Recent Posts

Dealing with complaints

There are a lot of people who abuse online services and use online services to abuse and harass other people. But handling complaints and handling the abuse are often afterthoughts for many new companies. They don’t think about how to accept and process complaints until they show up. Nor do they think about how bad people can abuse a system before hand.
But dealing with complaints is important and can be complicated. I’ve written many a complaint handling process document over the years, but even I was impressed with the Facebook flowchart that’s been passed around recently.

In the email space, though, all too many companies just shrug off complaints. They don’t really pay attention to what recipients are saying and treat complaints merely as unsubscribe requests. Their whole goal is to keep complaints below the threshold that gets them blocked at ISPs. To be fair, this isn’t as true with ESPs as it is with direct senders, many ESPs pay a lot of attention to complaints and will, in fact, initiate an investigation into a customer’s practice on a report from a trusted complainant.
There are a lot of legitimate email senders out there who value quantity over quality when it comes to complaints. But that doesn’t mean their lists are good or clean or they won’t see delivery problems or SBL listings at some point.

Not just you

This morning (9 or 10 am Pacific) my various mailing lists were lighting up with questions about Yahoo delays. A lot of people reported they were seeing Yahoo respond “420 Resources Unavailable, try again later” on connect.
What everyone wanted to know was is if other senders were seeing this.
The answer was a resounding YES.
And, in fact, Yahoo commented on Facebook around 2pm Pacific that they had a mail outage and were trying to bring services back up before close of business today.
As with many things, the Internet rumor mill is one of the fastest and astonishingly accurate sources of information about mail servers falling over.
I started hearing reports that queues were clearing mid-afternoon pacific, but not everyone is seeing that.
So, yes, Yahoo is having a bad day. And it’s not you, it’s not spam, it’s just that some of their mail servers fell over and they’re struggling to accept all the mail headed their way.
It happens.
If you’re interested in hearing more timely updates, I will often announce things like this on twitter when I hear about them.

Gmail filtering

Derek Harding has a pair of articles on ClickZ about Gmail giving their users information about why a particular email message was filtered.
What Gmail Teaches Us about Spam Filtering
Gmail Filtering: The Spam Disposition
Both articles are worth a read. They talk about what we know about Gmail and what we can infer from the data they provide to senders.

Internet fraud and private whois records

The Verge has a long article about Internet Marketing and how much fraud is perpetrated by people who label themselves Internet Marketers.
It was interesting, but I didn’t think it was necessarily relevant to email marketers until I saw this quote from Roberto Anguizola at the FTC Bureau of Consumer Protection.

Training recipients

Want to see a WWF style smackdown? Put a marketer and a delivery expert in a room and ask them to discuss frequency and whether or not more mail is better.
The marketer will point to the bottom line and how much more money they make when they increase frequency. The delivery expert will point to inbox rates and user engagement and point out that too much mail drives users to ignore the mail.
This isn’t actually unique to marketing mail. Send a lot of mail that doesn’t engage recipients and recipients are trained that they don’t have to actually pay attention to the mail. Some of them hit delete. Some may even report the mail as spam.
According to Cloudmark, this is exactly what happened when LinkedIn informed users of the recent data breach. They estimate that up to 4% of users who received the fully DKIM authenticated mail about the data breach deleted it immediately without reading it. This is higher than notification emails from other social networks.

Cloudmark suggests that part of the problem is that LinkedIn has an unclear opt-in process. Instead of asking users for preferences, LinkedIn assumes that all users want all the mail LinkedIn cares to send them. Then LinkedIn makes it difficult to find the page to change mail settings. This means recipients are very trained to ignore mail from LinkedIn. I know I ignore most of it. Anything that’s not a “want to connect” gets filed in the “I’ll read it when I’m bored” mailbox. So far I’ve not been bored enough to read any of it.
But I’m not sure it’s just about too much email. LinkedIn is a company that is heavily forged in phishing mail. Since May 1, just one of my email addresses has received over 50 messages purporting to be from LinkedIn.

New Spamhaus lists

Spamhaus announced today they are publishing two new BGP feeds: Extended DROP and the Botnet C&C list. These lists are intended for use inside routers in order to stop all traffic to or from listed IP addresses. This is a great way to impact botnet traffic and hopefully will have a significant impact on virus infections and botnet traffic.
In other news I’ve been hearing rumbling about changes at Yahoo. It looks like they have changed their filters and some senders are feeling lots of pain because of it. It looks like senders with low to mid range reputations are most affected and are seeing more and more of their mail hit the bulk folder. This afternoon I’m hearing that some folks are seeing delivery improvements as Yahoo tweaks the changes.

