AOL

Yahoo having problems

Yahoo seems to be having some massive system issues the last 24 hours or so. DNS has been down, mail was down. I’m seeing reports things are coming back now, but there’s a lot of backed up mail traffic and the congestion may take a few hours to resolve.

Dead addresses tell us things

There was confirmation this week that the increase in “user unknown” messages from Yahoo is actually Yahoo cleaning out abandoned accounts. At the same time a Yahoo is sending out notifications to folks to log into mail.

Email news today

Ironport have rolled out an update to their rule engine which has a bug causing mail problems. According to discussion on the mailop list, the new rule engine is folding the header with a line feed (LF) rather than a carriage return (CRLF). This is breaking things, including DKIM signatures. Ironport is aware of the issue. I expect an updated rollout shortly.

Verizon Media Postmaster Site

Marcel brought up in the comments that Verizon Media has a postmaster site. https://postmaster.verizonmedia.com/

This is pretty clear evidence that AOL accounts are being transferred to the Oath / Verizon Media / Yahoo backend.

Whitelisting is dead

A decade or so ago I was offering whitelisting services to clients. It was pretty simple. I’d collect a bunch of information and do an audit on the customer’s sending. They’d get a report back identifying any issues that would limit their chances at acceptance. Then I’d go and fill in the forms on behalf of the client. Simple enough work, and it made clients feel better knowing their mail was whitelisted at the various ISPs.
When email filters were less complex and more binary, whitelists were a great way for receivers to identify which senders were willing to stand up and be held accountable for their mail. Over time, whitelists became much less useful. Filtering technology progressed. Manual whitelisting wasn’t necessary for ISPs to sort out good mail from bad.
The era of whitelisting is over.
In fact, three of the major whitelist providing ISPs were AOL, Yahoo, and Verizon; all three are now a part of OATH. The Verizon whitelist page now redirects to postmaster.aol.com. New requests to signup for the AOL whitelist are rejected with the message that AOL whitelisting is no longer available or necessary. Yahoo has a “new IP review” form rather than a whitelisting form.
Whitelisting is dead.
Even the various certification and whitelisting services have mostly gone away. Both Habeas and Goodmail failed to achieve a profitable exit event. Of course, Return Path is still around, but they have built a platform of tools and services unrelated to whitelisting or certification.
Now senders are going to have to focus on sending mail that people ask for and want in order to make it to the inbox.

OATH and Microsoft updates

I’ve seen multiple people asking questions about what’s going to happen with the Yahoo and AOL FBLs after the transition to the new Oath infrastructure. The most current information we have says that the AOL FBL (IP based) is going away. This FBL is handled by the AOL infrastructure. As AOL users are moved to the new infrastructure any complaints based on their actions will come through the Yahoo complaint feedback loop (CFL). The Yahoo CFL is domain based. Anyone who has not signed up for the Yahoo CFL should do so.
When registering you will need each domain and the selectors you’re planning on using. Yahoo will send an email with a confirmation link that needs to be clicked on within a short period of time in order to activate the FBL.
Microsoft’s SNDS program had an outage at the end of last week. That’s been fixed, but the missing data will not be back populated into the system. This has happened a couple times in the past. It seems the system gets a live feed of data. If, for some reason, the data is interrupted, then it’s gone and doesn’t get populated.

What kind of mail do filters target?

All to often we think of filters as a linear scale. There’s blocking on one end, and there’s an inbox on the other. Every email falls somewhere on that line.
Makes sense, right? Bad mail is blocked, good mail goes to the inbox. The bulk folder exists for mail that’s not bad enough to block, but isn’t good enough to go to the inbox.
Once we get to that model, we can think of filters as just different tolerances for what is bad and good. Using the same model, we can see aggressive filters block more mail and send more mail to bulk, while letting less into the inbox. There are also permissive filters that block very little mail and send most mail to the inbox.
That’s a somewhat useful model, but it doesn’t really capture the full complexity of filters. There isn’t just good mail and bad mail. Mail isn’t simply solicited or unsolicited. Filters take into account any number of factors before deciding what to do with mail.

AOL Postmaster page changes

AOL has disabled the IP reputation check and the rDNS lookup on their postmaster pages. Given AOL isn’t handling the first mail hop any longer, this makes perfect sense. They simply don’t have the kind of data they did when they were handling mail directly from the sender MTA.
There’s no information, yet, on whether or not that functionality will be added / replicated over at Yahoo.

More on AOL transition to Oath Infrastructure

AOL posted on their blog today about changes to DMARC reporting and FBL messages as they continue to transition domains to the OATH infrastructure. As AOL domains go to the new infrastructure, DMARC reports for those domains will be included in the existing Yahoo DMARC reports.
After the MX migration is done, they’ll start migrating the actual user mailboxes. Right now, FBL messages for AOL properties are coming from AOL and will continue to do so until the actual mailbox is transitioned to the new infrastructure. Once the mailbox is transitioned, then any FBL emails from that address will come from the Yahoo infrastructure. The blog post at AOL suggests signing up for both AOL and Yahoo FBLs during this transition phase.
It does bring up an interesting question as to whether or not the combined FBL is going to be IP based, DKIM based or a mix of both. It sounds like at least during some part of the consolidation there will be a DKIM only FBL. It could be that there will be some expansion to an IP system in the future. Or, it could be that all FBLs from AOL addresses will be based on DKIM domain.

AOL MX Change update

The AOL postmaster team posted some information about the upcoming MX transition on their blog.

AOL Changes

We’ve known for a while that AOL email infrastructure is going to be merging with Yahoo’s, but apparently it’s happening sooner than anyone expected.
The MXes for aol.com will be migrated to Yahoo infrastructure around February 1st. Reading between the lines I expect that this isn’t a flag day, and much of the rest of the AOL email infrastructure will be in use for a while yet, but primary delivery decisions will be made on Yahoo infrastructure.
The AOL and Yahoo postmaster teams are pretty smart so I assume they’ll have made sure that their reputation data is consistent, and be doing everything else they can do to make the migration as painless as possible. But it’s a major change affecting a lot of email, and I wouldn’t be surprised to see some bumpiness.
If you’ve done anything … unwise … with delivery to AOL addresses, such as hard-wiring MXes for delivery to aol.com, you should probably look at undoing that in the next week or so. I’m guessing the changeover will happen at the DNS level, so if you’ve nailed down delivery IPs for aol.com you might end up trying – and probably failing – to deliver to the old AOL infrastructure.

Happy 2018

This is the time of year when everyone starts posting their predictions for the coming year. Despite over a decade of blogging and close to 2500 blog posts, I have’t consistently written prediction articles here. Many years I don’t see big changes on the horizon, so there’s not a lot to comment on. Incremental changes are status quo, nothing earth shattering there. But I’ve been thinking about what might be on the horizon in 2018 and how that will affect email marketing.

