Reputation and "the cloud"

As Reddit recently learned it’s not a great idea to use the Amazon EC2 cloud to host mailservers. There are a number of reasons for this, most of them related to the reputation of mail coming from EC2 servers.
When you’re using machines in the cloud, changing IP addresses is as simple as initializing a new server. Spammers discovered this almost as soon as the EC2 cloud became public. They would set up a mailserver and send spam through that server until it was blocked. Then they’d just start another instance to avoid the block and keep spamming. They had an almost unlimited number of IP addresses to abuse and moving around was easy to do. Amazon did little to stop the spam coming from the cloud so many ISPs and spam filtering companies blocked email from the entire range of IP addresses allocated to the EC2 cloud.
Blocking large swathes of network space that are consistent sources of abuse is well accepted as a method of dealing with spam. Yes, this form of blocking has inconvenienced legitimate companies who aren’t actually doing anything wrong. But when a service provider doesn’t take sufficient action to stop customers from spamming through their networks, then ISPs will implement countermeasures.

Related Posts

The coming changes

Yesterday I talked about how I’m hearing warnings of a coming paradigm shift in the email industry. While these changes will affect all sender, ESPs in particular are going to need to change how they interact with both ISPs and their customers.
Currently, ESPs are able to act as “routine conveyers.” The traffic going across their network is generated by their customers and the ESP only handles technical issues. Responsible ESPs do enforce standards on their customers and expect mailings to meet certain targets. They monitor complaints and unknown users, they monitor blocks and reputation. If customers get out of line, then the ESP steps in and forces their customer to improve their practices. If the customer refuses, then the ESP disconnects them.
Currently standards for email are mostly dictated by the ISPs. Many ESPs take the stance that if any mail that is not blocked by the ISPs then it is acceptable. But just because a certain customer isn’t blocked doesn’t mean they’re sending mail that is wanted by the recipients.
It seems this reactive approach to customer policing may no longer be enough. In fact, one of the large spam filter providers has recently offered their customers the ability to block mail from all ESPs with a single click. This may become a more common response if the ESPs don’t start proactively policing their networks.
Why is this happening? ISPs and filtering companies are seeing increasing percentages of spam coming out of ESP netspace. Current processes for policing customers are extremely reactive and there are many ESPs that are allowing their customers to send measurable percentages of spam. This situation is untenable for the filtering companies or the ISPs and they’re sending out warnings that the ESPs need to stop letting so much spam leave their networks.
Unsurprisingly, there are many members of the ESP community that don’t like this and think the ISPs are overreacting and being overly mean. They do not think the ISPs or filtering companies should be blocking all an ESPs customers just because some of the customers are sending unwanted mail. Paraphrased, some of the things I’ve heard include:

Read More

Reddit and email

Ben over at Mailchimp writes about Reddit discovering a lot of their mail was being blocked because they were sending from the Amazon EC2 cloud.

Read More

AOL EWL: low complaints no longer enough

This morning AOL announced some changes to their Enhanced White List. Given I’ve not talked very much about the AOL EWL in the past, this is as good a time as any to talk about it.
The AOL Enhanced Whitelist is for those senders that have very good practices. Senders on the EWL not only get their mail delivered to the inbox, but also have links and images enabled by default. Placement on the EWL is done solely on the basis of mail performance and only the best senders get on the list.
The new announcement this morning says that AOL will take more into account than just complaints. Previously, senders with the lowest complaint rates qualified for the EWL. Now, senders must also have a good reputation in addition to the low complaint rates. Good reputation is a measure of user engagement with a particular sender.
This change only reinforces what I and many other delivery experts have been saying: The secret to good delivery is to send mail recipients want. ISPs are making delivery decisions based on those measurements. Send mail that recipients want, and there are few delivery problems.
For a long time good delivery was tied closely to complaint rates, so senders focused on complaints. Spammers focused on complaints too, thus managing to actually get some of their spam delivered. ISPs noticed and started looking at other ways to distinguish wanted mail from spam. One of the better ways to separate spam from wanted mail is to look at user engagement. And the ISPs are measuring engagement and using that measurement as part of their decision making process. Send so much mail users don’t read it, and your reputation goes down followed by your delivery rates.

Read More