Recent Posts

Canada announces CASL regulation start date

This morning Industry Canada published its final regulations regarding the implementation of the Canadian Anti-Spam Law. Email related provisions of the law will take effect June 1, 2014.
What does this mean? It means that anyone sending mail from Canada or anyone sending mail that is accessed in Canada is required to have explicit opt-in consent for sending that mail, with a few exceptions. These exceptions include commercial electronic messages that are:

Open relays

Spamhaus wrote about the return of open relays yesterday. What they’re seeing today matches what I see: there is fairly consistent abuse of open relays to send spam. As spam problems go it’s not as serious as compromised machines or abuse-tolerant ESPs / ISPs/ freemail providers – either in terms of volume or user inbox experience – but it’s definitely part of the problem.
I’m not sure how much of a new problem it is, though.
Spammers scan the ‘net for mailservers and attempt to relay email through them back to email addresses they control. Any mail that’s delivered is a sign of an open relay. They typically put the IP address of the mailserver they connected to in the subject line of the email, making it easy for them to mechanically extract a list of open relays.
We run some honeypots that will accept and log any transaction, which looks just like an open relay to spammers other than not actually relaying any email. They let us see what’s going on. Here’s a fairly typical recent relay attempt:

SBCGlobal having a bad day

I’m seeing scattered reports of the SBCGlobal.net MTAs refusing connections. No current information about fixes.

Private whois records hide spammers and help bring down a registrar

I’ve talked in the past about how many spam filters, ISPs and blocklists treat domains that are registered behind privacy protection. I’ve written about how many commercial domains behind privacy protection are used for fraud. I’ve written about multiple legal cases where the courts ruled against companies using privacy protected domains in email. I’ve even gone so far as to claim hiding domains behind privacy protection is what spammers do.
Legitimate email marketers do not hide their domains behind privacy protection services.
Spammers absolutely do hide behind privacy protection services. And because of how privacy protection works, we really don’t know which domains are used by one spammer versus another spammer. ICANN gave us a little bit of insight into just how many domains a spammer registers when they terminated Dynamic Dolphin (pdf link). This is a situation that has been brewing for most of 2013. I wrote about the notice of contract breach back in October. This morning Brian Krebs wrote a blog post saying that ICANN had terminated the agreement with Dynamic Dolphin for failing to cure the breach as noticed back in October.
If you read through the timeline, ICANN has some interesting information about privacy protected domains at Dynamic Dolphin. Data about privacy protected domains was requested from the very beginning.

Do Gmail tabs hurt email marketing?

Earlier this year, Gmail rolled out a new way for users to organize their inbox: tabs. Tabs were an attempt by Gmail to help Gmail users organize their mail, particularly programmatically generated email like social media alerts and marketing mail. While many of us took a wait and see approach, a number of email marketers took this as one of the 7 signs of the apocalypse and the end of email marketing as we know it.
Dozens of marketers wrote article with such titles as “7 ways to survive Gmail tabs” and headlines that declared “Thanks to Gmail’s new tabs, promotional e-mails are now shunted off to a secondary inbox. If you rely on e-mail marketing, you should be worried.” Marketers large and small responded by sending emails to recipients begging them to move marketing mail out of the promotions tab and into the inbox.
A number of bloggers, reporters and marketers, myself included, tried to tame the panic. Not because we necessarily supported tabs, but because we really had no insight into how this would affect recipients interacting with email.
This week Return Path published a whitepaper on the effect of Gmail tabs on email marketing (.pdf link).
Not only did Return Path’s research show little negative effect of tabs, they actually saw some positive effects of tabs on how recipients interact with commercial email. Overall, the introduction of tabs in the gmail interface may be a improvement for email marketers.

Hotmail having a bad day

Looks like Hotmail / Microsoft is having a rather bad day. Their DNS seems to be intermittent. While they were down a while ago they were returning SERVFAIL for some DNS lookups, including MX lookups.
For senders who have the DNS data in their recursive resolvers, this will have no impact. For senders who either don’t have the data cached or who have the data expire before the servers come back online there may be a transient increase in the number of bounces at Microsoft domains (Hotmail, Outlook, MSN.com, office365.com and the Microsoft corporate domains including microsoft.com and their other domains like xboxone.com).

