Recent Posts

Welcome to our new site

We’re very excited and pleased to launch our redesigned website and blog.
As you can see, we have a new logo and an official color scheme. In addition to the cosmetic changes, we’ve improved the underlying structure. We have pages dedicted to our offerings, including Abacus and information about our consulting services.
We’ve also consolidated a lot of the information spread across different website. The ISP Information page is updated and current (finally! all the Goodmail references are gone). And the ISP specific pages are here instead of over on the wiki.
Two features we’re quite excited about are our wiseWords and wiseTools.
wiseWords is our place to publish more in depth articles about email, delivery and the Internet than the blog. Over time, I expect this to grow to encompas a full email knowledge base. We’ve also published some white papers for download.
wiseTools is the umbrella for our useful email tools, including the tools published at emailstuff.org. They’re still at emailstuff.org, but they’re also here at tools.wordtothewise.com.
We’ve done our best to make sure links transfer from the old site to the new one, but feel free to contact us if you find a broken link.
You may find your first comment on the new blog goes into moderation the first time you post. But once you’ve been approved, comments won’t go through moderation a second time.
Our new website is just the first of many new things we are hoping to roll out in the coming months.

Read More

Marketers, we have a problem

And that problem is security.
Much of what marketing does is build profiles of customers by collecting huge amounts of data on every customer. That data collection is facilitated by compliant customers that provide all sorts of personal data just because they’re politely asked by a retail clerk.
There will always be people who comply with data requests, but I expect more customers to be wary of sharing information at the register.
I’m not the only one, a recent NY Times blog post from one of their security researchers: Stop asking me for my email address. She discusses how much information companies ask for and how complacently consumers hand it over without asking about security.

Read More

Spamtraps, again.

The DMA and EEC hosted a webinar today discussing spam traps. Overall, I thought it was pretty good and the information given out was valuable for marketers.
My one big complaint is that they claimed there were only two kinds of spam traps, and then incorrectly defined one of those types. They split spam traps into “pristine” and “recycled.” Pristine traps were defined as addresses that never belonged to a user, but were seeded out on the internet to catch people harvesting addresses off websites.
While dropping addresses on websites is one way people create spam traps, there are uncounted numbers of traps that receive spam (even from some big name brands) that have never been published anywhere. One very common source of trap addresses is Usenet message IDs. I don’t think anyone can really say these were seeded in an effort to catch people harvesting, they were part of posting to Usenet. Another common source of trap addresses is spammers creating email addresses; they take the left hand side of every address on a list and pair that with all the unique right hand sides of the same list. Massive list growth with a chance that some of those addresses will be valid.
I’ve talked about different kinds of spamtraps in depth previously and how the different traps are used in different ways. I also talked about how those different types of traps tell the recipients different things.
Another critical thing to remember about traps is they are not the problem. Spamtrap hits are a symptom of a larger problem with your list acquisition process. Every spam trap on your list is a failure to actually connect with a recipient. If you’re using an opt-in method to collect addresses traps mean that either a user didn’t really want to opt in or you managed to not accurately collect their information.
One of the things I get frustrated with when dealing with potential customers is their laser like focus on “getting the traps off our list.” I really believe that is not the right approach. Just getting the traps off is not going to do anything to improve your delivery over the long term. Instead of focusing on the traps, focus on the reasons they’re there. Look at how you can improve your processes and address collection so that you actually get the correct addresses of the people who really do want that mail.
Other posts about spam traps

Read More

Anon whois information

I’ve talked before about reasons not to hide commercial domains behind whois proxies. Al found another one: if you use a proxies you cannot list your domains with abuse.net. Al has a good write up of whois, and why this is important. So go there and read it.

