Thoughts on filters

One of the questions we received during the EEC16 closing keynote panel was why isn’t there a single blocklist that everyone uses and why don’t ISPs share data more. It would be so much easier for senders if every ISP handled mail the same as every other. But the world isn’t that simple, and it’s not always clear which mail stream is spam and which is good mail.

12495088_10154028658527410_7653293570464523506_n

There were quite a few answers but they basically boiled down to a few facts.

  • Different blocklists have different data strengths and weaknesses.
  • No blocklist has all a full view of all the bad mail.
  • You may want to have different polices for delisting depending on what kind of mail the blocklist is targeting. For instance, Spamhaus has different polices for different lists: CBL has self serve delisting, SBL requires email, ROSKO requires no traceable spam for 6 months.

The short reason was we use different lists and techniques because it makes the spam filtering better.

When I got home from the conference, I saw In-depth analysis of the lessons we learned while protecting Gmail users post. Among other things, it answered the “why not one blocklist” question. Even more, I think it did a really good job of talking about what email looks like from the receiving end.

Any defense can be defeated – Use defense in depth with multiple layers of protection.
Since no combination of detection systems at a given layer is perfect, there is a need to add multiple layers of defense to make it even harder for attackers.

One thing I’ve been trying to get across to marketers is that email is an a very malicious channel. Many of the bad mails out there, the ones the filters are aiming for, are dangerous and malicious. Those attackers spend a lot of time trying to figure out how to get past the defenses.

Make it hard for attackers to understand your defenses – Use overwhelming force and deploy many countermeasures at once.

It is very important to make probing more difficult for attackers by rolling out multiple changes. That way they are overwhelmed by the number of things to test and can’t easily figure out what changed.

This is why it’s so hard to test “what Gmail changed.” They are going out of their way to release multiple things at once. It’s also why it’s not really useful to test. It’s more useful to look at your mailing practices and see where they might be borderline and driving your reputation down.

The whole article is well worth a read. It gives a good overview of what Gmail is doing and how they think about email, filtering and dangers. It also gives examples of the different challenges they deal with on a regular basis.

Overall, it’s important to realize that filters are an important part of the email ecosystem. They are a big part of why it’s a viable marketing channel. Think of it this way, an unweeded garden is not as productive as a weeded garden. Weeds take nutrients away from the plants and stunt their growth. They also make it harder to find the actual produce at harvest time. Filters are the herbicides and weeding that keep gardens healthy and productive. Without them, no one could effectively use or trust email.

Related Posts

Thoughts from #EEC16

EEC16 was my first Email Experience conference. I was very impressed. Dennis, Len, and Ryan put together a great program. I made it to two of the keynotes and both took me out of an email focused place to look at the bigger picture.
speakingIconForBlog
Patrick Scissons discussed his experiences creating marketing and advertising campaigns for good and to share messages. Some of the campaigns were ones I’d seen as a consumer, or on the news. One of the campaigns he talked about specifically was for the group Moms Demand Action, looking at sensible gun control in the US. The images and symbology used in those campaigns were striking and very effective.
Kelly McEvers talked about her experiences as a correspondent in the middle east during the Arab Spring. She is an engaging speaker, as one who does radio should be. Her overall message and theme was that sometimes events are such that you need to throw the list away and go with it. As someone who lives by “the list” and tries to make sure I’m prepared for every eventuality I found that a very useful message. Particularly when throwing away “the list” turned into some massively successful stories.
In terms of sessions, I found the email content session fascinating. I blogged about content in email last week and did some live tweeting, too. What really hit me after that session was that good marketing drives deliverability. Everything that Carey Kegel was talking about in terms of better marketing, sounded like things I recommend to clients to drive deliverability.
Back in 2012 I was writing posts about how delivery and marketing were somewhat at odds with each other. The premise was that marketing was about creating mindshare, and repeating a message so often a recipient couldn’t forget it. In email, repetition can cause recipient fatigue and drive delivery problems. But what I’m hearing now, from the leading minds of email marketers, is that email marketing works better if you send relevant and useful information to consumers. Recipients are key and you can’t just keep hammering them, you have to provide them with some value.
It seems marketing has finally come around to the delivery point of view.
 
 

Read More

January 2016: The Month in Email

Jan2016_blogHappy 2016! We started off the year with a few different “predictions” posts. As always, I don’t expect to be right about everything, but it’s a useful exercise for us to look forward and think about where things are headed.
I joined nine other email experts for a Sparkpost webinar on 2016 predictions, which was a lot of fun (see my wrap up post here), and then I wrote a long post about security and authentication, which I think will be THE major topic in email this year both in policy and in practice (see my post about an exploit involving Trend Micro and another about hijacked Verizon addresses). Expect to hear more about this 2016 continues.
My other exciting January project was the launch of my “Ask Laura” column, which I hope will prove a great resource for people with questions about email. Please let me know if you have any questions you’d like to see me answer for your company or your clients — I’ll obscure any identifying information and generalize the answers to be most widely applicable for our readers.
In other industry news, it’s worth noting that Germany has ruled it illegal to harvest users’ address books (as Facebook and other services do). Why does that make sense? Because we’re seeing more and more phishing and scams that rely on social engineering.
In best practices, I wrote about triggered and transactional emails, how they differ, and what to consider when implementing them as part of your email program. Steve describes an easy-to-implement best practice that marketers often ignore: craft your mails so the most important information is shown as text.
I re-published an older post about SMTP rules that has a configuration checklist you might find useful as you troubleshoot any issues. And a newer issue you might be seeing is port25 blocking, which is important if you are hosting your own email senders or using SMTP to send to your ESP.
Finally, I put together some thoughts about reporting abuse. We work closely with high-volume abuse desks who use our Abacus software, and we know that it’s often not worth the time for an individual to report an incident – but I still think it’s worthwhile to have the infrastructure in place, and I wrote about why that is.

Read More

Prepping for EEC


Tomorrow I head off to New Orleans to the EEC conference. It’s my first one and I’m really looking forward to meeting some of the people I only know online.
I’ll be speaking on two panels on Friday:
All You Ever Wanted to Know about Deliverability (But Were Afraid to Ask) at 10:50. This is your chance to ask those questions of myself and other experts in the field. I always enjoy Q&A panels and actually hearing from folks what their big deliverability questions are. (and remember, if you have a question, you can always send one to me for Ask Laura)
and the closing Keynote panel
ISP Postmasters & Blacklist Operators: Defending Consumer Inboxes at 1:10. I’m on a panel with various ISP postmasters, blacklist operators and we’ll be talking about what it’s like dealing with the deluge of mail. For instance, there is a huge outbreak of bot-spam at the moment, and a lot of the filters are struggling to keep up. In fact, I’m a last minute replacement for one filter company as they are in all-hands-on-deck firefighting mode to keep their customers safe.
Hope to see you there!
 

Read More