Industry News & Analysis

Delete or read?

This week I attended a Data Visualization workshop presented by the Advanced Media Center at UC Berkeley. Every year I set at least one professional development goal; this year it’s learning how to better communicate visually.

Part of the class included other resources, which led me to Nathan Yau’s website. One of the articles on the front page of his site is titled “Email Deletion Flow Chart.” Well, of course I had to read the post.

We all get a lot of emails, and there’s a large subset of them that almost instantly end up in the archive or the trash bin. In the past year, this subset seems to have really grown for me. They tend to follow a similar pattern to “submit infographic” probably 90 percent of the time. At this point, the patterns seem so regular that I can archive without ever opening the email. Here’s my deletion process.

Over the last week or so I’ve written a number of blog posts talking about B2B spam and how annoying I find it. Sometimes I think I’m too sensitive about the amount of junk I get. But then I have two days at a class unrelated to email and discover a couple things.

Many people hate spam

The messages that Nathan talks about in his deletion flow chart are the same sorts of messages I complain about. Nominally, they’re targeted and cantina information ‘relevant’ to him. Someone is scraping his website, and mine, for key words and they sending us mail related to those key words.

The problem is these messages aren’t relevant. Just because I mention an airline on my website, doesn’t mean I’m interested in your sponsored travel posts. That mail is spam.

I’m not the only small business person that hates this kind of mail.

Spam is still a problem

My primary spam filters are in my mail client. We don’t run many on the server. I discovered the last two days just how effective the desktop filters are. Over 1000 messages per day in my inbox. Without the laptop filters my mailbox was totally unusable on my phone. There was no way to easily view mail on my phone – there was just too much spam.

I know my situation is special, even unique. Even then, I was actively surprised at the sheer volume of spam in my mailbox. This morning I spent a good 20 minutes manually going through over 700 messages before I could start on any work.

Opt-in mail works

The key to delivery is permission. We all know that. The more people who simply look at a subject line and delete the mail, the worse a sender’s reputation gets. Processes like Nathan’s directly affect his mailbox and they affect other people’s mailboxes. These processes are more likely to happen when we don’t recognize the sender.

We talk about IP reputation, domain reputation, content reputation as if they’re separate from permission. They’re not. Permission makes it easier to create and maintain a good reputation.

Having problems with delivery? The first step is always evaluating permission.

No Comments

FTC solicits CAN-SPAM feedback

The FTC (US Federal Trade Commission) is soliciting comments on CAN-SPAM legislation:

A. General Issues

1. Is there a continuing need for the Rule? Why or why not?

2. What benefits has the Rule provided to consumers? What evidence supports the asserted benefits?

3. What modifications, if any, should be made to the Rule to increase its benefits to consumers?

(a) What evidence supports the proposed modifications?
(b) How would these modifications affect the costs the Rule imposes on businesses, including small businesses?
(c) How would these modifications affect the benefits to consumers?

4. What impact has the Rule had on the flow of truthful information to consumers and on the flow of deceptive information to consumers?

5. What significant costs, if any, has the Rule imposed on consumers? What evidence supports the asserted costs?

6. What modifications, if any, should be made to the Rule to reduce any costs imposed on consumers?

(a) What evidence supports the proposed modifications?
(b) How would these modifications affect the benefits provided by the Rule?

7. What benefits, if any, has the Rule provided to businesses, including small businesses? What evidence supports the asserted benefits?

8. What modifications, if any, should be made to the Rule to increase its benefits to businesses, including small businesses?

(a) What evidence supports the proposed modifications?
(b) How would these modifications affect the costs the Rule imposes on businesses, including small businesses?
(c) How would these modifications affect the benefits to consumers?

9. What significant costs, if any, including costs of compliance, has the Rule imposed on businesses, including small businesses? What evidence supports the asserted costs?

10. What modifications, if any, should be made to the Rule to reduce the costs imposed on businesses, including small businesses?

(a) What evidence supports the proposed modifications?
(b) How would these modifications affect the benefits provided by the Rule?

11. What evidence is available concerning the degree of industry compliance with the Rule?

12. What modifications, if any, should be made to the Rule to account for changes in relevant technology or economic conditions? What evidence supports the proposed modifications?

13. Does the Rule overlap or conflict with other federal, state, or local laws or regulations? If so, how?

(a) What evidence supports the asserted conflicts?
(b) With reference to the asserted conflicts, should the Rule be modified? If so, why, and how? If not, why not?

