Still with the Microsoft problems

laura
Industry
January 24, 2018

We took a quick trip to Dublin last week. I had every intention of blogging while on the trip, but… oops. I did get to meet with some clients, and had a great dinner while discussing email and delivery.

Coming back, I see a lot of folks still reporting delivery problems to Microsoft properties. I’ve been operating under the assumption this was temporary as kinks were worked out after the migration. I’m still pretty convinced not all of the problems are intentional. Even the best tested code can have issues that only show up under real load with real users. Reading between-some-lines tells me that the tech team is hard at work identifying and fixing issues. There will be changes and things will continue to improve.
With all that being said, I think it’s important to realize that delivering to the new system is not the same as delivering to the old system. This is a major overhaul of their email handling code, representing multiple years worth of planning and development inside Microsoft. It’s very likely that not all of the current delivery problems are the result of deployment. Some of the problems are likely a result of new standards and thresholds for reaching the inbox. What worked a year ago to get into the inbox just doesn’t any more.

What can we do?

The first step is always acceptance.
Accept that …
… the delivery problems aren’t a mistake on Microsoft’s part.
… more difficulty reaching the inbox is not an accident.
… Microsoft may not ever tell us exactly what to do.
In fact, this new round of problems at Microsoft feels a lot like deliverability in the mid-2000s. All we can see is delivery is bad. There is no guidance from postmaster pages or public statements. We’re getting little to no feedback from the ISPs. The support channels seem to be returning messages unrelated to the questions we’ve asked. It’s 2005 delivery all over again!
In many ways we’re luckier now, as we have history and experience to draw on, as well as working relationships with folks inside the ISPs. I have every confidence that the live.com postmaster pages will be updated at some point. Senders will continue testing and figure out how to send mail that makes it to the inbox and that information will get shared through the industry. Microsoft will get to a point where their end is stable and tests give us consistent responses and we can develop meaningful models.
We’re going to have to listen to the ISPs, and not just to what they say on the surface. ISP employees are typically limited to what they can say publicly, but many of them indicate investigative pathways in their responses to questions. As well, there are now trusted intermediaries to disseminate information that will help improve the overall email ecosystem.

It’s not just Microsoft

As I’ve said before, I think we’re going to see changes to more places than Microsoft. AOL addresses are moving to the Yahoo MXs as of February 1, and that opens up a huge number of questions about delivery to AOL. Some of these changes are the result of GDPR, others just a normal service cycle. Whatever the reason, we’re back to having to work out what the black box is hiding. That means we’re going to have to pay attention to what our stats are telling us. More than that, though, we’re going to have to think about what new information we can collect and how to use it to improve delivery.
All in all, deliverability is changing and we’re all going to need to adapt.

Microsoft changes

There’s been quite a bit of breakage and delivery failure to various Microsoft domains this month. It started with them changing the MX for hotmail.co.uk, then the MX for hotmail.fr… and both these things seem to have broken mail. I also saw a report this morning that some of the new MXs have TLS certificates that don’t match the hostnames.

It's not fair

In the delivery space, stuff comes in cycles. We’re currently in a cycle where people are unhappy with spam filters. There are two reasons they’re unhappy: false positives and false negatives.
False positives are emails that the user doesn’t think is spam but goes into the bulk folder anyway.
Fales negatives are emails that the user does thing is spam but is delivered to the inbox.
I’ve sat on multiple calls over the course of my career, with clients and potential clients, where the question I cannot answer comes up. “Why do I still get spam?”
I have a lot of thoughts about this question and what it means for a discussion, how it should be answered and what the next steps are. But it’s important to understand that I, and most of my deliverability colleagues, hate this question. Yet we get it all the time. ISPs get it, too.
A big part of the answer is because spammers spend inordinate amounts of time and money trying to figure out how to break filters. In fact, back in 2006 the FTC fined a company almost a million dollars for using deceptive techniques to try and get into filters. One of the things this company did would be to have folks manually create emails to test filters. Once they found a piece of text that would get into the inbox, they’d spam until the filters caught up. Then, they’d start testing content again to see what would get past the filters. Repeat.
This wasn’t some fly by night company. They had beautiful offices in San Francisco with conference rooms overlooking Treasure Island. They were profitable. They were spammers. Of course, not long after the FTC fined them, they filed bankruptcy and disappeared.
Other spammers create and cultivate vast networks of IP addresses and domains to be used in snowshoeing operations. Still other spammers create criminal acts to hijack reputation of legitimate senders to make it to the inbox.
Why do you still get spam? That’s a bit like asking why people speed or run red lights. You still get spam because spammers invest a lot of money and time into sending you spam. They’re OK with only a small percentage of emails getting through filters, they’ll just make it up in volume.
Spam still exists because spammers still exist.

Microsoft deprecating SmartScreen filters

At the beginning of the month Microsoft announced that they were deprecating the SmartScreen filters used by the desktop Microsoft mail clients. These are the filters used in Exchange and various version of Outlook mail. This is yet further consolidation of spam filtering between the Microsoft free webmail domains, Office365 hosted domains and self hosted Exchange servers. The online services (hotmail.com, outlook.com, Office365, live.com, etc) have been using these filters for a while. The big change now is that they’re being pushed down to Exchange and Outlook users not hosted on the Microsoft site.
EOP was developed for Outlook.com (and friends) as well as Office365 users. From Microsoft’s description, it sounds like the type of machine learning engine that many providers are moving to.
Microsoft has published quite a bit of information about these filters and how they work on their website. One of the best places to start is the Anti-spam Protection FAQ. Something senders should pay attention to is the final question on that page: “What are a set of best outbound mailing practices that will ensure that my mail is delivered?” Those are all things deliverability folks recommend for good inbox delivery.
Poking around looking at the links and descriptions, there is a host of great information about spam filtering at Microsoft and how it works.
A page of note is their Exchange Online Protection Overview. This describes the EOP process and how the filters work.