Anti-Spammers
Why Deliverability Matters to Me
Welcome to deliverability week. I want to especially thank Al for doing a lot of work behind the scenes herding this group of cats. He’s an invaluable asset to the community.
Read MoreThe Blighty Flag
Back in the dark ages (the late ’90s) most people used dialup to connect to the internet. Those people who had broadband could run all sorts of services off them, including websites and mail servers and such. We had a cable modem for a while handling mail for blighty.com.
At that time blighty.com had an actual website. This site hosted some of the very first online tools for fighting abuse and tracking spam. At the same time, both of us were fairly active on USENET and in other anti-spam fora. This meant there were more than a few spammers who went out of their way to make our lives difficult. Sometimes by filing false complaints, other times by actually causing problems through the website.
At one point, they managed to get a complaint to our cable provider and we were shut off. Steve contacted their postmaster, someone we knew and who knew us, who realized the complaint was bogus and got us turned back on. Postmaster also said he was flagging our account with “the blighty flag” that meant he had to review the account before it would be turned off in the future.
I keep imagining the blighty flag looking like this in somebody’s database.
That is to say, sometimes folks disable accounts they really shouldn’t be disabling. Say, for instance:
This was an accident by a twitter employee, according to a post by @TwitterGov
June 2016: The Month in Email
We’re officially halfway through 2016, and looking forward to a slightly less hectic month around here. I hope you’re enjoying your summer (or winter, for those of you in the Southern Hemisphere).
Typo traps
People make all sorts of claims about typo traps. One claim that showed up recently was that Spamhaus has just started using typo traps. I asked my Facebook network when people started using typos to detect incoming spam.
Two different colleagues mentioned using typos, both on the left hand side and the right hand side, back in ’98 and ’99.
The point is, typo traps are absolutely nothing new. They are, in fact, as old as spam filtering itself. And as one of trap maintainers remind me, not all of them even look like typos. It’s not as simple as hotmial.com or gmial.com.
I really think that focusing on traps is paying attention to the wrong thing.
The traps are not the issue. The underlying issue is that people are signing up addresses that don’t belong to them. Sometimes those are addresses that are spamtraps. Sometimes those are simply addresses that belong to someone else. Those addresses don’t belong to customers, they belong to random people who may never have heard of the sender. Sending mail to those people is sending spam.
Just trying to remove traps from your address lists isn’t going to solve the underlying problem. Instead, focus on improving your data process to keep from sending mail to random strangers.
Don't unsubscribe from spam!!
Having been around the email and anti-spam industry for a while, I’ve just about seen and heard it all. In fact, sometimes I’ve been around for the beginning of the myth.
One myth that seems to never actually go away is “unsubscribing just confirms you’re a real address and your address will get sold and your spam load will explode.” This is related but orthogonal to “spammers harvest addresses out of unsubscribe forms.” The reality is that both of these things used to be true. Unsubscribing would confirm your email address and increase your spam load. Spammers would harvest addresses out of unsubscribe forms.
But neither of these things have really been true for the last decade.
I have had clients over the years that are spammers. Some of the are names that you probably would recognize. Some of them are companies we could probably all agree are spammers. Some of them are buying addresses from companies that are spammers. Some of them are companies that have a good mailing program here and then hire snowshoers over there. Sometimes they come to me claiming to be real mailers “with minor delivery problems.” Sometimes they come to me saying that a blocklist has recommended they talk to me about repairing their processes. Sometimes they even actually want to fix things. Sometimes they’re just looking to say that I’ve given them a clean bill of health (which is not something I do).
What that means is that I have lots of addresses on lots of spammer lists. Not just the ones they’ve found, but ones I’ve used to test their systems. I use tagged or disposable addresses for everything. Some of my disposable accounts are only marginally connected to me as I want to see what senders really do for their subscribers rather than what they want me to think they do. The ones I add to their system I use to test their subscription process as well as their unsubscription process.
I have never encountered a situation where unsubscribing one of those addresses caused a “multiplication” (to quote one anti-spammer) of my spam load.
I’ve had cases where my clients have ignored unsubscribes. I’ve had cases where my clients have decided years later to add me to their list again. I’ve had cases where they’ve been bought out and my address has been reactivated by the new owners. I’ve had cases where months or even years of 5xx responses was ignored. I’ve seen just about every bad bit of behavior on behalf of spammers. But I’ve never actually had unsubscribing increase my spam load.
It doesn’t matter how often people demonstrate unsubscribing doesn’t result in more spam in the current email ecosystem. (Ken Magill 2013, NYTimes 2011, dayah.com 2009). It doesn’t matter that many mailers treat “this is spam” button hits the same way they handle unsubscribe requests. The myth still persists.
Are you sure? Part 2
There was a bit of discussion about yesterday’s blog post over on my G+ circles. One person was telling me that “did you forget you opted-in?” was a perfectly valid question. He also commented he’s had the same address for 20 years and that he does, sometimes forget he opted in to mail years ago.
As an anti-spammer with the idea that it’s all about consent, I can see his point. Anti-spammers, for years, have chanted the mantra: “it’s about consent, not content.” Which is a short, pithy way to say they don’t care what you send people, as long as the recipients themselves have asked for it.
This is the perfect bumper sticker policy. As with most bumper sticker policies, though, it’s too short to deal with the messy realities.
I’m not knocking consent. Consent is great. Every bulk mailer should only be sending mail to people who have asked or agreed to receive that mail.
But if your focus is on delivery and getting mail to the recipient’s inbox and getting the recipient to react to that mail then you can’t just fall back on consent. You have to send them mail that they expect. You have to send them mail that they like. You have to send them mail they will open, read and interact with.
