Recent Posts

ISP Relationships

Delivra has a new whitepaper written by Ken Magill talking about the value (or lack thereof) of relationships with ISPs. In Ken’s understated way, he calls baloney on ESPs that claim they have great delivery because they have good relationships with ISPs.
He’s right.
I get a lot of calls from potential clients and some calls from current clients asking me if I can contact an ISP on their behalf and “tell the ISP we’re really not a spammer”. My normal answer is that I can, but that there isn’t a place in the spam filtering process for “sender has hired Laura and she says they’re not a spammer.” I mean, it would be totally awesome if that was the case. But it’s not. It’s even the case where I’m close friends with folks inside the ISPs.
I’m pretty sure I’ve told the story before about being at a party with one of the Hotmail ISP folks. There was a sender that had hired me to deal with some Hotmail issues and I’d been working with Barry H. (name changed, and he’s not at Hotmail any more) to resolve it. During the course of the party, we started talking shop. Barry told me that he was sure that my client was sending opt-in mail, but that his users were not reacting well for it. He also told me there was no way he could override the filters because there wasn’t really a place for him to interfere in the filtering.
Even when folks inside the ISPs were willing and able to help me, they usually wouldn’t do so just because I asked. They might look at a sender on my request, but they wouldn’t adjust filters unless the sender met their standards.
These days? ISPs are cutting their non-income producing departments to the bone, and “sender services” is high up the list of departments to cut. Most of the folks I know have moved on from the ISP to the ESP side. Ken mentions one ISP rep that is now working for a sender. I actually know of 3, and those are just employees from the top few ISPs who are now at fairly major ESPs. I’m sure there are a lot more than that.
The reality is, you can have the best relationships in the world with ISPs, but that won’t get bad mail into the inbox. Filters don’t work that way anymore. That doesn’t mean relationships are useless, though. Having relationships at ISPs can get information that can shorten the process of fixing the issue. If an ISP says “you are blocked because you’re hitting spam traps” then we do data hygiene. If the ISP says “you’re sending mail linking to a blocked website” then we stop linking to that website.
I have a very minor quibble with one thing Ken said, though. He says “no one has a relationship with Spamhaus volunteer, they’re all anonymous.” This isn’t exactly true. Spamhaus volunteers do reveal themselves. Some of them go around openly at MAAWG with nametags and affiliations. A couple of them are colleagues from my early MAPS days. Other do keep their identities secret, but will reveal them to people they trust to keep those identities secret. Or who they think have already figured it out. There was one drunken evening at MAAWG where the nice gentleman I was joking with leaned over and says “You know I am elided from Spamhaus, right?” Uh. No? I didn’t. I do now!
But even though I have the semi-mythical personal relationship with folks from Spamhaus, it doesn’t mean my clients get preferential treatment. My clients get good advice, because I know what Spamhaus is looking for and can translate their requirements into solid action steps for the client to perform. But I can think of half a dozen ESP delivery folks that have the same sorts of relationships with Spamhaus volunteers.
Overall, relationships are valuable, but they are not sufficient to fix inbox delivery problems.

Questions on Google lawsuit post

A couple questions in the previous discussion thread about the Google privacy case. Both concern permission granted to Google to scan emails.
Google’s stance about this is fairly simple.
Gmail users give explicit permission for their mail to be scanned.
People who send mail to Gmail users give implicit permission for their mail to be scanned.
The plaintiff’s lawyers are alleging that some subset of gmail users – specifically those at Universities that use Google apps and ISP customers like CableOne – did not give explicit permission for their mail to be scanned by Google. They’re also arguing no senders give permission.
In addition to the lack of permission, the plaintiffs lawyers are arguing that Google’s behaviour is in violation of Google’s own policies.
Google thinks scanning is part of the ordinary course of business and they’re doing nothing wrong.
This is an interesting case. I think anyone who knows about email understands that the people who run the mail server have the ability to read anything that goes through. But a lot of us trust that most postmaster and admin types consider it unprofessional to look at mail without a decent reason. There are good reasons an admin might need to go into a mail spool.
Automated filtering is simply a part of life on the internet these days. Mails have to be scanned for viruses, spam and, yes, they are scanned for targeted advertising. I’m not convinced Google is outside the norm when they say that any emails sent through Google is personal information given too Google and therefore Google can use that information in accordance with their policies.

No expectation of privacy, says Google

I spent yesterday afternoon in Judge Koh’s courtroom listening to arguments on whether or not the class action suit against Google based on their scanning of emails for advertising purposes can go forward. This is the case that made news a few weeks ago because Google stated in their brief that users have “no expectation of privacy” in using online services.
That does appear to be what Google is actually saying, based on the arguments by attorney Whitty Somvichian. He made it clear that Google considers everything that passes through their servers, including the content of emails, covered under “information provided to Google” in the privacy policy. Google is arguing that they can read, scan, and use that content to display ads and anything else they consider to be in the normal course of business.
I have pages and pages of notes but I have some paying work to finish before I can focus on writing up the case. There were multiple reporters and bloggers in the courtroom, but I’ve not found many article. Some I’ve found are:

