Recent Posts

Password security

Many of us have lots of accounts on various networking sites, but how much attention do we pay to password security?
If you haven’t heard, someone managed to compromise the Associated Press’ twitter account today. Not only was the account compromised, but they put out a fake tweet claiming that there were explosions at the White House and President Obama was injured.
DowPlungeA funny prank? Maybe. But tweets like this have a real world effect. For instance, the stock market plunged 140 points after the initial reports, rebounding when people realized it wasn’t true.
It’s not clear how the AP twitter password was compromised. There are many possibilities including classic social engineering through to compromised machines inside AP with password sniffers on them.
The lesson here is that we’re all targets, even ‘soft’ seeming targets like social media accounts. Practice safe computing.

Read More

Evaluating usability at an ESP

Clients and random people often ask me to recommend an ESP based on “the best delivery.” I usually point out that most of the reputable ESPs are similar in terms of their delivery. There aren’t many widely used reputation services that block based on ESPs unless there is long term and ongoing problem from the ESP.
This is even more true when the ESP uses dedicated IPs for customers. ESPs that use shared IPs can have poor delivery if they don’t effectively police customers and lower the reputation of all their IP addresses.
My normal comment about ESPs is to find a price point and feature set that meets the client’s needs. Clickmail has a good post about how to evaluate an ESP for usability.

Read More

Boston police using email to warn residents

Jaclyn Reiss tweets:
Town of Watertown email blast sent just now says stay in home, follow police instructions, local businesses should NOT open
Email is not dead, not even close.
Stay safe, Boston.

Read More

Do you have an abuse@ address?

I’ve mentioned multiple times before that I really don’t like using personal contacts until and unless the published or official channels fail. I don’t hold this opinion just about resolving delivery issues, but also use official channels when reporting spam to one of my addresses or spam traps.
My usual complaints contain a plain text copy of the mail, including full headers and a short summary of the email address it was sent to. “This is an address that was part of a leak from…” or “This is an address scraped off my website. It’s been removed from the website since 2004” or “This address isn’t used to sign up for any mail.”
Sadly, there are a number of “legitimate” ESPs that don’t have or don’t monitor their abuse address. In some cases it’s an oversight or a break down of internal mail handling. But in most cases, it’s a sign that the ESP doesn’t actually handle abuse.
It’s frustrating to watch an ESP post long blog posts about “best practices” and “effective delivery” and “not spamming” and yet not be able to actually stop their own customers from spamming. It’s not even that I necessarily want them to disconnect their spamming customers (although that would be nice) but suppressing the address that I’ve told them was a spamtrap seems trivial. And yet, a month after my first complaint and weeks after escalating to a personal contact, I’m still getting spam.
The 5 things every ESP should do to handle spam complaints.

Read More

Social media the Home Depot way

I’ve been following Richard the Cat on Twitter for a while. It’s the story of a family and their trials and tribulations with their yard as told by their cat.
The twitter feed (and Richard’s tumblr) are a product of the Home Depot marketing department. And it’s great. Richard has awesome comments on his humans and their struggle to create a happy yard. The tweets are low key and not overly home depot branded, but every Richard tweet I see, I think about the yard and things we might need from Home Depot.
And, of course, who on the internet doesn’t love a cat meme?
To my mind this is one of the better examples of brand social media. There is a theme. The tweets and tumblr does remind followers of the brand – Richard is an orange cat after all. The process is participatory, followers can upload cat photos on the Tumblr and tweet with Richard on Twitter.
Social media is social; a two way street. A lot of brands fail with the social part in that they treat it as a one way street. Home Depot doesn’t do that with Richard.