B. Specific Issues

1. Should the Commission modify the Rule to expand or contract the categories of messages that are treated as transactional or relationship messages?

(a) Why or why not?
(b) What evidence supports such a modification?
(c) How would this modification affect the costs the Rule imposes on businesses, including small businesses?
(d) How would this modification affect the benefits to consumers?

2. As discussed above, the Rule tracks the CAN-SPAM Act in prohibiting the sending of commercial email to a recipient more than ten business days after the recipient opts out. Should the Commission modify the Rule to reduce the time-period for processing opt-out requests to less than ten business days?

(a) Why or why not?
(b) What evidence supports such a modification?
(c) How would this modification affect the costs the Rule imposes on businesses, including small businesses?
(d) How would this modification affect the benefits to consumers?

3. Should the Commission modify the Rule to specify additional activities or practices that constitute aggravated violations?

(a) Why or why not?
(b) What evidence supports such a modification?
(c) How would this modification affect the costs the Rule imposes on businesses, including small businesses?
(d) How would this modification affect the benefits to consumers?

The press release and the entire notice are available on the FTC website.

Comments can be submitted by post or online at Comments will be made public at

Wherever you are in the email ecosystem any changes are going to affect you. Think about providing comment, especially if you can back it up with data or experience.

No Comments

Permission trumps good metrics

Most companies and senders will tell you they follow all the best practices. My experience says they follow the easy best practices. They’ll comply with technical best practices, they’ll tick all the boxes for content and formatting, they’ll make a nod to permission. Then they’re surprised that their mail delivery isn’t great.

Too many senders, ESPs and deliverability services companies, believe that the key to the inbox is checking all the best practice boxes. List hygiene and list cleaning companies are the most obvious example. Bounces are a key reason for bad delivery. If we remove all or most bounces then our numbers comply with the standard metrics. If our complaints are low then we comply with the standard metrics. If our metrics all look right, then we’re clearly doing everything right and we should reach the inbox.

That’s really not the case, though. Good delivery is much more than just hitting the right metrics. Good delivery is more than doing the technical stuff right. Good delivery requires sending mail people want, and much of that can’t be measured in bounces or complaints.

As an example, there’s an ESP I only discovered because I received mail from their customers. Don’t know anyone working there, have never heard of them before. All I know about them is in my inbox.

Technical check

I’ll give the ESP this, they have their customers technically set up correctly. Going through the tests I do when auditing clients I can’t find anything really wrong.

  • Each customer gets their own d= domain.
  • That d=domain aligns with the from address.
  • SPF is set up correctly.
  • SPF validates
  • MessageID is correctly formatted
  • HTML looks reasonably clean
  • ListUnsub header is present
  • mailto: and href: links in proper order
  • CAN SPAM address
  • Unsub link works

There’s even a website on the domain used for SPF authentication. It’s not horribly useful, but it’s there.

It says:

Congrats on your hacking skills!

Wonder what this site is? We are an award winning high quality ESP – an Email Marketing Service.

We help companies maintain their brand with Marketing as well [sic] Transactional messages.


(Note: I don’t believe taking a domain name and typing it into a browser bar is hacking. I don’t think being able to read full headers is hacking.)

This email meets all the technical standards. If I had to guess, I’d say that the bounce rates are low. I expect complaint rates are also very low. Overall, these senders are following all the standard best practices and if I had to score them just on meeting technical standards I’d give them a 10/10.

Deliverability check

That’s the technical piece of delivery. What else matters for delivery? Things like format, content, and relevance.

Format wise, the messages themselves are text, not plain text but nicely formatted business style text. They almost look like personal mail. Nothing remarkable, but probably a good fit for the busy small business person.

Content wise, it’s well written copy. Each of the senders clearly put some work into the wording and phrasing. It’s not something they just dashed off, but doesn’t look overly polished. Again, nothing remarkable but probably a good fit for the audience.

As I am the audience for three of these messages, I get to decide if these messages are relevant.

  • One is selling me a plugin for Outlook to “transform my sales process.” Well, I won’t use Windows for email and I don’t have Outlook installed on my mac. So that’s not very relevant to me.
  • Another is selling me qualified sales leads. Almost all of our business comes through word of mouth and recommendations from industry folks. So that’s not very relevant to me.
  • The third is from my BFF on LinkedIn. He writes articles on investing, music, and life and will subscribe me unless I tell him stop. Even though he claims he’s my BFF, his opinions aren’t very relevant.