Crowdsourced Investing and Spam

Kickstarter’s success has made a lot of people pay attention to the concept of crowdfunding. At it’s best, crowdfunding investment allows fans of an artist to send her money to directly support her work, and get something special out of it. At it’s worst, it’s photoshopped fake products, dubious consumer electronics and videogame projects from the implausible to outright scams.
Crowdfunding sites provide a fairly simple service: they allow people to list products on their website, provide a discussion forum and allow people interested in the project to pay money (after the crowdfunding site skims 5-10% off the top) to the project backers. The project backers promise something in return for the payment – from one or more of the actual product being developed, if it’s every released, down to a simple “thanks!’ on a website. That’s something that makes perfect sense in the original KickStarter artist fan-club world, but also allows attempts to fund tech startups to avoid SEC requirements on both the startup and the crowdfunding company. Those SEC requirements were put in place many years ago to make it more difficult for scam-artists to swindle people in the guise of investing in a worthless company…
What does this have to do with spam? Well, if you’re going to set up a spam campaign of some sort – whether it’s for a real product, or an outright scam – there are several things that are very useful to have: A website that looks plausible, and won’t be taken down by the webhost. A way to accept money, ideally via online credit card payments. And a way to control discussion about your product, so that you can maintain an appearance of legitimacy and build buzz, while keeping naysayers from dissuading potential customers would be perfect.
That’s exactly what the crowdfunding sites offer. Some of them – KickStarter, for one – are very aware of the potential for abuse. Not only do they do some basic checks potential projects for legitimacy, but they have – and enforce – acceptable use policies to deter bad behaviour. Others, like IndieGoGo, don’t.
I got this spam out of the blue:

Why does it take two weeks to process an unsubscribe?

Why does it take “10 business days” to process an unsubscription request?
It almost never does. An unsubscription request will often take effect instantly and it would be rare that it would take more than a few business days.
So why do some businesses say your email address will be removed “within 10 business days” when they know it’ll be almost immediate?
It’s better to underpromise and overdeliver. No recipient is going to be annoyed if they stop getting mail sooner than they were promised. But tell them they’ve been unsubscribed and will receive no more email, then have mail from you end up in their inbox the following morning and they may get mad.
Why “10 business days” in particular?
The US CAN-SPAM act says you have to honor unsubscription requests by then, so that’s the upper limit to what’s legal:

Leads, leads, leads!

There are a number of places that will sell business leads from data they’ve compiled, crawled or crowd-sourced. How great is that? Anyone can buy a list of targeted business information to use to further their business goals! Awesome! Great! Step right up and get your lead here!
But how accurate is that information really?
One of the bigger companies, which allows for public searches, is Zoominfo. I did some lookups recently just to see what their data is like. My conclusion? If the data they have on me is any indication of the overall accuracy of their data, companies are way better off just setting light to a pile of money in their parking lot instead of giving it to Zoominfo.
Let’s look at the data they have on me. When you go to their homepage and enter my name in, you get about 2 dozen profiles. Looking through them, there are a number that describe me.
Laura Atkins; MCRS rep. Fair enough, I do mention MCRS on a few of my webpages and was recently on their board of directors. What I can’t figure out is why they think the Minnesota Companion Rabbit Society is run out the Chesterfield County Business Development office. The MCRS is neither a business nor is it located in the state of Virginia. It’s not even located in the same time zone as Virginia. Strike 1 for Zoominfo.
Laura T. Atkins; Founding Partner. This one is the reference that is most clearly me. Zoominfo claims this information was “community contributed.” OK, so someone uploaded their address book and my name and contact info was in it. But they have my company listed as simply “Word.” Sure, Zoominfo went and scraped a bunch of info off our website, but that isn’t reflected in the actual listing. Strike 2 for Zoominfo.
Laura Atkins; Spamtacular. This one is one of my favorites. I’m listed as associated with Spamtacular. Spamtacular is a blog run by my former co-worker Mickey Chandler. Mickey’s currently working for a major ESP, but he blogs about email, spam and delivery under the Spamtacular.com domain. And, in fact, the “association” is that he lists me as part of the Spamtacular blogroll. But Zoominfo claims they have an email address and phone number for me associated with Spamtacular. According to Mickey, Zoominfo have repeatedly attempted to mail laura at spamtacular. It’s not just my email address they’ve pulled out of nether orifices, though. The Spamtacular corporate information is, if anything, more inaccurate than the MCRS data. Spamtacular is not and has never been registered anywhere near the state of California. Strike 3 for Zoominfo.
But wait! Just because they’ve struck out doesn’t mean they’re going to stop swinging or walk off the field.
Laura Atkins; Context Magazine. I did an interview with Context Magazine back in 2002, and Zoominfo claims they have a phone number for me. I suspect this is not my phone number, but, rather, is the main number for Context Magazine.
There are a couple of other, less interesting profiles for me: Spamcon Foundation, Deliverability.com. All are demonstrably me, but with no real contact information it’s not going to help anyone get in touch with me.
I have to admit, I’m actually surprised at just how totally inaccurate the data about me is. I’m not that hard to find. Zoominfo has 6 listings I can clearly identify as me. In those 6 listings:

World IPv6 launch day

Today is world IPv6 launch day. A group of ISPs, network hardware manufacturers and web companies permanently enabled IPv6 for their products and services.
What’s this got to do with email? According to a post on the NANOG mailing list the very first email to arrive at the Comcast IPv6 mailserver was received a minute after the server was turned on. This email was spam and was caught by Cloudmark’s filters.
Comcast goes on to assure readers that more mail came in and not all of it was spam.
But, yes, the first email sent to Comcast over IPv6 was spam. Welcome to the future.