Recent Posts

Anon whois information

I’ve talked before about reasons not to hide commercial domains behind whois proxies. Al found another one: if you use a proxies you cannot list your domains with abuse.net. Al has a good write up of whois, and why this is important. So go there and read it.

March 2014: The month in email

What did we talk about here on the blog in March? It seems we talked a lot about Gmail but also looked at some CAN SPAM issues.
Gmail
When it comes to innovating in the inbox, Gmail is leaps and bounds ahead of the pack. They made some improvements to their image caching process and are now respecting cache headers, so marketers can update images and track multiple opens. They also started rolling out grid view in the promotions tab, giving marketers a way to show pictures to recipients rather than text subject lines. I wrote about their views on senders best practices as presented at M³AAWG 30 in San Francisco. Then there was ongoing news about their new FBL. Many ESPs started getting approval notices for joining their FBL and Sendgrid published an open letter about how the FBL has been helping them identify bad players on their network.
CAN SPAM
Oddly enough I wrote two different posts about CAN SPAM, which seems like a lot for as little as I managed to blog in March. One discussed if CAN SPAM applied to individual prospecting emails (yes, but really, violating that is like speeding most people aren’t going to get caught or punished) and the other looked at the rules surrounding harvesting.
Delivery
I talked about how domains need to be warmed up, not just IP addresses. And how there are lots of common causes for delivery problems, and too many people go for the edge cases without ruling out the normal cases first.
Odds and ends
The other posts don’t really lend themselves to easy classification. I talked delivery on Tech Talk. I amused myself by posting a link to horribly done spam and a bit of a snarky summary of the current state of ISP Relations. I linked to a blog post pointing out that social engineering is still alive and well in the hackers toolkit and another one looking at effective email marketing strategies.

Sendgrid's open letter to Gmail

Paul Kincaid-Smith wrote an open letter to Gmail about their experiences with the Gmail FBL and how the data from Gmail helped Sendgrid find problem customers.
I know a lot of folks are frustrated with Gmail not returning more than statistics, but there is a place for this type of feedback within a comprehensive compliance desk.

Domains need to be warmed, too

One thing that came out of the ISP session at M³AAWG is that domains need to be warmed up, too. I can’t remember exactly which ISP rep said it, but there was general nodding across the panel when this was said.
This isn’t just the domain in the reverse DNS of the sending IP, but also domains used in the Return Path (Envelope From) and visible from.
From the ISP’s perspective, this makes tons of sense. Some of the most prolific snowshoe spammers use new domains and new IPs for every send. They’re not trying to establish a reputation, rather they’re trying to avoid one. ISPs respond by distrusting any mail from a new IP with a new domain.

People are your weakest link

Social engineering is a long standing way to compromise security. Chunkhost reports today that they discovered accounts being compromised through social engineering of Sendgrid support. While the compromise did not work it was a close call. The only thing that saved the targeted customers was their implementation of 2 factor authentication.
We know many of our customers individually and personally, and are still careful about changing contact addresses and passwords. With larger customer bases, it’s vital that every person in the change follow security processes.

Gmail promotions tab improves for marketers

The official Gmail blog announced today that they’re testing a new way of displaying emails in the Promotions tab. This display method will show users a featured image instead of the normal subject line.
Email marketers that want to take advantage of this should visit the Gmail developers pages for information on how to set a featured image for Gmail.
More innovation from Gmail in the mailbox. This one feels pretty consumer friendly, although I still have memories of XXX spam from years ago showing rather explicit images. Gmail must have a lot of confidence in their filtering to push image display to the inbox.

Gmail FBL update

Last week Gmail started contacting ESPs that signed up for their new FBL with more information on how to set up mailings to receive FBL emails.
One of the struggles some ESPs are having is the requirement for DKIM signing. Many of the bigger ESPs have clients that sign with their own domains. Gmail is telling these ESPs to insert a second DKIM signature to join the FBL.
There are a couple reasons this is not as simple or as doable as Gmail seems to think, and the challenges are technical as well as organizational.
The technical challenges are pretty simple. As of now, not all the bulk MTAs support multiple signatures. I’ve heard that multiple signatures are being tested by these MTA vendors, but they’re not in wide use. This makes it challenging for these ESPs to just turn on multiple signatures. For ESPs that are using open source software, there’s often a lot of customization in their signing infrastructure. Even if they have the capability to dual sign, if they’re not currently using that there is testing needed before turning it on.
None of the technical challenges are show stoppers, but they are certainly show delayers.
The organizational challenges are much more difficult to deal with. These are cases where the ESP customer doesn’t want the ESP to sign. The obvious situation is with large banks. They want everything in their infrastructure and headers pointing at the bank, not at their ESP. They don’t want to have that second signature in their email for multiple reasons. I can’t actually see an ESP effectively convincing the various stakeholders, including the marketing, security and legal staff, that allowing the ESP to inset a second signature is good practice. I’m not even sure it is good practice in those cases, except to get stats from Gmail.
Hopefully, Gmail will take feedback from the ESPs and change their FBL parameters to allow ESPs to get information about their customers who sign with their own domain.

Busy week

This week has been incredibly busy with business stuff and I’ve not had a lot of time to sit and think about blogging. Blogging will be light for the next few days while I catch up.

Tech Talk Podcast

Last week I had the pleasure of sitting down and talking delivery and email with W. Jeffery Rice of Brickstreet software. He’s posted a review and the recordings at Brickstreet and the UR Business Network.

Spammers make me laugh…

When they can’t work their spam ware.
{rtf1ansiansicpg1252deff0deflang1033{fonttbl{f0fnilfcharset0 Calibri;}} {*generator Msftedit 5.41.21.2510;}viewkind4uc1pardsa200sl276slmult1lang9f0fs22 Dear Sir,par My clients wants to invest huge cash .Please do reply if interested no dime needed from you.par Regardspar john Gagapar }