Thinking about filters

Much of the current deliverability advice focuses on a few key ideas:

  1. Authenticate your mail with SPF, DKIM and DMARC
  2. Use a dedicated IP.
  3. Monitor delivery.
  4. Clean your data.

All of these things are absolutely things you should be doing, but senders can do all these things and still have cruddy delivery. These things are great and can help your mail deliver better. But they’re not enough to get mail into the inbox.

As I think about email filters I can put them in some different broad categories based on the email types they target.

  • Safety filters – block phishing and malware
  • Unsolicited filters – block mail that looks like it’s unsolicited
  • Unwanted filters – block mail that is unwanted by the recipient

Safety filters are pretty self explanatory. They use different signals like source IP, links, and virus signatures to block mail. Some safety filters are about protecting the infrastructure, so they act on senders that open too many connections, or send non-RFC compliant mail or act in ways that are not well-behaved.

Unsolicited filters have their own signals they use to determine if a message is unsolicited. These include a lot of the things we talk about in delivery. Things like spam complaints, bounces, and spamtrap hits are all things that indicate recipients never opted in to receive a particular email.

Unwanted filters use some of the same signals as unsolicited filters, the difference between unsolicited email and unwanted email is somewhat subtle. Signals for unwanted filters are the things we describe as engagement metrics. When emails are read and saved and moved between folders that tells the ISP these mails are wanted. Emails that are deleted without opening are likely unwanted.

Understanding what kind of mail filters are targeting helps drive what types of fixes we do. If the problem is our users don’t want the mail then removing bounces isn’t going to affect the signals driving the filter.

On the flip side, if the problem is the mail looks unsolicited because it has too many dead addresses and hits spamtraps, we can sometimes fix them using the same techniques we use for addressing unwanted filters. When we limit sending to people who have opened and engaged with the messages, we’re removing the addresses that signal the email is unwanted and the email is unsolicited.

Filters like Spamhaus focus on unsolicited emails. That’s why they focus on making sure that senders have permission rather than focusing on engagement metrics.

Understanding what type a mail a filter is attempting to protect users from is crucial for solving delivery problems.

 

Related Posts

Spamhaus DBL

Over the last few months I’ve gotten an increasing number of questions about the Spamhaus DBL. So it’s probably time to do a blog post about it.

Read More

Return Path partners with Symantec

Today Return Path announced a partnership with Symantec to improve their anti-phishing product. Return Path is incorporating the Symantec Trusted Domain List into their authentication and filtering product to help customers protect their brands. Press Release
Phishing scams affect everyone, and having a brand that is used in phishing can reduce consumer trust in that brand. Protecting brands in email has been one of the more difficult challenges facing the email community. With the adoption of DKIM and DMARC by major brands and ISPs it has become easier to track and address phishing.

Read More

Gmail and the PBL

Yesterday I wrote about the underlying philosophy of spam filtering and how different places have different philosophies that drive their filtering decisions. That post was actually triggered by a blog post I read where the author was asking why Gmail was using the PBL but instead of rejecting mail from PBL listed hosts they instead accepted and bulkfoldered the mail.
The blog post ends with a question:

Read More