Looking forward

laura
Industry
December 3, 2015

The nice folks over at Sparkpost asked me and other email experts for some thoughts on what we think the most important issues in email will be in 2016.
I do think security is going to be a major, major change in delivery. From what I’ve seen there’s been a shift in the mindset of a lot of people. Previously a lot of folks in the email space were very accommodating to old systems and unauthenticated mail and were not quite ready to cut off senders that didn’t meet modern standards.

There were a lot of people who didn’t want to take any action that would break email. There are still a lot of people who think that breaking email is a bad thing and changes should be backwards compatible.
Then people started realizing not every change had to be backwards compatible.

There are a few reasons I think this attitude shift happened.

Email is a malicious channel.

I’ve mentioned this before, but email is an incredibly malicious channel and much of the email traffic out there is actively trying to hurt or steal from people. People have been fighting this malicious traffic for almost 2 decades. Some of the same folks who were doing this when I first started are still doing this. What they’ve done so far has mitigated many of the damages, but the problem isn’t under control. Now we’re looking at more than just a few tens of dollars paid to a spammer, but tens of thousands of dollars wired from businesses.
Internet crime is not “virtual” any longer. It’s real and it’s toxic.

The rise of Social Media.

Even a decade ago email lists were the way to chat with friends. Yes, there were some web based forums, but a lot of how we interacted with each other online was through email. Now, we have social media to communicate with folks. And it gives us a lot more flexibility. One of the things that seemed to happen on mailing lists, particularly large ones, is off topic posts and side conversations. People split off private lists as friendships (and even cliques) developed. This is so much easier with social media!
Social media has created an environment where email is not the only way to communicate and is often not the best way to communicate.

Yahoo broke email, and we all survived.

Then, 18 months ago, Yahoo flipped the p=reject switch for the yahoo.com domain. That did break email. A lot of people ended up scrambling very, very hard and fast to cope with how much this broke email. Even now, the problems created by Yahoo (and then AOL and soon Gmail) requiring all mail using their domains to come from their servers are not yet completely mitigated. But work arounds and fixes are being implemented.
I think this convinced a lot of people that “breaking email” wasn’t necessarily a bad thing. Three or so years ago, I made the statement I didn’t see the webmail providers implementing p=reject, because I really didn’t. It would force users to change how they use email. But, they did and we could force a higher level of security, and even if it did break email the problems would be addressed and people would adapt.

IPv6 will change everything.

Even though most mail isn’t currently using IPv6 people are planning for it. They also realized they didn’t have to account for old, legacy systems that weren’t updated. Delivery standards could be set, like having rDNS or requiring authentication, and senders would have to cope. And people coped.
All in all, email security is going to be A Big Deal in 2016 and beyond.

Brian Krebs answers questions

Brian Krebs did an AMA on Reddit today answering a bunch of questions people had for him. I suggest taking a browse through his answers.
A few quotes stood out for me.
Q: Why do you think organizations seem to prefer “learning these lessons the hard way”? It doesn’t seem to be an information gap, as most IT executives say security is important and most individual contributors share risks upward with specific steps that can be taken to remediate risks. Given the huge costs for some breaches, why do you think more organizations don’t take the easy, preventative approach?

Social networks and bulk email

There’s been a bit of a commotion on Twitter and over at J Caldwell’s blog about Al’s reaction to someone harvesting his address off LinkedIn and then adding that email address to his company’s marketing / newsletter database. Al objected to getting the mail, the person who did this shot back that it wasn’t spam, there was lots of arguing both over twitter and on the blog post.
This also recently happened when a well known email marketer took all 500+ of his Linked In contacts (including me) and added them to his corporate Christmas card list. His behaviour also created a bit of a stir, although it was a little less public.
That mailing was interesting, because a number of people who received the card thought this was the Best Use of Email, EVER! Some of them went so far as to opine “How could ANYONE not like this mail? What are they, Scrooge?” Well, actually, I found the mail irrelevant and a bit annoying. I have to admit I would have been a lot less annoyed if I knew this was a one time thing. However, in order to comply with CAN SPAM he included an opt-out. Which lead to some head scratching: have I been added to their full list? Am I going to get their newsletter from now on? Do I have to opt-out? What was he thinking?
Watching both of the above situations go down I have come up with a list of things you must consider when sending bulk mail to people who have connected with you on social networks.

Social invading everything

I discovered, inadvertently, that there is a business networking site modeled after dating site. If you’re selling something you go on the site and register as a seller. If you’re buying something you go on the site and register as a buyer. Buyers can post RFIs and sellers can respond.
Decent enough business model, they’ve even fleshed it out so the site itself acts as an invoicing and billing mechanism.
That’s how I discovered it, one of our very large international telco customers decided they wanted to use this site for billing. Many large telcos expect vendors to use their proprietary site, so I wasn’t that surprised when they asked. And, given they’re international being able to bill them electronically just means I don’t have to remember to use the international stamps.
At the behest of our customer, I signed up at the website. It’s like most social networking sites, create a profile, categorize yourself, make everything public. The thing is, I don’t want to use this site to find new customers. I am just using it because one of my current customers is expecting it. Don’t get me wrong, Abacus is a great product and our customers are extremely happy with it, but it’s pretty niche. It’s not something that’s going to be searched for on a generic website.
I thought that when I set my profile to private that would be some sort of signal to keep me out of the main directory of the site. This morning I realized that wasn’t true when I got a bunch of emails telling me about all these companies looking for “business software” (the closest category I could find).
Getting a bunch of irrelevant mail was annoying enough. Even worse, there was no unsub link in the email. Eventually, I discovered an entire page of email options that were not made clear to me up front. I also sent mail to support and suggested that they talk to their lawyers to clarify whether their opt-out option was consistent with CAN SPAM. I’m pretty sure it doesn’t, but I am not a lawyer.
To the company’s credit, they did have good support and my questions through support were answered in a timely fashion. One of their support reps even called me on the phone to clarify what it was that I wanted to happen and walk me through their email options. She was very upfront about yes, they opted everyone in to all the mail at the very beginning of the process. “We’re like match.com for businesses!”
I’m sure there are some businesses that will find this service to be great. But it’s not what I want or need. Despite the fact that their support was so helpful, I don’t have a great feeling about this company. It seems a bit dishonest that I thought I was signing up for a billing portal, but was actually joining “match.com for businesses. Why couldn’t they make that clear in the 7 emails in 2 days “inviting” me to sign up?
I know I’m a little more sensitive to bad mailing processes than most people, but this was quite an unpleasant experience from the multiple identical emails and reminders before I signed up to the irrelevant stuff I got afterwards.