Role accounts, ESPs and commercial email

There was a discussion today on a marketing list about role accounts and marketing lists. Some ESPs block mail to role accounts, and the discussion was about why and if this is a good practice. In order to answer that question, we really need to understand role accounts a little more.

What are role accounts?

A definition I tend to use is role accounts are email addresses that map to a business function rather than an individual person. Often role accounts go to multiple people inside a company. These addresses can also point at ticketing systems, autoresponders, pagers or alarms.

Examples of role accounts

A few role accounts are defined by [rfc 2142], other role addresses are created by businesses to perform specific functions within the business.
There are different kinds of role accounts, too. There are send-only role accounts, like DoNotReply@ and mailer-daemon@. Some accounts are receive only, like subscribe@ or unsubscribe@. Others, like abuse@ or support@ both send and receive mail. Common role addresses are info@, orders@, noc@, webmaster@, postmaster@, hostmaster@.
In medium and large businesses, roles are not used to sign up for mail. Each employee has their own email address to use for signups and there is no need for role accounts to be on commercial lists. In small businesses, however, the role addresses may map directly to an individual who uses that address exclusively.

Why do ESPs prohibit them?

ESPs, and mailing list providers like yahoo groups, prohibit role accounts for a number of reasons. The biggest reason is that, in general, role accounts are not subscribed to mailing lists. Anyone who would sign up for a mailing list with a role address will also have a non-role address to share. There are a lot of role accounts on commercial lists, though, because role addresses are easy to scrape off websites and they show up a lot on purchased lists. Mail to role accounts is not just a sign that a list may not be opt-in, but can also generate blocks at business filters.
Very occasionally, role addresses will be signed up to commercial lists. These are the addresses at the small businesses I mentioned above. For marketers catering to the very small business community, this can cause challenges when mailing through an ESP that generally prohibits role accounts.
All is not lost, some ESPs will allow customers to mail role accounts, with an extra level of verification. A few make the customer sign a contract guaranteeing that these addresses are opt-in. Other ESPs require role accounts to go through a double opt-in process. It’s worth working with your ESP to see what their particular rules are surrounding role addresses on lists.

Avoiding problems with role accounts

The presence of role accounts on lists is a red flag that the list may not be opt-in and because of that lists with many role accounts may undergo extra scrutiny or be blocked altogether.  ESPs automatically count the type of role accounts, and the specific accounts, on every uploaded list. Too many role addresses or just the wrong kind of role addresses (subscribe@ investors@), may get a list flagged for manual review before the customer is allowed to mail to that list.
Senders who want to avoid problems with role accounts on their lists can flag role addresses at collection time and ask for a non-role address instead.

 Should ESPs block mail to role accounts?

Overall, it is a net benefit to the ESP to prevent customers from mailing to role accounts without some sort of verification process. Experience says that lists with a significant number of role accounts are not opt-in and therefore cause delivery problems. ESPs are trying to protect both themselves and their customers by monitoring role addresses.

Related Posts

Filtering secret sauce

It seems one of the most asked questions I hear from people is about filters and what the secret sauce is.