Overall, it’s a strong showing in formatting and content with a definite lack of relevancy. Overall, I give it a 8/10.

Permission check

And here’s where we get to the problem. None of these senders have permission to email me, and they certainly don’t have permission to email me at that address. There’s not much to say here other than to give them a 0/10 on permission.

Compliance Check

ESPs have two big roles in deliverability: technical and compliance. I mentioned the technical above and they’re doing stuff right. There are a few things I can’t see from receiving emails, like throttles and connection limits, but I suspect they’re right in the mainstream there as well.

The compliance piece is actually a big part of what makes deliverability from specific ESPs good. The reason might surprise people. ESPs do have reputations, but they aren’t the same as sender reputations. An ESP builds their reputation by effectively dealing with problem customers. Everyone leaks, bad mail comes out of every network at one time or another. Spamhaus, filtering vendors and ISPs know this. But they also know that some ESPs monitor and police their customers more than others. These ISPs often get the benefit of the doubt before blocks go up (dot zero listings for instance)

The ESP they’re using does have a decent looking AUP, evening mentioning they use the Spamhaus definition of spam. Unfortunately, I reported two emails to abuse@ and received a disappointing response. All they said was they would suppress my email address.

This is disappointing. I mean, it’s great that they’re going to suppress my address. But that doesn’t address the broader issue: their customers are sending mail in violation of their AUP. Last week I mentioned a complaint to an ESP (again, one I’d never heard of) that sent me back a message that said, “Thank you for notifying us, we take these issues seriously.  I’m investigating with the sender and will let you know when its resolved.” And they did!

I’ll give their compliance a 3/10, because at least they’re suppressing my address.


Adding up the scores I get 21/40. OK, so this is a somewhat arbitrary scale. But, the point remains, permission is critical to delivery. You can do all the technical stuff and content stuff right, but if you fail to get permission delivery is going to suffer. And if your ESP isn’t up on compliance, then they’re not doing you any favors.

B2B spam is still spam. Spam isn’t defined by what’s in it or by whether it’s authenticated or if it’s has the right metrics. Spam is unsolicited email. Permission is key. Permission trumps all.

No Comments

DMARC doesn’t fix Phishing

Not a new thing, but a nice example just popped up in my inbox on my phone.


But FedEx solved their entire phishing problem when they published a strict p=reject DMARC record, right?

This didn’t come from It came from another domain that looks vaguely like – what that domain is doesn’t matter, as the domain it’s sent from isn’t displayed to the user on my phone mail client. Nor is it displayed to the user by on my desktop, unless you turn off Mail → Preferences … → Viewing → Use Smart Addresses.

That lookalike domain could pass SPF, it could be used as d= in DKIM signing, it could even be set up with DMARC p=reject. And the mail is pixel identical to real mail from

On my desktop client I can hover over the link and notice it looks suspicious – but it’s no more suspicious looking than a typical ESP link-tracking URL. And on mobile I don’t even get to do that.

SPF and DKIM and DMARC can temporarily inconvenience phishers to the extent that they have to change the domain they’re sending from, but it’ll have no effect on the vulnerability of most of your audience to being phished using your brand.

1 Comment

The cycle goes on

Monday I published a blog post about the ongoing B2B spam and how annoying it is. I get so many of these they’re becoming an actual problem. 3, 4, 5 a day. And then there’s the ongoing “drip” messages at 4, 6, 8, 12 days. It is getting out of control. It’s spam. It’s annoying. And most of it’s breaking the law.

But, I can also use it as blog (and twitter!) fodder.

I get spam…

I get a lot of this mail. But typically I delete, block or filter and move on. I don’t send a lot of spam complaints because they take time and I have better things to do. I usually only send complaints to ESPs where I know folks; mostly as a favor to them. There aren’t a lot of FBLs that cover B2B mail, so the individual complaints are useful. But, complaining takes time, not much admittedly, but sometimes it’s more time than I can (or want to) spare.

Yesterday was slower than normal, though. I wanted to follow the Senate hearings, so was just catching up on stuff while watching CSPAN. I checked out the AUP at the ESP. It looked pretty good. Even better, it wasn’t the standard boilerplate borrowed from a site that borrowed it from a different site that borrowed it from somewhere else. When it comes to AUPs, it’s turtles all the way down.

