Recent Posts

Looking for some experiences…

… with emailreg.org. A client of mine asked today if it was worth registering domains with emailreg.org as a whitelisting process. I’ve asked a few delivery folks for their feedback, but I was wondering what the broader email community thought. Does registering there help delivery to domains behind barracuda processes? Drop me a line on our contact page or add your experiences in the comments.
I normally reject comments with fake or forged email addresses. Because this may be sensitive and some commenters may want to be anonymous, I’ll let anonymous comments through if they’re clearly not forging someone else’s address.

Is it real or is it spam?

The wanted but unexpected email is one of the major challenges facing ISPs and filter developers. If there was never any need or desire for people to receive email from someone they don’t know, then mail clients could be locked down to only accept mail from addresses on a whitelist. It wouldn’t completely solve the spam problem, for a number of reasons, but it would lessen the problem, particularly for average email users.
But, we don’t live in a world where we know beforehand who will be sending us mail, so we can’t just whitelist correspondents and reject everything else. I think this is a good thing. Email can be used to meet new people, develop new relationships and introduce new opportunities.
While the “cold call” email isn’t much talked about I think it’s worth some discussion. What makes a good cold email? What makes a bad one? We can use two recent emails I received as examples.
Example 1:

No, I'm really not Christine

Got this to one of my accounts recently.

Congratulations and welcome to emailinform.

SORBS – back soon

If you’ve tried to get an address delisted from SORBS this week you’ll have found that their site is degraded, and there’s no way to request delisting.
They’ve been dealing with some very nasty database / hardware problems and while they’re fixing those the externally visible SORBS services are running in a read-only mode (where the list is published, but IP addresses can’t be added or removed).
The migration to new infrastructure is going well, and unless something unexpected happens I’d guess they’ll be running normally some time tomorrow.

On Discovery and Email

If you’re involved in any sort of civil legal action in the US Courts – whether that be claims of patent violation, defamation, sexual harassment or anything else – there’s a point in the pre-trial process where the opposing lawyers can request information from you, and also from any third-parties they believe may have useful information. This phase is called Discovery.
US civil discovery has very few limits: you can demand, backed by the power of the court, any material or information that might be reasonably believed to lead to admissible evidence in the case. That’s much, much broader than just relevance, and it allows fairly prolonged fishing expeditions not just for admissible evidence, but also for background information that will allow the opposing legal team to better understand both the case and the people and companies involved in it. Often the discovery phase leads to both sides agreeing on how strong a case it is, and deciding to settle or drop it rather than taking it to trial.
One aspect of discovery is interrogatories and depositions – asking someone a list of questions, and having them reply in writing or in person. While most people will be honest in their replies in that situation, they’re under no obligation to be helpful or cooperative beyond answering, minimally, the questions they are posed. (In a spam case I was involved in as an expert many years ago one of the lawyers was explaining what the oppositions lawyers might ask and told me “If they ask ‘What do you recall was said about <X>?’ you can tell them that I said he was an asshole.”). The information from these can be vital, but it’s a lot of effort to acquire, and unless you already know enough to ask the right questions you might not discover anything useful.
Asking someone to provide documents is another aspect. That might be a literal paper document, or I’d guess more commonly nowadays, electronic data. “Provide copies of any email your employees sent or received that mentioned <plaintiff’s company>.”, “From what IP addresses at what times did this user log in to your system?” …
As someone who does data analysis I love electronic documents. It’s relatively easy to mechanically grovel through thousands of pages of data and crunch it into summaries that you can use to make decisions, or to focus on a useful subset. Give me someones mailbox and I can do the easy stuff, like find any mention of a company, or any link to a companies website. But I can also find the messages they sent while they weren’t in the office. I can do semantic analysis and find the emails that use angry language. I can find all the attachments that were used, open them up and analyze the contents. I can sometimes find where in the world they were when the email was sent – down to which hotel bar, or which office in a building. I can crunch the routing data of their mailbox (and other peoples) and see who they communicated with – and make recommendations as to whether it would be worthwhile to subpoena those people. I can build relationship graphs. And all this applies not just to their work mailbox, but also their private gmail addresses, if it’s a reasonable assumption that any communication there might lead to any relevant evidence – and, well, it’s always a reasonable assumption. (And that’s just email – I can often pull similarly useful data out of web logs and forum posts and so on too).
The discovery process can be long, and can consume a lot of resources (time, legal fees) and work focus from the people targeted by it. Making analysis easier (and hence cheaper) makes it reasonably possible to expand and extend the discovery process to find additional data. Whether that’s good for you or not depends on the details of the case and whether you are the one doing the discovery.
None of this is intended to be legal advice, nor even a description of the process by someone with any legal training – it’s just some aspects I’ve noticed from my limited experience of the process as an expert working with some very good lawyers.
Finally, another piece of advice a lawyer I was working with gave me some years ago was “Always assume that anything you write anywhere may be made available to opposing counsel. And when it comes to legally sensitive matters, use email just for sending copies of documents that will be provided to opposing counsel and for scheduling ‘phone calls where you’ll discuss other details. Nothing else.”.

Happy Sweet 16, Yahoo.

Yahoo mail turns 16 today, and in celebration Yahoo is giving all their mail users presents.

Delivery is about helping you succeed

I was talking with another delivery person today who’s dealing with a customer struggling with some issues. As most of these discussions go, we get to the part where we have to tell the customer that what they’re doing looks problematic from the outside. And then the customer gets all upset and angry and starts complaining to account reps or managers or executives.
The challenge of delivery is working with clients who don’t want to hear they have to change what they’re doing. Some senders deflect better than a 3 year old caught with her hand in the cookie jar.
I think all of us in the delivery space, or at least most of us, want our customers and clients to succeed in their email goals. We want you to have a great mailing program. But when your delivery is having problems, getting to a great mailing program means doing something differently.
These changes can be hard, both in terms of thinking differently about email and how it works and about business models. Some business models make it extremely difficult to use emails. We understand that. We don’t make the rules, we just explain them.
We want your mail to work.

ICANN goes after Dynamic Dolphin

ICANN sent a letter to domain registrar Dynamic Dolphin notifying them of their non-compliance with the ICANN Registrar Agreement.
HT: Neil Schwartzman
(Today appears to be retro-blogging day. First I blog about s.1618 then I blog about Scott Richter.)

This message is sent in compliance with the new email bill section 301. Under Bill S.1618 TITLE III passed by the 105th US Congress, this message cannot be considered SPAM as long as we include the way to be removed, Paragraph (a)(c) of S.1618, further transmissions to you by the sender of this email may be stopped at no cost to you by sending a response of “REMOVE” in the subject line of the email, we really will remove you immediately.
Read More

When did you check your security last?

A few years ago security and breach protection was all the topic of the day in the email space. There were some high profile break ins at ESPs and data companies and everyone was looking at their security. Companies were vocal and public about their security enhancements. Many in the email industry even used the term “advanced persistent threats.”
Security seems to have taken a back seat to Yahoo releasing user names, and Gmail introducing tabs in the inbox and all the myriad of tiny details that we feel we have some control over.
But security still should be at the forefront of our minds. Just today Adobe announced a major compromise resulting in both a customer information leak and a source code theft.
It serves as a reminder to all of us that security threats are ongoing and we cannot become complacent.