Recent Posts

Mail that looks like spam

One thing I repeat over and over again is to not send mail that looks like spam. Over at the Mailchimp Blog they report some hard data on what looks like spam. The design is simple, they took examples of mail sent by their customers and forwarded them over to Amazon’s Mechanical Turk project to be reviewed by humans.
In a number of cases they discovered that certain kinds of templates kept getting flagged as spam, even when Mailchimp was sure that the sender had permission and the recipients wanted the mail. They analyzed some of these false positives and identified some of the reasons that naive users may identify those particular emails as spam.
Ben concludes:

Read More

One beeelion dollars

One Beeelion dollarsFacebook won another round in their court case against a Canadian spammer last week. Their $873,000,000 judgment was upheld by the Quebec Superior court. At today’s exchange rates, the judgment translates to over CDN$1,000,000,000.
In fine spammer style the defendant, Adam Guerbuez, is flouting the judgment and claiming he won’t pay a dime. In fact, he’s already filed bankruptcy and is reported to have transferred a number of assets to family members. From what I’m hearing from some of my Canadian colleagues the courts up there take a very dim view of his behaviour. Like many things that go through the court system, though, it is unlikely that the process will be rapid.
This is one of the largest, if not the largest, fines levied for violations of the CAN SPAM act. I don’t think Facebook will see much, if anything, of the money. But, hey, maybe the Canadian courts will throw this spammer in jail for flouting their ruling.

Read More

The hard sell works

Ken Magill, dad extraordinaire, describes how he went above and beyond the call to get his son a DVD while battling hard sell marketing techniques.

Read More

Clicktracking link abuse

If you use redirection links in the emails you send out, where a click on the link goes to your server – so you can record that someone clicked – before redirecting to the real destination, then you’ve probably already thought about how they can be abused.
Redirection links are simple in concept – you include a link that points to your webserver in email that you send out, then when recipients click on it they end up at your webserver. Instead of displaying a page, though, your webserver sends what’s called a “302 redirect” to send the recipients web browser on to the real destination. How does your webserver know where to redirect to? There are several different ways, with different tradeoffs:

Read More

Return Path Certification: Is there value?

Recently, a client asked me, what is the value to ISPs in utilizing Return Path Certification (formerly known as Sender Score Certified)? Meaning, why do ISPs use it? A number of ISPs both big and small have spam filtering systems that treat certified IP addresses differently than non-certified IP addresses. Sometimes spam filtering is bypassed, effectively guaranteeing inbox delivery. Sometimes rate limits are greatly loosened, allowing mail to flow in much faster. Sometimes it is used as just one of the many variables used by the ISP to determine inbox placement versus bulk folder placement versus rejecting the mail outright.
The question is a little different than usual. It’s not a question of, why should a sender become certified? It’s a question of, why would an ISP choose to use the certification data on the inbound side? It’s a neat question, one that I’ve never really heard answered by an ISP before.
Curious, I asked a number of ISP folks for their opinions on this topic. Assuming few would want to discuss this on the record, I made it clear that I wouldn’t mention any names. What I found was that nobody had anything bad to say about Return Path Certification. One person I talked to said that they don’t really give it that much thought–it just works. Many thousands of inbound messages come in from certified IPs, and they never get any spam complaints about those messages, so it’s all good. That’s hardly a scientific review process, but hey, if it works for them…
Another told me that Return Path Certification “helps us by helping senders improve the overall quality and desirability of email that comes into our network.  This is great for our customers who rely on email communications in their daily life and expect of us predictable delivery of their key emails.”
The overwhelming message I received from ISPs was that they like Return Path Certification because there’s a strong implication that those mail streams are already clean and that the sender’s practices have already been vetted. They feel that Return Path is doing the hard work of insisting on the right best practice requirements and monitoring appropriate metrics to ensure that good guys get certified and bad guys don’t get certified. If a sender can get certified, it is as though they are announcing to the world (and ISPs) that they have already been reviewed and seem to be doing things correctly.
10/14/2010 Update: Return Path just notified certified senders that their mail will now proceed directly to the inbox at Comcast, presumably bypassing some or all of Comcast’s usual spam filtering.
Guest post by Al Iverson.

Read More

Ask; Don't Assume.

Asking for permission is an obvious best practice in email marketing. But, it applies to billing and fees as well, if you ask the FTC. Click here to read about their settlement with Jason Strober of  payday loan marketer Swish Marketing.

