May 2015: The Month in Email

Greetings from Dublin, where we’re gearing up for M3AAWG adventures.
In the blog this month, we did a post on purchased lists that got a lot of attention. If you’ve been reading the blog for any length of time, you know how I feel about purchased lists — they perform poorly and cause delivery problems, and we always advise clients to steer clear. With your help, we’ve now compiled a list of the ESPs that have a clearly stated policy that they will not tolerate purchased lists. This should be valuable ammunition both for ESPs and for email program managers when they asked to use purchased lists. Let us know if we’re missing any ESPs by commenting directly on that post. We also shared an example of what we saw when we worked with a client using a list that had been collected by a third party.
In other best practices around addresses, we discussed all the problems that arise when people use what they think are fake addresses to fill out web forms, and gave a nod to a marketer trying an alternate contact method to let customers know their email is bouncing.
We also shared some of the things we advise our clients to do when they are setting up a mailing or optimizing an existing program. You might consider trying them before your own next send. In the “what not to do” category, we highlighted four things that spammers do that set them apart from legitimate senders.
In industry news, we talked about mergers, acquisitions and the resulting business changes: Verizon is buying AOL, Aurea is buying Lyris, Microsoft will converge Office365/EOP and Outlook.com/Hotmail, and Sprint will no longer support clear.net and clearwire.net addresses.
Josh posted about Yahoo’s updated deliverability FAQ, which is interesting reading if you’re keeping up on deliverability and ESP best practices. He also wrote about a new development in the land of DMARC: BestGuessPass. Josh also wrote a really useful post about the differences between the Mail From and the Display From addresses, which is a handy reference if you ever need to explain it to someone.
And finally, I contributed a few “meta” posts this month that you might enjoy:

 

PTR Records
2016 Mary Litynski Award

Related Posts

May 2014: The month in email

It’s been a busy and exciting month for us here.
Laura finished a multi-year project with M3AAWG, the Messaging, Malware and Mobile Anti-Abuse Working Group (look for the results to be published later this year) and continued working with clients on interesting delivery challenges and program opportunities. Steve focused on development on the next version release of Abacus, our flagship abuse desk tool, which will also be available later this year.
And as always, we had things to say about email.
The World of Spam and Email Best Practices
We started the month with a bit of a meta-discussion on senders’ fears of being labeled spammers, and reiterated what we always say: sending mail that some people don’t want doesn’t make you evil, but it is an opportunity to revisit your email programs and see if there are opportunities to better align your goals with the needs of people on your email lists. We outlined how we’ve seen people come around to this position after hitting spamtraps. That said, sometimes it is just evil. And it’s still much the same evil it’s been for over a decade.
We also wrote a post about reputation, which is something we get asked about quite frequently. We have more resources on the topic over at the WiseWords section of our site.
Gmail, Gmail, Gmail
Our friends over at Litmus estimate Gmail market share at 12%, which seems pretty consistent with the percentage of blog posts we devote to the topic, yes? We had a discussion of Campaign Monitor’s great Gmail interview, and offered some thoughts on why we continue to encourage clients to focus on engagement and relevance in developing their email programs. We also wrote a post about how Gmail uses filters, which is important for senders to understand as they create campaigns.
SMTP and TLS
Steve wrote extensively this month about the technical aspects of delivery and message security. This “cheat sheet” on SMTP rejections is extremely useful for troubleshooting – bookmark it for the next time you’re scratching your head trying to figure out what went wrong.
He also wrote a detailed explanation of how TLS encryption works with SMTP to protect email in transit, and followed that with additional information on message security throughout the life of the message. This is a great set of posts to explore if you’re thinking about security and want to understand potential vulnerabilities.
DKIM
Steve also wrote a series of posts about working with DKIM (DomainKeys Identified Mail), the specification for signing messages to identify and claim responsibility for messages. He started with a detailed explanation of DKIM Replay Attacks, which happens when valid email is forwarded or otherwise compromised by spammers, phishers or attackers. Though the DKIM signature persists (by design) through a forward, the DKIM specification restricts an attacker’s ability to modify the message itself. Steve’s post describes how senders can optimize their systems to further restrict these attacks. Another way that attackers attempt to get around DKIM restrictions is by injecting additional headers into the message, which can hijack a legitimately signed message. If you’re concerned about these sort of attacks (and we believe you should be), it’s worth learning more about DKIM Key Rotation to help manage this. (Also of note: we have some free DKIM management tools available in the WiseTools section of our site.)
As always, we’re eager to hear from you if there are topics you’d like us to cover in June.

Read More

Back from M3AAWG

Last week was the another M3AAWG meeting in San Francisco. The conference was packed full of really interesting sessions and things to learn. Jayne’s keynote on Tuesday was great, and brought up a lot of memories of just what it was like to be fighting spam and online abuse in the mid to late 90s. It’s somewhat amazing to me that many of the people I first met, or even just heard about are still actively working to fight abuse and make the Internet safer.
Wednesday was another great keynote from Facebook, discussing security. Facebook is committed to sharing threat information and has started the ThreatExchange website as a hub for sharing data among large companies.
One thing that was amusing was during one talk someone mentioned YubiKey for managing logins. They said many people were sharing long strings of random keys that sometimes happen because someone has accidentally triggered the one time passcode. YubiKey is awesome, if sometimes ccccccdkhjnbitklrrtnhjrdfgdlhektfnfeutgtdcib inscrutable.
As has become a bit of a M3AAWG tradition lately, Wednesday was also kilt day. There may be pictures. For those of you planning to go to Dublin, Wednesday will be kilt day as well.
The conference was great, but ended on a bit of a down note. We received word that Wednesday night a long time friend, Ellen R., passed away due to complications from a stroke. The conference held a moment of silence for her at the end. Ellen was a friend as well as a colleague. She was around on IRC when we started this crazy experiment called Word to the Wise and was always helpful and insightful. She volunteered with, and then worked for, Spamcop and then volunteered with Spamhaus. Ellen will be very missed.
I started off the conference remembering all the friends I made back in the late 90s and ended it remembering and missing those who are no longer around. Email has been one amazing journey, and doesn’t look like it’s going away anytime soon.

Read More

M3AAWG Boston

The tri-annual procession of Facebook friends and colleagues to a disclosed location to talk about messaging, abuse and prevention started over the weekend.  For me, this M³AAWG conference marks the beginning of a new chapter. We’re hiring, and even before the conference officially started I’ve had some productive conversations with people about what we’re looking for and how we see the company growing. M³AAWG is always a little like a reunion. I’ve been working with some of the people present for more than a dozen years, and some I’ve known for even longer. The conference is work, they mean the “working group” part of their name, but it’s also a time to create and maintain the community that keeps our online messaging from being overwhelmed. If you’re here, drop by and say hi (and don’t forget to visit my session on Thursday afternoon)! Otherwise, watch this space as I share what insights I can about the information presented.

Read More