Final migration of Verizon email addresses to AOL

AOL were kind enough to share some details about the shutdown of the Verizon mail system and the migration of @verizon.net email address to the AOL mail service:

AOL accidentally hard bounces valid mail

Last night (Mar 29, 2017) between about 8pm Eastern and 9:30pm Eastern AOL suffered a technical issue. Every email sent to them received a “Recipient address rejected” reply. One example of the error message:
Mar 29 20:45:12 p2-lvmail11 lsb1-99-208-250/smtp[22251]: A88DFC2DBE9: to=<redacted@aol.com>, relay=mailin-01.mx.aol.com[64. 12.91.195]:25, delay=0.18, delays=0.01/0/0.14/0.03, dsn=5.1.1, status=bounced (host mailin-01.mx.aol.com[64.12.91. 195] said: 550 5.1.1 <redacted@aol.com>: Recipient address rejected: aol.com (in reply to RCPT TO command))
The issue was brought to AOLs attention and things were fixed rapidly after that. An AOL representative has stated that these were invalid replies and that addresses do not need to be removed from future emails.
Most of the ESPs are aware of this and are working to restore any bounced addresses to their users. At some places this requires manual intervention, so it’s taking some time to get all the addresses restored.
This is one of the reasons that our best bounce handling recommendations are not to remove an address for a single bounce – sometimes the ISPs have technical problems. Like the time a routing failure meant a major ISPs MX machines couldn’t reach their authentication servers to get the list of active users. Or the time all an ISPs MXs were removed from DNS. A lot of the internet is still managed manually, and despite extensive safeguards put in place bad things can, and do, still happen. Usually these problems are resolved quickly and mail starts flowing again.
Morning advice: Do not deactivate addresses that bounced at AOL last night.

Changes to AOL FBL

In a blog post today, AOL announced they are changing the from address on their FBL emails from scomp@aol.net to fbl-no-reply at postmaster.aol.com. This change will take place on January 16th, 2017.

While this may seem a minor change to announce so far in advance, it’s really not. Because AOL was the first FBL, there are many tool chains that have been kludged together to handle the messages. Many of these tool chains rely on “scomp” in the header to work.
This is as good a time as any to review your current FBL handling code. Are you handling FBL messages correctly? Is there anywhere in your code that does things based on scomp being in the header?
Actually, it’s a good time to take a step back and think about FBLs in general and what you should be doing with the mail. These aren’t just complaints, they are direct feedback from your recipients. Sure, they just have to hit a button, but it’s still feedback.
Do you listen to that feedback or just unsubscribe folks?
Do you pay attention to which campaigns, mailings and offers trigger higher levels of FBLs?
Do changes in FBL rates factor into your marketing strategy at all? Why not?
Do you even know what happens when a FBL email arrives at your sever? Are you sure?
All of these are useful questions to ask at any time. But now that some folks are having to touch the FBL code, maybe it’s a time to develop a strategy for FBL processing. Use that data to inform and improve your marketing.

Changes coming to Verizon email

Last year Verizon bought AOL. As part of that merger some @verizon.net email is being migrated to the AOL backend. FAQs published by Verizon say this change is only affecting users in FL, TX and CA. Users will still have @verizon.net addresses but the backend and filtering will be managed by AOL.
This shouldn’t have a huge impact on commercial senders. However, one thing I did notice while reading through the FAQ is this:

AOL broken (again)

I am, apparently, still one of the top hits when you Google for AOL. When things break at AOL, this means I get lots of contacts, comments and even phone calls from people looking for help.
I’m really not AOL support. (Really. I’m not. If you’re an AOL user I can’t help you log into your account. Please don’t call. Please don’t ask. Contact AOL directly.)
BUT! So many AOL users thinking I am means I learn about AOL problems fairly early in the cycle. As of this morning I’m getting a lot of reports that AOL is broken. I tried logging into my account and got the following:

On the delivery end mail is still being accepted. I can send mail to that particular account, even though I can’t log into it. But, senders may see lower engagement from AOL users until the issue is resolved.

July 2015: The Month in Email

Once again, we reviewed some of the ways brands are trying (or might try) to improve engagement with customers. LinkedIn, who frequently top lists of unwanted-but-legitimate email, announced that they’ll be sending less mail. Josh wrote about giving subscribers options for both the type and frequency of messages, and about setting expectations for new subscribers. In each case, it’s about respecting that customers really want to engage with brands in the email channel, but don’t want the permission they’ve granted to be abused. I also wrote a brief post following up on our June discussion on purchased lists, and as you’d predict, I continue to discourage companies from mailing to these recipients.

New AOL Postmaster Pages

AOL has updated their Postmaster pages with a new design and new resources for senders who are sending to AOL. If you are sending to AOL, use the updated site to sign up for the feedback loop, request whitelisting, open a trouble ticket, or learn about the AOL error codes and bulk sending best practices.
AOL Postmaster Pages

AOL starts using Sender Score Certification

Good news for Sender Score Certified IPs. Return Path recently announced that AOL has joined the list of ISPs offering preferential treatment to certified IPs.

Where's AOL?

I hear almost nothing about AOL from clients and potential clients these days. I hear a lot from AOL users who are confused and don’t understand that I am not AOL support (I’m not. Really. I can’t help you.). But I hear almost nothing from clients.
There are three possibilities I can think of for this.

Mythbusting deliverability and engagement

Yesterday I published an article talking about an engagement webinar hosted by the EEC and DMA. I made a couple predictions about what would be said.

Email predictions for 2015

Welcome to a whole new year. It seems the changing of the year brings out people predicting what they think will happen in the coming year. It’s something I’ve indulged in a couple times over my years of blogging, but email is a generally stable technology and it’s kind of boring to predict a new interface or a minor tweak to filters. Of course, many bloggers will go way out on a limb and predict the death of email, but I think that’s been way over done.

Even major technical advancements, like authentication protocols and the rise of IPv6, are not usually sudden. They’re discussed and refined through the IETF process. While some of these changes may seem “all of a sudden” to some end users, they’re usually the result of years of work from dedicated volunteers. The internet really doesn’t do flag days.
One major change in 2014, that had significant implications for email as a whole, was a free mail provider abruptly publishing a DMARC p=reject policy. This caused a lot of issues for some small business senders and for many individual users. Mailing list maintainers are still dealing with some of the fallout, and there are ongoing discussions about how best to mitigate the problems DMARC causes non-commercial email.
Still, DMARC as a protocol has been in development for a few years. A number of large brands and commercial organizations were publishing p=reject policies. The big mail providers were implementing DMARC checking, and rejection, on their inbound mail. In fact, this rollout is one of the reasons that the publishing of p=reject was a problem. With the flip of a switch, mail that was once deliverable became undeliverable.
Looking back through any of the 2014 predictions, I don’t think anyone predicted that two major mailbox providers would implement p=reject policies, causing widespread delivery failures across the Internet. I certainly wouldn’t have predicted it, all of my discussions with people about DMARC centered around business using DMARC to protect their brand. No one mentioned ISPs using it to force their customers away from 3rd party services and discussion lists.
I think the only constant in the world of email is change, and most of the time that change isn’t that massive or sudden, 2014 and the DMARC upheaval notwithstanding.
But, still, I have some thoughts on what might happen in the coming year. Mostly more of the same as we’ve seen over the last few years. But there are a couple areas I think we’ll see some progress made.

A new way of reading email

Fastcompany reports that AOL has a new webmail client “Alto” that changes how email is read and received.

