ESPs are failing recipients

Over the last few years I’ve reduced the complaints I send to ESPs about their customers to almost nothing. The only companies I send complaints to are ones where I actually know folks inside the compliance desk, and I almost never expect action, I just send them as professional courtesy.

Two icon figures sitting at a table talking to each other

The sad fact is, many ESPs are really horrible about dealing with spam coming from their networks. The older, larger companies are often a jumble of poorly integrated technologies resulting from a decade of acquisition. More than a decade ago I sat at a MAAWG conference with the director of deliverability at one of the oldest ESPs. We were talking about their recent Spamhaus listings that I’d been hired to help address and their overall complaint processes. One of the issues was, due to multiple mergers and acquisitions, half of their abuse mail went to the wrong place and some of it was being thrown away.

This is an old story, but only as an example of how long this problem has been going on. Even now, companies retire domain names from receiving mail, but still have them littered throughout their email headers. They miss complaints, they miss notices and then they discover they and most of their customers have extensive delivery problems.

The newer companies are lean and agile and don’t think about investing in actual compliance work until they run face first into an escalated Spamhaus listing. Their solution to the problem is to throw machine learning at it, and try and come up with a way to programatically identify bad customers. The problem is this is a moving target and there’s nothing set and forget about it. Algorithms like this need to be constantly maintained and trained. May as well invest in the human element.

Of course, this is all about the customers sending mail through ESPs. But that’s not the only problem. There are any number of ESPs whose own marketing teams use spam. I cannot tell you the number of companies in the space who’ve decided to add me to their marketing list without bothering to ask me if I want to hear from them.

Just last month I started receiving mail from an ESP. “We’ve made an acquisition! We’re growing!” was the first message I received from them. I wasn’t sure what was going on so I contacted their abuse desk asking what opt-in data they have for me. The person I contacted was apologetic and said she’d chase it down. She also informed me I’d be removed from future emails.

A few days later I received an email telling me that they weren’t really sure where I opted-in, but that it was probably a page on their website that they no longer had up. This doesn’t sound right as the address was one I don’t enter into forms. If a form doesn’t take a tagged address, I use a gmail account. But, I want to give the company the benefit of the doubt so I treat it as solved and move on.

Three weeks later I get another email from the same ESP advertising an upcoming webinar. Again, I send mail pointing out that I was assured I’d been unsubscribed. This time my colleague responds and tells me that I signed up for their mailing list because I attended a conference with them in 2016.

I don’t even have words for how grossly inadequate this response is. If it’s true, which I don’t even know any more, it’s horrible marketing to wait 3 years to start mailing someone after acquiring their email address. But the incompetence doesn’t stop there. This was a conference I attended to speak on two different panels, both regarding deliverability and how not to send spam. As a speaker I don’t always visit the trade floor and if I do, I don’t hand out cards or ask for more information. In any case, I can say with quite a bit of certainty this company wasn’t at the trade show, as they announced this version of their name about 6 months after the conference.

Of course, this isn’t as unusual as it should be, one reason I’m not naming names. ESPs hire aggressive marketers who often send spam… er… “cold emails.” It still amounts to the same thing – an unending bombardment of unsolicited emails from companies who then turn around and ask to be added to my list of “good ESPs” that don’t allow purchased lists.

ESPs need to step up and stop allowing spam on their networks. This goes for customer mail and for their own mail. It’s long past time for them to invest in actual compliance desks and start actually requiring customers to send better mail.

Related Posts

Social media connections are not opt-ins

It seems silly to have to say this, but connecting on social media is not permission to add an address to your newsletter or mailing list or prospecting list or spam list. Back in 2016, I wrote:

Read More

The Blighty Flag

Back in the dark ages (the late ’90s) most people used dialup to connect to the internet. Those people who had broadband could run all sorts of services off them, including websites and mail servers and such. We had a cable modem for a while handling mail for blighty.com.
At that time blighty.com had an actual website. This site hosted some of the very first online tools for fighting abuse and tracking spam. At the same time, both of us were fairly active on USENET and in other anti-spam fora. This meant there were more than a few spammers who went out of their way to make our lives difficult. Sometimes by filing false complaints, other times by actually causing problems through the website.
At one point, they managed to get a complaint to our cable provider and we were shut off. Steve contacted their postmaster, someone we knew and who knew us, who realized the complaint was bogus and got us turned back on. Postmaster also said he was flagging our account with “the blighty flag” that meant he had to review the account before it would be turned off in the future.
I keep imagining the blighty flag looking like this in somebody’s database.

That is to say, sometimes folks disable accounts they really shouldn’t be disabling. Say, for instance:

This was an accident by a twitter employee, according to a post by @TwitterGov

Read More

Zoho, phishing and who’s next?

ZDnet reports that Zoho’s problems with phishing aren’t over. Their report states that Zoho is being used as a pipeline to exfiltrate data from phished accounts.

Read More