Email verification services

Just yesterday a group of delivery folks were discussing email verification services over IRC. We were talking about the pros and cons, when we’d suggest using them, when we wouldn’t, which ones we’ve worked with and what our experiences have been. I’ve been contemplating writing up some of my thoughts about verification services but it’s a post I wanted to spend some time on to really address the good parts and the bad parts of verification services.
Today, Spamhaus beat me to the punch and posted a long article on how they view email verification services. (I know that some Spamhaus folks are part of that IRC channel, but I don’t think anyone was around for the discussion we had yesterday.)
It’s well worth a read for anyone who wants some insight into how email verification is viewed by Spamhaus. Their viewpoints are pretty consistent with what I’ve heard from various ISP representatives as well.
In terms of my own thoughts on verification services, I think it’s important to remember that the bulk of the verification services only verify that an address is deliverable. The services do not verify that the address belongs to the person who input it into a form. The services do not verify that an address matches a purchased profile. The services do not verify that the recipient wants email from the senders.
Some of the services claim they remove spamtraps, but their knowledge of spamtraps is limited. Yes, stick around this industry long enough and you’ll identify different spamtraps, and even spamtrap domains. I could probably rattle off a few dozen traps if pressed, but that’s not going to be enough to protect any sender from significant problems.
Some services can be used for real time verification, and that is a place where I think verification can be useful. But I also know there are a number of creative ways to do verification that also check things like permission and data validity.
From an ESP perspective, verification services remove bounces. This means that ESPs have less data to apply to compliance decisions. Bounce rate, particularly for new lists, tells the ESP a lot about the health of the mailing list. Without that, they are mostly relying on complaint data to determine if a customer is following the AUP.
Spamhaus talks about what practices verification services should adopt in order to be above board. They mention actions like clearly identifying their IPs and domains, not switching IPs to avoid blocks and not using dozens or hundreds of IPs. I fully support these recommendations.
Email verification services do provide some benefit to some senders. I can’t help feeling, though, that their main benefit is simply lowering bounce rates and not actually improving the quality of their customers’ signup processes.

Related Posts

Spamtraps are not the problem

Often clients come to me looking for help “removing spamtraps from their list.” They approach me because they’ve found my blog posts, or because they’ve been recommended by their ISP or ESP or because they found my name on Spamhaus’ website. Generally, their first question is: can you tell us the spamtrap addresses on our lists so we can remove them?
My answer is always the same. I cannot provide a list of spamtrap addresses or tell you what addresses to remove. Instead what I do is help clients work through their email address lists to identify addresses that do not and will not respond to offers. I also will help them identify how those bad addresses were added to the list in the first place.
Spamtraps on a list are not the problem, they’re simply a symptom of the underlying data hygiene problems. Spamtraps are a sign that somehow addresses are getting onto a list without the permission of the address owner. Removing the spamtrap addresses without addressing the underlying flaws in data handling may mean resolving immediate delivery issues, but won’t prevent future problems.
Improving data hygiene, particularly for senders who are having blocking problems due to spam traps, fixes a lot of the delivery issues. Sure, cleaning out the traps removes the immediate blocking issue, but it does nothing to address any other addresses on the list that were added without permission. In fact, many of my clients have discovered an overall improvement in delivery after addressing the underlying issues resulting in spamtraps on their lists.
Focusing on removing spamtraps, rather than looking at improving the overall integrity of data, misses the signal that spamtraps are sending.

Read More

Email verification – what are we verifying

One of the ongoing discussions in the email space is the one about address verification. Multiple companies have sprung up to do “real time” email address verification. They ensure that addresses collected at the point of sale are valid.
But what does valid mean? In most of these contexts, valid means that the addresses don’t bounce and aren’t spam traps. And that is one part of validating email addresses.
That isn’t the only part, though. In my opinion, an even more important thing to validate is that the email address belongs to the person giving it to you. The Consumerist has had an ongoing series of articles discussing people getting mis-directed email from various companies.
Today the culprit is AT&T, who are sending a lot of personal information to an email address of someone totally unconnected to that account. There are a lot of big problems with this, and it’s not just in the realm of email delivery.
The biggest problem, as I see it, is that AT&T is exposing personally identifiable information (PII) to third parties. What’s even worse, though, is that AT&T has no process in place for the recipient to correct the issue. Even when notified of the problem, support can’t do anything to fix the problem.

Read More

Spamhaus on ESPs

Promoted from yesterday’s comments, Spamhaus comments on my discussion of filtering companies getting tired of ESPs.
You hit the nail square on, Laura.
As Laura knows but many here might not, I am with the Spamhaus project. At one time I was leading efforts to clean up ESP spam. I am not deeply involved with ESP listings any longer. I can however testify that ESPs ask Spamhaus volunteers for a great deal of information about their SBL listings, considerably more than most ISPs or web hosting companies. Certain team members avoid ESP listings except in extreme cases because they don’t want to spend that much time on one SBL.
Whilst I was doing many ESP listings, I attempted to provide requested information, often at great length, with mixed results. In one notable case, an ESP that I provided with a report on hits from that ESP’s IPs on our spamtraps took that report and turned around their entire business. They had been an average ESP: not worse than most ESPs, but not better either. It’s been about three years now. This ESP is now in any list of the least spam-friendly two or three ESPs in the business. I’m honored to have been able to contribute to that change, am delighted at the results, and have learned a great deal from that ESP’s abuse team, which is superb.
That hasn’t happened often, though. I’ve provided similar reports to a number of other ESPs; I try not to play favorites. It is Spamhaus policy not to treat ISPs, ESPs, web hosts, and others whose IPs are listed for spamming differently except based upon our observations of which responds to spam issues effectively and which do not. I would also rather see a spam problem fixed than a spammer terminated just to move somewhere else and continue to spam.
The spam flow from many ESP customers that I reported to the ESP dropped, then slowly rose to previous and often higher levels. There are strings of SBL listings as a spam problem is mitigated, then inexplicably (according to the ESP) comes back. I do not find most of those recurrences inexplicable. I conclude, in many cases, that the ESP is unwilling to do the proactive work necessary to catch most spam before it leaves their IPs, even when they know what needs to be done.
To make matters clear, the ESP representatives that I communicate with are not usually to blame for this problem. Their managers and the policymakers at the ESP are to blame. The decisionmakers at the ESP are not willing to require paying customers to adhere to proper bulk email practices and standards and enforce permanent sanctions against most who fail to do so.
Granted, some customers resist not because they are deliberately spamming non-opt-in email addresses, but because they think that quantity (of email) is more important than quality. Such customers don’t want to see lists shrink even when those lists are comprised largely of non-responsive deadwood email addresses. Such customers send a great deal of spam and annoy a great many of our users, who really do not care whether the spam problem is due to carelessness or deliberate action.
In other cases, of course, ESP customers resist following best practices because they cannot. They are mailing email appended and purchased lists. If they don’t maintain some sort of plausible deniability about the sources of those lists, they know that we will list their IPs (at the ESP and elsewhere) and refuse to remove those listings til they do.
In either case, an ESP that is unwilling to impose sanctions on customers whose lists persist in hitting large numbers of spamtraps after repeated mitigation attempts needs to fire those customers. Otherwise it is failing to act as a legitimate bulk emailer. Such ESPs must expect to see their IPs blocked or filtered heavily because they deliver such large quantities of spam compared to solicited email.

Read More