Recent Posts

A brief DMARC primer

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. What DMARC does is allow domain owners to publish policy statements in DNS telling receiver domains what to do with messages that do not authenticate. In addition, DMARC introduces the concept of “domain alignment.” What this means is that the authentication has to be from the same domain (or a sub-domain) as the address in the header-from: line. The idea behind DMARC is that organizational owners can use SPF and DKIM authentication to authenticate their actual domain in the header-from line. This moves authentication from a important but behind the scenes technology out to an end user visible technology.

Welcome to our new site

We’re very excited and pleased to launch our redesigned website and blog.
As you can see, we have a new logo and an official color scheme. In addition to the cosmetic changes, we’ve improved the underlying structure. We have pages dedicted to our offerings, including Abacus and information about our consulting services.
We’ve also consolidated a lot of the information spread across different website. The ISP Information page is updated and current (finally! all the Goodmail references are gone). And the ISP specific pages are here instead of over on the wiki.
Two features we’re quite excited about are our wiseWords and wiseTools.
wiseWords is our place to publish more in depth articles about email, delivery and the Internet than the blog. Over time, I expect this to grow to encompas a full email knowledge base. We’ve also published some white papers for download.
wiseTools is the umbrella for our useful email tools, including the tools published at emailstuff.org. They’re still at emailstuff.org, but they’re also here at tools.wordtothewise.com.
We’ve done our best to make sure links transfer from the old site to the new one, but feel free to contact us if you find a broken link.
You may find your first comment on the new blog goes into moderation the first time you post. But once you’ve been approved, comments won’t go through moderation a second time.
Our new website is just the first of many new things we are hoping to roll out in the coming months.

Marketers, we have a problem

And that problem is security.
Much of what marketing does is build profiles of customers by collecting huge amounts of data on every customer. That data collection is facilitated by compliant customers that provide all sorts of personal data just because they’re politely asked by a retail clerk.
There will always be people who comply with data requests, but I expect more customers to be wary of sharing information at the register.
I’m not the only one, a recent NY Times blog post from one of their security researchers: Stop asking me for my email address. She discusses how much information companies ask for and how complacently consumers hand it over without asking about security.

Spamtraps, again.

The DMA and EEC hosted a webinar today discussing spam traps. Overall, I thought it was pretty good and the information given out was valuable for marketers.
My one big complaint is that they claimed there were only two kinds of spam traps, and then incorrectly defined one of those types. They split spam traps into “pristine” and “recycled.” Pristine traps were defined as addresses that never belonged to a user, but were seeded out on the internet to catch people harvesting addresses off websites.
While dropping addresses on websites is one way people create spam traps, there are uncounted numbers of traps that receive spam (even from some big name brands) that have never been published anywhere. One very common source of trap addresses is Usenet message IDs. I don’t think anyone can really say these were seeded in an effort to catch people harvesting, they were part of posting to Usenet. Another common source of trap addresses is spammers creating email addresses; they take the left hand side of every address on a list and pair that with all the unique right hand sides of the same list. Massive list growth with a chance that some of those addresses will be valid.
I’ve talked about different kinds of spamtraps in depth previously and how the different traps are used in different ways. I also talked about how those different types of traps tell the recipients different things.
Another critical thing to remember about traps is they are not the problem. Spamtrap hits are a symptom of a larger problem with your list acquisition process. Every spam trap on your list is a failure to actually connect with a recipient. If you’re using an opt-in method to collect addresses traps mean that either a user didn’t really want to opt in or you managed to not accurately collect their information.
One of the things I get frustrated with when dealing with potential customers is their laser like focus on “getting the traps off our list.” I really believe that is not the right approach. Just getting the traps off is not going to do anything to improve your delivery over the long term. Instead of focusing on the traps, focus on the reasons they’re there. Look at how you can improve your processes and address collection so that you actually get the correct addresses of the people who really do want that mail.
Other posts about spam traps

Anon whois information

I’ve talked before about reasons not to hide commercial domains behind whois proxies. Al found another one: if you use a proxies you cannot list your domains with abuse.net. Al has a good write up of whois, and why this is important. So go there and read it.

March 2014: The month in email

What did we talk about here on the blog in March? It seems we talked a lot about Gmail but also looked at some CAN SPAM issues.
Gmail
When it comes to innovating in the inbox, Gmail is leaps and bounds ahead of the pack. They made some improvements to their image caching process and are now respecting cache headers, so marketers can update images and track multiple opens. They also started rolling out grid view in the promotions tab, giving marketers a way to show pictures to recipients rather than text subject lines. I wrote about their views on senders best practices as presented at M³AAWG 30 in San Francisco. Then there was ongoing news about their new FBL. Many ESPs started getting approval notices for joining their FBL and Sendgrid published an open letter about how the FBL has been helping them identify bad players on their network.
CAN SPAM
Oddly enough I wrote two different posts about CAN SPAM, which seems like a lot for as little as I managed to blog in March. One discussed if CAN SPAM applied to individual prospecting emails (yes, but really, violating that is like speeding most people aren’t going to get caught or punished) and the other looked at the rules surrounding harvesting.
Delivery
I talked about how domains need to be warmed up, not just IP addresses. And how there are lots of common causes for delivery problems, and too many people go for the edge cases without ruling out the normal cases first.
Odds and ends
The other posts don’t really lend themselves to easy classification. I talked delivery on Tech Talk. I amused myself by posting a link to horribly done spam and a bit of a snarky summary of the current state of ISP Relations. I linked to a blog post pointing out that social engineering is still alive and well in the hackers toolkit and another one looking at effective email marketing strategies.

Sendgrid's open letter to Gmail

Paul Kincaid-Smith wrote an open letter to Gmail about their experiences with the Gmail FBL and how the data from Gmail helped Sendgrid find problem customers.
I know a lot of folks are frustrated with Gmail not returning more than statistics, but there is a place for this type of feedback within a comprehensive compliance desk.

Domains need to be warmed, too

One thing that came out of the ISP session at M³AAWG is that domains need to be warmed up, too. I can’t remember exactly which ISP rep said it, but there was general nodding across the panel when this was said.
This isn’t just the domain in the reverse DNS of the sending IP, but also domains used in the Return Path (Envelope From) and visible from.
From the ISP’s perspective, this makes tons of sense. Some of the most prolific snowshoe spammers use new domains and new IPs for every send. They’re not trying to establish a reputation, rather they’re trying to avoid one. ISPs respond by distrusting any mail from a new IP with a new domain.

People are your weakest link

Social engineering is a long standing way to compromise security. Chunkhost reports today that they discovered accounts being compromised through social engineering of Sendgrid support. While the compromise did not work it was a close call. The only thing that saved the targeted customers was their implementation of 2 factor authentication.
We know many of our customers individually and personally, and are still careful about changing contact addresses and passwords. With larger customer bases, it’s vital that every person in the change follow security processes.

Gmail promotions tab improves for marketers

The official Gmail blog announced today that they’re testing a new way of displaying emails in the Promotions tab. This display method will show users a featured image instead of the normal subject line.
Email marketers that want to take advantage of this should visit the Gmail developers pages for information on how to set a featured image for Gmail.
More innovation from Gmail in the mailbox. This one feels pretty consumer friendly, although I still have memories of XXX spam from years ago showing rather explicit images. Gmail must have a lot of confidence in their filtering to push image display to the inbox.