Changes happen, even if you don't keep up

I cannot count the number of times I hear someone complain that they didn’t change anything and now their email isn’t delivering and why did this happen all of a sudden and how can they be blocked now when they weren’t blocked 3 months ago. Nothing changed, so why all of a sudden is mail failing?

an image of colored lights with the words 'Change The Only Constant' superimposed on them

The problem is that the person asking the question is only looking at things from their own perspective. They didn’t change anything, so of course nothing changed. This point of view is inherently self-centered, thinking that the only thing that matters is the sender. It demonstrates a failure to understand one of the core concepts of SMTP. Each side of a SMTP transaction pays for email. The senders pay all their costs, but the receivers also experience costs to delivering mail. In fact, many of the costs a receiver experiences (spam filtering, for instance) are due to bad senders not through any choice of their own. Some could actually argue that the primary costs of email are borne by the people who receive the email, not the people who send it. It’s certainly more true that bulk senders profit more from email that the large receivers.

Back in the day, there was an old argument about who funds the US Postal Service (USPS). Does bulk mail subsidize the cost of non-bulk mail or does non-bulk mail subsidize the cost of bulk mail? This would usually come up when some spammer would wander into anti-spam discussions and start on about how we shouldn’t block spam because it was cheaper (and more environmentally friendly! savetrees.com) than bulk postal mail. And that they paid for that mail to be delivered, so it was on the receivers to deliver mail they paid for. What all of the folks arguing about postal mail forgot is that: The USPS controls all bits of postal delivery. They even own the mailboxes to the point where it’s against the law in the US to put anything in a postal box if you’re not the USPS. That’s why you can’t get commercial deliveries to a PO box.

This USPS model is not the model of email. In email, you own (or rent) the infrastructure to send and receive mail for your own domain or your own entity. It’s a cooperative model, one where the responsibility for delivery shifts from sender to receiver at the instance the SMTP session goes away (really, that is part of the SMTP RFCs)

In other words, message transfer can occur in a single connection between the original SMTP-sender and the final SMTP-recipient, or can occur in a series of hops through intermediary systems. In either case, once the server has issued a success response at the end of the mail data, a formal handoff of responsibility for the message occurs: the protocol requires that a server MUST accept responsibility for either delivering the message or properly reporting the failure to do so (see Sections 6.1, 6.2, and 7.8, below).RFC5321

It’s not just the responsibility that hands off, it’s also the cost of delivery. At the point the SMTP session closes, any futher costs of delivery are assumed by the receiving server. At no point are senders paying email receivers to deliver email (barring that one company that tried it but ended up failing in part because they failed to keep spammers off their service).

All of this is the long way of saying: The receiving server can and does block mail and it’s their right because they are paying for the delivery. They can also change the rules on what kind of mail they will deliver at their perogative. Don’t like their rules? OK. You can lobby for them to change them, I’ve done it many times over the years and even been successful in doing so. But the choice to deliver mail always comes down to the folks who are paying the bills to deliver that mail.

Why the rant today? I was offering advice to someone about how to handle a delivery issue. They came back to me with “But we haven’t changed anything! Why do we need to make changes now?!” OK, you didn’t change anything. That doesn’t mean what you’re doing or sending is acceptable. Sometimes senders get away with poor behavior because they’re just not the worst right now or because they can’t be blocked without substantial collateral damage (e.g. cold email). As a sender, the only thing you can really do is change your behavior.

The last few years we’ve seen receivers grow more and more aggressive about requiring bulk mail actually follow standards and best practices [e.g. this recent blog post about message-ids from Steve. Some of this is because they’re tired of paying to subsidize sender business models and marketing.

This isn’t something new. I even blogged about this very thing back in 2009. That’s more than 15 years ago where I was telling bulk senders it was time for them to take responsibility for their mail and their actions.

Looks like some folks still haven’t gotten the message.

Related Posts

Following the SMTP rules

An old blog post from 2013, that’s still relevant today.
“Blocked for Bot-like Behavior”
An ESP asked about this error message from Hotmail and what to do about it.
“Bot-like” behaviour usually means the sending server is doing something that bots also do. It’s not always that they’re spamming, often it’s a technical issue. But the technical problems make the sending server look like a bot, so the ISP is not taking any chances and they’re going to stop accepting mail from that server.
If you’re an ESP what should you look for when tracking down what the problem is?
First make sure your server isn’t infected with anything and that you’re not running an open relay or proxy. Second, make sure your customers aren’t compromised or have had their accounts hijacked.
Then start looking at your configuration.
HELO/EHLO values

Read More

The history of email

My first access to “the internet” was through a dialup modem on a VAX at the FDA. I was a summer intern there through my college career and then worked full time after graduation and before grad school. My email address ended in .bitnet. I could mail some places but not others. One of the places I couldn’t send mail was to my friends back on campus.
A few of those friends were computer science majors, so one weekend they tried to help me troubleshoot things. . There were text files that they ended up searching through looking up how to send mail from .bitnet to .edu. But it was all a baffling experience. Why couldn’t it just work? I had email, they had email, why could we not talk?
I never did figure out how to send email to campus from .bitnet.
Eventually, the FDA moved from BITNET to the internet and I had a .gov address. I could send mail around just by getting the recipients’s address. But the mystery of why I could mail some .edus and not others still lingers. I wonder what our setup was that we couldn’t send mail. I’ll probably never know. I don’t even have enough details to explain the problem to someone who would know. I suspect the answer will be “bang paths” or “host.txt” files, but I really don’t know.

Read More

Automated link checking getting more sophisticated

As the volume and severity of malicious email increases, filters are increasingly following links in emails. This is really nothing new. Barracuda and other filters have been inspecting links automatically for years. From what I’ve seen there does seem to be some level of risk analysis based on domain reputation. That makes sense, not only is following links computationally expensive, it can also delay mail receipt.

Read More