If your permission based recipients are saying they forgot that they signed up for mail, that is a sign that the sender’s program is futile. These are people who, at one point or another, actually asked to receive mail from a sender, and then the mail they receive is so unremarkable that they totally forget about the sender.
Maybe that’s another reason the question “are you sure you didn’t forget you opted in” from clients bothers me so much. If I signed up and forgot that points to problems in your program, mostly that it’s totally unremarkable and your subscribers can forget.
Blocklists, delisting and extortion
As I’m sure many of you have heard by now there is a new blocklist called ‘nszones.’ This blocklist is apparently stealing data from a number of other publicly accessible blocklists, combining the data and then charging folks for delisting.
This is a scam attempting to extort money from people. The blocklist has no way to actually remove IPs from the parent zones and I’m pretty sure they won’t even remove IPs from their own zones. In this case, the blocklist is clearly a scam, but there are other lists that are actually used by some mailservers that do charge for removal.
No legitimate blocklist will ever expect a listee to pay for delisting. Ever.
I feel very strongly about this. In fact, one of the major blocklists is run off a domain owned by Word to the Wise. Occasionally, I get contacted by folks looking for help with a listing on that list and I will not take them on as a client. I will provide general advice and make sure that they are correctly contacting the blocklist but nothing more.
This is, to my mind, the only ethical thing to do. I don’t even want a hint of impropriety surrounding either myself or the blocklist. Charging money for delisting only feeds the conspiracy theories.
Charging listees for removal (or listing listees so those charges can be a revenue source) is likely to lead to poor quality data and a blocklist that’s not terribly accurate nor effective. Furthermore, if a list operator is unethical or confrontational in their interactions with listees, they’re probably equally unprofessional in their interactions with potential list users. This results in few recipient domains actually using the list to block mail. Lists that charge are not widely used and being listed on them often does not affect email delivery in any appreciable manner.
Define "spam"
A comment came through recently from Trent asking me to define spam. It’s been a while since I’ve talked about how I define spam, so let’s look at it.
Personally, I describe spam as unsolicited bulk email. If I didn’t ask for it and it looks like bulk mail then I consider it spam. In many cases the spammers have multiple email addresses of mine so I can demonstrate the mail was sent in bulk.
In my consulting and working with clients, though, I rarely use the word spam. There are so many different definitions of spam, I have no way to know if my clients understand what I am saying, so I avoid the term as much as humanly possible. An example of some of the few definitions of spam I’ve seen used over the years.
More Gordon v. Virtumundo news
Eric Goldman reviews the appeals court decision in Gordon vs. Virtumundo.
Read More9th circuit ruling in Gordon v. Virtumundo
The 9th circuit court of appeals issued their ruling in Gordon v. Virtumundo today. The ruling was heavily in favor of Virtumundo. I have not had time to read the ruling, but both Venkat and Mickey have posts on the case and the ruling.
This is another solid blow against anti-spammers suing spammers under state laws and CAN SPAM. The problem is that many of the cases are brought by people, and lawyers, who fail to understand that just because they don’t like something doesn’t make it illegal. Spammers do a lot of bad things, but the ones you can track enough to sue are generally not breaking the law. Sadly, cases like Gordon and Mummagraphics makes it harder for ISPs to sue spammers that are actively harming the ISP and the customers.
Double opt-in, it's not what you think it is
Bill McCloskey has a post over on ClickZ about single opt-in vs. double opt-in. The post itself is generating a lot of buzz in the industry and has pages and pages of comments. I’m not going to really comment on the post, as I think much of what I would say has been covered in the comments, in posts here and in every email marketing discussion that has happened in the last 5 years.
I do want to comment on one of the comment’s however. This comment makes the assertion that “double opt-in was a term designed by spammers to make confirmed opt-in look too troublesome and problematic to use.” This is a bit of lore that is deeply, deeply established in the minds of many anti-spammers. There is a core group of activists that are completely convinced that anyone who ever uses the term double opt-in to refer to a confirmation practice is not only a spammer, but a lying scammer. They cannot imagine a world where someone might use this term while actually supporting the practice.
The problem with this belief is that it’s not true. Double opt-in was mostly used by PostmasterDirect (now part of ReturnPath) as a way to market their email addresses. PostmasterDirect actually patented a process for confirming addresses and used double opt-in as a way to distinguish themselves in the market place. It wasn’t that double opt-in was twice as hard as opt-in, it’s that their email address lists were twice as good as those other lists that you might be thinking of buying.
So, no, double opt-in is not spammer speak. It is, in fact, often the speech of a sender who is attempting to do the right thing. The fact that the sender does not know a made up history of a term does not turn them into a lying spammer. Asserting that it does says a lot more about the person making the assertion.
Language
Over on Deliverability.com Krzysztof posts about discussions going on over on the URIBL list about using “confirmed opt-in” to describe a subscription process versus using “double opt-in” to describe the same subscription process. I do not even need to read the list to know what is being said. This is a disagreement that has been going on since the first usage of “double opt-in” over 10 years ago.
To better explain the vitriol, a little history of the two terms might help.
My personal recollection and experience is that the term “confirmed opt-in” was coined by posters in the newsgroup news.admin.net-abuse.email around 1997 or 1998. There was some discussion about marketers / spammers (a lot of the posters did not distinguish between the two) trying to use the term “double opt-in” instead of “confirmed opt-in.” Many posters believed (and many still do) that this was a deliberate attempt by marketers to make the process seem overly burdensome and unworkable.
During the 2003 FTC spam hearings, Rebecca Lieb shared formal definitions for 5 different subscription types including “Confirmed opt-in” and “double opt-in”. These definitions are still up on ClickZ.