Is email dead?

These last few years have been something, huh? Something had to give and, in my case, that something was blogging. There were a number of reasons I stopped writing here, many of them personal, some of them more global. I will admit, I was (and still am a little) burned out as it seemed I was saying and writing the same things I’d been saying and writing for more than a decade. Taking time off has helped a little bit, as much to focus on what I really want to talk about.

It helps, too, there are a lot more deliverability resources out there than when I started. I don’t have to say it all, there are other voices (and perspectives!) that are adding to the collective understanding of delivery. That’s taken some of my (admittedly internal) pressure off from having to write about specific things to explain, educate and clarify. Other folks are doing that admirably. Instead I can move back to using writing blog posts to explore concepts and work through better ways to model and explain email and deliverability.

What are some of these bigger issues I’ve been thinking about?

Bounce Handling

A Venn diagram based on bounce handling classification rules from 3 individual ESPs. The diagram shows overlapping sets of "hard bounce" "soft bounce" and "spam bounce" along with a frustrated stick figure trying to make sense of the confusion.
It’s worse than this now.

This is a problem that’s been on my mind for a while. The industry is very bad at managing undeliverable emails. Almost every organization has different definitions for the same terms. Mailbox providers send bounces that work for them but are unique to that provider. ESPs make up their own classification sets which I tried to classify a long time ago in a massive Venn diagram that still doesn’t capture it all. Filtering organizations say follow the RFCs. ESPs hide information about bounces from their customers.

Bounce handling is a mess. You can see this in Kickbox’s recent Email Deliverability Unfiltered: Understanding and Handling Bounces. A number of folks contributed content and we all went in completely different directions. I brought bounce handling as an open round table discussion at London M3AAWG meeting last June. The organization has been having ongoing discussions about it ever since, without getting to any conclusion.

I have long planned to write something about bounces, but struggle because I feel like I need to go back and start with defining all my terms. I mean, first off, we’re not talking bounces we’re talking rejections as they usually happen during the SMTP session and the SMTP RFC doesn’t talk about hard or soft bounces at all. I digress and this document is more about mapping out what I want to talk about – and making it public means I’m more likely to do it. I think I need to work a lot of that out in a long series of blog posts about bounces.

Spam is on the uptick again – for business users

The amount of B2B spam is getting out of control. It seems every small and medium business out there is purchasing lists and hiring an army of half literate sales folks who send out a bunch of cold email. They get really upset and angry when you call them spammers, but I’m not sure what else to label them. They’re certainly not permission based marketers.

They send unwanted, un-targeted and irrelevant email. They have adopted a host of techniques to avoid blocking and prevent people from filtering their mail. These include, but aren’t limited to: rotating domains regularly, using Google Workspace and O365 to prevent IP based blocking, using gmail.com addresses to prevent blocking, hiring lead generation companies to send on their behalf. They also violate CAN SPAM by not including a postal address and by not honoring unsubscribes.

In many ways it feels like the late 90s when we just didn’t have the tools to stop spam and were chasing spammers around. The techniques are modern versions of the techniques invented with Wallace and Rines and Ralsky and their competitors. Instead of open relays they use Google Workspace and O365 accounts. Instead of domain tasting they use gmail.com addresses. Instead of dictionary attacks they buy lists. Scraping still exists, but instead of badly written web crawlers, there’s browser plugins to harvest off LinkedIn.

Compliance is hard again

In the decade between about 2004 and 2014, compliance was important. ESPs were funding and staffing compliance desks. Bad customers were disconnected. FBLs were proliferating and anti-abuse was important. But that’s just not how it’s going these days.

ESPs actually have spam filters in front of their abuse desks and don’t even get complaints. If or when you can reach out in person, they generally only remove the address from lists and don’t actually disconnect the customer.

Many of the metrics compliance desks used to identify problem customers come with a host of problems that make them less useful now than in the past. Metrics like FBLs and bounce rates are not only gameable, customers can purchase services to game them. Open and click rates, are so noisy they’re useless for compliance purposes. In the B2B space, FBLs simply don’t exist; even providers that collect ‘this is spam’ metrics don’t share that information with the sender.

There was a big push by Spamhaus last year with “informational” listings. A lot of those listings were because so many ESPs (not you, you didn’t deserve it) have mostly stopped effectively policing their customer base. There are so many reasons for the build up of bad practices. Management has a lot of blame here for a host of reasons. Some decided if they weren’t blocked their customers weren’t spamming. Others failed to innovate on tools and reporting and didn’t adjust their compliance thresholds to address the metrics problems I talked about earlier. Others simply chased the income as long as their shared IPs had decent delivery. Dedicated IPs were left to fend for themselves and if they ruined their delivery that wasn’t the ESP’s problem.

Part of the issue is how good the ISPs have gotten at filtering off shared IPs. They can separate out and differentially filter mail from a single IP. This makes it easier for some ESPs to throw the problem back on the problem customer(s) and wash their hands of it.

