@ I often dealt with complainants who asked for the full legal information of a customer. I know that current abuse@ reps still get those requests. I couldn’t, and they can’t, give out customer information to third parties. In many cases this is good, we don’t want random employees deciding that customer privacy isn’t important. Doxxing is an issue and is a problem, and we don’t want to contribute to that. On the other hand, when I’m vetting a customer, contact data and history are useful bits of information.

The struggle between sharing warnings and protecting customer privacy is real. Many of us in the deliverability and abuse spaces are good at leaving hints and bread crumbs. If a company or spammer comes up in discussion we might find a couple public sources of information and share them. We have to write between the lines, as well as read between them.

Silence is an answer

The biggest challenge with reading between the lines is when there are no lines, when there is no answer at all. Silence is an answer. Actually, silence is many answers, depending on context.

For instance, sometimes the answer is no. The ISP can’t provide all the information you’re asking for, so they just don’t answer at all. It’s a defensive mechanism. Too many people think a no answer is the start of a negotiation. It’s not.

In other cases the asker has worn out their welcome. What typically happens is a client demands specifics and the deliverability rep reaches out. The client keeps pushing back on deliverability. Deliverability keeps reaching out to the ISP. Eventually, the ISP doesn’t answer. No one is happy. The client’s upset. Deliverability is stuck. The ISP is irritated.

Silence happens to me, as well. Clients want to hear the problems and solutions directly from the ISP or filtering company. But if the ISP isn’t answering, it’s my job to interpret that silence. I contextualize the lack of a response and provide action items for the client.

It’s a skill

Reading between the lines is a skill we can all learn. It’s also something we need to practice regularly. This post doesn’t cover all the ways we speak in code to each other. But I hope it helps readers realize how critical it is in our industry.

 

 

Comment:

Your email address will not be published. Required fields are marked *

  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments


  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment


  • Indictments in Yahoo data breach

    Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo's servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals. Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.No Comments


Archives