Recent Posts

You've got to be kidding me

Earlier this week I received an email to a work address I retired 4 or 5 years ago. The from and subject lines alone were enough to make me laugh and decide I had to blog about this particular spammer.

Read More

You can't always get what you want

It’s a problem anyone who has done any delivery work has faced. There’s a client who is having blocklist problems or ISP delivery problems and they won’t pay any attention to what you say. They insist that you talk to the blocklist or the ISP or hand over contacts directly so they can “dialog with” someone internally. They don’t like what they’re hearing, and they hope that the answer will be different if they find a new person to talk to.
The reality is many of the people at ISPs and blocklists don’t want to talk to these types of senders. They may answer a friendly question from someone they know and trust, but sometimes not even then.
Some very large ISPs and major blocklists don’t even take sender questions. They won’t communicate with anyone about any delivery issues.
I’ve had to tell more than a few clients recently that various ISPs and blocklists weren’t interested in helping those clients with their delivery problems. There are two classes of reactions I get from clients. Some clients focus on moving forward. “OK, now what? How can we identify the issue, what data do we have and how can we figure out what the problem is?”
Other clients continue to look for ways to talk to whomever is blocking their mail. They’re convinced if they can just “explain their business model” or be told what they’re doing wrong, that all their delivery problems will magically disappear.
Needless to say those clients who focus on moving forward and looking at the information they do have have much better success resolving their delivery problems. What many senders don’t understand is the wealth of data they have that will help them resolve the issue. And even if they know it’s buried in their files, they don’t always know where to start looking or even what they’re looking for.
But that is, of course, why you hire someone like me who understands spamfiltering and email. I help senders understand how email filters work and identify what parts of their programs are likely to be responsible for delivery issues. I often find the most valuable service I provide to clients is a fresh set of eyes that can see the forest. With my help, they manage to stop obsessing unproductively about one particular symptom and focus on the underlying problems.
Senders who think the holy grail of problem resolution is speaking to the right person at an ISP or blocklist generally are disappointed, even when they hire someone who knows all the right people at the ISPs.  They can’t always get what they want. But I can often help them get what they need.
 
 
 

Read More

Holomaxx status

Just for completeness sake, Holomaxx did also file an  amended complaint against Microsoft. Same sloppy legal work, they left in all the stuff about Return Path even though Return Path has been dropped from the suit. They point to a MAAWG document as a objective industry standard when the MAAWG document was merely a record of a round table discussion, not actually a standards document. I didn’t read it as closely as I did the Yahoo complaint, as it’s just cut and paste with some (badly done) word replacement.
So what’s the status of both cases?
The Yahoo case is going to arbitration sometime in July. Yahoo also has until May 20 to respond to the 1st amended complaint.
The Microsoft case is not going to arbitration, but they also have a response deadline of May 20.
I’m not a legal expert, but I don’t think that what Holomaxx has written fixes the deficits that the judge pointed out in his dismissal. We’ll see what the Y! and MSFT responses say a month from today.

Read More

Amendment is futile, part 2

When Yahoo filed for dismissal of the Holomaxx complaint, they ended the motion with “Amendment would be futile in this case.” The judge granted Yahoo’s motion but did grant Holomaxx leave to amend. Holomaxx filed an amended complaint earlier this month.
The judge referenced a couple specific deficiencies of Holomaxx’s claims in his dismissal.

Read More

Another security problem

I had hoped to move away from security blogging this week and focus on some other issues. But today I see that both CAUCE and John Levine are reporting that there is malware spam coming from a Cheetahmail customer.
Looking at what they shared, it may be that Cheetahmail has not been compromised directly. Given mail is only coming from one /29, which belongs to one customer it is possible that only the single customer account has been compromised. If that is the case, then it’s most likely one of the Cheetahmail users at the customer got infected and their Cheetahmail credentials were stolen. The spammer then gained access to the customer’s Cheetahmail account.  It’s even possible that the spammer used the compromised customer account to launch the mail. If this is the case, the spammer looked exactly like the customer, so most normal controls wouldn’t have noticed this was a spammer.
This highlights the multiple vectors these criminals are using to gain access to ESPs and the mailing systems they use. They’re not just trying to compromise the ESPs, but they’re also attempting to compromise customers and access their accounts so that the spammer can steal the ESPs hard won and hard fought sending reputation.
Everyone sending mail should be taking a long, hard look at their security. Just because you’re not an ESP doesn’t mean you aren’t a target or that you can get away with lax security. You are also a target.