Patent trolling, meet RPost

Yesterday I mentioned Ubicomm and their patent trolling based on an ancient Xerox patent they acquired earlier this year. I think the mere fact that Xerox sold the patent says all we need to know about how applicable it is.
The other patent troll in the email space right now is RPost. Steve did a blog post about RPost patent trolling about a year ago.
This summer, RPost’s legal team started calling different companies in the email space. I got a call the first week in July. After introducing himself as their lawyer and reassuring me he was not sending me legal threats, he started to ask all sorts of questions about our technology. I declined to answer any of them.
The lawyer then said he had some paperwork to send me and asked for an email address. I told him we do not accept legal service by email and that he could send me any relevant paperwork to our address of record. If I had any questions about RPost having a real product, it was answered when the lawyer didn’t tell me that RPost technology is all about secure delivery of legal papers.
Others in the email space started reporting similar calls and letters from RPost around the same time.
It’s been 2 months (almost to the day) since RPost’s lawyer called me and we have yet to receive anything from them. Clients of mine, however, have received papers from RPost. The papers instruct recipients to read RPost’s patents and notify RPost if they are infringing.
Yes, RPost are such cheapskates they expect their target companies to do the work identifying any potential infringement. Or possibly it’s just that they have so little money they can’t afford to pay their legal team. Certainly my experience is that telling them to send us postal mail is enough expense? time? to stop them from moving forward.
My recommendations to anyone receiving a letter from RPost (or anyone else claiming patent infringement) are pretty simple.

Patent trolling

I’ve recently become aware of activity from a couple patent trolls in the email space.
One is UbiCommLLC. They appear to be suing the Internet for violating a patent they acquired from Xerox. The lawsuit claim is that shopping cart abandonment emails violate a patent they own.
I did a little reading on this recently. UbiComm LLC formed itself in January of this year and acquired a Xerox patent the following month. They’ve since gone on an infringement spree, suing other printer companies, retailers, ESPs and that’s just what I can find in 2 minutes of searching.
The patent is U.S. Patent No. 5,603,054 titled “Method for Triggering Selected Machine Event When the Triggering Conditions of an Identified User Are Perceived.” I read a little of this patent and best I can tell (and I’m not a lawyer) this has zero to do with email and even less to do with shopping carts. Instead, this appears to be a way to identify where an individual is inside a local network and send a message to the machine closest to that person.
This is what I think the use case for the patent is. Take an office building, or even an office complex, or even an international corporation with hundreds of computers and printers and smart phones. Each one of those is connected to the network and is capable of displaying a message to a particular person. Each person in the building wears some sort of tag that is also hooked up to the network. I want to send a message to Bob, so I send a message to Bob. The local network figures out where Bob is, figures out what machine is closest to him and then presents that message to Bob on that machine.
This is conceptually different than email. The sending network doesn’t have to figure out where Bob is, it just sends the message to Bob’s email account. Bob chooses when and where to download the message. It’s not like shopping cart abandonment messages are targeted to my phone when I’m in the car, my office computer when I’m at work and my home computer when I’m at home.
In my non-legal opinion these are nuisance suits. The lawyers at Ratner Prestai seem to agree with me and give good suggestions on how to plan for such a thing.

Flush your DNS cache (again)

This time it appears that DNS for major websites, including the NY Times, has been compromised. Attackers put in DNS entries that redirected visitors to a malware site. The compromise has been fixed and the fake DNS entries corrected.
However, people may still have the old data in their DNS caches and security experts are suggesting everyone flush their DNS cache to make sure the fake data is gone.
The Washington Post has an article explaining DNS hijacking.

Yahoo releases user names

According to TechCrunch, Yahoo has started notifying people if their desired username is available. For users who asked for names that aren’t available now, Yahoo has a solution. They will be keeping wishlists for users for the next 3 years. If those usernames are abandoned and expire, Yahoo will notify people by email.
Any sender using email as an account key (either for resetting passwords or granting access) should be careful about releasing accounts to Yahoo users. Yahoo has established a new header type (Require-recipient-valid-since, currently going through the IETF standards process) to minimize the chance that the wrong people get access to other accounts tied to a recycled mailbox.
For those of us who didn’t put in some addresses we, too, can create username wishlists, we’re just going to pay $1.99 for the privilege.

Insights on how to improve email marketing

I can’t do anything except say +1 to this list of ineffective habits of email marketers from Loren McDonald.

Major payday loan email sender shut down

Chattanooga area payday lender Carey V. Brown lays off workers

"Blocked for Bot-like Behavior"

An ESP asked about this error message from Hotmail and what to do about it.
“Bot-like” behaviour usually means the sending server is doing something that bots also do. It’s not always that they’re spamming, often it’s a technical issue. But the technical problems make the sending server look like a bot, so the ISP is not taking any chances and they’re going to stop accepting mail from that server.
If you’re an ESP what should you look for when tracking down what the problem is?
First make sure your server isn’t infected with anything and that you’re not running an open relay or proxy. Second, make sure your customers aren’t compromised or have had their accounts hijacked.
Then start looking at your configuration.
HELO/EHLO values