Anyway, I sent a message to their abuse address. It was one of my normal notices, nothing exciting or earth shattering.  I assume anyone reading the abuse mailbox can ID their customers, they don’t need pages of whois or IP lookups. Just the facts, ma’am. My messages have full headers, a sentence or two about the message and then I click send and dispatch it into the ether. My job is done.

And they reply…

Today I was pleasantly surprised to get a reply back from them. Apparently they’re blog readers (HI!). They talked to their customer and discovered the source of the email address was bad, seems the address was ‘misrepresented’ as opt-in to their customer. I asked if they’d tell me who sold the address. They kindly told me where my address was purchased.

And I am amused…

The company selling the address was one that approached me for delivery help earlier this year. Their database has a problem, they said. They want to really clean it up, they said.  I sent a proposal, then they disappeared. Happens. But, now I know they’re representing that database as valid. Even though they know it’s a train wreck (my words, not theirs).

Monday’s post was prompted by different vendor in the space contacting me for delivery help. Seems it’s really hard to consistently spam B2B targets. I’m pleased that the commercial filters and outsourced mailbox providers are doing such a good job.

And it doesn’t end…

And, as I’m writing this post, I got ANOTHER one of these. This one is even better. It’s from someone named Vitaliy Katsenelson. The subject line is a real winner: Hello from your LinkedIn BFF. Except it’s not sent to an address LinkedIn has for me. So, right then, I know they’re lying. But, because I’m blogging about this and I’m in a frivolous mood, I decide to look him up on LinkedIn.

Guess how long we’ve been connected on LinkedIn? How long a relationship would you expect “BFF” to describe? A week? A month? A year?

Whatever you guess, you’re probably wrong. We’re not connected on LinkedIn. He’s my BFF and we’re not even connected.

OK, so that’s not a true sign of BFFs. I mean, there are folks I’m quite good friends with that I’m not connected to on LinkedIn. Just not realized it, or haven’t taken the last step. Fair enough. Guess how many connections we have in common?

One. We have ONE whole connection in common. And I’m not even quite sure who that connection is – I generally accept all LinkedIn connections, so there are a lot of folks I don’t know on my list. Not exactly someone I’d call my BFF.

And now one of them calls…

I have a boilerplate I was sending for a while. In it I point out they’re violating CAN SPAM (because 99 times out of 100, they are). I point out they should really have that looked at and that we sell services for CAN SPAM compliance. Usually, that actually makes them go away, which is the real point. But one of the spammers called me while I was writing this. Really.

He assured me that the hundreds of messages he sent out every day were indeed written by him. All of these hundreds of messages are one-to-one. I don’t believe him. I told him that. He said of course they were. I said he was buying addresses and dropping them into his automation software. He denied everything.

Just FYI: these “one to one” messages are coming direct from Salesforce.

I asked where he got my address. He tells me LinkedIn. AGAIN with the LINKEDIN! No. No it’s not LinkedIn. That’s not the address LinkedIn has for me. Sorry dude. Then he backtracks and says he gets addresses from lots of places. Duh. I told you that above. You’re buying addresses and I know it and you know it. And you’re violating the law when you do it.

Just FYI: I have different emails in different places to make it easier for me to respond appropriately to messages.

He really just wanted me to know, though, that he worked very hard to find my name. These are one-to-one messages because he just knows that his services would help my day to day workload. It’s really hard for him to send hundreds of personalized messages a day and he doesn’t use software and it’s all about the recipient.

Just FYI: my LinkedIn profile makes it very clear we’re not a candidate for their services.

And… now he’s asking to be connected to me on LinkedIn. “Because he likes my passion.” Yeah. Maybe not.

So what’s your point…

I don’t really have one, I’m feeling punchy.

Well, OK, maybe I do. Look, I am a small business person. I AM your target market. B2B drip campaigns are annoying. They’re spam. Just because you upload a list of addresses and click “send” individually doesn’t make them one-to-one mail. They’re still bulk. Filters are evolving to catch and block or spam folder this kind of mail. I expect there’s probably 12 or 18 months left until the filters really catch up.

Right now most of the software sends mail through the users’ Gmail or Office365 account. Those ISPs have limits to the amount of mail any one account can send per day. They will change these limits to deal with outbound abuse.

Even more important, filters continue to evolve. They’re always improving. These messages get through now, but the more that are sent, the more the filters have to work with. Small business owners are moving their domains to Google Apps or Office365. These filters know it’s not one email, or 10 emails, but it’s hundreds or thousands of emails every day. Business users now have TIS buttons. Google and Microsoft measure engagement on business emails. They’ll adapt quickly. These “one-on-one” messages will end up in the bulk folder and rot away.

