This morning I got an email to a tagged address. The tag matched the company so it’s very likely I did actually sign up. Digging back through my mailbox, I see one previous email to that account – back in 2008. 2008. One email. Who knows why I signed up and gave them an email address. Maybe I made a comment on their website. Or perhaps I signed up while investigating something for a...
Over on twitter Alwin de Bruin corrected me on an aspect of DMARC soft rollout I’d entirely forgotten about. It’s useful, so I thought I’d write a quick post about it. If you have a large mail stream and you want to avoid the Scary Red Flag Day when you turn on DMARC p=reject enforcement and wait for people to complain you can use the DMARC policy “pct=” tag to roll...
Only now I realize there should have been a pool around GDPR enforcement. We could have placed bets on the first company fined, the first country to fine, over/under on the fine amount, month and year of action. But, it’s too late, all bets are closed, we have our first action. Today the French National Data Protection Commission’s (CNIL) announced that they fined Google €50 million...
A few hours ago I was reading an ESP blog post that recommended removing addresses after they were inactive for a year because the address could turn into a spamtrap. That is not how addresses turn into spamtraps and not why we want to remove active addresses. Moreover, it demonstrates a deep misunderstanding of spamtraps. Unfortunately, there are a lot of myths and misunderstandings of...
As the volume and severity of malicious email increases, filters are increasingly following links in emails. This is really nothing new. Barracuda and other filters have been inspecting links automatically for years. From what I’ve seen there does seem to be some level of risk analysis based on domain reputation. That makes sense, not only is following links computationally expensive, it...
The question came up on slack and I started bullet pointing what would make a domain suspicious. Seemed like a reasonable blog post. In no particular order, some features that make a domain suspicious to spam filters. Domain is used in… … mail users complain about … mail users delete without reading … mail sent in bulk through the ISP (example: Censorship, Email and...
Never add someone to a mailing list without giving them a heads up that you’re doing it. It’s just uncool and rude. For example, I have been contacting some vendors about some work we need done. One of them has yet to answer my inquiry, but has already added me to their newsletter. Even worse, I had no idea submitting a form asking about their services would get me on their mailing...
I was on a call with a client today and they wanted to talk about the handshake agreement about bounce handling I mentioned last week. As I started to really talk about it, I realised how much has changed in the years since that meeting. It was a bit of the wild west of email and spam. CAN SPAM didn’t exist. Gmail didn’t exist. Global email volume, even including spam probably...
Bounces and bounce handling is one of those topics I’ve avoided writing about for a long time. Part of my avoidance is because there are decades of confusing terminology that hasn’t ever been really defined. Untangling that terminology is the first step to being able to talk sensibly about what to do. Instead of writing a giant long post, I can break it into smaller, more focused...
One of the big topics of discussion in various deliverability circles is the problems many places are seeing with delivery to Microsoft properties. One of the challenges is that Microsoft seems to be happy with how their filters are working, while senders are seeing vastly different data. I started thinking about reporting, how we generate reports and how do we know the reports are correct...
RSS - Posts