Recent Posts

People are the weakest link

All of the technical security in the world won’t fix the biggest security problem: people. Let’s face it, we are the weakest link. Adding more security doesn’t work, it only causes people to figure out ways to get around the security.

Read More

Happy 80th Birthday to SPAM

Not the kind we hate. The other kind. That’s best served over sushi rice.
80 years of SPAM

Read More

Searching for a new ESP?

250OK has compiled advice about what buyers should ask when looking at new ESPs. The advice from various folks is spot on.
Changing ESPs is a big undertaking, bigger than most people expect. It’s not like changing vendors for other services. It is a process and most of the time moving creates a short term dip in deliverability. I have a lot of theories and speculation as to why, but the evidence is pretty clear. I think Mike Hillyer summed it up best: “I think the most commonly missed question is ‘will changing ESPs truly affect the outcomes we are looking to change?’”
I also liked the answers to the question about using multiple ESPs. My view is that unless there are specific requirements for different mail streams the answer is no, don’t do it. And don’t think you can keep a “backup” ESP with “partially warmed IPs” and be able to turn it on as disaster recovery. Email doesn’t work that way.
It’s an article well worth a read.
 

Read More

Engagement drives deliverability

Return Path released an white paper today offering the Secrets of Successful Senders. I don’t think any of my readers will be surprised that it boils down to identity, reputation, and engagement. Return Path treats these as separate things and I understand why they do. I think however, that the identity and reputation are supporting players to the overarching issue of engagement.

When I’m dealing with clients and troubleshooting deliverability problems and offering solutions, I focus on the root cause. To me the root cause is almost always a data problem. Either there’s a problem with data collection or there’s a problem with data maintenance. These problems result in mail going to people who don’t really want or care about it.
Yes, identity is important. But, realistically, anyone mailing through a decent ESP has SPF and DKIM in place, at least on some level. There may be better ways to authenticate, but the boxes are checked.
Yes, reputation is important. But here’s the thing, reputation just means that the ISP knows how users are going to react to an email. Reputation isn’t some nebulous concept made up by ISPs. It’s an actual measurement. It quantifies the history of an IP or a domain or a mail stream and says we know that this IP sends wanted mail. We know that this domain sends mail our users ignore. It’s a history. Past performance does indicate future results.
Identity says who a sender is. Reputation tells us that sender’s history of sending. Those are the two factors that enable ISPs to make delivery decisions. Mail comes in and the ISP looks at it. They use identity to determine what reputation to assign to a mail. Reputation drives delivery, whether into the inbox or the bulk folder.
 

Read More

Summer 2017: Moving so fast

It’s been a busy summer so far! If you’ve been too busy to read the blog regularly, here’s an early summer wrap up of our posts from May and June.

A small but significant part of our consulting practice is helping people with delivery crisis situations, such as figuring out what to do if you’re listed on Spamhaus or other block lists, or getting delisted at AT&T. People also ask very specific questions about things like text to image ratio. We answer these directly for clients, on the blog generally, and in my Ask Laura column.
Most of what we do, however, is larger strategic work on creating smart email programs that are designed for deliverability. Our primary focus is to help marketers think about how to send email people want — and have asked — to receive. I went into detail on this in my post on how permissions trump metrics. We also help clients with what we call reading between the lines, or useful ways to think about collaboration between ESPs and their customers. Another enormous area of focus is helping people understand filters in a big picture — or gestalt — approach.
We also talk a lot about list purchasing, appending, and all the other ways people acquire email addresses without direct permission from recipients. Our most recent examples: a colleague who added me to a list they’d built from their LinkedIn contacts (using a wholly different email address), Steve’s experience trying to get hotel wifi, and lists passed between political campaigns. Spammers can generate lists that are “clean” enough to fool ESPs just long enough to get a send out the door.
Unwanted email is unwanted email, even when it’s in a B2B context. When someone reaches out “personally” to me to tell me how useful they think I will find their product or service for my business, that’s still SPAM, even if it’s coming from a personal address or a gmail address to try to get around filters. Even if it’s to say Hello from your LinkedIn BFF. Seriously?! More on permission here.
I often use unique email addresses when I interact with companies, and this shows me both when my address is purchased or shared without permission and when a company has a data breach. Sometimes this can be challenging to report, however, as illustrated (hilariously!) in my Shibboleet post.
In legislative news, the FTC would like to know if we still need CAN-SPAM, and other important feedback on the rule. Though it obviously has not entirely saved our inboxes from SPAM, there’s still a lot of good there. Our neighbors to the north have just announced a delay in one of the major provisions of their anti-SPAM legislation, the private right to action provision of CASL. Both the provision and the delay are interesting, so I went into some detail in my post.
Steve wrote several posts about DMARC, starting with The Philosophy of DMARC, which goes into detail about how the method evolved and the thinking behind it. He followed up with another lengthy post about how DMARC breaks, and a solution for that, the Authenticated Received Chain (ARC). He also posted a message from Fedex as an illustration of how DMARC doesn’t fix phishing.
In fact, phishing just keeps getting more and more sophisticated. And sadly, it seems that senders are not necessarily getting smarter in response.
Steve also wrote about how you can figure out (more or less) if a sender is using DKIM. He also added a useful explanation of protocol-relative URLs in email.
In industry news, I added some detailed information from AOL on the final bits of the Verizon migration and a note about how to handle bounces with disappearing domains.
The best part of my early summer was speaking on a few panels at the ESPC meeting and celebrating the one year anniversary of our Women of Email network with an in-person board meeting in Las Vegas. As someone who works mostly remotely, I very much enjoy coming together with colleagues to connect in person and share ideas and stories. Let me know if you know of any interesting events I should attend later this year.

Read More

Active buttons in the subject line

This morning I waded into a twitter discussion with a bunch of folks about some issues they were having with delivery to gmail. The discussion started with a blog post at detailed.com describing how some senders are seeing significant drops in open rates. I thought I’d take a look and see if I can help, because, hey, this is an interesting problem.
I signed up for a bunch of the mail that was seeing gmail problems and discovered that one of them had the confirmation link in the subject line. How cool is that?

I’ve known about the Gmail subscription line functionality for a while, but this is the first time I’ve seen it in the wild.
The action is in a <div> tag at the bottom of the email. Gmail has been allowing actions in subject lines for a while, this is just the first time I’ve seen it used for subscriptions. It’s so cool.
Want to add one to your post? Instructions are available from Google on their Email Markup pages.

Read More

5 steps for addressing deliverability issues

Following on from my reading between the lines post I want to talk a little bit about using the channels. From my perspective the right way to deal with 99% of issues is through the front door.
Last week I found myself talking to multiple folks in multiple fora (emailgeeks slack channel, mailop, IRC) about how to resolve blocking issues or questions. All too often, folks come into these spaces and start by asking “does anyone know someone at…” Fundamentally, that’s the wrong first question. Even if the answer is yes. It’s even the wrong question if a representative of the company is on the list where you’re asking for help.
If that’s the wrong question, what is the right question? Where can we start to get help with issues when we’re stuck trying to fix a delivery problem we don’t understand?

Read More

Reading between the lines

Reading between the lines an important skill in deliverability.
Why? Over the last few years there’s been an increasing amount of collaboration between deliverability folks at ESPs and ISPs. This is great. It’s a vast improvement on how things were 10 years ago. However, there are still ongoing complaints from both sides. There probably always will be. And it’s not like a blog post from me is going to fix anything. But I see value in talking a bit about how we can improve our ability to collaborate with one another.

Read More
Tags