How useful are feedback loops

Things are extremely busy here and blogging is going to be light for a few weeks. I’ll be reposting some older blog posts that are still relevant for today’s email senders.
Today’s post is a repost from November 2008. I look at the whys and hows of FBLs, address some of the objections people had to them and discuss how senders should deal with FBL mail.
There has been a very long, ongoing discussion on one of my mailing lists about whether or not feedback loops are a net good or a net harm. I believe, overall, they are a net good, but there are people who believe they are not. The biggest objection is that the lawyer mandated redaction of the To: address combined with the fact that some users use the “this is spam” button to delete unwanted email, makes it difficult for some FBL recipients to sort out the real issues from the cruft.
Redaction can be a problem for some senders, particularly for the small mailing list hosted as a hobby or contribution to the community. In order to effectively deal with FBL emails, a sender needs to have tools on the email sending side and on the FBL receiving side. This is often more overhead than the volunteer list maintainer wants to handle. Unfortunately, these senders are a minority and therefore their issues are often not addressed by the ISPs.
Some of the objections and complaints about “broken” or “useless” FBLs come from people who do not really have any history for the FBLs, where they are, what they were designed for and who their target audience is. A bit of history may help explain why things are how they are.
The First FBL
The “this is spam” button evolved from the “notify AOL” button. This button was a way email recipients could notify AOL staff about any number of problems, including threats, viruses and other unwanted emails. As time went on, this was changed to “this is spam” to encourage users to report more spam so the AOL would have the data to make delivery decisions. Eventually, AOL made the decision to share that data with some senders and ISPs. The lawyers made the decision to redact the “To:” address, but not make any other changes to the message because they believe they should not be sharing subscriber email addresses with third parties. As some people correctly point out, the lawyers are not interested in hearing from non lawyers about changing this. It is possible that another lawyer may be able to put together a position paper and convince them this stance is overly cautious. I am pretty sure, though, that no one without a legal degree will be given any audience from them.
Given the success of the AOL FBL and the demand from both ESPs and ISPs for FBLs, other ISPs started offering FBLs as well. Many of them also redacted the To: address, either just following AOL’s lead or under advice of their own counsel.
That means, as senders, we are in a situation where we really cannot make the ISPs change what they’re doing. We can either adapt our own mailing practices to cope with them or we can forego the data provided by the FBL. One of the challenges in choosing to shun the whitelist at AOL that in order to qualify for whitelisting, you have to accept a FBL. For ISPs, who want to whitelist their outgoing MTAs, but have customers sending mail, maybe running small mailing lists, or who are forwarding mail to their ISP account, this can be a problem. However, any ISP needs some sort of abuse desk automation, and this automation should be able to handle FBLs. This can also be a problem for small ESPs or companies doing in-house email marketing. They buy something off the shelf to handle mail (or install mailman) that does not do VERP or otherwise enter the specific address in the email. When faced with a redacted email they cannot do anything with the complaint.
What does the FBL email tell the FBL recipient?
This really depends on what role the FBL recipient plays in the mail transport system. Bandwidth and network service providers use the FBL as an aggregate tool. They really only deal with FBL complaints if there is a change in complaint volume about an IP, they don’t treat each complaint as a valuable source of information. Typically what happens is that an ISP abuse desk notices a spike in complaints. After investigation, they may discover that a customer machine is compromised. They then notify the customer, the customer patches or disconnects the machine and the problem is fixed.
ESPs tend treat the FBL as an unsubscribe mechanism as well as a way to monitor customers. A few FBL complaints are not necessarily a sign that the sender is spamming, but once a threshold is reached the ESP delivery / abuse team addresses the issue. Spammers can get FBLs and often use them as a way to clean lists of complainants. Some really dirty spammers even suppress those complainants from all their lists.
Is a FBL useful?
This is really something that someone else cannot tell you. Some companies find FBLs to be extremely useful, even after they have had to make investments in software (either off the shelf like our Abacus software, or something custom written internally) to send mail that will survive the FBL redaction process and to handle the actual FBL email. Some companies find the FBLs to be more trouble than they are worth. The question, however, is really one only the sender can answer.
Overall, I think FBLs are more helpful than they are harmful. They do require investment on both sides of the transaction, but does encourage senders and receivers to cooperate with one another.

The more things change

I was doing some research about the evolution of the this-is-spam button for a blog article. In the middle of it, I found an old NY Times report about spam from 2003.

DMARC and organizations

Comcast recently published a statement on DMARC over on their postmaster page. The short version is that Comcast is publishing a DMARC record, but has no current intentions to publish a p=reject policy for Comcast user email. Comcast will be publishing a p=reject for some of their domains that they use exclusively to communicate with customers, like billing notices and security notices.
Comcast does point out that Yahoo! and AOL’s usage of p=reject is “not common usage.”
This is something a lot of people have been arguing loudly about on various mail operations lists and network lists. DMARC is about organizational identity. In fact, I was contacted about my DMARC primer and told that I didn’t mention that it’s not about domains, it’s about organizations.
The way I read the DMARC spec, it is all about organizational identity. The underlying theme being that the domain name is linked to a particular organization and everyone using email at that domain has some official relationship with that organization. I’ve always read the spec mentally replacing organization with corporate brand. This was for brands and organizations that strictly control how their domains are used, who can use those domains and how the mail is sent with those domains.
I never expected any mailbox provider or commercial ISP to publish a p=reject message as it would just break way too much of the way customers use email. And it did break a lot of legitimate and end user uses of email. Many organizations have had to scramble to update mailing list software to avoid bouncing users off the lists. Some of these upgrades have broken mailbox filters, forcing endusers to change how they manage their mailboxes.
Even organizations see challenges with a p=reject message and can have legitimate mail blocked. At M³AAWG 30 in San Francisco I was talking with some folks who have been actively deploying DMARC for organizations. From my point of view anyone who wants to publish a DMARC p=reject should spend at least 6 months monitoring DMARC failures to identify legitimate sources of email. The person I was talking to said he recommends a minimum of 12 months.
This is just an example of how difficult it is to capture all the legitimate sources of emails from a domain and effectively authenticate that mail. For a mailbox provider, I think it’s nearly impossible to capture all the legitimate uses of email and authenticate them.
It remains to be seen if the other mailbox providers imitate Yahoo! and AOL or if they push back against the use of DMARC reject policies at mailbox providers. Whatever the outcome, this is a significant shift in how email is used. And we’re all going to have to deal with the fallout of that.

AOL admits to security breach

According to Reuters AOL has admitted there was a breach of their network security that compromised 2% of their accounts. Users are being told to reset their passwords, and security questions.
AOL started investigating the attack after users started reporting an uptick in spam from aol.com addresses. This spam was using @aol.com addresses to send mail to addresses in that user’s address book.
According to the AOL mail team, they are still investigating the attack, but they do not believe financial information was compromised. Their statement reads in part:

AOL publishes a p=reject DMARC record

Yesterday I mentioned that there were reports of a compromise at AOL. While the details are hazy, what has been reported is that people’s address books were stolen. The reports suggest lots of people are getting mail from AOL addresses that they have received mail from in the past, but that mail is coming from non AOL servers. In an apparent effort to address this, AOL announced today they have published a p=reject DMARC record.
I expect this also means that AOL is now checking and listening to DMARC records on the inbound. During the discussions of who was checking DMARC during the Yahoo discussion, AOL was not one of the ISPs respecting DMARC policy statements. I’m not surprised. As more information started coming out about this compromise, I figured that the folks attacking Yahoo had moved on to AOL and that AOL’s response would be similar to Yahoo’s.
My prediction is that the attackers will be trying to get into Outlook.com and Gmail, and when they do, those ISPs will follow suit in publishing p=reject messages. For those of you wondering what DMARC is about, you can check out my DMARC primer.

AOL compromise

Lots of reports today of a security problem at AOL where accounts are sending spam, or are being spoofed in spam runs or something. Details are hazy, but there seems to be quite a bit of noise surrounding this incident. AOL hasn’t provided any information as of yet as to what is going on.

AOL problems

Lots of people are reporting ongoing (RTR:GE) messages from AOL today. This indicates the AOL mail servers are having problems and can’t accept mail. This has nothing to do with spam, filtering or malicious email. This is simply their servers aren’t functioning as well as they should be and so AOL can’t accept all the mail thrown at them. These types of blocks resolve themselves.
Update Feb 8, 2016: AOL users are having problems logging in. Word to the Wise cannot help you. Please do not contact us for help. Contact AOL directly.

