How to be a spammer

JD had a comment on my Valentines day semi-fluff post, that really summed up the reality for senders. He said

Make sure your mail doesn’t look anything like spam — not just in the text and formatting, but in all of your mailing practices.

Good advice, your mail will not be blocked if it does not look like spam. What kinds of things do I mean? Here are things that spammers do, that often non-spammers do as well.
Ignore bounces. One of the absolute quickest ways to get blocked is to keep sending mail to non-existent addresses. Purge your lists, make sure you are removing those addresses that will never deliver.
Hide contact information. Do not use a domain privacy service, put your real business address in your whois records.
Fake contact information. Do not use blatantly fake information in your domain registration. Register your actual business address. Do not use 555-xxxx phone numbers.
Use free or very low cost vendors. Do not use free or advertising supported vendors for your webhosting, mail hosting, or DNS. Geocities hosted webpages, mydyndns.org hosted name servers, freemail addresses (aim, gmail, hotmail, yahoo addresses), these are ways spammers get around blocks.
Shift IP addresses. If you get an IP address blocked, for any reason, do not just start mailing from another IP. Figure out what the problem is and fix it. Skipping around blocks is what spammers do.
Mail from many different places. Do not send emails from a diverse set of IP addresses located all over the world. Spammers spread their sending out in order to dilute their spam metrics to avoid threshold based blocks. They have done this so often there is even a term for it: snowshoeing.
Use bad HELO values. Many botnets and spam infected windows machines use badly formatted or incorrect HELO values. Use a fully qualified domain name, in your domain, for a HELO value.
Use generic rDNS. Set a reverse DNS value for your IPs that does not contain the IP address or otherwise look programatically assigned.
Use incorrect HTML. Spammers hide text and use fake HTML tags in order to avoid content filters. Consequently, filters check HTML against the HTML specification.
Send different HTML and text in multipart/alternative email. In addition to using badly formatted and fake HTML, spammers put drastically different text in the text portion of HTML emails. Filters check for this and if too many differences between email parts makes mail look like spam.
Send no text part in HTML email. Spammers do this to avoid the above two filters. Do this and you look no different than they do.
Use multiple corporate identities. If you have separate divisions or brands that is one thing, but often spammers set up completely separate companies and conceal the relationship between those companies.
All of these things are spammer tactics meant to confuse, fool, deflect and avoid filtering mechanisms.
How many of them does your company do?

Related Posts

ESP unwittingly used to send spam

Late last week I heard from someone at AOL they were seeing strange traffic from a major ESP, that looked like the ESP was an open relay. This morning I received an email from AOL detailing what happened as relayed by the ESP.

Read More

CAN SPAM compliance.

Over on the ET blog, Al posted about how CAN SPAM compliance is not sufficient for you to not be spamming.
It’s a bit different perspective, but very complimentary to my post yesterday about what is and is not spam. He and I have both heard from ISP people about how many requests for whitelisting or unblocking are prefaced with, “We comply with CAN SPAM” and how meaningless that statement really is. Al has a longer discussion of why.

Read More

Changes at Comcast

I can usually tell when one of the ISPs makes some change to their incoming spam filtering just by my call volume. The past few weeks the ISP in most of my calls has been Comcast. And, what do you know, they have made changes to how they are filtering email.
According to their bounce message, Comcast is using ReturnPath’s proprietary SenderScore product to filter mail. Reports on thresholds vary, but IPs with SenderScores of 70 and below have been blocked with messages similar to:

Read More