Recent Posts

October 2015: The month in email

When you spend most of your day working on email and spam issues, it starts to cross into all aspects of your life. In October, I was amused by authors who find names in spam, SMTP-related t-shirts on camping trips, and spam that makes you laugh. Maybe I need a vacation?
We were quite busy with conference presentations and client work this month, but took time to note the things that captured our attention, as always. We highlighted a few things we enjoyed reading around the web: Brian Krebs’ Reddit AMA, the results of Jan Schaumann’s survey on ethics in internet operations, and a great post on Usenet from Joe St. Sauver.
In industry news, we covered a few glitches that are worth noting, in case you missed them: Yahoo FBL confirmation emails, Google postmaster tools, Network Solutions email, and weird Lashback listings. Even though these have mostly been resolved, it’s useful to keep track of the types and frequency of these sorts of issues, as they can significantly impact your deliverability and may be useful as your clients or business stakeholders raise questions about campaign performance.
Steve contributed a few key technical posts this month, including a short post on IPv6 authentication issues, following up on the issues he outlined back in July. He also noted Gmail’s upcoming move to DMARC p=reject, which is notable for the ways they are are looking to mitigate risks with their ARC proposal. Finally, he wrote that it’s worth looking at false positives every now and then, as it can reveal interesting patterns in the ESP landscape.
Finally, a good suggestion from the best practices file: engagement through confirming user names, and a not-so-good plan for an app that’s sure to invite abuse and harassment.

Deliverability, email and lessons learned from Insight2015

Deliverability is a challenge, I think everyone who has ever tried to send bulk mail will acknowledge that. There are a lot of reasons for this. One of the big reasons is that there are bad players who spend a lot of time trying to get around filters. And a lot of these people are sending very bad mail. Phishing. Spear Phishing. Viruses. Malware.
Email is a prime vector for a lot of criminals.
A lot of deliverability discussions really gloss over the dangers, though. We don’t often think about it, because we’re not sending bad mail. But we still have to go through the same filters that ask: Is this message safe?
Security was a big deal at the recent Sparkpost / MessageSystems conference.

We have multiple measures of deliverability. Ones that we don’t even let in the door, and then we have ones that customers indicated that they don’t want to be delivered.
Read More

Insight 2015 and upcoming talks

In about an hour I will be heading down to Monterey to give a talk at the MessageSystems Insight 2015 conference.
I really wanted to go to the whole conference, as I’ve heard great things about previous ones. It just didn’t work with my schedule. I’ll be around this afternoon and tomorrow morning, though. So if you’re there, do drop by and say Hi!
If you’re not at Insight, but are interested in hearing me speak, you can join us on November 12 at the 2015 All About eMail Virtual Conference & Expo. Ken Magill will be interviewing me about email and delivery. The session is also very open to audience questions, so come with some of your own.

Truths and Myths about email deliverability

Ken Magill will be interviewing me on the Truths and Myths of Email Deliverability, November 12 at the 2015 All About eMail Virtual Conference & Expo. Ken has a bunch of questions he wants to ask me, but he’s also expecting to take a lot of questions from the audience as well.
Speaking of myths, there has been discussion lately about recycled spamtraps. Apparently, there are people who believe (believed?) that every ISP uses recycled spamtraps. When Hotmail and Gmail said recently they didn’t use recycled traps people got very upset that they believed something that was not true.
It’s a mess. There is so much about email that is like a version of telephone. One person says “hotmail uses recycled spamtraps” someone else repeats “big ISPs use recycled spamtraps” then then third person says “all ISPs use recycled spamtraps.” People try and correct this type of misinformation all the time but sometimes it’s hard to clarify.
So show up to our session and let Ken lob questions at me, lob some of your own and we can see what myths we can clear up.

Finally! Spam has a purpose

Author Julie Czerneda posted about some of her writing techniques on Jim C. Hines’ blog today. Julie is one of my favorite authors. She’s a biologist so her science writing flows well for me. Too many folks try to write biology and get little nitpicky details wrong and it can disrupt the whole book for me. I spend way too much time thinking about the actual biology and lose track of the plot.
One part of her post stood out and made me smile, though.

Weird Lashback listings

I’m seeing some reports from various ESP folks that they’re experiencing an increase in Lashback listings the last day or so. They have contacted and are working with Lashback to identify what might be going on, if anything.
I’ll update once I know more and have permission to share.

Brian Krebs answers questions

Brian Krebs did an AMA on Reddit today answering a bunch of questions people had for him. I suggest taking a browse through his answers.
A few quotes stood out for me.
Q: Why do you think organizations seem to prefer “learning these lessons the hard way”? It doesn’t seem to be an information gap, as most IT executives say security is important and most individual contributors share risks upward with specific steps that can be taken to remediate risks. Given the huge costs for some breaches, why do you think more organizations don’t take the easy, preventative approach?

Trawling through the junk folder

As a break from writing unit tests this morning I took a few minutes to go through my Mail.app junk folder, looking for false positives for mail delivered over the past six weeks.
trashcans
We don’t do any connection level rejection here, so any mail sent to me gets delivered somewhere. Anything that looks like malware gets dumped in one folder and never read, anything that scores a ridiculously high spamassassin score gets dumped in another folder and never read, mailing lists get handled specially and everything else gets delivered to Mail.app to deal with. That means that Mail.app sees less of the ridiculously obvious spam and is mostly left to do bayesian filtering, and whatever other magic Apple implemented.
There were about thirty false positives, and they were all B2C bulk advertising mail. I receive a lot of 1:1 mail, transactional mail and B2B marketing mail and there were no false positives at all for any of those.
All the false positives were authenticated with both SPF and DKIM. All of them were for marketing lists I’d signed up for while making a purchase. All of them were “greymail” – mail that I’d agreed to receive, and that was inoffensive but not compelling. While I easily spotted all of them as false positives via the from address and subject, none of them were content I’d particularly missed.
Almost all of the false positives were sent through ESPs I recognized the name of, and about 80% of them were sent through just two ESPs (though that wasn’t immediately obvious, as one of them not only uses random four character domain names, it uses several different ones – stop doing that).
If you’d asked me to name two large, legitimate ESPs from whom I recalled receiving blatant, blatant spam recently, it would be those same two ESPs. Is Mail.app is picking up on my opinions of the mail those ESPs are sending? It’s possible – details specific to a particular ESPs mail composition and delivery pipelines are details that a bayesian learning filter may well recognize as efficient tokens.

88 Miles per hour!

A lot of advertisers are really getting into this whole Back to the Future Day thing. A number of companies are compiling emails related to the phenomenon.
MailCharts
Milled
What other ads have folks seen referencing Marty and his trip back?