Whitelisting

Terminology

There is a lot more to say here, and I’m working on a longer post to really talk about the underlying racism in tech and how we as an industry have failed.

A decade or so ago I was offering whitelisting services to clients. It was pretty simple. I’d collect a bunch of information and do an audit on the customer’s sending. They’d get a report back identifying any issues that would limit their chances at acceptance. Then I’d go and fill in the forms on behalf of the client. Simple enough work, and it made clients feel better knowing their mail was whitelisted at the various ISPs.
When email filters were less complex and more binary, whitelists were a great way for receivers to identify which senders were willing to stand up and be held accountable for their mail. Over time, whitelists became much less useful. Filtering technology progressed. Manual whitelisting wasn’t necessary for ISPs to sort out good mail from bad.
The era of whitelisting is over.
In fact, three of the major whitelist providing ISPs were AOL, Yahoo, and Verizon; all three are now a part of OATH. The Verizon whitelist page now redirects to postmaster.aol.com. New requests to signup for the AOL whitelist are rejected with the message that AOL whitelisting is no longer available or necessary. Yahoo has a “new IP review” form rather than a whitelisting form.
Whitelisting is dead.
Even the various certification and whitelisting services have mostly gone away. Both Habeas and Goodmail failed to achieve a profitable exit event. Of course, Return Path is still around, but they have built a platform of tools and services unrelated to whitelisting or certification.
Now senders are going to have to focus on sending mail that people ask for and want in order to make it to the inbox.

A brief DMARC primer

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. What DMARC does is allow domain owners to publish policy statements in DNS telling receiver domains what to do with messages that do not authenticate. In addition, DMARC introduces the concept of “domain alignment.” What this means is that the authentication has to be from the same domain (or a sub-domain) as the address in the header-from: line. The idea behind DMARC is that organizational owners can use SPF and DKIM authentication to authenticate their actual domain in the header-from line. This moves authentication from a important but behind the scenes technology out to an end user visible technology.

Looking for some experiences…

… with emailreg.org. A client of mine asked today if it was worth registering domains with emailreg.org as a whitelisting process. I’ve asked a few delivery folks for their feedback, but I was wondering what the broader email community thought. Does registering there help delivery to domains behind barracuda processes? Drop me a line on our contact page or add your experiences in the comments.
I normally reject comments with fake or forged email addresses. Because this may be sensitive and some commenters may want to be anonymous, I’ll let anonymous comments through if they’re clearly not forging someone else’s address.

How difficult is it to get on whitelists?

Today’s question comes from Leslie J.

Just how difficult is it for a small business that runs a highly compliant mailing system to find
their way onto whitelists at the big freemail/spam filter providers?
It seems utterly impossible meaning man hours are completely wasted messing around with subjects and content when if the same business sends the very same message through any number of well know ESPs, the message will hit the inbox like the Mafia are in charge of the shooting match.
Read More

Marketing reports

Two marketing reports were reviewed today in other blogs.
Stefan Pollard writes at the Merkle report showing that recipients really will add a sender’s address to their address book, but that they are picky about which senders they do this for. His article also provides a number of suggestions for how to be a sender that is added to the address book.
Meanwhile, Matt Vernhout discusses the Retail Welcome Email Benchmark Study published by Smith Harmon. Unsurprisingly, the study found that welcome emails were very important to future deliverability.
Happy Friday!

Breaking through the script

In handling day to day issues I use the ISP designated channels. This means I frequently get dragged into long conversations with people, probably outsourced to the far east, who can do nothing beyond send me a boilerplate.
This can be a frustrating experience when the issue you’re trying to deal with is not handled by the script. Generally, by the time someone has come to me for help, they are “off script” and I do need to actually talk to a human to get resolution.
With Hotmail, I’ve found that persistent repeating of very simple phrases will eventually get the issue kicked up to someone who can respond with something beyond another boilerplate. This can take days, but it is possible.
I’ve recently run into a Yahoo issue where I am trying to punch through the script, but have so far been unable to.
One of the services Word to the Wise offers is whitelisting. I collect info from customers, verify that what they’re doing will get them whitelisted at the ISPs that offer it, and then submit the information to the ISPs. Yahoo has recently moved to an online submission form for their whitelisting process, which is great for me. No more creating a giant document and then cutting and pasting the document into an email and then mailing it off.
The problem is, there seems to be a minor problem with the Yahoo Whitelisting submission form. When submitting an online application to Yahoo, they respond with a message that says “this application is not complete.”
I’ve been attempting to break through the script in order to find out what about the application is not complete. The webform has data checking, and you cannot submit a form while leaving any of the questions blank. Asking “what is wrong” when the application is kicked back has resulted in me having multiple copies of the whitelisting submission form.
It’s gotten so frustrating that I’ve escalated to personal contacts, but they can’t explain what’s not complete about the application as submitted online, either.
Has anyone had any success breaking through the Yahoo script? Has anyone managed to get IP addresses whitelisted through Yahoo using the online form?

Getting whitelisted by endusers

One of the best ways to ensure mail is delivered to a recipients inbox is to encourage the recipient to add the senders from: address to their address book. In cases where an ISP might otherwise bulk folder the email, they will instead put the email into the inbox.
Senders are changing their practices to get recipients to add from addresses to address books. There are a number of companies reminding users to add addresses on the webpage at the time of signup. Most emails have recommendations in each email. Recently, there have been multiple reports of companies who send specific email campaigns to encourage recipients to whitelist the sender.
Cool Email Idea: Customized Whitelisting Instructions from ReturnPath.
How & Why You Need to be Added to Your Recipient’s Address Book from VerticalResponse.
In addition to the direct benefit to the recipient that whitelists the individual sender, there are some hints that ISPs are looking at individual whitelisting as part of their internal sender reputation scoring.