BLOG

What … is your name?

For some reason otherwise legitimate ESPs have over the years picked up a habit of obfuscating who they are.
I don’t mean those cases where they use a customers subdomain for their infrastructure or bounce address. If the customer is Harper Collins then mail “from” @bounce.e.harpercollins.com sent from a server claiming to be mail3871.e.harpercollins.com isn’t unreasonable. (Though something in the headers that identified the ESP would be nice).
No, I mean random garbage domains created by an ESP to avoid using their real domains in the mail they send and in their network infrastructure. This isn’t exactly snowshoe behaviour. They’re not really hiding anything terribly effectively from someone determined to identify them – the domains are registered with real contact information, and the IP addresses the mail is sent from are mostly SWIPped accurately – but they do prevent a casual observer from identifying the sender.
Silverpop has registered over 9,000 domains in .com that are just “mkt” followed by some random digits that they use for infrastructure hostnames, bounce addresses and click-tracking links. Apart from anything else, it’s a terrible waste of domain name space to use links.mkt1572.com where they could just as well use links1572.silverpop.com or links.mkt1572.silverpop.com.
For what they’re paying just for domain name registration and management they could probably hire multiple full time employees.
And Marketo has registered over 17,000 domains in .com that are just “mkto-” followed by what looks like a location code.
(I’m not picking on Marketo and Silverpop in particular – several other notable ESPs do the exact same thing – they’re just relevant to the end of the story).
Using garbage domains like this makes you look more like a snowshoe spammer at first glance than a legitimate ESP.
It also makes it much harder for a human glancing at your headers to correctly identify a responsible party …
… which is probably why abuse@marketo are rather tired of receiving misdirected complaints about spam sent by Silverpop from machines called something like mkt1572.com.
 
 

2 comments

  1. Benjamin says

    I would make a difference between “obfuscating” and “minimizing the footprint”. I consider my clients emails are theirs, and the messages they send are not a medium for me as an ESP. If a client was to switch to another vendor, I don’t want to have my headers coming in the way. This is not always reachable, but I still think it’s a legitimate goal.
    Also in my case, we have our own ASN so a quick whois on the IP would immediately disclose our name. And this is perfectly fine.
    Now, I can’t see the use tenths of thousands of distinct domain names for anything else than mitigating the risk of having one parent domain blacklisted, impacting many clients at once. But if you only send clean emails, you can’t get your domain name blacklisted. Or can you?

  2. Aleksandrs says

    Good article, good to know! My thoughts.. some of the top ISPs may affect/block only sub-domain if “suspicious” emails have been sent out but some may affect/block all domain. So I think this is one of the reasons why ESP use a lot of domains for their senders. And ISPs should affect main domain reputation if too much traffic came through a couple of sub-domains…

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.