Holiday mailing advice from mailbox providers

Christine Borgia has a post on the Return Path blog where she interviews a number of different groups (spamfilters, DNSBLs, mailbox providers) about their filtering strategy for the holidays. Overall, no one changes their filtering during the Holiday Mailing Season. On the other hand, many marketers do change their marketing strategies in ways that trigger more filtering and blocking.
The take home message? Pay attention to what is being sent and who it is being sent to. This is nothing new, but many marketers seem to forget it in the effort to get into their customers’ inboxes.

Unsubscribing from spam, part 2

Yesterday I posted about why the reasons a lot of people give for not unsubscribing from spam are mostly wrong. Unsubscribing from spam doesn’t seem to confirm your address and it doesn’t seem to increase your spam load.
But does that mean you should unsubscribe from spam? I’m not sure about that.
I’ve been working on a project where I am unsubscribing from every message coming into one of my email addresses. Weeks into that process I’m not seeing a huge decrease in the amount of mail that address is receiving. In some cases I’m unsubscribing from the same senders multiple times a day and have been for close to 3 weeks.
While unsubscribing doesn’t increase your spam, I’m also not sure it decreases your spam, either. But I’ll have full data and numbers demonstrating that in a few more weeks.
What can have an effect on the amount of spam you get is complaining about spam, at least according to Brian Krebs.

Don't unsubscribe from spam!!

Having been around the email and anti-spam industry for a while, I’ve just about seen and heard it all. In fact, sometimes I’ve been around for the beginning of the myth.
One myth that seems to never actually go away is “unsubscribing just confirms you’re a real address and your address will get sold and your spam load will explode.” This is related but orthogonal to “spammers harvest addresses out of unsubscribe forms.” The reality is that both of these things used to be true. Unsubscribing would confirm your email address and increase your spam load. Spammers would harvest addresses out of unsubscribe forms.
But neither of these things have really been true for the last decade.
I have had clients over the years that are spammers. Some of the are names that you probably would recognize. Some of them are companies we could probably all agree are spammers. Some of them are buying addresses from companies that are spammers. Some of them are companies that have a good mailing program here and then hire snowshoers over there. Sometimes they come to me claiming to be real mailers “with minor delivery problems.” Sometimes they come to me saying that a blocklist has recommended they talk to me about repairing their processes. Sometimes they even actually want to fix things. Sometimes they’re just looking to say that I’ve given them a clean bill of health (which is not something I do).
What that means is that I have lots of addresses on lots of spammer lists. Not just the ones they’ve found, but ones I’ve used to test their systems. I use tagged or disposable addresses for everything. Some of my disposable accounts are only marginally connected to me as I want to see what senders really do for their subscribers rather than what they want me to think they do. The ones I add to their system I use to test their subscription process as well as their unsubscription process.
I have never encountered a situation where unsubscribing one of those addresses caused a “multiplication” (to quote one anti-spammer) of my spam load.
I’ve had cases where my clients have ignored unsubscribes. I’ve had cases where my clients have decided years later to add me to their list again. I’ve had cases where they’ve been bought out and my address has been reactivated by the new owners. I’ve had cases where months or even years of 5xx responses was ignored. I’ve seen just about every bad bit of behavior on behalf of spammers. But I’ve never actually had unsubscribing increase my spam load.
It doesn’t matter how often people demonstrate unsubscribing doesn’t result in more spam in the current email ecosystem. (Ken Magill 2013, NYTimes 2011, dayah.com 2009). It doesn’t matter that many mailers treat “this is spam” button hits the same way they handle unsubscribe requests. The myth still persists.

Feel good Friday

I’ve told myself I can’t stop working until I post. Sadly, I can’t think anything useful to post. It’s been one of those weeks where I had some tricky and complicated client issues to work through. I can think of a lot of things to say, but I don’t want co compromise any client information. I wouldn’t do it on purpose, but I am very careful not to unintentionally leak.
Thus, the best I can do is point out that the city of Gotham was saved by Batkid today.