Marking mail as spam says what?

I wear a number of hats and have a lot of different email addresses. I like to keep the different email addresses separate from each other, “don’t cross the streams” as it were.

 

Recently I’ve been getting spam to my womenofemail.org address asking about the wordtothewise.com website.

I’m not sure where Ms. Catherine Metcalf bought my Women of Email address or how she connected it with a post written by Steve here on the WttW website. But it did bring up an interesting question I don’t necessarily have an answer to.

A little background. Women of Email hosts email on G Suite. Unlike most of my accounts, my “this is spam” reports actually are measured for reputation purposes. I can report this as spam, Google will take action and I won’t have to see mail from Ms. Metcalf (and ideally bluelabellabs.net) ever again. But then I started thinking. The only URL in the message posts to my website.

My question is: if I click “this is spam” on the above message will Google knock my reputation? How much mail is sent to Google on any given day mentioning WttW links and websites?

This is, of course, a question that proves I’m a little too focused on reputation. No normal person would consider whether or not to report this as spam. They’d just hit this is spam and assume it will only hurt the sender’s reputation, not affect the reputation of anything in the message. But I know that every link in a message has its own reputation.

I suspect there wouldn’t be a huge amount of fallout. Gmail looks at every “resource combination” (to use their term) when making decisions. Yes, a t-i-s click is likely to be a minor tick against “wordtothewise.com” in general. But only a minor one. It’s likely to be a bigger tick against mail from catherine.metcalf@bluelabellabs.net that mentions wordtothewise.com.

Looking at the even bigger picture. Google knows that Catherine Metcalf is sending out a lot of mail mentioning different URLs. They have to, she’s using Google to send them. But they can also see that a subset of the recipients delete the mail without opening, or report the message as spam. They probably can even tell that she’s using some sort of automated software to send the mail, rather than typing each message herself. If enough people report the message as spam, Google is smart enough to spam folder her mail. Given they’re handling her outgoing messages, it would be nice if they could block it on the outbound, but we can’t have everything.

 

 

Related Posts

Poor delivery at Gmail but no where else

I’ve mentioned before that I can often tell what ISP is making filter changes by what my calls are about. The last few weeks it’s been Gmail where folks are struggling to get to the inbox. One of the things most clients and potential clients have mentioned is that they’re not having any problems at the other major ISPs.

Read More

Google makes connections

One of the client projects I’m working on includes doing a lot of research on MXs, including some classification work. Part of the work involves identifying the company running the MX. Many of the times this is obvious; mail.protection.outlook.com is office365, for instance.

There are other cases where the connection between the MX and the host company is not as obvious. That’s where google comes into play. Take the domain canit.ca, it’s a MX for quite a few domains in this data set. Step one is to visit the website, but there’s no website there. Step 2 is drop the domain into google, who tells me it’s Roaring Penguin software.
In some cases, though, the domain wasn’t as obvious as the Roaring Penguin link. In those cases, Google would present me with seemingly irrelevant hosting pages. It didn’t make sense until I started digging through hosting documentation. Inevitably, whenever Google gave me results that didn’t make sense, they were right. The links were often buried in knowledge base pages telling users how to configure their setup and mentioning the domain I was searching for.
The interesting piece was that often it was the top level domain, not the support pages, that Google presented to me. I had to go find the actual pages. Based on that bit of research, it appears that Google has a comprehensive map of what domains are related to each other.
This is something we see in their handling of email as well. Gmail regularly makes connections between domains that senders don’t expect. I’ve been speaking for a while about how Gmail does this, based on observation of filtering behavior. Working through multiple searches looking at domain names was the first time I saw evidence of the connections I suspected. Gmail is able to connect seemingly disparate hostnames and relate them to one another.
For senders, it means that using different domains in an attempt to isolate different mainstreams doesn’t work. Gmail understands that domainA in acquisition mail is also the same as domainB in opt-in mail is the same as domainC in transactional mail. Companies can develop a reputation at Google which affects all email, not just a particular mail stream. This makes it harder for senders to compartmentalize their sends and requires compliance throughout the organization.
Acquisition programs do hurt all mail programs, at least at Gmail.
 

Read More

Google Postmaster Tools

Earlier this month Google announced a new set of tools for senders at their Postmaster Tools site. To get into the site you need to login to Google, but they also have a handy support page that doesn’t require a login for folks who want to see what the page is about.
We did register, but don’t send enough mail to get any data back from Google. However, the nice folks at SendGrid were kind enough to share their experiences with me and show me what the site looked like with real data, when I spoke at their recent customer meeting.
Who can register?
Anyone can register for Google Postmaster tools. All you need is the domain authenticated by DKIM (the d= value) or by SPF (the Return Path value).
Who can see data?
Google is only sharing data with trusted domains and only if a minimum volume is sent from those domains. They don’t describe what a trusted domain is, but I expect the criteria include a domain with some history (no brand new domains) and a reasonable track record (some or all of the mail is good).
For ESPs who want to monitor all the mail they send, every mail needs to be signed with a common d= domain. Individual customers that want their own d= can do so. These customers can register for their own access to just their mail.
ESPs that want to do this need to sign with the common key first, and then with the customer’s more selective key.
How does it work?
Google collects data from DKIM and/or SPF authenticated mail, aggregates it and presents it to a Google user that has authenticated the domain.
How do I authenticate?

Read More