Blocklisting

When you can’t get a response

I’ve seen a bunch of folks in different places looking for advice on what to do when they can’t get a response from a postmaster team, or a filtering company. I was all set to write yet another post about how silence is an answer. Digging through the archives, though, I see I’ve written about this twice already in the last 18 months.

Thoughts on policy

A particular blocklist, once again, listed a major ESP this week. Their justification is “this is our policy.” Which is true, it is their policy to list under these circumstances. That doesn’t make it a good policy, or even an effective policy. It’s simply a policy.

UCEProtect and GDPR fallout

First thing this morning I got an email from a client that they were listed on the UCEProtect Level 3 blacklist. Mid-morning I got a message from a different client telling me the same thing. Both clients shared their bounce messages with me:

January 2017: The Month in Email

Between client work and our national political climate, it’s been a very busy month around here and blogging has been light. Things show no sign of slowing down in February, so we’d love to hear from you with questions and suggestions of what you’d most like to see us focus on in our limited blogging time this month. We got a great question about how senders can access their Google Postmaster tools, and I wrote up a guide that you might find useful.

We’re also revisiting some older posts on often-requested topics, such as spamtraps, so feel free to comment below if there are topics you’d like us to address or update. One topic that comes up frequently, both on the blog and in our consulting practice, is about what to do when you’re on a blocklist. I revisited an old-but-still-relevant post on that topic as well.
On the Best Practices front, I wrote about how brands can use multiple channels to connect with customers and prospective customers to promote and enhance email delivery. I also took a moment to look back over 2016 and forward to 2017 in the realm of email security.
I continue to be annoyed by B2B spam, and have started responding to those “requests” for my time directly. Steve also wrote a long post about B2B spam, focusing on how these spammers are using Google and Amazon to try to work around reputation issues.
In case you missed it, I contributed some thoughts to a discussion on 2017 email trends over at Freshmail with my exhortation to “Make 2017 the year you turn deliverability into a KPI.”
I’m also still in the process of completing my 2017 speaking schedule, so I’m looking for any can’t-miss conferences and events you’d recommend. Thanks for keeping in touch!

DNSBLs, wildcards and domain expiration

Last week the megarbl.net domain name expired. Normally this would have no affect on anyone, but their domain registrar put in a wildcard DNS entry. Because of how DNSBLs work, this had the effect of causing every IP to be listed on the blocklist. The domain is now active and the listings due to the DNS wildcard are removed.

Weird Lashback listings

I’m seeing some reports from various ESP folks that they’re experiencing an increase in Lashback listings the last day or so. They have contacted and are working with Lashback to identify what might be going on, if anything.
I’ll update once I know more and have permission to share.

Some email related news

A couple links to relevant things that are happening in email.
M³AAWG released the Help! I’m on a Blocklist! (PDF link) doc this week. This is the result of 4 years worth of work by a whole lot of people at M³AAWG. I was a part of the working group (“doc champion” in M³AAWG parlance) and want to thank everyone who was involved and contributed to the process. I am very excited this was approved and published so people can take advantage of the collective wisdom of M³AAWG participants.
In other announcements, Gmail announced today on their Google+ page that that they were putting a new “unsubscribe” link next to the sender name when mail is delivered to the Promotions, Social or Forums tab. This appears to be the official announcement of the functionality they announced at the SF M³AAWG last February. It likely means that all users are currently getting the “unsubscribe” link. What Gmail doesn’t mention in that blog post is that this functionality uses the “List-Unsubscribe” header, not the link in the email, but I don’t think anyone except bulk mailers really care about how it’s being done, just that it is.
Also today Gmail announced they were going to recognize usernames with non-Latin or accented characters in the name. Eventually, they claim, they’ll also allow people to get Gmail addresses with accented characters.

Questions about Spamhaus

I have gotten a lot of questions about Spamhaus since I’ve been talking about them on the blog and on various mailing lists. Those questions can be condensed and summed up into a single thought.

Dealing with blacklists

Al has a good post listing the top 5 things senders should remember when dealing with blacklists.
One of the critical things to remember about blocklists is that they are an early warning sign. Sure, some of them are one crank and his cat and will not hurt your overall delivery. A sender may be listed for totally spurious reasons . On the other hand, many of the widely used public lists and the private lists at the big ISPs, list IPs that they see as doing something wrong.
The challenge for anyone listed on any IP based blocklist is to look inside and determine what it is that they’re doing that caused the listing. The first step is to look at the technical issues, does your mail look like something coming out of infected bots? Is there a configuration problem? If the answer is no, then senders have to look at their practices. Are they sending mail to people who don’t expect it? Are they sending mail to people who didn’t ask for it? Most listings that will affect large numbers of recipients fall into the above 2 categories: technical or practices.
Technical problems can be fixed easily, once they’re identified. Permission or practice problems can also be fixed, but may require a sender reassess how they are using email and what value email brings to the business.

