Is email dead?

These last few years have been something, huh? Something had to give and, in my case, that something was blogging. There were a number of reasons I stopped writing here, many of them personal, some of them more global. I will admit, I was (and still am a little) burned out as it seemed I was saying and writing the same things I’d been saying and writing for more than a decade. Taking time off has helped a little bit, as much to focus on what I really want to talk about.

It helps, too, there are a lot more deliverability resources out there than when I started. I don’t have to say it all, there are other voices (and perspectives!) that are adding to the collective understanding of delivery. That’s taken some of my (admittedly internal) pressure off from having to write about specific things to explain, educate and clarify. Other folks are doing that admirably. Instead I can move back to using writing blog posts to explore concepts and work through better ways to model and explain email and deliverability.

What are some of these bigger issues I’ve been thinking about?

Bounce Handling

A Venn diagram based on bounce handling classification rules from 3 individual ESPs. The diagram shows overlapping sets of "hard bounce" "soft bounce" and "spam bounce" along with a frustrated stick figure trying to make sense of the confusion.
It’s worse than this now.

This is a problem that’s been on my mind for a while. The industry is very bad at managing undeliverable emails. Almost every organization has different definitions for the same terms. Mailbox providers send bounces that work for them but are unique to that provider. ESPs make up their own classification sets which I tried to classify a long time ago in a massive Venn diagram that still doesn’t capture it all. Filtering organizations say follow the RFCs. ESPs hide information about bounces from their customers.

Bounce handling is a mess. You can see this in Kickbox’s recent Email Deliverability Unfiltered: Understanding and Handling Bounces. A number of folks contributed content and we all went in completely different directions. I brought bounce handling as an open round table discussion at London M3AAWG meeting last June. The organization has been having ongoing discussions about it ever since, without getting to any conclusion.

I have long planned to write something about bounces, but struggle because I feel like I need to go back and start with defining all my terms. I mean, first off, we’re not talking bounces we’re talking rejections as they usually happen during the SMTP session and the SMTP RFC doesn’t talk about hard or soft bounces at all. I digress and this document is more about mapping out what I want to talk about – and making it public means I’m more likely to do it. I think I need to work a lot of that out in a long series of blog posts about bounces.

Spam is on the uptick again – for business users

The amount of B2B spam is getting out of control. It seems every small and medium business out there is purchasing lists and hiring an army of half literate sales folks who send out a bunch of cold email. They get really upset and angry when you call them spammers, but I’m not sure what else to label them. They’re certainly not permission based marketers.

They send unwanted, un-targeted and irrelevant email. They have adopted a host of techniques to avoid blocking and prevent people from filtering their mail. These include, but aren’t limited to: rotating domains regularly, using Google Workspace and O365 to prevent IP based blocking, using gmail.com addresses to prevent blocking, hiring lead generation companies to send on their behalf. They also violate CAN SPAM by not including a postal address and by not honoring unsubscribes.

In many ways it feels like the late 90s when we just didn’t have the tools to stop spam and were chasing spammers around. The techniques are modern versions of the techniques invented with Wallace and Rines and Ralsky and their competitors. Instead of open relays they use Google Workspace and O365 accounts. Instead of domain tasting they use gmail.com addresses. Instead of dictionary attacks they buy lists. Scraping still exists, but instead of badly written web crawlers, there’s browser plugins to harvest off LinkedIn.

Compliance is hard again

In the decade between about 2004 and 2014, compliance was important. ESPs were funding and staffing compliance desks. Bad customers were disconnected. FBLs were proliferating and anti-abuse was important. But that’s just not how it’s going these days.

ESPs actually have spam filters in front of their abuse desks and don’t even get complaints. If or when you can reach out in person, they generally only remove the address from lists and don’t actually disconnect the customer.

Many of the metrics compliance desks used to identify problem customers come with a host of problems that make them less useful now than in the past. Metrics like FBLs and bounce rates are not only gameable, customers can purchase services to game them. Open and click rates, are so noisy they’re useless for compliance purposes. In the B2B space, FBLs simply don’t exist; even providers that collect ‘this is spam’ metrics don’t share that information with the sender.

There was a big push by Spamhaus last year with “informational” listings. A lot of those listings were because so many ESPs (not you, you didn’t deserve it) have mostly stopped effectively policing their customer base. There are so many reasons for the build up of bad practices. Management has a lot of blame here for a host of reasons. Some decided if they weren’t blocked their customers weren’t spamming. Others failed to innovate on tools and reporting and didn’t adjust their compliance thresholds to address the metrics problems I talked about earlier. Others simply chased the income as long as their shared IPs had decent delivery. Dedicated IPs were left to fend for themselves and if they ruined their delivery that wasn’t the ESP’s problem.

Part of the issue is how good the ISPs have gotten at filtering off shared IPs. They can separate out and differentially filter mail from a single IP. This makes it easier for some ESPs to throw the problem back on the problem customer(s) and wash their hands of it.

Some good news

That was an awful lot of negativity to spew out. I think we’re all a little tired and burnt out from the last 6 years. I swear 2014 was yesterday. Have a palate cleanser of kittens.

