Recent Posts

AOL Updates Spam Filtering

Over on the AOL Postmaster blog, Lili Crowley announced yesterday that AOL has made changes to their spam filtering system. Specifically, more senders may be subject to blocking with CON:B1 errors. AOL’s website explains that CON:B1 errors indicate that an IP address is being blocked “due to a spike in unfavorable e-mail statistics.” This strongly suggests that a sender blocked with a CON:B1 error message has a negative sending reputation. This is yet another data point as to how ISPs have been tightening up spam filtering and reputation requirements over the past few years. What you might have been able to deliver five years ago, you might not be able to get delivered today.

SMS Spam is Down?

Cloudmark says, yes, SMS gift card spam is down, thanks to recent action taken by the Federal Trade Commission. Read more over on PC World. I’m very glad to see this. I ended up on the list of one of those spammers and they were driving me nuts. Thank goodness for Google Voice’s report spam functionality.
What can you do to stop SMS spam? If you use Google Voice, and the SMS messages are coming to your Google Voice number, just report it as spam inside of the GV interface. If it’s coming directly to your cell number, not via GV, then you can forward the message to 7726 (SPAM). It’s a clunky, multi-step process, however. And does it actually result in anything happening? Hard to say. I don’t yet have any proof that SMS spam reports to a provider are quick to result in blocking, as is the case with email spam. I suspect it still can’t hurt to report SMS spam, though. The more reports, the more likely a provider will be driven to take action.

Palau: Spam Haven? No, but…

Over on his blog, John Levine offers up a review of the history of the .PW TLD (top-level domain). The context: Recently relaunched, .PW has perhaps immediately become a spam haven. John mentions that at least one receiver is already treating mail referencing .PW as “block on sight.” Incidentally, John’s not the only friend of mine complaining about a recent uptick of spam referencing the .PW TLD.
Based on what I’ve heard so far, my guess is that more, widespread blocking of mail referencing .PW domains seems likely.
Deja vu? It feels like .biz all over again.
May 6, 2013 update: John Levine adds, “I don’t think I’ll be unblocking mail from .PW anytime soon.”

Oops? Path Texts Man's Entire Phonebook @ 6AM

(Hi! Al Iverson here. I’ll be guest blogging a bit while Laura and Steve are off dealing with stuff.)
Over on the BRANDED3 blog, Search Strategist Stephen Kenwright shares how social network Path sent text messages to everybody in his address book, very early in the morning on Tuesday, telling everyone that he had shared pictures with him on Path. Except, according to him, he hadn’t.
This even resulted in a number of odd, robotic voice phone calls to Stephen’s friends and family. Why? Because nowadays, when you send a text message to a landline, most phone companies convert it into a voice call. The phone rings, you answer it, and a robotic voice reads the text message to you. The functionality is a bit creepy, and I can imagine that it would scare the heck out of somebody’s grandparents.
Path is saying that basically the whole thing is user error, but I’m not sure that I’m convinced of that. Even if Kenneth somehow missed this option at install time, Path likely needs to make this feature much more clearly opt-in and ensure that users know what they’re getting into. Right or wrong, if it keeps happening, it’s going to lead to more negative press and perhaps even new scrutiny from the FTC. You don’t mess around with SMS permission.

Temporary Hiatus

Had a family emergency so the blog will be on hiatus for a couple weeks.

SNDS is back

For years now, Microsoft has maintained Smart Network Data Services (SNDS) for anyone sending mail to Hotmail/Outlook/Live.com. This is a great way for anyone responsible for an IP sending mail to hotmail to monitor what traffic Hotmail is seeing from that IP address.
This morning I got up to a number of people complaining that logins were failing on the website and the API was down. I contacted the person behind SNDS and they confirmed there was a problem and they were fixing it.
Sometime this afternoon it was possible to login to the SNDS interface again, so it looks like they did fix it.
A bit of a warning, though, don’t expect to see any of the data from the last few days. There seems to be something with SNDS that means that when the service is down data isn’t collected or available. In the past when there have been problems, older data was not populated when the service came back.