Links for 7/8/9

With all the traveling I did last month, I’m still not back to full blogging speed. I have been slowly reading through the backlog of unread posts from my RSS feeds and there was lots of good stuff published.
Three myths about DKIM by John Levine. A very good explanation taking down some of the myths of DKIM. Also on the DKIM front, RFC 5585 DKIM Service Overview was published last month. According to Cisco, DKIM adoption is climbing. More information about DKIM is available at dkim.org and our own dkimcore.org.
The always awesome guys at Mailchimp have embraced twitter as part of their platform. Not only have they set up their own service for link shortening so that links can be tweeted, but have also incorporated twitter stats into their mail dashboard.
Al has an insightful post on delivery, spam filtering vendors and the differences (or lack thereof) between B2C and B2B marketing. As I tell my customers, there is no switch inside the filtering scheme for “I know this person, they’re OK, let the mail in.”
Terry Zink has started a series about blacklists triggered by the recent SORBS announcement. His first post, My take on blacklists, part 2, discusses how some people go about building a blocklist from scratch.
Happy 7-8-9 everyone.

Winning friends and removing blocks

I do a lot of negotiating with blocklists and ISPs on behalf of my clients and recently was dealing with two incidents. What made this so interesting to me was how differently the clients approached the negotiations.
In one case, a client had a spammer slip onto their system. As a result the client was added to the SBL. The client disconnected the customer, got their IP delisted from the SBL and all was good until the spammer managed to sweet talk the new abuse rep into turning his account back on. Predictably, he started spamming again and the SBL relisted the IP.
My client contacted me and asked me to intercede with Spamhaus. I received a detailed analysis of what happened, how it happened and how they were addressing the issue to prevent it happening in the future. I relayed the info to Spamhaus, the block was lifted and things are all back to normal.
Contrast that with another client dealing with widespread blocking due to a reputation problem. Their approach was to ask the blocking entity which clients they needed to disconnect in order to fix the problem. When the blocking entity responded, the customer disconnected the clients and considered the issue closed. They didn’t look at the underlying issues that caused the reputation problems, nor did they look at how they could prevent this in the future. They didn’t evaluate the customers they disconnected to identify where their processes failed.
The first client took responsibility for their problems, looked at the issues and resolved things without relying on Spamhaus to tell them how to fix things. Even though they had a problem, and is statistically going to have the occasional problem in the future, this interaction was very positive for them. Their reputation with the Spamhaus volunteers is improved because of their actions.
The second client didn’t do any of that. And the people they were dealing with at the blocking entity know it. Their reputation with the people behind the blocking entity was not improved by their actions.
These two clients are quite representative of what I’ve seen over the years. Some senders see blocking as a sign that somehow, somewhere there is a flaw in their process and a sign they need to figure out how to fix it. Others see blocking as an inconvenience. Their only involvement is finding out the minimum they need to do to get unblocked, doing it and then returning to business as usual. Unsurprisingly, the first type of client has a much better delivery rate than the second.

Results based email marketing

Two articles showed up in my RSS feed in the last 24 articles that touched on different aspects of the same issue. Senders should improve their email marketing program even when they are working well.
Stephanie Miller over at ReturnPath addresses the lost revenue from current programs.

Followup to EEC spamming

Ken has a followup to his article last week about the EEC spamming.

Postini bug

Ben over at MailChimp has an article talking about a recent experience with Postini and an actual bug that causes Postini to interact badly with another spamfilter and block non-spam.

More on spamfiltering feedback

Al wrote a post commenting on my post from last Thursday on spamfilters talking to senders who are being filtered. I think his take on it is close to mine. I would point out that Google has a pretty opaque system and no feedback to senders, but a lot of people seem to think their filters are accurate and do a good job.
Overall, I think there is room for discussion and feedback between senders and recipients, but on both sides the goal needs to be improving the enduser experience.

Sender complaints about spamfiltering

JD posed a question in my post about Postini and trying to sort out a customer getting marked as spam by their filtering mechanism and I think it bears more discussion than can be done in comments.

Affiliates: what is a company's responsibility

Many of my clients come to me when they end up with delivery problems due to the actions of affiliates. These can either be listings in some of the URL blocklists (either public or private) or escalations of IP based listings. In many of the cases I have dealt with affiliates, the affiliates have sloppy mailing practices or are out and out spammers.
Recently the FTC settled with Cyberheat over their liability for the behaviour of their affiliates. In this settlement Cyberheat is required to monitor their affiliates as follows:

Blacklisted on FiveTen: no big deal

Al posted an analysis on DNSBL Resource about the effectiveness of the FiveTen blacklist.
He says: