… if your company runs any sort of email marketing, anyway. Right now is the best time to do a mini-audit of your mail campaign. It’ll just take ten minutes, and if you put off doing it until tomorrow it’ll probably never get done. Go to your public-facing company home page. Does it have a link to your privacy policy? Does it have a link to where you can sign up for mailing...
Sept 17, 2019: Shutting down comments on this post because we cannot help you recover any email account and I am concerned about the number of people who are providing PII (including phone numbers, credit card numbers!!! and email addresses) in the comments. A tagged email address is any email address that provides some additional information to the recipient when they receive email sent to that...
I’ve seen some mentions recently of ESPs suggesting that if you use your own domain in the From: of mail you send through an ESP then that ESP can’t “do email authentication” properly unless they require you to edit your domains DNS settings. That’s not really so, but there is a kernel of truth in there. The real situation is, unsurprisingly, a bit more complicated...
We run top-level DNS servers for several blacklists including the CBL, the blacklist of infected machines that the SpamHaus XBL is based on. We don’t run the CBL blacklist itself (so we aren’t the right people to contact about a CBL listing) we just run some of the DNS servers – but that means that we do get to see how many different ways people mess up their spam filter...
Whenever we’re working with someone to diagnose some obscure delivery issue one of the things we usually have them try is to “run a transaction by hand”. Being able to do that is a trick that everyone working with email should be able to do. I was drafting a blog post today and wanted to refer to running a transaction by hand and I realized that we hadn’t actually...
The last of seven in our occasional series on why ESPs need, or don’t need, lots of IP addresses to send mail properly. I need multiple IP addresses in different locations so as to provide redundancy against blacklisting of my ISP Why this is right If you think that your email is likely to be blocked due to the reputation of your ISP then having a backup ISP makes some operational sense. Why this...
Sometimes you might want to make it clear that a domain isn’t valid for email. Perhaps it’s a domain or subdomain that’s just used for infrastructure, perhaps it’s a brand-specific domain you’re only using for a website. Or perhaps you’re a target for phishing and you’ve acquired some lookalike domains, either pre-emptively or after enforcement action...
Someone asked yesterday What business advantage is there to an ISP in offering a feedback loop? I’ve never really seen one. It’s a good question. There’s a fair bit of work involved in offering, maintaining and supporting a feedback loop. What makes it worth it? At a consumer ISP there’s some email sent to customers that’s easy for spam filters to recognize and...
Yesterday I showed how major companies hire hard core spammers. Today I’m going to show you some of the technical details as to how I found that data. This is a fairly quick and shallow analysis, the sort of thing I’d typically do for a client to help them decide whether the case was worth pursuing before expending too much money and time on investigation and legal paperwork...
On Tuesday Laura wrote about receiving spam sent on behalf of the AARP. The point she was discussing was mostly just how incompetent the spammer was, and how badly they’d mangled the spam such that it was hardly legible. One of AARPs interactive advertising managers posted in response denying that it was anything to do with the AARP. This isn’t from AARP…this is a SPAM that’s been going...
RSS - Posts