Read More

Security, security, security

James Hoddinott posts, over on the Cloudmark blog, about another arrest associated with hackers infecting machines with a trojan that steals personal information.
There are so many security risks out there, and these messages have been hammered home recently. Home users are at risk from trojans, some spread by spam and some spread by advertising networks. Corporate users are at risk from all of those, but also from spear phishers who set out to infiltrate their business.
We all need to think hard about security. Not just keeping our Windows machines patched, but also thinking about what information we’re sharing and what passwords we’re using and all of the many things that create security.
We’re making some improvements to our security here. What are you doing at home and at work to keep your information, and your customer’s information, secure?

Read More

Big botnet takedown

The Department of Justice and the FBI took aggressive action against the Coreflood botnet this week. They not only seized domain names and some hardware, they also received permission to actively respond to infected machines. This TRO allows the government to intercept and respond to infected computers. This essentially cuts off the botnet at it’s knees.
I haven’t heard any comments on the impact this takedown had on spam levels, but not all botnets are used for spamming. Other uses are for cracking, hosting scam and phishing websites and denial of service attacks.
This is the second major botnet takedown in recent weeks. These investigations and takedowns consume a lot of resources, but it’s good to see law enforcement getting involved. Filtering only goes so far and receivers can’t keep increasing their infrastructure indefinitely.

Read More

Feedback loops

There are a lot of different perspectives on Feedback Loops (FBLs) and “this is spam” buttons across the email industry.
Some people think FBLs are the best thing since sliced bread and can’t figure out why more ISPs don’t offer them. These people use use the data to clean addresses off their lists, lower complaints and send better mail. They use the complaints as a data source to help them send mail their recipients want. Too many recipients opted out on a particular offer? Clearly there is a problem with the offer or the segmentation or something.
Other people, though, think the existence of “this is spam” buttons and FBLs is horrible.  They call people who click “this is spam” terrorists or anti-commerce-net-nazis. They want to be able to dispute every click of the button. They think that too many ISPs offer this is spam buttons and too many ESPs and network providers pay way to much attention to complaints. The argue ISPs should remove these buttons and stop paying attention to what recipients think.
Sadly, I’m not actually making up the terminology in the last paragraph. There really are who think that the problem isn’t with the mail that they’re sending but that the recipients can actually express an opinion about it and the ISPs listen to those opinions. “Terrorists” and “Nazis” are the least of the things they have called people who complain about their mail.
One of the senior engineers at Cloudmark recently posted an article talking about FBLs and “this is spam” buttons. I think it’s a useful article to read as it explains what value FBLs play in helping spam filters become more accurate.

Read More

Filtering adjustments at Hotmail

I’ve been seeing a lot of discussion on various fora recently about increased delivery issues at Hotmail. Some senders are seeing more deferrals, some senders are seeing more mail in the bulk folder. Some senders aren’t seeing any changes.
This leads me to believe that Hotmail made some adjustments to their filtering recently. Given some senders are unaffected, this appears to be a threshold change or a calculation change, tightening up their standards. The changes have been around for long enough now it does look like the filtering is working as intended and Hotmail is not going to roll these changes back.
So what can you do to fix delivery of mail that was good enough at Hotmail a few weeks ago and now isn’t?

Read More

Epsilon: Calm and Cool Tempered

Stefano over at emailmarketingblog.it translated our blog post about Epsilon into Italian: Epsilon e la sicurezza dei dati sensibili: calma e sangue freddo.

Read More
Categories
Tags