Recent Posts

Twisting information around

One of my mailing lists was asking questions today about an increase in invitation mailings from Spotify. I’d heard about them recently, so I started digging through my mailbox to see if I’d received one of these invites. I hadn’t, but it clued me into a blog post from early this year that I hadn’t seen before.
Research: ESPs might get you blacklisted.
That article is full of FUD, and the author quite clearly doesn’t understand what the data he is relying on means. He also doesn’t provide us with enough information that we can repeat what he did.
But I think his take on the publicly available data is common. There are a lot of people who don’t quite understand what the public data means or how it is collected. We can use his post as a starting off point for understanding what publicly available data tells us.
The author chooses 7 different commercial mailers as his examples. He claims the data on these senders will let us evaluate ESPs, but these aren’t ESPs. At best they’re ESP customers, but we don’t know that for sure. He claims that shared IPs means shared reputation, which is true. But he doesn’t claim that these are shared IPs. In fact, I would bet my own reputation on Pizza Hut having dedicated IP addresses.
The author chooses 4 different publicly available reputation services to check the “marketing emails” against. I am assuming he means he checked the sending IP addresses because none of these services let you check emails.
He then claims these 4 measures

How to respond to an abuse complaint

There’s a lot of variation in how ESPs respond to a report of one of their customers sending spam. Almost all ESPs will suppress future email to the recipient. Most will also note that there was a complaint about the sender, and use a count of those complaints for reporting, triage and escalation of problems. Beyond that, though, there’s little consistency.
I sent a spam report to abuse@mailchimp last week. The spam was nothing special – it was an advert about bouncy castles from a small company local to me sent to a tagged address used to register a domain that expired several years ago, so I knew someone had purchased a “targeted” list. The mail I sent to mailchimp was just one line, mentioning where the email address had come from and a full copy of the email with headers – again, nothing special.
The response I got back from Meredith was particularly good, so I thought I’d share it.

When the inbox isn't the inbox

There was a discussion today on the OI list about email filtering that brought up something I usually don’t mention in delivery discussions. Most email marketers treat the inbox as the holy grail of delivery. Everything about delivery is focused on getting to the magical inbox.
I think, though, that inbox is often just shorthand for “not landing in the bulk or spam folders.”
For some recipients, particularly those of us who get lots of mail, sometimes it’s better to land in a folder rather than the inbox. I have a folder set up, where most of my commercial mail goes. It’s labeled “commercial.” I check it once or twice a day.
This is beneficial to me and to the senders. Why? Because when I check that folder I’m ready to actually look at my commercial mail. I’m looking for those offers.
For someone like me, who does most of their work in their inbox, commercial interruptions are a problem. Commercial mail that ends up in my inbox, which can happen if I’ve been lazy about filters, interrupts me and usually doesn’t get read. But when it’s in my commercial folder? Well, then I can look at it, visit websites and make purchases.
So just remember, it’s not that you want mail in the inbox as much as you want mail somewhere that the recipient will notice it.

Robust protection under the CDA

Venkat also commented on the Holomaxx v. MS/Y! ruling.

As with blocking or filtering decisions targeted at malware or spyware, complaining that the ISP was improperly filtering bulk email (spam) is likely to fall on unsympathetic ears. It would take a lot for a court to allow a bulk emailer to conduct discovery on the filtering processes and metrics employed by an ISP. (Hence the rulings on a 12b motion, rather than on summary judgment.) Here the court reiterates the “good faith” standard for 230(c)(2) is measured subjectively, not objectively. That puts a heavy burden on plaintiffs to show subjective bad faith.
Read More

Amendment was futile

Judge Fogel published his ruling in the two Holomaxx cases today.

Uptick in botnet spam

There’s been a heavy uptick in botnet spam over the last few days, judging by things I’m hearing and my own mailboxes. There are a few common subject lines, but all of them are trying to get recipients to either run programs or visit malicious web pages.
The first subject line I’m seeing a lot of is “<name> wants to be friends with you on facebook!” In my mailbox most of those names have not been common European names. The give away that this isn’t actually a Facebook invite is the Reply-To address pointing to Linkedin. The URLs in the message appear to be random strings of numbers, and may actually encode recipient information in them.
The second has a subject that that is a variation on “End of July Statement.” The spammers are mixing capitals, adding in “Re:” and “FWD:” and sometimes increasing the urgency by adding required or STAT!! to the mail. These mails contain a .zip file which probably contains some virus which will turn the recipient machine into the next spam spewing bot.
The third variation has the subject line “Uniform Traffic Ticket.” The content is a citation that tells the recipient they were speeding somewhere in New York (possibly other states, I have only done a spot check of the couple hundred copies I have). There is, however, a .zip attachment with a virus.
Most people probably aren’t seeing these. SpamAssassin is doing a reasonably good job here of catching the spam and filtering it. I’m sure that the bigger ISPs are also filtering it effectively. But one person did forward a copy of the spam to a mailing list and ask if anyone knew what was going on.
If you get any of these messages, you don’t need to ask. It’s virus spam. Don’t open it and don’t forward it.

[The harasser] was hitting me on email and twitter for more than [2100 messages], and the thing was, those all got past the filters I’ve got in place. So one obsessed crazy man with minimal technical skill and nothing but persistence outperforms all the spambots out there, at least on the scale of individuals, if not in breadth of attack.
PZ Meyers
Read More

Blocklist changes

Late last year we wrote about the many problems with SORBS. One of the results of that series of posts was a discussion between a lot of industry professionals and GFI executives. A number of problems were identified with SORBS, some that we didn’t mention on the blog. There was an open and free discussion about solutions.
A few months ago, there were a bunch of rumors that GFI had divested themselves from SORBS. There were also rumors that SORBS was purchased by Proofpoint. Based on publicly available information many of us suspected that GFI was no longer involved in SORBS. Yet other information suggested that Proofpoint may truly have been the purchaser.
This week those rumors were confirmed.

Are blocklists always a good decision?

One of the common statements about blocklists is that if they have bad data then no one will use them. This type of optimism is admirable. But sadly, there are folks who make some rather questionable decisions about blocking mail.
We publish a list called nofalsenegatives. This list has no website, no description of what it does, nothing. But the list does what it says it does: if you use nofalsenegatives against your incoming mailstream then you will never have to deal with a false negative.
Yes. It lists every IP on the internet.
The list was set up to illustrate a point during some discussion many years ago. Some of the people who were part of that discussion liked the point so much that they continued to mention the list. Usually it happens when someone on a mailing list complained about how their current spamfiltering wasn’t working.
Some of the folks who were complaining about poor filtering, including ones who should know better, did actually install nofalsenegatives in front of their mailserver. And, thus, they blocked every piece of mail sent to them.
To be fair, usually they noticed a problem within a couple hours and stopped using the list.
This has happened often enough that it convinced me that not everyone makes informed decisions about blocking. Sure, these were usually small mailservers, with maybe a double handful of users. But these sysadmins just installed a blocklist, with no online presence except a DNS entry, without asking questions about what it does, how it works or what it lists.
Not everyone makes sensible decisions about blocking mail. Our experience with people using nofalsenegatives is just one, very obvious, data point.

AOL Postmaster page hacked

Per Boing Boing: the AOL postmaster page was hacked over the weekend.
As of now the site is restored. But I’m hearing that all the scripts are still down. This means no one can open tickets, sign up for FBLs, apply for whitelisting or check the status of reports. I expect this will be fixed soon, but for now it looks like AOL issues are going to be impossible to resolve.