A picture of an orange kitten on his back and a black and white kitten cuddled up next to him.
Snufkin and Toffle

But it’s not all bad and we shouldn’t despair. We’re just in the cycle where spammers caught up with the tools and abuse used by desk. The tools will catch up and all won’t be lost. I mean, when we started this back in the late 90s we spent a lot of time convincing folks spam was bad and harmful. Folks started building out tools and filters and blocklists and FBLs and all that. We’re about due for another round of investment and innovation.

We’ve already seen Google increasing their enforcement against the spammers abusing them to send B2B spam. They’ve also disconnected a couple of the spam support services that were using their own API to evade filters.

The overall industry is working hard to get a handle on the bounce issue. We’re talking about how better to address the bad customers, and also how to explain to management that enforcement is good for the business. Filters are protecting the majority of consumers from the bulk of the spam that’s sent.

I’ll be talking more about some of these issues over the coming months, along with some actual ideas about solutions and things that we in the email industry can do to improve the overall situation.

tl;dr: Email is not Dead.

Related Posts

Parasites hurt email marketing

As a small business owner I am a ripe target for many companies. They buy my address from some lead generation firm, or they scrape it off LinkedIn, and they send me a message that pretends to be personalized but isn’t really.
“I looked at your website… we have a list of email addresses to sell you.”
“We offer cold calling services… can I set up a call with you?”
“I have scheduled a meeting tomorrow so I can tell you about our product that will solve all your technical issues and is also a floor wax.”
None of these emails are anything more than spam. They’re fake personalized. There’s no permission. On a good day they’ll have an opt out link. On a normal day they might include an actual name.
These are messages coming to an email address I’ve spent years trying to protect from getting onto mailing lists. I don’t do fishbowls, I’m careful about who I give my card to, I never use it to sign up for anything. And, still, that has all been for naught.
I don’t really blame the senders, I mean I do, they’re the ones that bought my address and then invested in business automation software that sends me regular emails trying to get me to give them a phone number. Or a contact for “the right person at your business to talk to about this great offer that will change your business.”
The real blame lies with the people who pretend that B2B spam is somehow not spam. Who have pivoted their businesses from selling consumer lists to business lists because permission doesn’t matter when it comes to businesses. The real blame lies with companies who sell “marketing automation software” that plugs into their Google Apps account and hijacks their reputation to get to the inbox. The real blame lies with list cleansing companies who sell list buyers a cleansing service that only hides the evidence of spamming.
There are so many parasites in the email space. They take time, energy and resources from large and small businesses, offering them services that seem good, but really are worthless.
The biologically interesting thing about parasites, though, is that they do better if they don’t overwhelm the host system. They have to stay small. They have to stay hidden. They have to not cause too much harm, otherwise the host system will fight back.
Email fights back too. Parasites will find it harder and harder to get mail delivered in any volume as the host system adapts to them. Already if I look in my junk folder, my filters are correctly flagging these messages as spam. And my filters see a very small portion of mail. Filtering companies and the business email hosting systems have a much broader view and much better defenses.
These emails annoy me, but I know that they are a short term problem.  As more and more businesses move to hosted services, like Google Apps and Office365 the permission rules are going to apply to business addresses as well as consumer addresses. The parasites selling products and services to small business owners can’t overwhelm email. The defenses will step in first.
 

Read More

Legitimate mail in spamfilters

It can be difficult and frustrating for a sender to understand they whys and wherefores of spam filtering. Clearly the sender is not spamming, so why is their mail getting caught in spam filters?
I have a client that goes through this frustration on rare occasions. They send well crafted, fun, engaging content that their users really want. They have a solid reputation at the ISPs and their inbox stats are always above 98%. Very, very occasionally, though, they will see some filtering difficulties at Postini. It’s sad for all of us because Postini doesn’t tell us enough about what they’re doing to understand what my client is doing to trigger the filters. They get frustrated because they don’t know what’s going wrong; I get frustrated because I can’t really help them, and I’m sure their recipients are frustrated because they don’t get their wanted mail.
Why do a lot of filter vendors not communicate back to listees? Because not all senders are like my clients. Some senders send mail that recipients can take or leave. If the newsletter shows up in their inbox they may read it. If the ad gets in front of their face, they may click through. But, if the mail doesn’t show up, they don’t care. They certainly aren’t going to look for the mail in their bulk folder. Other senders send mail that users really don’t want. It is, flat out, spam.
The thing is, all these senders describe themselves as legitimate email marketers. They harvest addresses, they purchase lists, they send mail to spamtraps, and they still don’t describe themselves as spammers. Some of them have even ended up in court for violating various anti-spam laws and they still claim they’re not spammers.
Senders are competing with spammers for bandwidth and resources at the ISPs, they’re competing for postmaster attention at the ISPs and they’re competing for eyeballs in crowded inboxes.
It’s the sheer volume of spam and the crafty evilness of spammers that drives the constant change and improvement in spamfilters. It’s tough to keep up with the spamfilters because they’re trying to keep up with the spammers. And the spammers are continually looking for new ways to exploit recipients.
It can be a challenge to send relevant, engaging email while dealing with spamfilters and ISPs. But that’s what makes this job so much fun.

Read More

Gmail and the PBL

Yesterday I wrote about the underlying philosophy of spam filtering and how different places have different philosophies that drive their filtering decisions. That post was actually triggered by a blog post I read where the author was asking why Gmail was using the PBL but instead of rejecting mail from PBL listed hosts they instead accepted and bulkfoldered the mail.
The blog post ends with a question:

Read More