Spammers will, of course, find a new way to annoy recipients. And the filters will adapt. So it goes.




1 Comment

Reaching targets, the wrong way

I’ve been increasingly annoyed by these drip automation campaigns. You know the ones I mean. Senders use some software to find some flimsy pretext to send a mail. Then there emails drop every few days. Sometimes this cycle goes on for months. Most of these messages violate CAN SPAM. It’s annoying. It’s illegal. It is spam.

I can even opt out of most of these messages, they don’t offer that ability.

Spammers Gonna Spam

I have so many examples of these emails. They’re all the same, really. They start out with a statement someone is reading my website. Then they mention they have an article that they or their customers wrote. This article is, of course, perfect for my site and the article.

Well that’s the theory anyway.  They tend to miss the mark pretty significantly.

There was this one example where the company found a post linking to a newspaper article.

Hi there,
I was just browsing Word To The Wise and saw you were interested in travel from this post ( So I thought you might also be interested in linking to a resource we put together on how travelling can improve your health.
Here is a link for your review:
This example is the first in the second series of emails from Eric. He’s changed his email address and got my name wrong on this round, but otherwise this is identical to the messages he sent me in late May. I can even predict the cadence. Three days after the first messages, I’ll get a “hey, did you get my email?” On the fourth and fifth days the message will change a bit. By day 7 he’ll start asking for the “right person” at my company.
Hey Lauren –
I hope everything is going well on your end 🙂
I just finished going through your article here: Thanks for the resource!
My colleague Lavanya put together a pretty comprehensive piece on the net neutrality just last week.There is a lot of info out there about net neutrality, and it’s sort of a hot topic at the moment. Our guide was designed to cut through the noise a bit.
The article is here: [link removed]
Would you consider linking to it in the post of yours I mentioned above? I saw you linked to in there, so I figured I’d see if you’d link to mine as well. Perhaps your visitors find it helpful, but hey, it’s up to you.
Thanks,- Eric

P.S. I respect the relationship you have with your readers, I wouldn’t ask you to link to anything I didn’t think was an excellent resource for your site.

B2B spam is still spam

I was recently contacted by one of the software companies that provides infrastructure for these types of emails. Surprisingly, they are having a difficult time getting their mail delivered. It seems no one wants their mail. The thing is, I can’t help them. No one can help them. They’re sending mostly unwanted mail. I’m sure even the bloggers who make their money from blogging hate these kinds of messages.

This was someone building software that is causing significant amount of annoyance. I get the messages this software company, and their competitors, are facilitating. I am not going to help their spam get through to people who don’t want it.

During the call, they did name some of their competitors and I fell down the rabbit hole of B2B spamware. The vendors go through all sorts of contortions to convince their users this isn’t spam. Many of the phrases used on the websites were the same I heard on the phone. It’s one-to-one mail. It’s targeted. It’s focused on the recipient. It’s important.

Guess what? I’m a frequent recipient of that kind of mail. I know the mail isn’t targeted and it’s not focused on the recipient. The two examples above show that clearly. One of them couldn’t even get my name right! Both of them missed the context of the links and posts. None of this has to do with me or my readers, other than an example of what not to do.

CAN SPAM applies

The above examples aren’t anything special, I picked out the first two I saw in my mailbox. I have dozens of examples of these campaigns.  In almost every case the messages violate CAN SPAM. Very rarely they’ll include an opt-out link, but they almost never include a physical postal address.  Sometimes they include an opt-out, but they almost never have a physical address.
CAN SPAM says nothing about bulk, it only mentions commercial email. Specifically the act says:
The term “commercial electronic mail message” means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).
It’s clear to me that the messages I’m getting are commercial. CAN SPAM applies. They need to have a physical address and an opt-out link for every message. They don’t.

Unwanted mail doesn’t reach the inbox.

Last week’s phone call demonstrated I am not alone in hating this mail. The software company contacted me for help because they can’t get to the inbox. It seems no one wants their mail. Due to blocking problems many of the senders resort to tactics used by spammers. They use different domains for their unsolicited mail. Sometimes they’re analog or cousin domains, like a .co for the unsolicited messages and a .com domain for their response emails. In other cases, they use Office365 or Google apps or Gmail for their outbound mail stream. Most places won’t block, so it’s a fairly safe to use gmail addresses.