ISPs speak at M3AAWG

Last week at M3AAWG representatives from AOL, Yahoo, Gmail and Outlook spoke about their anti-spam technologies and what the organizations were looking for in email.
This session was question and answers, with the moderator asking the majority of the questions. These answers are paraphrased from my notes or the MAAWG twitter stream from the session.
What are your biggest frustrations?
AOL: When senders complain they can’t get mail in and we go look at their stats and complaints are high. Users just don’t love that mail. If complaints are high look at what you may have done differently, content does have an effect on complaints.
Outlook: When we tightened down filters 8 years ago we had to do it. Half of the mail in our users inbox was spam and we were losing a steady number of customers. The filter changes disrupted a lot of senders and caused a lot of pain. But these days only 0.5% of mail in the inbox is spam. Things happen so fast, though, that the stress can frustrate the team.
Gmail: Good senders do email badly sometimes and their mail gets bulked. Senders have to get the basic email hygiene practices right. Love your users and they’ll love you back.
What’s your philosophy and approach towards mail?
AOL: There is a balance that needs to be struck between good and bad mail. The postmaster team reminds the blocking team that not all mail is bad or malicious. They are the sender advocates inside AOL. But the blocking team deals with so much bad mail, they sometimes forget that some mail is good.
Yahoo: User experience. The user always comes first. We strive to protect them from malicious mail and provide them with the emails they want to see. Everything else is secondary.
Gmail: The faster we stop spam the less spam that gets sent overall. We have highly adaptive filters that can react extremely quickly to spam. This frustrates the spammers and they will give up.
Outlook: The core customer is the mailbox user and they are a priority. We think we have most of the hardcore spam under control, and now we’re focused on personalizing the inbox for each user. Everyone online should hold partners accountable and they should expect to be held accountable in turn. This isn’t just a sender / ESP thing, ISPs block each other if there are spam problems.
What are some of your most outrageous requests?
We’ve been threatened with lawsuits because senders just don’t want to do the work to fix things. Some senders try to extort us. Other senders go to the advertising execs and get the execs to yell at the filtering team.
Coming to MAAWG and getting cornered to talk about a particular sender problem. Some senders have even offered money just to get mail to the spam folder.
Senders who escalate through the wrong channels. We spent all this money and time creating channels where you can contact us, and then senders don’t use them.
Confusing business interests with product interests. These are separate things and we can’t change the product to match your business interest.
What are your recommendations for changing behaviors?
Outlook: We provide lots of tools to let you see what your recipients are doing. USE THE TOOLS. Pay attention to your recipient interaction with mail. Re-opt-in recipients periodically. Think about that mail that is never opened. Monitor how people interact with your mail. When you have a problem, use our webpages and our forms. Standard delivery problems have a play book. We’re going to follow that playbook and if you try to get personal attention it’s going to slow things down. If there’s a process problem, we are reachable and can handle them personally. But use the postmaster page for most things.
Gmail: Get your hygiene right. If you get your hygiene right, deliverability just works. If you’re seeing blocking, that’s because users are marking your mail as spam. Pay attention to what the major receivers publish on their postmaster pages. Don’t just follow the letter of the law, follow the spirit as well. Our responsibility, as an ISP, is to detect spam and not spam. Good mailers make that harder on us because they do thinks that look like spammers. This doesn’t get spammer mail in more, it gets legitimate mail in less. Use a real opt-in system, don’t just rely on an implied opt-in because someone made a purchase or something.
Yahoo: ESPs are pretty good about screening their customers, so pay attention to what your ESPs are saying. Send mail people want. Verify that the email addresses given to you actually belong to people who want your mail. Have better sender practices.
What do you think about seed accounts?
The panel wasn’t very happy about the use of seed accounts. Seeds are not that useful any longer, as the ISPs move to more and more personalized delivery. Too much time and too many cycles are used debugging seed accounts. The dynamic delivery works all ways.
When things go wrong what should we do?
AOL: Open a ticket. We know we’ve been lax recently, but have worked out of our backlog and are caught up to date. Using the ticketing system also justifies us getting more headcount and makes everyone’s experience better. Also, don’t continue what you’re doing. Pausing sending while you’re troubleshooting the issue. We won’t adjust a rep for you, but we may be able to help you.
Gmail: Do not jump the gun and open a ticket on the first mail to the spam folder. Our filters are so dynamic, they update every few minutes in some cases. Be sure there is a problem. If you are sure you’re following the spirit and letter of the sender guidelines you can submit a ticket. We don’t respond to tickets, but we work every single one. When you’re opening a ticket provide complete information and full headers, and use the headers from your own email address not headers from a seed account. Give us a clear and concise description of the problem. Also, use the gmail product forum, it is monitored by employees and it’s our preferred way of getting information to the anti-abuse team. Common issues lots of senders are having will get addressed faster.
Outlook: Dig in and do your own troubleshooting, don’t rely on us to tell you what to fix. The support teams don’t have a lot of resources so use our public information. If you make our job harder, then it takes longer to get things done. But tell us what changes you’ve made. If you’ve fixed something, and tell us, our process is different than if you’re just asking for a delisting or asking for information. When you’ve fixed things we will respond faster.
How fast should users expect filters to respond after making changes?
Filters update continually so they should start seeing delivery changes almost immediately. What we find is people tell us they’ve made changes, but they haven’t made enough or made the right ones. If the filters don’t update, then you’ve not fixed the problem.

AOL Updates Spam Filtering

Over on the AOL Postmaster blog, Lili Crowley announced yesterday that AOL has made changes to their spam filtering system. Specifically, more senders may be subject to blocking with CON:B1 errors. AOL’s website explains that CON:B1 errors indicate that an IP address is being blocked “due to a spike in unfavorable e-mail statistics.” This strongly suggests that a sender blocked with a CON:B1 error message has a negative sending reputation. This is yet another data point as to how ISPs have been tightening up spam filtering and reputation requirements over the past few years. What you might have been able to deliver five years ago, you might not be able to get delivered today.

It's Thursday: AOL must be having problems

And, in fact, they are.
This time I’m seeing random reports of FBL failures. Some folks are seeing a significant (more than 50%) decrease in FBL emails. Other folks are reporting FBL reports that aren’t really FBL reports, but instead look like failed code output.
If you’re seeing this kind of problems it’s not just you.
As always, people at AOL are working to fix things and cooperating with people in the sending community who are having this problem. In other news, I found out last week that the one Really Smart Mail Guys I thought was still there is still at AOL but is no longer in their mail division. That means that the guys who built the AOL version of Skynet have left it to its own devices. Be afraid. Be Very Afraid.

Retrying mail to AOL

I’m working on stuff for MAAWG so I’m really not all that up on what’s happening in the world of email recently. A lot of folks are commenting on my AOL post, and I’m hearing that queues are backing up and emptying as AOL makes changes.
One thing people have been asking me is if they should retry mail to the addresses that are bouncing. I say yes, absolutely. Some of the error messages are related to real filters, but there seems to be quite a bit of slop in the filters these days. I think, though, that the recipients do exist and removing the addresses from future mailings is premature.

Mail problems at AOL

We cannot help endusers troubleshoot AOL connection problems. Please do not call. Please do not write. You need to talk to AOL. We are not AOL. We cannot help you.

AOL bounces and false positives

A number of people have been seeing an increase in AOL bounces over the last few days. Some of these are the new rejection 554/421 CON:B1 message. This is, basically, you’ve topped our thresholds, back off.
The other one is a bit more interesting. The error message a lot of people are seeing is 554/421 RLY:SN. Senders should only be getting this error message when they are sending email from a banned address.

