Thoughts on filters

One of the questions we received during the EEC16 closing keynote panel was why isn’t there a single blocklist that everyone uses and why don’t ISPs share data more. It would be so much easier for senders if every ISP handled mail the same as every other. But the world isn’t that simple, and it’s not always clear which mail stream is spam and which is good mail.

12495088_10154028658527410_7653293570464523506_n

There were quite a few answers but they basically boiled down to a few facts.

  • Different blocklists have different data strengths and weaknesses.
  • No blocklist has all a full view of all the bad mail.
  • You may want to have different polices for delisting depending on what kind of mail the blocklist is targeting. For instance, Spamhaus has different polices for different lists: CBL has self serve delisting, SBL requires email, ROSKO requires no traceable spam for 6 months.

The short reason was we use different lists and techniques because it makes the spam filtering better.

When I got home from the conference, I saw In-depth analysis of the lessons we learned while protecting Gmail users post. Among other things, it answered the “why not one blocklist” question. Even more, I think it did a really good job of talking about what email looks like from the receiving end.

Any defense can be defeated – Use defense in depth with multiple layers of protection.
Since no combination of detection systems at a given layer is perfect, there is a need to add multiple layers of defense to make it even harder for attackers.

One thing I’ve been trying to get across to marketers is that email is an a very malicious channel. Many of the bad mails out there, the ones the filters are aiming for, are dangerous and malicious. Those attackers spend a lot of time trying to figure out how to get past the defenses.

Make it hard for attackers to understand your defenses – Use overwhelming force and deploy many countermeasures at once.

It is very important to make probing more difficult for attackers by rolling out multiple changes. That way they are overwhelmed by the number of things to test and can’t easily figure out what changed.

This is why it’s so hard to test “what Gmail changed.” They are going out of their way to release multiple things at once. It’s also why it’s not really useful to test. It’s more useful to look at your mailing practices and see where they might be borderline and driving your reputation down.

The whole article is well worth a read. It gives a good overview of what Gmail is doing and how they think about email, filtering and dangers. It also gives examples of the different challenges they deal with on a regular basis.

Overall, it’s important to realize that filters are an important part of the email ecosystem. They are a big part of why it’s a viable marketing channel. Think of it this way, an unweeded garden is not as productive as a weeded garden. Weeds take nutrients away from the plants and stunt their growth. They also make it harder to find the actual produce at harvest time. Filters are the herbicides and weeding that keep gardens healthy and productive. Without them, no one could effectively use or trust email.

Related Posts

Purchased lists and ESPs: 9 months later

It was about 8 months ago I published a list of ESPs that prohibit the use of purchased lists. There have been a number of interesting responses to that post.
thumbsup
ESPs wanted to be added to the list
The first iteration of the list was crowdsourced from different ESP representatives. They shared the info they had with each other. With their permission, I put it together into a post and published it here. Since then, I’ve had a trickle of ESPs asking to be added to the list. I’m happy to add any ESP. The only requirement is a privacy policy (or AUP) that states no purchased lists.
People reference the list regularly
I’ve had a lot of ESP deliverability folks send thanks for writing this post. They tell me they reference it regularly when dealing with clients. It’s also been listed as “one of the best blog posts of 2015” by Pardot.
Some 2016 predictions build on the post
I’ve read multiple future predictions that talk about how the era of purchased lists is over. I don’t think they’re wrong. I think that purchased lists are going to be deliverability nightmares on an internet where users wanting a mail is a prime factor in inbox deliverability. They’re already difficult to deliver, but it’s going to get worse.
Thumbsdown
Not everyone thinks this is a good post. In fact, I just recently got an comment about how wrong I was, and… well, I’ll just share it because I don’t think my summary of it will do it any justice.

Read More

Security, backdoors and control.

WttWColorEye_forBlogThe FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control. Apple letter to customers

Read More

January 2016: The Month in Email

Jan2016_blogHappy 2016! We started off the year with a few different “predictions” posts. As always, I don’t expect to be right about everything, but it’s a useful exercise for us to look forward and think about where things are headed.
I joined nine other email experts for a Sparkpost webinar on 2016 predictions, which was a lot of fun (see my wrap up post here), and then I wrote a long post about security and authentication, which I think will be THE major topic in email this year both in policy and in practice (see my post about an exploit involving Trend Micro and another about hijacked Verizon addresses). Expect to hear more about this 2016 continues.
My other exciting January project was the launch of my “Ask Laura” column, which I hope will prove a great resource for people with questions about email. Please let me know if you have any questions you’d like to see me answer for your company or your clients — I’ll obscure any identifying information and generalize the answers to be most widely applicable for our readers.
In other industry news, it’s worth noting that Germany has ruled it illegal to harvest users’ address books (as Facebook and other services do). Why does that make sense? Because we’re seeing more and more phishing and scams that rely on social engineering.
In best practices, I wrote about triggered and transactional emails, how they differ, and what to consider when implementing them as part of your email program. Steve describes an easy-to-implement best practice that marketers often ignore: craft your mails so the most important information is shown as text.
I re-published an older post about SMTP rules that has a configuration checklist you might find useful as you troubleshoot any issues. And a newer issue you might be seeing is port25 blocking, which is important if you are hosting your own email senders or using SMTP to send to your ESP.
Finally, I put together some thoughts about reporting abuse. We work closely with high-volume abuse desks who use our Abacus software, and we know that it’s often not worth the time for an individual to report an incident – but I still think it’s worthwhile to have the infrastructure in place, and I wrote about why that is.

Read More