Some of the messages are upfront about their marketing strategy using the Gmail. Let’s be clear, this strategy is a way to avoid spam filters.

Permission is key to delivery

Marketing programs that rely on spammer tactics are doomed to failure long term. Mail sent without permission does not work, even in the B2B space. Companies relying on unsolicited email discover it’s not that simple. Spam filters block unsolicited email. That’s their job, it’s what they’re designed to do. The way they detect unsolicited varies, but filters target unsolicited email.

There are large companies, many of them clients of mine, who do get caught in filters, usually because some of their mail is unsolicited. This isn’t intentional. Their overall program is sending mail to people who have asked for it and want it. Permission is a central piece of the email strategy. But, particularly as programs age, we find grotty corners where permission is a little iffy. These are small parts of their database, but they can cause significant problems.

Good email marketers know that permission is key. They invest time, energy and resources into getting permission and maintaining data. They think long term. They know recipients don’t want spam and that any gains from spamming are fleeting.

No Comments

Final migration of Verizon email addresses to AOL

AOL were kind enough to share some details about the shutdown of the Verizon mail system and the migration of email address to the AOL mail service:

What is the cut-over date for the MX record?

  • The cut-over date for the mx record for to to be handled by AOL is June 20, 2017. This will occur after midnight sometime on Tuesday morning June 20 EDT.


How will IPs and servers that only previously connected to be handled by the AOL Spam and Mail System?

  • The AOL Mail system has been handling a great deal of the mail already and has stored information about the relationships between senders and recipients.

Online Help Article

Verizon East Mail Migration – FAQs for Email Service Providers

Beginning in February 2017 Verizon began notifying customers that they are preparing to leave the email business and will no longer provide email service for customers with a email address. Verizon has provided 2 options to these customers for handling email going forward, including the ability to keep their email address. Each customer will be provided their own date and timeline to take action to ensure their access to email is not interrupted. Other than this change, no other Verizon services are impacted.

What are the 2 options that Verizon provided to email customers?

Option 1. Keep your current email address.

Customers can choose to retain their email address by migrating to AOL Mail. By choosing this option customers will:

  • Keep their email address.

  • Retain email, contacts and calendar(s). – Verizon and AOL will migrate customer data saved on Verizon servers.

  • Log in to to access their mail after migration.

Option 2. Try a new email provider.

Customers can choose to use another email provider and set up a new account with an email provider of their choosing, such as Gmail or By choosing this option, customers will:

  • Lose their current email address.

  • Need to manually move their email, contacts and calendar(s).


What is the process to migrate a email account to AOL Mail?

When it is time for a customer to move their mail to AOL Mail, they will be notified by an email from Verizon and messaging on Customers select Option 1 in the email or on webmail to begin the AOL Mail registration process. Once they register with AOL, they will have access to their email, folders and contacts on

What is the timeline for the mail migration?

Each customer will be provided their own date and timeline to take action to ensure their access to email is not interrupted. The last notifications are tentatively planned for June 2017.

What data is migrated to AOL Mail?

Customers may have data saved either on Verizon’s servers or on their local computers, or both. Only data that resides on Verizon’s servers will be migrated.

If a customer uses to access their email, they will only see data that was previously saved on Verizon’s servers.

If a customer uses a third party application, such as Outlook, Thunderbird, Mac Mail, etc., they will continue to see data formerly saved on Verizon’s servers as well as data stored locally on their computers.

How can senders ensure that whitelists or feedback loops continue working after they migrate to AOL Mail?

AOL has worked closely with Verizon and will maintain existing Whitelisting and Feedback Loops.

For Feedback Loops and Whitelist maintenance after the cut-over, contact the AOL Postmaster.


No Comments

CASL Private Right of Action Delayed

Today the Canadian Government announced they were suspending the provision that allows individuals to sue marketers for violations of CASL.

Under these provisions, individual Canadian consumers had a private right of action. Any Canadian could sue any company that sent mail violating the law. This part of the law upset many senders and marketers. I’m sure many are relieved at this delay in enforcement.


This delay has no effect on the other major CASL provision with a July 1, 2017 deadline.

On July 1 a 3 year waiver on implied consent collected prior to CASL will end. What does that mean? Implied consent is just what it sounds like. Under certain conditions, senders can assume they have legal consent to mail the recipient. These conditions are spelled out in Section 10(9) of the law. Implied consent expires after 2 years. However, companies were granted a 3 year waiver on this provision for email addresses collected prior to July 1, 2014.