Read More

Confirmation is too hard…

One of the biggest arguments against confirmation is that it’s too hard and that there is too much drop off from subscribers. In other words, recipients don’t want to confirm because it’s too much work on their part.
I don’t actually think it’s too much work for recipients. In fact, when a sender has something the recipient wants then they will confirm.
A couple years ago I was troubleshooting a problem. One of my client’s customer was seeing a huge percentage of 550 errors and I was tasked with finding out what they were doing. The first step was identifying the source of the email addresses. Turns out the customer was a Facebook app developer and all the addresses (so he told me) were from users who had installed his apps on Facebook. I did my own tests and couldn’t install any applications without confirming my email address.
Every Facebook user that has installed an application has clicked on an email to confirm they can receive email at the address they supplied Facebook. There are over 1 billion users on Facebook.
Clicking a link isn’t too hard for people who want your content. I hear naysayers who talk about “too hard” and “too much drop off” but what they’re really saying is “what I’m doing isn’t compelling enough for users to go find the confirmation email.”
This isn’t to say everyone who has a high drop off of confirmations is sending poor content. There are some senders that have a lot of fake, poor or otherwise fraudulent addresses entered into their forms. In many cases this is the driving factor for them using COI: to stop people from using their email to harass third parties. Using COI in these cases is a matter of self protection. If they didn’t use COI, they’d have a lot of complaints, traps and delivery problems.
The next time you hear confirmation is too hard, remember that over 1 billion people, including grandparents and the technologically challenged, managed to click that link to confirm their Facebook account. Sure, they wanted what Facebook was offering, but that just tells us that if they want it bad enough they’ll figure out how to confirm.
HT: Spamresource

Read More

Think before scheduling tweets

My twitter feeds exploded with discussion and comments and retweets about the explosions in Boston this afternoon. One of my friends even commented, “It’s days like today when you can tell who is scheduling tweets.”
If you are scheduling tweets it’s really important to have someone around to monitor local, national or international events and stop those tweets before your brand looks insensitive.

Read More

Images at Yahoo

For a while, Yahoo was giving preferential “images always on” treatment to Return Path Certified senders. The tricky part of this was the senders had to register a DKIM selector key with Yahoo. I had a lot of (somewhat rude) things to say about this particular design decision.
Over the last few months, a number of senders have complained about being unable to update their selector keys with Yahoo. (Insert more rude comments about how broken it is to use the selector as a part of reputation.) Around the same time, a few of us have noticed that Yahoo seems to be turning on a lot of images by default. A few of the ESP delivery folks collaborated with me on checking into this. They could confirm that images were on by default for some of their customers without certification and without selector key registration.
Earlier this week, Return Path sent out an email to users that said that Yahoo would no longer be turning images on by default for Return Path Certified IPs.

Read More

Don't leave that money sitting there

The idea of confirming permission to send mail to an email address gets a lot of bad press among many marketers. It seems that every few weeks some new person decides that they’re going to write an article or a whitepaper or a blog and destroy the idea behind confirming an email address. And, of course, that triggers a bunch of people to publish rebuttal articles and blog posts.
I’m probably the first to admit that confirmed opt-in isn’t the solution to all your delivery problems. There are situations where it’s a good idea, there are times when it’s not. There are situations where you absolutely need that extra step involved and there are times when that extra step is just superfluous.
But whether a sender uses confirmed opt in or not they must do something to confirm that the email address actually belongs to their customer. It’s so easy to have data errors in email addresses that there needs to be some sort of error correction process involved.
Senders that don’t do this are leaving money on the table. They’re not taking that extra step to make sure the data they were given is correct. They don’t make any effort to draw a direct line between the email address entered into their web form or given to them at the register or used for a receipt, and their actual customer.
It does happen, it happens enough to make the non-tech press. Consumerist has multiple articles a month on some email address holder that can’t get a giant company to stop mailing them information about someone else’s account.
Just this week, the New Yorker published an article about a long abandoned gmail address that received over 4000 “legitimate” commercial and transactional emails.

Read More

4 things the new outlook ads tell us about email

Microsoft has a new TV ad showing how trivial it is to remove unwanted email from the inbox. Various busy people use the “sweep” and “delete” functions to clean up mail. The commercial even have a segment counting up the hundreds of emails deleted.
This tells me a few things.Images of all my different filters

Read More
Categories
Tags