AOL update

A reader has been talking with AOL about the mtain* responses that people were receiving. AOL has said both responses mentioning mtain-*.r1000.mx.aol.com are actually DNY:T1 bounces that are being presented incorrectly. Both responses should be treated the same as 421 DYN:T1.

AOL … again

A number of senders are reporting that they’re getting unusual responses from AOL servers. The responses include:

AOL improving

I’m hearing from lots of folks that they’re seeing some improvement in delivery to AOL accounts.
As everyone can imagine, the AOL situation has been a common thread of discussion on many delivery lists. One person even commented at how fragile the AOL mail server seems. My own thoughts are a little different. The AOL mail system is notoriously complex and integrated. Many of the folks who built it have been laid off or otherwise moved on to other companies. I know there are still smart, competent people riding herd on the AOL mail servers, but I expect they don’t have the resources to do the ongoing maintenance and the fire fighting and all the other tasks that a mailserver handling billions of emails needs.
What this means is that the AOL mail system has been suffering from bit rot for at least 2 years. It is to the original designers’ credit that it’s taken this long before there were major problems like we’ve seen over the last week.

AOL: Still broken

I’m still hearing reports that AOL is still having problems accepting mail. I’ve also heard they’re still working on it. There is no information on when a fix may be finished.

AOL delivery problems

There have been ongoing reports this week from ESPs and ISPs that AOL is having problems accepting email. People are reporting difficulties connecting to AOL MTAs and random dropping of connections. Other people are reporting random rejection messages that make no sense. A number of folks are seeing rejections claiming that the reason is a new IP when that IP has successfully sent mail from that IP in the recent past.
AOL seems to be working on things, and some people are seeing improvements. If you’re seeing AOL problems recently, it’s not you. It’s them.
EDIT: AOL has asked senders to please reduce mail volume while they are resolving issues.

AOL Postmaster page hacked

Per Boing Boing: the AOL postmaster page was hacked over the weekend.
As of now the site is restored. But I’m hearing that all the scripts are still down. This means no one can open tickets, sign up for FBLs, apply for whitelisting or check the status of reports. I expect this will be fixed soon, but for now it looks like AOL issues are going to be impossible to resolve.

Goodmail shutting down

Yesterday Goodmail sent out mail to all their customers announcing they are ceasing operations and taking all their token generators offline as of 5pm pacific on February 8th.
While this is a bit of a surprise on one level, I’m not that shocked. Ken Magill mentioned in August that Goodmail was on the sales block and rumors have been circulating for weeks about significant changes coming to Goodmail.
Goodmail has struggled to find a market since they first started. At one point they were even giving services away to customers at partner ESPs. Despite the free service, people at some of those ESPs told me they were having difficulty getting customers to adopt Goodmail.
Likewise, on the ISP side, Goodmail didn’t seem to have much penetration into the market. They had AOL, Yahoo and some cable companies, but not much else. And as of early last year, Yahoo removed the Goodmail machines.
I think the real underlying problem was that most companies who are doing things well don’t need certification services. Sure, there are a couple exceptions but in general anyone who is sending good mail is getting to the inbox. Even for companies where delivery was not quite as good as they might want, the marginal improvement at those ISPs that do use Goodmail was not sufficient to justify the cost of Goodmail services.
While I have the utmost respect for the Goodmail management team I think this result was almost inevitable. I never got the impression they valued the end recipient quite as much as the ISPs do. That was just one thing that lead me to believe they just didn’t seem to understand the email ecosystem quite the way that a certification service should.
I echo Dennis’ thoughts and well wishes towards the Goodmail folks. The experiment in sender financed delivery was well worth doing and I think they did it as well as anyone could have.

AOL goes kablooey

Sometime last night, AOL managed to delete their MX records, causing mail to hard bounce for at least 3 hours, possibly more. Annalivia noticed, contacted the NOC, appropriate people were paged and the records are now functional again.
This morning AOL seems to be having more mail problems, possibly related to everyone retrying mail that was hard bounced last night after the MX record was deleted. Or the company is just finally showing the consequences of laying off so many people last year.
I think the most worrying bit about this is that the AOL NOC didn’t notice there was no mail coming in for 3 hours. I don’t get mail for an hour and I start checking to see if the mailserver has fallen over. I can’t believe no one noticed no incoming mail for 3 hours.
I suggest that anyone who had AOL bounces last night package those up and resend today. But don’t send them all at once, trickle them out over the course of the day. Remember, everyone else is trying to send their mail, too. And AOL is not having a happy day.
UPDATE: The Return Path Received blog points out some of the reasons some of you might still be seeing AOL mail fail. The fix is to flush your DNS cache or reboot your DNS server.

Suing spammers

I’m off to MAAWG next week and seem to have had barely enough time to breathe lately, much less blog. I have a half written post, but it’s taking a little more research to put together. That can wait until I get the chance to do the research.
Instead I thought I’d talk about the North Coast Journal article “The Rise and Fall of a Spam Crusader.” It’s quite an interesting article and looks into the personal and business sacrifices that people make in order to chase down spammers.
In my experience a lot of the serial litigators have very poor practices around data collection and analysis. They don’t collect evidence, they just collect email and then make assertions and assumptions. This not every effective when having to convince a judge that you are right.
The article actually does nothing to change this impression. The cases ASIS won are the cases where the defendants didn’t respond. That also means that ASIS couldn’t collect.
I do disagree with Mr. Singleton, the lawyer, where he says CAN SPAM is dead. In many cases I’ve seen there aren’t clear CAN SPAM violations. So if he’s trying to sue these spammers under CAN SPAM his cause of action is wrong. Secondly, the article goes on to talk about the broader implications.

Reputation monitoring sites

There are a number of sites online that provide public information about reputation of an IP address or domain name.

News and announcements: March 1, 2010

Some news stories and links today.
Spamhaus has announced their new domain block list (DBL). The DBL is a list of domains that have been found in spam.

AOL transmitting 4xx error for user unknown

AOL is currently returning “451 4.3.0 <invaliduser@aol.com>: Temporary lookup failure” in some cases when they really mean “550 user unknown.” This message from AOL should be treated as 5xx failure and the message should not be retried (if at all possible) and the failure should be counted as a hard bounce for list management purposes.
This is something broken at AOL’s end, and the guys with the magic fingers that keep the system running are working to fix it. Right now there doesn’t seem to be an ETA on a fix, though.
Even if you are a sender who is able to stop the retries, you may see some congestion and delays when sending to AOL for the time being. Senders who don’t get the message, or who are unable to stop their MTAs from retrying 4xx mail will continue to attempt delivery of these messages until their servers time out. This may cause congestion for everyone and a noticeable slowdown on the AOL MTAs.
AOL blog post on the issue
HT: Annalivia

Links for 1/15/10

A lot has happened this week.
Spammers and scammers are attempting to steal money from people attempting to donate money to those in earthquake devastated Haiti. A number of places, including CNN and CAUCE, are warning people who want to donate online to do so through trustworthy links. Don’t click on links in unsolicited emails nor on random websites.
AOL laid off most of their postmaster team. This is going to have a significant impact on sender support provided by AOL. The background chatter I’m hearing indicates that there is likely to be response delays of days to weeks for support tickets.
Pivotal Veracity was acquired by Unica, a marketing software company. Industry buzz says that PV will be run as a subsidiary and maintain their independent customer base.
Spamhaus launched a new website, which includes a link for a domain based URI blocklist. There’s not much information available about this new blocklist, but it’s likely to function similar to SURBL and URIBL.
The lethic botnet was penetrated and disabled. Dark Market, one of the large credit card number trading sites, was taken down and the proprietor arrested.