Read More

March 2014: The month in email

What did we talk about here on the blog in March? It seems we talked a lot about Gmail but also looked at some CAN SPAM issues.
Gmail
When it comes to innovating in the inbox, Gmail is leaps and bounds ahead of the pack. They made some improvements to their image caching process and are now respecting cache headers, so marketers can update images and track multiple opens. They also started rolling out grid view in the promotions tab, giving marketers a way to show pictures to recipients rather than text subject lines. I wrote about their views on senders best practices as presented at M3AAWG 30 in San Francisco. Then there was ongoing news about their new FBL. Many ESPs started getting approval notices for joining their FBL and Sendgrid published an open letter about how the FBL has been helping them identify bad players on their network.
CAN SPAM
Oddly enough I wrote two different posts about CAN SPAM, which seems like a lot for as little as I managed to blog in March. One discussed if CAN SPAM applied to individual prospecting emails (yes, but really, violating that is like speeding most people aren’t going to get caught or punished) and the other looked at the rules surrounding harvesting.
Delivery
I talked about how domains need to be warmed up, not just IP addresses. And how there are lots of common causes for delivery problems, and too many people go for the edge cases without ruling out the normal cases first.
Odds and ends
The other posts don’t really lend themselves to easy classification. I talked delivery on Tech Talk. I amused myself by posting a link to horribly done spam and a bit of a snarky summary of the current state of ISP Relations. I linked to a blog post pointing out that social engineering is still alive and well in the hackers toolkit and another one looking at effective email marketing strategies.
 

Read More

Sendgrid's open letter to Gmail

Paul Kincaid-Smith wrote an open letter to Gmail about their experiences with the Gmail FBL and how the data from Gmail helped Sendgrid find problem customers.
I know a lot of folks are frustrated with Gmail not returning more than statistics, but there is a place for this type of feedback within a comprehensive compliance desk.

Read More

Domains need to be warmed, too

One thing that came out of the ISP session at M3AAWG is that domains need to be warmed up, too. I can’t remember exactly which ISP rep said it, but there was general nodding across the panel when this was said.
This isn’t just the domain in the reverse DNS of the sending IP, but also domains used in the Return Path (Envelope From) and visible from.
From the ISP’s perspective, this makes tons of sense. Some of the most prolific snowshoe spammers use new domains and new IPs for every send. They’re not trying to establish a reputation, rather they’re trying to avoid one. ISPs respond by distrusting any mail from a new IP with a new domain.

Read More

People are your weakest link

Social engineering is a long standing way to compromise security. Chunkhost reports today that they discovered accounts being compromised through social engineering of Sendgrid support. While the compromise did not work it was a close call. The only thing that saved the targeted customers was their implementation of 2 factor authentication.
We know many of our customers individually and personally, and are still careful about changing contact addresses and passwords. With larger customer bases, it’s vital that every person in the change follow security processes.

Read More

Gmail promotions tab improves for marketers

The official Gmail blog announced today that they’re testing a new way of displaying emails in the Promotions tab. This display method will show users a featured image instead of the normal subject line.
Email marketers that want to take advantage of this should visit the Gmail developers pages for information on how to set a featured image for Gmail.
More innovation from Gmail in the mailbox. This one feels pretty consumer friendly, although I still have memories of XXX spam from years ago showing rather explicit images. Gmail must have a lot of confidence in their filtering to push image display to the inbox.

Read More

Gmail FBL update

Last week Gmail started contacting ESPs that signed up for their new FBL with more information on how to set up mailings to receive FBL emails.
One of the struggles some ESPs are having is the requirement for DKIM signing. Many of the bigger ESPs have clients that sign with their own domains. Gmail is telling these ESPs to insert a second DKIM signature to join the FBL.
There are a couple reasons this is not as simple or as doable as Gmail seems to think, and the challenges are technical as well as organizational.
The technical challenges are pretty simple. As of now, not all the bulk MTAs support multiple signatures. I’ve heard that multiple signatures are being tested by these MTA vendors, but they’re not in wide use. This makes it challenging for these ESPs to just turn on multiple signatures. For ESPs that are using open source software, there’s often a lot of customization in their signing infrastructure. Even if they have the capability to dual sign, if they’re not currently using that there is testing needed before turning it on.
None of the technical challenges are show stoppers, but they are certainly show delayers.
The organizational challenges are much more difficult to deal with. These are cases where the ESP customer doesn’t want the ESP to sign. The obvious situation is with large banks. They want everything in their infrastructure and headers pointing at the bank, not at their ESP. They don’t want to have that second signature in their email for multiple reasons. I can’t actually see an ESP effectively convincing the various stakeholders, including the marketing, security and legal staff, that allowing the ESP to inset a second signature is good practice. I’m not even sure it is good practice in those cases, except to get stats from Gmail.
Hopefully, Gmail will take feedback from the ESPs and change their FBL parameters to allow ESPs to get information about their customers who sign with their own domain.

Read More
Categories
Tags