The waiver allowed senders to continue mailing addresses with implied consent even after the 2 year expiration.  This was to allow companies time to convert implied consent into express consent as to not lose recipients. There are about 3 weeks left for senders to get explicit permission to continue mailing addresses collected prior to July 1, 2014.

Additionally, as of July 1, 2017 CASL requires a parliamentary committee to review the law and its operation over the last 3 years.

Many senders are thrilled with the indefinite suspension of the PRA. It was, I think, one of the parts of the law that worried people the most. Allowing any citizen to sue someone who sent them mail they thought violated CASL? That concept struck fear into the hearts of many a legitimate marketer. I was never quite so sure it was going to be as bad as some thought.

A few years ago I had the opportunity to sit in a conference session with an individual from the Canadian government. They explained that there were significant barriers to individuals suing senders. Plaintiffs must file in provincial courts, not local ones. Second, defendants couldn’t be under investigation by the CRTC and a PRA at the same time. The presenter implied that CRTC had priority over any joint defendant. Finally, the plaintiff must prove actual damages. This is difficult for defendants that use a freemail provider like Gmail. There aren’t really damages in that case.

The overall gist of the session was that PRA in Canada was not that simple. Individuals wanting to sue had some bigger hoops to jump through than just filing something in small claims court. Nevertheless, I’m sure that many senders are relieved to hear the PRA is indefinitely suspended.

No Comments

Women. Technology. Moving Forward.

Women of Email Logo: goats climbing moutainsA little over a year ago, Kristin Bond posted an article (reprinted here) looking at the diversity of speakers at marketing conferences. As with many articles pointing out gender issues in technology there was quite a bit of discussion about it on a related mailing list.  Some of the comments were supportive and open to the idea that gender diversity is an overall good. Some of the comments, while well meaning, indicated the commenters didn’t understand some of the more systemic issues that result in conferences with speaker lists that consist primarily of white men.

Kristin, I, Jen Capstraw and April Mullen started talking privately about the issue. What I discovered during those conversations is that I wasn’t alone in how I felt about some spaces. Being a woman in tech I expect to feel left out in many places. When I go to a conference, or I participate in an online space or I meet up with colleagues in social situations, I expect that someone will say something sexist. As a woman I regularly feel like an outsider. What I didn’t realize is other women in those same spaces felt the same way. By not saying something I was missing an opportunity to find a supportive atmosphere with other women who also thought spaces were unfriendly or toxic to women.

But we didn’t just complain; we decided to take action. What would happen if we created a space to help conferences find women speakers? What would happen if we set up a framework for women to find mentors? What did we have to lose by trying? Thus, Women of Email™ was formed.

A year later:

Women of Email has had an incredibly successful first year! We’ve filled 17 speaker slots at various conferences. We’ve had our first round of mentorships. We host an active Facebook community where women working in the email space talk about all the things that affect our careers. We have had dozens of meetups around the world.

Last month Jen, April, Kristin and I all flew to Vegas to have an in-person board meeting and look to the future. It was great to finally see each other in person and talk about our goals for the organization. We’re working to get our corporate status solidified and getting IRS approval as a 501(c)3 non-profit. That’s a work in progress. We were hoping to be able to announce it on the anniversary of our founding, but bureaucracy is always slower than one hopes.

Women of Email isn’t simply for marketers, we welcome all women working in email to join Women of Email, including folks working for agencies, postmaster teams, abuse desks, and compliance teams. For those of you on Facebook, we have a closed group for members to discuss email, delivery, work and life.

What’s next:

In the coming months, we’ll be continuing to build out our speaker’s bureau (so add your name!). If you’re organizing a conference we’re happy to recommend names to you or share your conference info with our speakers. We’re looking forward to having another flash-mentoring event in the fall. We’re also looking for volunteers who would like to help us expand our programs.

On a more introspective note, we are aware that the current board is very middle-class and white and heterosexual. This is not very diverse and we know it. As we expand the leadership of the organization, we are actively looking for women who aren’t like us. We want this organization to address the needs of women in email, not just white heterosexual women. I can’t promise we’ll always do things right, but we’re going to do our best and accept when we’ve failed.