Read More

May 2014: The month in email

It’s been a busy and exciting month for us here.
Laura finished a multi-year project with M3AAWG, the Messaging, Malware and Mobile Anti-Abuse Working Group (look for the results to be published later this year) and continued working with clients on interesting delivery challenges and program opportunities. Steve focused on development on the next version release of Abacus, our flagship abuse desk tool, which will also be available later this year.
And as always, we had things to say about email.
The World of Spam and Email Best Practices
We started the month with a bit of a meta-discussion on senders’ fears of being labeled spammers, and reiterated what we always say: sending mail that some people don’t want doesn’t make you evil, but it is an opportunity to revisit your email programs and see if there are opportunities to better align your goals with the needs of people on your email lists. We outlined how we’ve seen people come around to this position after hitting spamtraps. That said, sometimes it is just evil. And it’s still much the same evil it’s been for over a decade.
We also wrote a post about reputation, which is something we get asked about quite frequently. We have more resources on the topic over at the WiseWords section of our site.
Gmail, Gmail, Gmail
Our friends over at Litmus estimate Gmail market share at 12%, which seems pretty consistent with the percentage of blog posts we devote to the topic, yes? We had a discussion of Campaign Monitor’s great Gmail interview, and offered some thoughts on why we continue to encourage clients to focus on engagement and relevance in developing their email programs. We also wrote a post about how Gmail uses filters, which is important for senders to understand as they create campaigns.
SMTP and TLS
Steve wrote extensively this month about the technical aspects of delivery and message security. This “cheat sheet” on SMTP rejections is extremely useful for troubleshooting – bookmark it for the next time you’re scratching your head trying to figure out what went wrong.
He also wrote a detailed explanation of how TLS encryption works with SMTP to protect email in transit, and followed that with additional information on message security throughout the life of the message. This is a great set of posts to explore if you’re thinking about security and want to understand potential vulnerabilities.
DKIM
Steve also wrote a series of posts about working with DKIM (DomainKeys Identified Mail), the specification for signing messages to identify and claim responsibility for messages. He started with a detailed explanation of DKIM Replay Attacks, which happens when valid email is forwarded or otherwise compromised by spammers, phishers or attackers. Though the DKIM signature persists (by design) through a forward, the DKIM specification restricts an attacker’s ability to modify the message itself. Steve’s post describes how senders can optimize their systems to further restrict these attacks. Another way that attackers attempt to get around DKIM restrictions is by injecting additional headers into the message, which can hijack a legitimately signed message. If you’re concerned about these sort of attacks (and we believe you should be), it’s worth learning more about DKIM Key Rotation to help manage this. (Also of note: we have some free DKIM management tools available in the WiseTools section of our site.)
As always, we’re eager to hear from you if there are topics you’d like us to cover in June.

Read More

IP reputation and email delivery

IP reputation is a measure of how much wanted mail a particular IP address sends.  This wanted mail is measured as a portion of the total email sent from that IP. Initially IP reputation was really the be all and end all of reputation, there was no real good way to authenticate a domain or a from address. Many ISPs built complex IP reputation models to evaluate mail based on the IP that sent the mail.
These IP reputation models were the best we had, but there were a lot of ways for spammers to game the system. Some spammers would create lots of accounts at ISPs and use them to open and interact with mail. Other spammers would trickle their mail out over hundreds or thousands of IPs in the hopes of diluting the badness enough to get to the inbox. Through it all they kept trying to get mail out through reputable ESPs, either by posing as legitimate customers or compromising servers.
These things worked for a while, but the ISPs started looking harder at the recipient pool in order to figure out if the interactions were real or not. They started looking at the total amount of identical mail coming from multiple IP addresses. The ISPs couldn’t rely on IP reputation so they started to dig down and get into content based filtering.
As the ISPs got better at identifying content and filtering on factors other than source IP, the importance of the IP address on inbox delivery changed. No longer was it good enough to have a high reputation IP sending mail.
These days your IP reputation dictates how fast you can send mail to a particular ISP. But a high reputation IP isn’t sufficient to get all the mail in the inbox. It’s really content that drives the inbox / bulk folder decisions these days.
 
Generally IPs that the ISP has not seen email traffic from before start out with a slight negative reputation. This is because most new IPs are actually infected machines. The negative reputation translates to rate limiting. The rate limiting minimizes people getting spam while the ISP works out if this is a real sender or a spammer.
Some ISPs put mail in the inbox and bulk foldering during the whitelisting process. In this case what they’re doing is seeing if your recipients care enough about your mail to look for it in the bulk folder. If they do, and they mark the mail as “not spam” then this feeds back to the sender reputation and the IP reputation.
If you’re seeing a lot of bulk foldering of mail, it’s unlikely there’s anything IP reputation based to do. Instead of worrying about IP reputation, focus instead on the content of the mail and see what you may need to do to improve the reputation of the domains and URLs (or landing pages) in the emails.

Read More