Recent Posts

Yahoo FBL confirmation problems

yahoo_en-US_f_p_142x37Over the last few months I’ve seen people complaining about losing the Yahoo FBL emails with verification codes. This seems to be intermittent and no one could really explain what was going on.
Dale Lopez, VP of operations for V12 group, shared that their operations group discovered that one issue with the missing verification emails has to do with the length of the From: address and a port25 default settings.
In Dale’s words:

Read More

IPv6 and authentication

I just saw a post over on the mailop mailing list where someone had been bitten by some of the IPv6 email issues I discussed a couple of months ago.
They have dual-stack smarthosts – meaning that their smarthosts have both IPv4 and IPv6 addresses, and will choose one or the other to send mail over. Some domains they send to use Office 365 and opted-in to receiving mail over IPv6, so their smarthosts decided to send that mail preferentially over IPv6.
The mail wasn’t authenticated, so it started bouncing. This is probably going to happen more and more over the next year or so as domain owners increasingly accept mail over IPv6.
If your smarthosts are dual stack, make sure that your workflow authenticates all the mail you send to avoid this sort of delivery issue.
One mistake I’ve seen several companies make is to have solid SPF authentication for all the domains they send – but not for their IPv6 address space. Check that all your SPF records include your IPv6 ranges. While you’re doing that keep in mind that having too many DNS records for SPF can cause problems, and try not too bloat the SPF records you have your customers include.

Read More

Peeple, Security and why hiding reviews doesn't matter

There’s been a lot of discussion about the Peeple app, which lets random individuals provide reviews of other people. The founders of the company seem to believe that no one is ever mean on the Internet and that all reviews are accurate. They’ve tried to assure us that no negative reviews will be published for unregistered users. They’re almost charming in their naivety, and it might be funny if this wasn’t so serious.
The app is an invitation to online abuse and harassment. And based on the public comments I’ve seen from the founders they have no idea what kind of pain their app is going to cause. They just don’t seem to have any idea of the amount of abuse that happens on the Internet. We work with and provide tools to abuse and security desks. The amount of stuff that happens as just background online is pretty bad. Even worse are the attacks that end up driving people, usually women, into hiding.
The Peeple solution to negative reviews is two fold.

Read More

#EME15 and visiting Stockholm

Last month I had the pleasure of presenting a couple talks to APSIS customers at their Email Marketing Evolved conference in Stockholm. The first talk was about deliverability and how it’s changed over the years. The second was about looking at the future of email and communicating with users online as we move forward in the digital world.
The rest of the post is going to be a bit photo heavy, so here’s a cut tag.

Read More

September 2015: The month in email

SeptemberCalendarSeptember’s big adventure was our trip to Stockholm, where I gave the keynote address at the APSIS Conference (Look for a wrapup post with beautiful photos of palaces soon!) and had lots of interesting conversations about all things email-related.
Now that we’re back, we’re working with clients as they prepare for the holiday mailing season. We wrote a post on why it’s so important to make sure you’ve optimized your deliverability strategy and resolved any open issues well in advance of your sends. Steve covered some similar territory in his post “Outrunning the Bear”. If you haven’t started planning, start now. If you need some help, give us a call.
In that post, we talked a bit about the increased volumes of both marketing and transactional email during the holiday season, and I did a followup post this week about how transactional email is defined — or not — both by practice and by law. I also wrote a bit about reputation and once again emphasized that sending mail people actually want is really the only strategy that can work in the long term.
While we were gone, I got a lot of spam, including a depressing amount of what I call “legitimate spam” — not just porn and pharmaceuticals, but legitimate companies with appalling address acquisition and sending strategies. I also wrote about spamtraps again (bookmark this post if you need more information on spamtraps, as I linked to several previous discussions we’ve had on the subject) and how we need to start viewing them as symptoms of larger list problems, not something that, once eradicated, means a list is healthy. I also posted about Jan Schaumann’s survey on internet operations, and how this relates to the larger discussions we’ve had on the power of systems administrators to manage mail (see Meri’s excellent post here<).
I wrote about privacy and tracking online and how it’s shifted over the past two decades. With marketers collecting and tracking more and more data, including personally-identifiable information (PII), the risks of organizational doxxing are significant. Moreso than ever before, marketers need to be aware of security issues. On the topic of security and cybercrime, Steve posted about two factor authentication, and how companies might consider providing incentives for customers to adopt this model.

Read More

Tumblr Confirming Usernames

Today I received an email from Tumblr asking to confirm I still wanted the username I have there. I’ve not really been using Tumblr, I contributed a few things to the now-defunct Box of Meat, but I don’t really post there much.
TumblrOptIn
I think this kind of engagement is great. Confirming user names will do a whole lot to allow Tumblr to release some claimed but unused names back into the pool. It will also actually help their deliverability and their engagement. If people do want to keep their tumblr names, then they have to click on the message. This means more clicks and better engagement and an overall reputation boost for Tumblr mail.

Read More

Transactional mail

0820ChalkboardThere are a lot of myths in the email space. Things that someone, somewhere said and another person repeated and then another person repeated and all of a sudden it is TRUTH. One of those things is the idea that there is a law defining what can be in a transactional email. Supposedly this law says that 80% of the message must be transactional content while 20% of the mail can be promotional content.
This isn’t really a law. I was even going to say it’s kinda a good idea, but then I stared thinking about it. It doesn’t even really make sense. 80% of what? Size? Space? Bytes? Layout? Do headers count in the 80% or just what’s visible? Does the HTML code count? What makes for “new” content?
Adding promotional content to receipts is great for conversions. It’s a great way to get someone to opt-in to mail. It’s a great way to upsell. It’s great for engagement; that makes it good for deliverability. Senders should include some level of promotional mail in receipts whenever possible.
There are some guidelines I suggest when looking at transactional mail.

Read More

Privacy and being online

I have an email address that’s old enough to drink. It came to me today when I was discussing data hygiene. I mean, I have an email address that is old enough to drink! And it wasn’t even my first email address, it’s just the one I still have access to.
This realization led me down a path of what things have changed since I got that address.
I remember …DataSecurity_Illustration
… when things posted on the Internet weren’t around forever.
… when Google bought DejaNews and made USENET archives more available.

Read More

Spammers, eh?

SpamBoxI’m back from a fun and successful trip to the APSIS Email Marketing Evolved conference. Of course, this means I’m digging out my mailboxes and going through mail I’ve ignored for the past week. It’s amazing how the spam builds up when I’m not tending to it every day.

Read More

Two factor authentication

The drumbeat of “secure your accounts; help your customers secure their accounts with you” advice has faded away a bit, probably because we’ve not had a major ESP account compromise hit the media in the past few months.
The costs – customer support, security, reputation, executive focus – of customer account compromises are still significant, anything you can easily do to mitigate that in advance is still a good idea.
If two factor authentication isn’t available as an option on your platform, talk to your developers about getting it on their roadmap. If it is an option, maybe use it as a hook to hang a promotion on?
mailchimp2fa
Good idea, Freddie!

Read More
Categories
Tags