Recent Posts

Memories of Spam in May

This morning on Facebook a friend posted a picture saying that 15 years ago was the very first anti-spam conference (Spamcon*). All we have are some blurry scans of pictures and coffee mugs.
13322193_10209611310107693_488418243076278791_n.
That 550 sign belonged to the bar where the night out was held. It got bought by K & P and lived in their garden until it rotted away a few years ago. So many folks who are still active in the space, and so many folks who’ve moved on. Names I’d forgotten, faces I haven’t.
Many of those folks are still working in email. Some on the sending side, some on the tools and vendor side, some on the ISP side, some on the consulting side.  That conference was one of the very first times people publicly gathered to talk about spam. There were other occasions, but most were invite only with hand picked representatives of specific companies.
At that first Spamcon I was freshly laid off from MAPS (now Trend Micro). I was considering what next. The thing is, I really liked the work I was doing. MAPS had me leading a team to provide abuse desk as an outsourced service. We had a very large network provider as a customer and we were handling all the mail that came into abuse@ there. It was a challenge, I was creating processes and documenting policy, trying to do more with less and managing my first team ever.
Much of what I do now, here, grew out of that position. It was clear even then there was a need for someone who could help navigate the challenges of email.
In the same thread another person posted pictures from a social night in DC during the FTC Spam Forum. More folks, some I have lost touch with and some who are still friends and colleagues.
We were so young. All of us.
This is yet another form of community that email created. Some of it was built over email, but a lot of it happened on USENET and IRC and local meetups. There were so many ways we built community using plain text and dialup. The technology has changed, and that community from a dozen years ago has changed but it’s still all the same deep down inside.
SpamconMugs
 
(* If, at any point, you see me type Spamconk instead of Spamcon please blame autocorrect. It’s being difficult and even tries to correct it when I go back and edit sentences.)

Read More

Can we put the FREE!!! Myth to bed?

Really. Single words in the subject line don’t hurt your delivery, despite many, many, many blog posts out there saying they do. Filters just don’t work that way. They maybe, sorta, kinda used to, but we’ve gotten way past that now.
In fact, I can prove it. Recently I received an email from Blizzard. The subject line:
Laura — Last Chance to Claim Your FREE Copy of Warlords of Draenor — Including Level 90 Boost! Offer Expires Monday! Last Chance to Claim Your FREE Copy of Warlords of Draenor — Including Level 90 Boost! Offer Ends Monday!
We have an email with

Read More

Necessary but not sufficient

TechnicalTwitterConversation
With all the emphasis on getting the technical right, there seem to be people who think their mail will be delivered as long as the technical is right.
Getting the technical right is necessary for good inbox delivery, but it’s not sufficient.
The most important part of getting mail to the inbox is sending mail users want. In fact, if you’re sending mail folks want, interact with and enjoy then you can get away with sloppy technical bits. Look, major players (eBay and Intuit) have invalid SPF records, but we’re all still getting mail from them.
There are also a lot of folks who are doing everything technically perfectly, but their mail is still going to bulk. Why? Because their recipients don’t want their mail.
Permission is still the key to getting mail to the inbox. In fact, permission is more important than getting all the technical bits right. If you have permission you can play a little fast and loose with the technical stuff. If you have the technical stuff right you still need permission.
 
 

Read More

More on ARC

ARC – Authenticated Received Chain – is a way for email forwarders to mitigate the problems caused by users sending mail from domains with DMARC p=reject.
It allows a forwarder to record the DKIM authentication as they receive a mail, then “tunnel” that authentication on to the final recipient. If the final recipient trusts the forwarder, then they can also trust the tunneled DKIM authentication, and allow the mail to be delivered despite the DMARC p=reject published by the sending domain.
The specification and interoperability testing are progressing nicely and it’s definitely going to be useful for discussion list operators and vanity forwarders soon. It’s not something that’s as likely to help ESPs targeting small organizations and individuals, so all y’all shouldn’t be holding your breath for that.
There’s a more information about it at arc-spec.org and they’ve just published a great presentation with a technical overview of how it works:

Read More

Why care about email?