More personally:

I’m incredibly lucky in my career. I run my own business, and have rarely had direct experience with sexism that affected my job or career. In the early days the most common problem was that some men would insist on having Steve on calls. It was annoying and frustrating, but it wasn’t career damaging. Plus, we’d charge them for Steve’s time as well as mine. He would also spend most of the calls telling them he wasn’t the right person to answer the question, they should really ask me about it. His actions helped deal with those sexist clients directly, but they also did more. They significantly increased my confidence and left me knowing I had the authority to speak on my own. Even now, clients will sometimes ask for him on a call. I don’t acquiesce any longer; they hired me, they get me.

Every woman deserves acknowledgement of their knowledge and expertise. They deserve the opportunity to learn and grow in their career. As an industry, we are better when we have more and more diverse voices. Women of Email can’t fix everything. We can’t meet everyone’s needs. What we promise is doing our best in the space we’ve claimed.

1 Comment

Disappearing domains

On May 31, British broadband provider EE discontinued service for a number of email domains:,,,,,,,, and

These domains were acquired by EE as part of multiple mergers and acquisitions. On their help page, EE explains that the proliferation of free email services with advanced functionality has led to a decrease in email usage at these domains.

Yesterday, announced they were discontinuing email to a number of their free domains as of June 30, 2017:,,,,,,, and

I’m not surprised to see these domains going away and I think we’ll see more of it going forward. The reasons are pretty simple. Mail is not an easy service to run. Mail doesn’t bring in a lot of money. Dedicated mailbox providers do a great job and the addresses from them are portable.

Mail is not an easy service

Managing a mail server is not an easy task. There’s so much to pay attention to and monitor to keep the network and users safe. Spammers are always changing tactics and modifying their methods. They work tirelessly to find ways to get their mail in front of people. Filters cannot be set and forgotten. Someone must manage and tweak them constantly. Sure, you can outsource it to commercial filters, but that’s still a cost.

It’s not just spam filtering that requires expertise, it’s also virus and malware filtering. Think about the botnets and worms affecting users recently. They’re often infecting machines by way of email. But they use broadband networks to spread. Broadband providers, at least the responsible ones, have dedicated security teams to monitor infections, cut off infected users, and assist them in cleaning up and getting back online.

All of these functions take money, which leads me to the second point.

No one wants to pay for mail

OK, maybe not NO one. But, in general, consumers won’t pay extra for email service. It’s a core feature, not an add-on. This means that broadband providers have to pay for spam and virus filtering out of general revenues. They can’t add features and then bump rates. Consumers expect all the bells and whistles with their email accounts, and if it’s not there, well, they’ll go to Gmail.

Which leads me to my third point.

Free mail providers are driving innovation

Mailbox providers, like Gmail and Microsoft are driving innovation in the inbox. Both companies have announced new products over the last few years like Sweep, Tabs, and Focused inbox. They’re also driving standards and innovation in the backend email space. Gmail has already started using ARC, they support TLS, and they have one of the most advance spam filtering systems in the world.

All of these factors are contributing to the decrease in mail usage at broadband providers. Even better, a free mail address isn’t tied to your location. If you move out of your broadband provider’s area, you can lose your email address. Freemail addresses are portable and stick with you forever. I’ve had one Hotmail address for over 20 years now, and the same username at Gmail since someone sent me one of the coveted invites to the Gmail beta test.

Ironically, over the years there’s been a push by marketers to find a users real email address. The theory was that the free mail addresses weren’t the addresses recipients really used, and so weren’t as valuable as the real address. But that’s not what happens. Many people use freemail addresses as their primary addresses.

Advice for marketers

As domains continue to disappear, marketers are going to have to up their game when it comes to bounce handling and data hygiene. Unless marketers allow users to update their email addresses, they risk forever losing contact with those customers. That’s a loss. But there’s a bigger loss hiding in these domains. Filtering companies and public blocklists use abandoned domains as a data source.  Sure, they’ll bounce mail for 12 – 24 months, but down the road these addresses could drive spam blocking.

Data hygiene is a fact of life. Domains, and email addresses, going away are a fact of life. Planning ahead and incorporating ongoing maintenance into processes will lessen the events of domains going away. Companies that have preference centers or the ability to change addresses can react swiftly to events like this. A domain is going away? All they have to do is grab subscribers at those domains and send a few emails asking for the new address. Companies that don’t have processes in place to handle these events, are going to lose subscribers. They risk blocking in the long term.

Failing to implement data hygiene processes will lead to poor delivery. Don’t let it happen to you.

  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments

  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment

  • Indictments in Yahoo data breach

    Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo's servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals. Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.No Comments