Recent Posts

Auto-opt-in?

Bronto’s Chris Kolbenschlag frames the discussion well: He purchased from an online retailer, they assumed he wanted to receive followup emails, and thus, those emails did eventually commence.
This is something I’ve had a lot of experience with. Working for an e-commerce service provider from later 2000 through mid 2006, I was the guy setting permission policy, dealing with spam complaints and advising on deliverability issues, primarily regarding email lists built over time from online store purchasers. There was an opt-in checkbox on the platform’s checkout pages, and it was up to the client as to whether or not it was pre-checked (“opted-in”) by default. Most clients pre-checked it by default.
My experience was, from a deliverability perspective, this kind of auto opt-in didn’t really present issues. People didn’t tend to forge addresses when purchasing, and people tended not to report mail as spam when it’s coming from somebody they just did business with.
I’m not saying it’s the wisest way to do things, by any means. If you have any other deliverability challenges at all, this kind of thing could likely add to them. And is it the most consumer friendly way to run things? I don’t think so. In my humble opinion, it’s always better to wait for the consumer to sign up on their own. But I’m not one of those aggressive marketer types.
And of course, the laws governing email permission vary by locale.

The FBI in my Inbox?

It’s alarming to read that, depending on whom you believe, the FBI feels it has the legal right to access your email messages without having to obtain a search warrant. I know I don’t have anything particularly damning in my personal email account, but it’s the principle of the matter that’s the problem. (And consider errors and leaks. Nothing in my email inbox is going to send me to jail, but it could contain many other things of a sensitive nature. Financial information. Industry dialog. Customer communication. Et cetera. Keeping that out of anybody else’s possession is the best way from anything leaking or being misused.
The bummer is that there doesn’t seem to be any way for the average joe user like you or me to do anything about it. According to that Marketwatch article, you could download all your email messages to your hard drive (clunky), encrypt emails when sending them (even more clunky), or move to an “off shore” email service (which simply exchanges one privacy concern for another).
The only bit of good news is that at least in the four states of the Sixth Circuit (Kentucky, Michigan, Ohio, Tennessee), the Warhsak ruling prohibits the FBI from obtaining email messages without a warrant. The bad news is, that seems to apply only to those four states.

Get reading for SMiShing?

I received my first phishing attempt via text message today. Apparently that’s called SMiShing, and it’s a thing. Sadly, I’m too busy to have the guy follow up with his promised phone call to try to get my Gmail password from me, but I did take a moment and report it to 7726, just in case that’ll do good to help protect somebody else in the future.
Also, apparently I have a G-Email account. Is that the kind of email account you get from the company who used to own NBC?

Image Hosting on a Different Domain?

Fridays are a busy day in the land of deliverability, so I don’t have a lot of time to come up with a specific post for today. But, I thought this might interest folks here — the other day, a client asked me about using CDNs (content delivery networks) to host HTML email content, and I blogged up a quick reply over on my work blog.
(It’s true! Fridays are the new Mondays.)

Spams, Scams, and Senders

Over on the Magill Report, Stephanie Colleton from Return Path shares her thoughts on how to tell whether or not an email message is legitimate.
Let’s add to that some more thoughts from Return Path’s Lauren Soares.
Then let’s add to that some of my own thoughts specifically for email senders.
Every company sending email today ought to:

Pump-and-dump Spam is Back!

Commtouch’s latest “Internet Threats Trend Report” suggests that penny stock spam has returned:

AOL Updates Spam Filtering

Over on the AOL Postmaster blog, Lili Crowley announced yesterday that AOL has made changes to their spam filtering system. Specifically, more senders may be subject to blocking with CON:B1 errors. AOL’s website explains that CON:B1 errors indicate that an IP address is being blocked “due to a spike in unfavorable e-mail statistics.” This strongly suggests that a sender blocked with a CON:B1 error message has a negative sending reputation. This is yet another data point as to how ISPs have been tightening up spam filtering and reputation requirements over the past few years. What you might have been able to deliver five years ago, you might not be able to get delivered today.

SMS Spam is Down?

Cloudmark says, yes, SMS gift card spam is down, thanks to recent action taken by the Federal Trade Commission. Read more over on PC World. I’m very glad to see this. I ended up on the list of one of those spammers and they were driving me nuts. Thank goodness for Google Voice’s report spam functionality.
What can you do to stop SMS spam? If you use Google Voice, and the SMS messages are coming to your Google Voice number, just report it as spam inside of the GV interface. If it’s coming directly to your cell number, not via GV, then you can forward the message to 7726 (SPAM). It’s a clunky, multi-step process, however. And does it actually result in anything happening? Hard to say. I don’t yet have any proof that SMS spam reports to a provider are quick to result in blocking, as is the case with email spam. I suspect it still can’t hurt to report SMS spam, though. The more reports, the more likely a provider will be driven to take action.

Palau: Spam Haven? No, but…

Over on his blog, John Levine offers up a review of the history of the .PW TLD (top-level domain). The context: Recently relaunched, .PW has perhaps immediately become a spam haven. John mentions that at least one receiver is already treating mail referencing .PW as “block on sight.” Incidentally, John’s not the only friend of mine complaining about a recent uptick of spam referencing the .PW TLD.
Based on what I’ve heard so far, my guess is that more, widespread blocking of mail referencing .PW domains seems likely.
Deja vu? It feels like .biz all over again.
May 6, 2013 update: John Levine adds, “I don’t think I’ll be unblocking mail from .PW anytime soon.”

Oops? Path Texts Man's Entire Phonebook @ 6AM

(Hi! Al Iverson here. I’ll be guest blogging a bit while Laura and Steve are off dealing with stuff.)
Over on the BRANDED3 blog, Search Strategist Stephen Kenwright shares how social network Path sent text messages to everybody in his address book, very early in the morning on Tuesday, telling everyone that he had shared pictures with him on Path. Except, according to him, he hadn’t.
This even resulted in a number of odd, robotic voice phone calls to Stephen’s friends and family. Why? Because nowadays, when you send a text message to a landline, most phone companies convert it into a voice call. The phone rings, you answer it, and a robotic voice reads the text message to you. The functionality is a bit creepy, and I can imagine that it would scare the heck out of somebody’s grandparents.
Path is saying that basically the whole thing is user error, but I’m not sure that I’m convinced of that. Even if Kenneth somehow missed this option at install time, Path likely needs to make this feature much more clearly opt-in and ensure that users know what they’re getting into. Right or wrong, if it keeps happening, it’s going to lead to more negative press and perhaps even new scrutiny from the FTC. You don’t mess around with SMS permission.