Recent Posts

Poisoning Spamtraps

Today’s question comes from Dave in yesterday’s comment section.

I wonder if spammers might submit harvested addresses to big-name companies known to not use confirmed opt-in just to poison what they believe might be spamtraps?
Read More

Harvesting and forging email addresses

For the contact address on our website, Steve has set up a rotating set of addresses. This is to minimize the amount of spam we have to deal with coming from address harvesters. This has worked quite well. In fact it works so well I didn’t expect that publishing an email address for taking reader questions would generate a lot of spam.
Boy, was I wrong. That address has been on the website less than a month and I’m already getting lots of spam to it. Most of it is business related spam, but there’s a couple things that make me think that someone has been signing that address up to mailing lists.
One is the confirmation email I received from Yelp. I don’t actually believe Yelp harvested my address and tried to create me an email account. I was happy when I got the first mail from Yelp. It said “click here to confirm your account.” Yay! Yelp is actually using confirmations so I just have to ignore the mail and that will all go away.
At least I was happy about it, until I started getting Yelp newsletters to that address.
Yelp gets half a star for attempting to do COI, but loses half for sending newsletters to people who didn’t confirm their account.
I really didn’t believe that people would grab a clearly tagged address off the blog and subscribe it to mailing lists or networking sites. I simply didn’t believe this happened anymore. I know forge subscribing used to be common, but it does appear that someone forge signed me up for a Yelp account. Clearly there are more dumb idiots out there than I thought.
Of course, it’s not just malicious people signing the address up to lists. There are also spammers harvesting directly off the website.
I did expect that there would be some harvesting going on and that I would get spam to the address. I am very surprised at the volume and type of spam, though. I’m getting a lot of chinese language spam, a lot of “join our business organization” spam and mail claiming I subscribed to receive their offers.
Surprisingly, much of the spam to this address violates CAN SPAM in some way shape or form. And I can prove harvesting, which would net treble damages if I had the time or inclination to sue.
It’s been an interesting experience, putting an unfiltered address on the website. Unfortunately, I am at risk of losing your questions because of the amount of spam coming in. I don’t think I’ve missed any, yet, but losing real mail is always a risk when an address gets a lot of spam – whether or not the recipient runs filters.
I’m still pondering solutions, but for now the questions address will remain as it is.

MAAWG presents the first J.D. Falk award

Last week at MAAWG went much like all MAAWG conferences go: too much to do, too many interesting panels to attend, too many people to connect and work with, a plethora of very interesting keynote speakers and a total lack of sleep. Most of what happens at MAAWG is not public, but some of the events are.
One of the things that I can talk about is the J.D. Falk award. This award was established by MAAWG, Return Path and J.D.’s family to recognize people who work, usually behind the scenes and without fanfare, to enhance the Internet and protect end users. I sat on the award committee and we had a number of nominations for very worthy work. But the nomination that stood out was the one for Tom Grasso. Tom was the driving force behind the creation of the DNS Changer Working group. He was responsible for connecting experts from throughout the Internet industry, including ISPs, anti-virus vendors, and the broader security community to prevent the Internet for going dark for hundreds of thousands of infected individuals.
I am very proud of the decision the committee made. The bar has been set high for future recipients. Tom did an amazing job convincing lots of players to work together. His involvement definitely made the internet better for everyone, not just those infected by Rove Digital’s malware. What he did is a model for private / public partnerships in the future.
I don’t think I could say it better than the MAAWG press release, so I’ll just end with that.

Setting up DNS for sending email

Email – and email filtering – makes a lot of use of DNS, and it’s fairly easy to miss something. Here are a few checklists to help:

Retrying mail to AOL

I’m working on stuff for MAAWG so I’m really not all that up on what’s happening in the world of email recently. A lot of folks are commenting on my AOL post, and I’m hearing that queues are backing up and emptying as AOL makes changes.
One thing people have been asking me is if they should retry mail to the addresses that are bouncing. I say yes, absolutely. Some of the error messages are related to real filters, but there seems to be quite a bit of slop in the filters these days. I think, though, that the recipients do exist and removing the addresses from future mailings is premature.

Mail problems at AOL

We cannot help endusers troubleshoot AOL connection problems. Please do not call. Please do not write. You need to talk to AOL. We are not AOL. We cannot help you.

Canadian anti-spam regulations

Canada passed an anti-spam law in 2010. Implementation of this law (CASL) were initially scheduled to go into effect in 2011. That deadline has passed and it’s not looking good for a 2012 date, either.
Canada’s Radio-television and Telecommunications Commission is the agency responsible for enforcement and rulemaking. This week they published 2 bulletins to help guide companies on how to comply with the law.
Guidelines on the use of toggling as a means of obtaining express consent under Canada’s anti-spam legislation
Guidelines on the interpretation of the Electronic Commerce Protection Regulations (CRTC)
The bulletins themselves offer examples of acceptable and unacceptable ways to acquire consent and process unsubscribes. I encourage everyone that sends mail into Canada to go review them. I’ll be writing about the regulations after I’ve taken some time to digest the recommendations.

Can I assume consumer and business filtering is the same?

Today’s question comes from Steve B.

I wondered if you know much about hosted email providers such as google apps, Microsoft and yahoo.
I have seen a rise in number of people using them to provide their corporate email service. I am using the same logic that the rules governing delivery to gmail will effect those using google hosted email for example. For Microsoft i have been using Hotmail due to the SmartScreen filters. Would you agree with that logic?
Read More

Subject lines

There has been a lot of discussion in various places recently about subject line length and how it affects email marketing. There have been multiple studies done on how the subject line affects opens and clicks. (Mailchimp, Alchemy Worx, Mailer Mailer, Adestra). The discussion has even spilled over into Ken Magill’s newsletter today.
I’ve had a couple people ask me my opinion on subject line over the years. My general response is that subject line length is not directly measured by spamfilters and so don’t fret about the length. It is true that consistently crafting poor subject lines can indirectly cause delivery problems. Send mail few people open and that will hurt your reputation over time.
I think Ken really said it best, though.

Want to learn about Networking and the Internet?

You can trust the “experts” that populate Facebook.

Or you can take An Introduction to Computer Networks from Stanford University.