AOL layoffs and postmaster changes

As most of you probably know, AOL went through a serious round of layoffs yesterday. Unlike previous layoffs this one did hit the postmaster team pretty hard. Anna posted this morning that she was the only non-programming member of the postmaster team left in the US. This means there are a number of experienced folks looking for work with experience managing delivery for a large outfit. More info is on her blog.
While I don’t have any firm data, I expect that this is going to significantly affect the support that senders see from AOL. I know many of us have held up AOL as the poster child for how ISPs should interact with senders. That era is drawing to a close.
These layoffs come as AOL has migrated to a new mail system and a lot of senders are seeing new and different error messages. I do believe the folks handling the mail system and the migration are still there and are feverishly working to resolve problems caused by the migration. Right now things are in flux and senders should probably expect delays in getting support from AOL for delivery problems.
UPDATE: Matt Vernhout has a list of suggestions for how to deal with AOL delivery issues.

AOL announces new postmaster pages

The new AOL postmaster pages are live at http://postmaster.info.aol.com/

Is it really permission?

There’s a great post over on the AOL Postmaster blog talking about sending wanted mail versus sending mail to people who have <a href=”https://web.archive.org/web/20100210070640/http://postmaster-blog.aol.com:80/2009/12/03/p/>grudgingly given permission to receive it.

AOL EWL: low complaints no longer enough

This morning AOL announced some changes to their Enhanced White List. Given I’ve not talked very much about the AOL EWL in the past, this is as good a time as any to talk about it.
The AOL Enhanced Whitelist is for those senders that have very good practices. Senders on the EWL not only get their mail delivered to the inbox, but also have links and images enabled by default. Placement on the EWL is done solely on the basis of mail performance and only the best senders get on the list.
The new announcement this morning says that AOL will take more into account than just complaints. Previously, senders with the lowest complaint rates qualified for the EWL. Now, senders must also have a good reputation in addition to the low complaint rates. Good reputation is a measure of user engagement with a particular sender.
This change only reinforces what I and many other delivery experts have been saying: The secret to good delivery is to send mail recipients want. ISPs are making delivery decisions based on those measurements. Send mail that recipients want, and there are few delivery problems.
For a long time good delivery was tied closely to complaint rates, so senders focused on complaints. Spammers focused on complaints too, thus managing to actually get some of their spam delivered. ISPs noticed and started looking at other ways to distinguish wanted mail from spam. One of the better ways to separate spam from wanted mail is to look at user engagement. And the ISPs are measuring engagement and using that measurement as part of their decision making process. Send so much mail users don’t read it, and your reputation goes down followed by your delivery rates.

Apparent changes at mail.com

I was poking around at some DNS this weekend and happened to do a MX lookup for mail.com and noticed something changed. Previously mail.com mail was handled by Outblaze (now owned by IBM). It seems, though, that mail.com is now outsourcing their mail delivery to AOL.

AOL changes bounce behaviour

A couple other bloggers have commented on the recent AOL blog post talking about changes to the MAILER-DAEMON string on bounce messages.

AOL backlog

The AOL postmaster queue is backlogged from the recent upgrades. They are working through things as fast as possible, but have warned that they expect delays until they get caught back up.

Following the script

Yesterday I talked about breaking through the script in order to escalate an issue. I briefly mentioned that I always start out following the script and using the channels ISPs have provided. There are a number of reasons to do this all of which benefit you, the sender.
First off, when you use the designated communication pathway at an ISP there is a record of your contact. There are procedures in place to make sure your communication is addressed and you get a response. When you’re escalating to an individual, you’re using their communication channel. IMs get lost, email ends up buried in the pile, other things come up and a week later you’re still waiting for your answer.
Secondly, when you use the designated communication pathway at an ISP your contact is logged and tracked. This means that if the person you’re used to dealing with gets another job, moves on or otherwise isn’t able to communicate with you any longer you have a history with that ISP. The next person to move into the position and deal with issues can see that you’re a legitimate sender with a history of dealing fairly and professionally with ISPs.
Thirdly, handling direct and personal escalations are often outside the official job description the people directly contacted. This means that when they come up for review, the work they’re doing for people who won’t use channels is not as important as the other work they do. Sure, they may get some credit for helping people with problems, but they may not get the review they should get. This hurts not just the senders who believe they shouldn’t have to follow channels but also those of us who do follow channels, particularly in the current business climate. Do you really want to lose that awesome person you use because some dork thought they were too good, too important to use the provided form and that awesome person lost their job because they didn’t meet their official work goals?
Fourth, you’re not the only one escalating. I had the opportunity to visit my friend Anna from AOL a few years ago. One morning both of us had to actually get some work done, so we were parked in her living room on laptops. I was astonished at the number of IM windows she was juggling constantly. We’re talking 20 – 30 separate windows open at once, many of them troubleshooting sender issues. After seeing that I do as much as possible through the official channels that AOL has provided. She is my friend, and a very good one, and I still avoid using her as a contact point unless there is some emergency.
Remember this next time you are searching for that email address of the person from that ISP that’s currently blocking your mail. Use the official communication channels where possible, and always use them first. Using back channels for issues where the intended workflow works causes a lot of overhead and doesn’t scale at all well.

AOL Postmaster Support down Jan 16th through Jan 20th

AOL just posted that the backend of their postmaster support ticketing system will be down over the from January 16th through January 20th. This means that while new tickets can be opened, work will not proceed on them until the system is back up on Jan 20th. I expect this also means that any tickets in the system might be delayed as well.

AOL Report Card Changes

Changes to the AOL report card were announced today on the AOL Postmaster blog.

Feedback loops: net benefit or net harm?