Some good news

That was an awful lot of negativity to spew out. I think we’re all a little tired and burnt out from the last 6 years. I swear 2014 was yesterday. Have a palate cleanser of kittens.

A picture of an orange kitten on his back and a black and white kitten cuddled up next to him.
Snufkin and Toffle

But it’s not all bad and we shouldn’t despair. We’re just in the cycle where spammers caught up with the tools and abuse used by desk. The tools will catch up and all won’t be lost. I mean, when we started this back in the late 90s we spent a lot of time convincing folks spam was bad and harmful. Folks started building out tools and filters and blocklists and FBLs and all that. We’re about due for another round of investment and innovation.

We’ve already seen Google increasing their enforcement against the spammers abusing them to send B2B spam. They’ve also disconnected a couple of the spam support services that were using their own API to evade filters.

The overall industry is working hard to get a handle on the bounce issue. We’re talking about how better to address the bad customers, and also how to explain to management that enforcement is good for the business. Filters are protecting the majority of consumers from the bulk of the spam that’s sent.

I’ll be talking more about some of these issues over the coming months, along with some actual ideas about solutions and things that we in the email industry can do to improve the overall situation.

tl;dr: Email is not Dead.

Related Posts

What kind of mail do filters target?

All to often we think of filters as a linear scale. There’s blocking on one end, and there’s an inbox on the other. Every email falls somewhere on that line.
Makes sense, right? Bad mail is blocked, good mail goes to the inbox. The bulk folder exists for mail that’s not bad enough to block, but isn’t good enough to go to the inbox.
Once we get to that model, we can think of filters as just different tolerances for what is bad and good. Using the same model, we can see aggressive filters block more mail and send more mail to bulk, while letting less into the inbox. There are also permissive filters that block very little mail and send most mail to the inbox.
That’s a somewhat useful model, but it doesn’t really capture the full complexity of filters. There isn’t just good mail and bad mail. Mail isn’t simply solicited or unsolicited. Filters take into account any number of factors before deciding what to do with mail.

Read More

Parasites hurt email marketing

As a small business owner I am a ripe target for many companies. They buy my address from some lead generation firm, or they scrape it off LinkedIn, and they send me a message that pretends to be personalized but isn’t really.
“I looked at your website… we have a list of email addresses to sell you.”
“We offer cold calling services… can I set up a call with you?”
“I have scheduled a meeting tomorrow so I can tell you about our product that will solve all your technical issues and is also a floor wax.”
None of these emails are anything more than spam. They’re fake personalized. There’s no permission. On a good day they’ll have an opt out link. On a normal day they might include an actual name.
These are messages coming to an email address I’ve spent years trying to protect from getting onto mailing lists. I don’t do fishbowls, I’m careful about who I give my card to, I never use it to sign up for anything. And, still, that has all been for naught.
I don’t really blame the senders, I mean I do, they’re the ones that bought my address and then invested in business automation software that sends me regular emails trying to get me to give them a phone number. Or a contact for “the right person at your business to talk to about this great offer that will change your business.”
The real blame lies with the people who pretend that B2B spam is somehow not spam. Who have pivoted their businesses from selling consumer lists to business lists because permission doesn’t matter when it comes to businesses. The real blame lies with companies who sell “marketing automation software” that plugs into their Google Apps account and hijacks their reputation to get to the inbox. The real blame lies with list cleansing companies who sell list buyers a cleansing service that only hides the evidence of spamming.
There are so many parasites in the email space. They take time, energy and resources from large and small businesses, offering them services that seem good, but really are worthless.
The biologically interesting thing about parasites, though, is that they do better if they don’t overwhelm the host system. They have to stay small. They have to stay hidden. They have to not cause too much harm, otherwise the host system will fight back.
Email fights back too. Parasites will find it harder and harder to get mail delivered in any volume as the host system adapts to them. Already if I look in my junk folder, my filters are correctly flagging these messages as spam. And my filters see a very small portion of mail. Filtering companies and the business email hosting systems have a much broader view and much better defenses.
These emails annoy me, but I know that they are a short term problem.  As more and more businesses move to hosted services, like Google Apps and Office365 the permission rules are going to apply to business addresses as well as consumer addresses. The parasites selling products and services to small business owners can’t overwhelm email. The defenses will step in first.
 

Read More

What do you think about these hot button issues?

bullhornIt’s been one of those weeks where blogging is a challenge. Not because I don’t have much to say, but because I don’t have much constructive to say. Rants can be entertaining, even to write. But they’re not very helpful in terms of what do we need to change and how do we move forward.
A few different things I read or saw brought out the rants this week. Some of these are issues I don’t have answers to, and some of them are issues where I just disagree with folks, but have nothing more useful to say than, “You’re wrong.” I don’t even always have an answer to why they’re wrong, they’re just wrong.
I thought today I’d bring up the issues that made me so ranty and list the two different points of views about them and see what readers think about them. (Those of you who follow me on Facebook probably know which ones my positions are, but I’m going to try and be neutral about my specific positions.)

Read More