I got my first email address in the very late 80s. I was an intern at a government agency. I learned a lot there: how to sequence DNA, how to handle radioactive material, how to handle human pathogens, and how to send email. I got my first non-work non-school address in the mid-90s. One of the first things I did was join some mailing lists.
One of them was a list for folks who had pet rabbits. I met a lot of people there, both online and in person. As with many people we meet through a shared interest as our interest wanes the relationships change. Some relationships were maintained, but some of us lost touch with one another. Moves, job changes, email address changes, they all affect our ability to maintain relationships online. I kept in touch with some, one was the maid of honor at my wedding and a few years ago I was the maid of honor at hers. I lost track of others.
 

Read More

I cannot feel the Bern.

On a lark (and to do my best to stay as informed as possible via primary sources) I decided to sign up for the official mailing lists of the Trump, Clinton, and Sanders campaigns.
Both Trump and Clinton were happy to take my email address and add it to their distribution lists, no confirmation required. Not terribly surprising, since they need to make it as easy as possible to get their messages out to anyone who will listen.
On to the Sanders campaign.
I… couldn’t figure out how to subscribe to Sanders’ mailing list.
I feel I must have missed something obvious. I’m certainly not saying that I’m a super-genius or anything… but, at the same time, if I can’t figure out how to get your mail, then it might just be that others are having similar problems.
The first obvious place to sign up for updates was the big blue “This is your movement” box. That route requires a donation to proceed. Back to the main page.
The next option would sign me up for mobile alerts. No thanks.
All the way at the bottom of the page, a final big blue box asks, “Are you ready?” Somewhat beyond ready, I entered my information, clicked “Join us” and held my breath.
I Cannot Feel the Bern
The “Form submission limit reached” error is likely indicative of the use of outsourced product or service being used to collect and manage contact information on behalf of the campaign. My actually seeing this error is indicative of insufficient testing of the site by the campaign.
I’m sure the developer promised a bulletproof site, and it seems the campaign took this on faith. But at least one thing fell through cracks, resulting in the campaign not just losing an avenue of communication with someone who has self-selected as interested, but also potentially diminishing that person’s opinion of how the campaign manages the finer points, and wondering how that ultimately reflects on the candidate. Ultimately, it doesn’t matter whether or not the campaign developed the site themselves or hired someone else to do it on their behalf. All that matters is that they put their name on it, and let it speak for their brand.
Campaigning is sales. Whether you’re selling a candidate or a stock portfolio or a hand-made product, when you invite your audience to interact with you online, they must find the experience to have been worth their time, otherwise they’re unlikely to take you up on any future invitations. In business, as in politics, there’s a lot on the line, communication is vital, and mastering digital interaction with the public is no longer optional.
And while I was writing this post, I started receiving mail from the Sanders’ campaign. So I guess I could subscribe after all.

Read More

Back from Vegas

Had a wonderful time at the Email Innovations conference last week. Got a chance to see some familiar faces and meet a lot of new ones.
There is so much new and interesting and exciting stuff going on in the world of email. I think we’re hitting another period for real growth and innovation that’s going to change what we see in our inboxes and how we use email.
 

Read More

Ask Laura: What about Transactional Opt-Outs?

AskLaura_Heading3
Dear Laura,
We are having a bit of an internal struggle on our end as we launch our new quarterly account summaries. What are your views on including an unsubscribe link in these emails?
My personal opinion is that we should. Although the summaries can be classified as “transactional”, they are not tied to a specific recent transaction a customer made and can be viewed as a general reminder to shop again. As I gathered data to present my case, I reviewed several different account summaries and I found it split close to 50/50. Do you have any data or thoughts to support one way or another?
Thanks,
Summary Judgement

Read More

SHOUTY CAPS!!!

Terminal_2__cat__80x32_
Over at Meh Glenn Fleishman has put together a fascinating two-parter on the history of using ALL CAPS for emphasis. And SHOUTING.

Read More

Google drops obsolete crypto

Google is disabling support for email sent using version 3 of SSL or using the RC4 cypher.
They’re both very old – SSLv3 was obsoleted by TLS1.0 in 1999, and RC4 is nearly thirty years old and while it’s aged better than some cyphers there are multiple attacks against it and it’s been replaced with more recent cyphers almost everywhere.
Google has more to say about it on their security blog and if you’re developing software you should definitely pay attention to the requirements there: TLS1.2, SNI, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, DNS alternate names with wildcards.
For everyone else, make sure that you’ve applied any patches your vendor has available well before the cutoff date of June 16th.

Read More
Categories
Tags