There has been a very long, ongoing discussion on one of my mailing lists about whether or not feedback loops are a net good or a net harm. I believe, overall, they are a net good, but there are people who believe they are not. The biggest objection is that the lawyer mandated redaction of the To: address combined with the fact that some users use the “this is spam” button to delete unwanted email, makes it difficult for some FBL recipients to sort out the real issues from the cruft.
Redaction can be a problem for some senders, particularly for the small mailing list hosted as a hobby or contribution to the community. In order to effectively deal with FBL emails, a sender needs to have tools on the email sending side and on the FBL receiving side. This is often more overhead than the volunteer list maintainer wants to handle. Unfortunately, these senders are a minority and therefore their issues are often not addressed by the ISPs.
Some of the objections and complaints about “broken” or “useless” FBLs come from people who do not really have any history for the FBLs, where they are, what they were designed for and who their target audience is. A bit of history may help explain why things are how they are.
The First FBL
The “this is spam” button evolved from the “notify AOL” button. This button was a way email recipients could notify AOL staff about any number of problems, including threats, viruses and other unwanted emails. As time went on, this was changed to “this is spam” to encourage users to report more spam so the AOL would have the data to make delivery decisions. Eventually, AOL made the decision to share that data with some senders and ISPs. The lawyers made the decision to redact the “To:” address, but not make any other changes to the message because they believe they should not be sharing subscriber email addresses with third parties. As some people correctly point out, the lawyers are not interested in hearing from non lawyers about changing this. It is possible that another lawyer may be able to put together a position paper and convince them this stance is overly cautious. I am pretty sure, though, that no one without a legal degree will be given any audience from them.
Given the success of the AOL FBL and the demand from both ESPs and ISPs for FBLs, other ISPs started offering FBLs as well. Many of them also redacted the To: address, either just following AOL’s lead or under advice of their own counsel.
That means, as senders, we are in a situation where we really cannot make the ISPs change what they’re doing. We can either adapt our own mailing practices to cope with them or we can forego the data provided by the FBL. One of the challenges in choosing to shun the whitelist at AOL that in order to qualify for whitelisting, you have to accept a FBL. For ISPs, who want to whitelist their outgoing MTAs, but have customers sending mail, maybe running small mailing lists, or who are forwarding mail to their ISP account, this can be a problem. However, any ISP needs some sort of abuse desk automation, and this automation should be able to handle FBLs. This can also be a problem for small ESPs or companies doing in-house email marketing. They buy something off the shelf to handle mail (or install mailman) that does not do VERP or otherwise enter the specific address in the email. When faced with a redacted email they cannot do anything with the complaint.
What does the FBL email tell the FBL recipient?
This really depends on what role the FBL recipient plays in the mail transport system. Bandwidth and network service providers use the FBL as an aggregate tool. They really only deal with FBL complaints if there is a change in complaint volume about an IP, they don’t treat each complaint as a valuable source of information. Typically what happens is that an ISP abuse desk notices a spike in complaints. After investigation, they may discover that a customer machine is compromised. They then notify the customer, the customer patches or disconnects the machine and the problem is fixed.
ESPs tend treat the FBL as an unsubscribe mechanism as well as a way to monitor customers. A few FBL complaints are not necessarily a sign that the sender is spamming, but once a threshold is reached the ESP delivery / abuse team addresses the issue. Spammers can get FBLs and often use them as a way to clean lists of complainants. Some really dirty spammers even suppress those complainants from all their lists.
Is a FBL useful?
This is really something that someone else cannot tell you. Some companies find FBLs to be extremely useful, even after they have had to make investments in software (either off the shelf or custom) to send mail that will survive the FBL redaction process and to handle the actual FBL email. Some companies find the FBLs to be more trouble than they are worth. The question, however, is really one only the sender can answer.
Overall, I think FBLs are more helpful than they are harmful. They do require investment on both sides of the transaction, but does encourage senders and receivers to cooperate with one another.

AOL and DKIM

Yesterday, on an ESPC call, Mike Adkins of AOL announced upcoming changes to the AOL reputation system. As part of these changes, AOL will be checking DKIM on the inbound. Best estimates are that this will be deployed in the first half of 2009, possibly in Q1. This is something AOL has been hinting at for most of 2008.
As part of this, AOL has deployed an address where any sender can check the validity of a DKIM signature against the AOL DKIM implementation. To check a signature, send an email to any address at dkimtest.aol.com.
I have done a couple of tests, from a domain not signing with either DK or DKIM, from a domain signing with DK and from a domain signing with both DK and DKIM. In all cases, the mail is rejected by AOL. The specific rejection messages are different, however.
Unsighng domain: host dkimtest-d01.mx.aol.com[205.188.103.106] said: 554-ERROR: No DKIM header found 554 TRANSACTION FAILED (in reply to
end of DATA command)
DK signing domain: “205.188.103.106 failed after I sent the message.
Remote host said: 554-ERROR: No DKIM header found
554 TRANSACTION FAILED”
DK/DKIM signing domain: “We tried to delivery your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554-PASS: DKIM authentication verified
554 TRANSACTION FAILED (state 18).”
As you can see, in all cases mail is rejected from that address. However, when there is a valid DKIM signature, the failure message is “554-PASS.”
As I have been recommending for months now, all senders should be planning to sign with DKIM early in 2009. AOL’s announcement that they will be using DKIM signatures as part of their reputation scoring system is just one more reason to do so.

New AOL postmaster blog

AOL has their new postmaster blog up and running at http://postmaster-blog.aol.com/. Today they announced new tools over there including a FBL checking tool and a block checking tool.

AOL Postmaster blog down

AOL has discontinued their blogging platform. This means the AOL postmaster blog is no longer active. I suspect the AOL postmaster team is exploring their options and trying to find a way to continue blogging.
If I hear anything one way or another, I will post it here.
Update: 11/3
AOL assures me they are migrating to a new platform and the blog will be back up.
I also managed to grab a copy of the IP Reputation post that AOL put up and I linked to last week.

AOL talks about reputation

Over at the AOL postmaster blog, Christine posts about reputation and AOL.

Reputation: part 2

Yesterday, I posted about reputation as a combination of measurable statistics, like bounce rates and complaint rates and spamtrap hits. But some mailers who meet those reputation numbers are still seeing some delivery problems. When they ask places, like AOL, why their mail is being put into the bulk folder or blocked they are told that the issue is their reputation. This leads to confusion on the part of those senders because, to them, their reputation is fine. Their numbers are exactly where they were a few weeks ago when their delivery was fine.
What appears to have changed is how reputation is being calculated. AOL has actually been hinting for a while that they are looking at reputation, and even published a best practices document back in April. Based on what people are saying some of that change has started to become sender visible.
We know that AOL and other ISPs look at engagement, and that they can actually measure engagement a lot more accurately than sender can. Senders rely on clicks and image loading to determine if a user opened an email. ISPs, particularly those who manage the email interface, can measure the user actively opening the email.
We also know that ISPs measure clicks. Not just “this is spam” or “this is not spam” clicks in the interface, but they know when a link in an email has been clicked as well.
I expect that both these measures are now a more formal and important part of the AOL reputation magic.
In addition to the clicks, I would speculate that AOL is now also looking at the number of dead addresses on a list. It is even possible they are doing something tricky like looking at the number of people who have a particular from address in their address book.
All ISPs know what percentage of a list is delivered to inactive accounts. After a long enough period of time of inactivity, mail to those accounts will be rejected. However for some period of time the accounts will be accepting mail. Sending a lot of mail to a lot of dead accounts is a sign of a mailer who is not paying attention to recipient engagement.
All ISPs with bulk folders have to know how many people have the from address in their address book. Otherwise, the mail would get delivered incorrectly. In this way, ISPs can monitor the “generic” recipient’s view of the email. Think of it as a similar to hitting the “this is not spam” button preemptively.
This change in reputation at the ISPs is going to force senders to change how they think of reputation, too. No longer is reputation all about complaints, it is about sending engaging and relevant email. The ISPs are now measuring engagement. They are measuring relevancy. They are measuring better than many senders are.
Senders cannot continue to accrete addresses on lists and continue sending email into the empty hole of an abandoned account while not taking a hit on their reputation. That empty hole is starting to hurt reputation much more than it helps reputation.

Reputation

Reputation is the buzzword in delivery these days. Everyone talks about building a good reputation and how to do it. Makes sense, the ISPs are always hammering on reputation and how critical reputation is. The more I talk with delivery folks on the ESP side of thing, the move I realize that there is a fundamental disconnect between what the ESPs mean when they say reputation and what the ISPs mean when they say reputation.
Many people handling delivery think that the bulk of reputation is wrapped up in complaint rates and bounce rates. I think they know the ISPs measure more than just complaints and bounces (spamtraps!) but really believe that most of developing a good reputation is all about keeping those complaints low.
This perspective may have been true in the past, but is becoming less true as time goes on. There are a lot of very smart people managing incoming mail at the ISPs and they are constantly looking for ways to better meet the desires of their customers. Lest we forget, their customers are not the senders, their customers are the end users. Their customers are not senders.
Part of meeting the needs of end users means actually giving them a way to provide feedback. AOL started the trend with the this-is-spam button, and other ISPs (ones that controlled the user interface at least) followed suit. For a very long time, reputation was dominated by complaint percentages, with modifiers for number of spamtrap addresses and number of non-existent users.
The problem is, these numbers were easy to game. Spammers could modify their metrics such that their email would end up in the inbox. In response, the ISPs started measuring things other than complaints, bounces and spamtraps. These other measurements are strong modifiers to complaints, such that mailers with what used to be acceptable complaint rates are seeing their mail end up bulked or even rejected.
Recently, AOL seems to have made some subtle modifications to their reputation scores. The result is mailers who have previously acceptable complaint rates are seeing delivery problems. When asked, AOL is only saying that it is a reputation issue. Lots of senders are trying to figure out what it is that is more important than complaints.
Tomorrow, I will talk about what I think AOL could be measuring.