Arrest made in Spamhaus dDOS

According to a press release by the Openbaar Ministerie (the Public Prosecution Office), a dutch man with the initials SK has been arrested in Spain (English translation) for the dDOS attacks on Spamhaus. Authorities in Spain have searched the house where SK was staying and seized electronic devices including computers and mobile phones.
Brian Krebs has more, including multiple sources that identify SK as Sven Olaf Kamphuis. Sven Olaf Kamphuis was quoted in many articles about the dDOS, including the NY Times and various reports by Ken Magill.
ETA: Spamhaus thanks the LEOs involved in the arrest.

If you want to spam, don't be stupid

Some random UK email marketing company that I’ve never heard of harvested my address off of LinkedIn (yes, it’s my LinkedIn specific address) and is now spamming me advertising their cheap email marketing services. There were a lot of things about this particular mail that really annoyed me. The annoyance wasn’t just spam in a folder that shouldn’t have spam, it’s that the spam itself was badly done.
The thing is, they could have done this in a way that didn’t annoy me enough to blog about them being spammers. A teeny, tiny amount of effort and an ounce of empathy for their recipients and I wouldn’t have anything to blog about today.
If you want to spam, don’t be stupid. How can you avoid being stupid?
1) Send only one email and make it clear in the message this is a one time (or limited time) email. Don’t just randomly harvest addresses off a website, like Submission Technology did today, and add all those addresses to your marketing list. Spam is an interruption and an annoyance. And if spammers had any sense they’d limit the amount of time they spent annoying and interrupting recipients.
2) Target your email correctly and don’t be lazy. This morning’s mail from Submission Technology was advertising their UK specific marketing programs. They have my LinkedIn profile, they know I’m on the other side of the US from the UK.
3) Don’t lie about where you got my name. In this case, I know Submission Technology harvested it off LinkedIn because that’s the address they are sending it to. And, in fact, in the email they sent they mention they are sending this to me because we’re connected on LinkedIn. The problem is, I can find no trace of a connection between us on LinkedIn. And, yes, I did look because I generally drop connections that add me to their mailing lists.
One part of my anger at this particular spam is that they’ve appropriated a tagged email address of mine and added it to their marketing lists. That’s breaking my filtering.
After doing a little research into their company and their practices, though, I have to wonder if they’re going to sell my address. It seems that Submission Technology sells addresses to their customers, among other product offerings. Is this address that I’ve dedicated to handling LinkedIn specific emails really now going to end up getting spam from UK companies?
Based on multiple online reports (Andy Merrett and Ben Park) it doesn’t even look like unsubscribing will be sufficient to get this mail to stop.
One of the most amusing bits links that showed up was a comment on a post here from 2008. It seems that they spammed Steve Linford and were SBLed for it. I’m only guessing that since they’re not still listed they’ve figured out how to suppress Steve’s address at least.
Sending unsolicited email can be a problem for bulk senders; you risk alienating your potential customers, getting blocked and developing a poor reputation. Some of those problems can be mitigated by not being stupid.

Password security

Many of us have lots of accounts on various networking sites, but how much attention do we pay to password security?
If you haven’t heard, someone managed to compromise the Associated Press’ twitter account today. Not only was the account compromised, but they put out a fake tweet claiming that there were explosions at the White House and President Obama was injured.
A funny prank? Maybe. But tweets like this have a real world effect. For instance, the stock market plunged 140 points after the initial reports, rebounding when people realized it wasn’t true.
It’s not clear how the AP twitter password was compromised. There are many possibilities including classic social engineering through to compromised machines inside AP with password sniffers on them.
The lesson here is that we’re all targets, even ‘soft’ seeming targets like social media accounts. Practice safe computing.

Evaluating usability at an ESP

Clients and random people often ask me to recommend an ESP based on “the best delivery.” I usually point out that most of the reputable ESPs are similar in terms of their delivery. There aren’t many widely used reputation services that block based on ESPs unless there is long term and ongoing problem from the ESP.
This is even more true when the ESP uses dedicated IPs for customers. ESPs that use shared IPs can have poor delivery if they don’t effectively police customers and lower the reputation of all their IP addresses.
My normal comment about ESPs is to find a price point and feature set that meets the client’s needs. Clickmail has a good post about how to evaluate an ESP for usability.