The judge in e360 v. Spamhaus has denied Spamhaus’ motion for dismissal. However, the judge also ordered that the 16 new witnesses be stricken and capped damages at the original $11.7M. Mickey has the order.
Tuesday the FTC announced it had shut down a major spamming operation. I am not sure the results are visible yet, yesterday there were 2041 spams in one of my mailboxes yesterday versus 2635 a week ago.
The FBI announced today it had infiltrated and shut down a international carding ring. While not directly spam related the phishers and carders work together and some of them use spam.
Rumor has it that many mailers are seeing problems delivering to AOL the last few days. It seems that AOL is making adjustments to their filtering system. As when any ISP changes filter rules and weights, some of the people just skirting by see delivery problems. What people are hearing is that if they are seeing delivery problems at AOL they need to improve their reputation.
Last week Yahoo had another online workshop with the mail folks. They have published a transcript of the talk. I was at the talk and there were only a couple spam related questions.

donhburger: Why does Yahoo sell our email addresses to spammers?
YMailRyan: We absolutely don’t sell your addresses to spammers. No IFs, ANDs, or BUTs about it.
imintrouble: My mom keeps emailing em but I never get it and usually it ends up in my spam box. Why? How do I make this stop? She’s getting pissed that I’m not replying.
YMailTeam: Oh no! Be sure your Mom is on your contact list– this should help keep mom out of spam box and put her back into your inbox.
buergej: Just why do I keep receiving the same kind of spam from a series of what appear to be women day after day after day?
YMailCarl: Spam is, unfortunately a constant problem for anyone using email. The reason you are receiving these emails is because spammers have somehow gotten a hold of your email address and are mailing you their lovely messages. There are several things you can do to assist with this. First, continue to report these messages as “Spam” by clicking the button at the top of the email labled “Spam”. Note that you don’t need to actually look at the message to do this. When you report items as spam it lets Yahoo! know that messages originating from that person are likely spam. This not only helps you, but helps other Yahoo! users as well.
YMailCarl: Second, if the emails are from similar names, you can set up filters in your email account to block those names and send them to your trash or spam folder.
YMailCarl: Obviously these messages you are receiving are not from women trying to sell you products personally – the messages are typically generated by a script which will try to forge or “spoof” the originating address.
YMailCarl: We agree that Spam is a serious issue and have many resources dedicated to fighting this problem.
YMailCarl: You can find some additional information about fighting spam here: http://help.yahoo.com/l/us/yahoo/mail/original/abuse/index.html
donhburger: Why when I mark Emails as Spam do I continue to get emils from the same persons?
YMailMaryn: When you mark a message as “spam” from within your Inbox that moves the message to your Spam Folder. And all subsequent messages that are sent from that particular sender will not be delivered to your Inbox, but will be delivered to your Spam Folder.
Read More

Declan weighs in on the VA law

Declan McCullagh writes today about the VA anti-spam law being overturned by the state supreme court.

Court strikes down VA anti-spam law

The Virginia Supreme Court overturned the 2003 state law prohibiting sending unsolicited bulk email using false routing information, including phony domain names or IP addresses.

Updates on upcoming AOL FBL changes

Annalivia posted more information over on the AOL Postmaster blog about the upcoming conversion of the AOL FBL to ARF only. Specifically, she provides instructions for how to read the FBL emails in different email clients.

AOL announces web support tool

Yesterday, David announced a new suite of tools to help senders troubleshoot blocking problems more efficiently.

AOL converting all FBLs to ARF

AOL announced today that they are phasing out non-ARF feedback loops. As of September 2, 2008, no new non-ARF feedback loops will be created and all existing non-ARF feedback loops will be converted to ARF.
What is ARF?
ARF stands for Abuse Reporting Format. It is a standardized format intended to make processing of automated abuse reports (or feedback loop reports) easier. Word to the Wise has published tools to help recipients process ARF formatted reports and help developers create tools to handle ARF formatted reports. Abacus also supports ARF format out of the box.

AOL publishes sender recommendations

In a blog post on April 28, AOL pointed to their new Sender Best Practices document. These are not things a sender must do in order to get mail delivered to AOL, but rather things that will help improve your reputation at AOL.
The recommendations are what I have been recommending for a while and there is nothing overly surprising in the recommendations.

Blog roundup

Denise Cox has a list of 10 things your signup page should have over on her blog.
The AOL postmaster blog has its first post up talking about bounces.
BeRelevant has a great blog with lots of suggestions email best practices.
Mark Brownlow had a great post this weekon moving the unsubscribe button to the top of your newsletter to make it easy for customers to unsubscribe. The comments are a must read as well, including one commenter that saw the number of ‘this is spam’ hits go down when he moved the unsubscribe link to the top of the email.

AOL Postmaster blog

AOL announced today they are launching a postmaster blog http://journals.aol.com/pmtjournal/blog/
I’ll be updating the blogroll, too. I’ve been checking out some new delivery / marketing blogs the last few weeks.

How do you use bounce data?

AOL is looking for input from ISPs and ESPs to better understand how you handle data sent to you by AOL.

AOL checking DKIM

Sources tell me that AOL announced on yesterday’s ESPC call that they are now, and have been for about a week, checking DKIM inbound. This fits with a conversation I had with one of the AOL delivery team a month or so back where they were asking me about what senders would be most concerned about when / if AOL started using DKIM.
The other announcement is that AOL, like Yahoo, would like to know how you categorize your outgoing mail stream as part of the whitelisting process.
Both of these changes indicate to me that AOL will be improving the granularity of their filtering scheme. DKIM signing will let them separate out different domains and different reputations across a single sending IP address. The categorization will allow AOL to evaluate sender statistics within the context of the specific type of email. Transactional mail can have different statistics from newsletters from marketing mail. Better granularity means that poor senders will be less able to hide behind good senders. I expect to hear some wailing and gnashing of teeth about this change, but as time goes on senders will clean up their stats and their policies and, as a consequence will see their delivery improve everywhere, not just AOL.

AOL and AIM mail

Earlier this week a question came up on a mailing list. The questioner recently started seeing an increase in rejections to @aol.com addresses. These rejections said

ISP Postmaster sites

A number of ISPs have email information and postmaster sites available. I found myself compiling a list of them for a client today and thought that I would put up a list here.

How to improve AOL delivery

DMNews interviewed Charles before he left AOL about the state of spam and the challenges for ISPs and how that affects senders. The article was published this week. In it he talks about

Changes at AOL Postmaster desk

The recent layoffs at AOL did affect the AOL Postmaster desk, and information I have received is that there was significant loss. As a result of the staff decrease, some changes have been made to the whitelisting and FBL processes. In order for a FBL to be approved it must meet the new FBL guidelines. In a nutshell, anyone wanting to get a FBL from AOL must meet ONE of the following criteria.

More on Truthout

Ken Magill comments on the reaction of truthout.org to being blocked by AOL and Hotmail.
I do agree with Al, if both AOL and Hotmail are blocking your email, then you’re doing something wrong.