Read More

Zeus Loves to Spoof

I manage inbound mail for a large set of mailboxes at work; and a number of those mailboxes are on various Zeus botnet spam lists. So, every day, I’m treated to the Zeus botnet “flavor of the day,” giving me insight into who they’re spoofing at any given time. A client asked me why the messages morph so often and I explained that the spammers seem to be continually changing their spam in an attempt evade signature-based identification and blocking. And wow, they sure do morph a lot.
In just the past three weeks, I’ve seen Zeus botnet spew try to pretend to be mail from all of these different companies: Amazon, Bank of America, Bell Canada, Best Buy, Craigslist, Credential Solutions, Esurance, Facebook, Fedex, Groupon, iTunes, LinkedIn, Microsoft, NewEgg, Vistaprint and Zappos. That’s just in three weeks! And I’m not even sure I successfully identified all of the spoofed senders.
This is pretty scary stuff. Uneducated consumers might be fooled into thinking that these are legitimate emails. The companies sending legitimate emails now have to wonder, what can they do to prevent/mitigate these kinds of issues? A smart company probably uses email authentication to help identify their mail as legitimate, but the malicious messages don’t even use their domains. ISPs want to block it, but they’re not always easily identified. It seems to me that impeding delivery of this kind of bad mail requires a whole bunch of moving parts, involving multiple stakeholders in the email ecosystem.
For starters…

Read More

SMS Providers: Filtering Content?

In the realm of email, content filtering is old hat. Nowadays, it’s all about reputation and engagement. Okay, sure, content filtering still exists, but the bad old days are long gone. No more do you have to worry that using the word FREE in the subject line is going to get your mail blocked.
Sounds like spam blocking in the world of text messaging is not quite as modern, according to a lawsuit I read about a couple of weeks ago. SMS messaging provider EZ Texting filed suit against cell carrier T-Mobile over blocking of its client’s mobile messages, claiming that the reason for the blocking was apparently due either to content-based filtering or because of censorship. The EZ Texting client at the heart of the matter is a website that allows users to locate their nearest medical marijuana dispensary.
T-Mobile, in its response to the allegations, states that what actually happened is that EZ Texting broke the rules. When you register a short code with the various cellular carriers, you provide them with written documentation detailing just exactly what you intend to do with that short code. What kind of messages you’re going to send to your subscriber base. What the message flow looks like in various interaction scenarios.  From my experience working for an ESP that offers mobile messaging support, I know this to be true.
As T-Mobile said on its website: “Each carrier has a process to ensure that content providers like EZ Texting follow the Mobile Marketing Association‘s U.S. Consumer Best Practices Guidelines for Cross-Carrier Mobile Content Programs, as well as other regulations applicable to the mobile content business. When T-Mobile discovered that EZ Texting had not followed this process for […] the text messaging service at issue in the lawsuit – we turned off the short code that EZ Texting was using for these services. The content of the […] service simply had nothing to do with T-Mobile’s decision.”
T-Mobile said that the documentation filed with the provider indicated that the short code in question suggested that its intended use was to let subscribers know about promotions at various bars and night clubs. Use of the short code for a campaign related to a medical marijuana dispensary service fell outside of that use case, and lo, T-Mobile revoked use of that short code. They say that they “subsequently learned that EZTexting was running several other unauthorized shadow programs on the same short code,” meaning that there was additional use of the short code even beyond the original, defined use (night club promotions) and the use by the medical marijuana dispensary locater.
Turns out, the point is moot.  Last Friday, October 1st, the Washington Post reported that T-Mobile and EZ Texting have settled their lawsuit. I’m kind of saddened by that, as it would have been nice to see the courts affirm T-Mobile’s right to block inappropriate use of their network. But, you never know which way the court will rule, so maybe it was in everybody’s best interest to not let this get as far as a jury.
And who knows, maybe EZ Texting jumped the gun here, and only needed to file amended paperwork to fix the issue. Compare this to spam blocking — we’ve all had clients who immediately want to threaten and bluster and potentially even sue, because they got spam blocked. But, 99.99% of the time, it’s much easier, and much simpler, to resolve the issue, to get the block removed, without resorting to legal action.

Read More

Challenge Response: It is what it is

Have you  ever sent an email message, and received an automated response in reply? And in that reply, you are asked to “prove that you are human” by clicking on a link and/or entering a CAPTCHA code. What is this? Is it new?
When that happens, you’re interacting with a “challenge response” email filtering system. When you receive a “prove that you’re human” reply, that message is a “challenge” that the spam filter is requesting that you to respond to. This “response” to the “challenge” helps the spam filter (in theory) know that a real person sent the original message.
It’s not that widely used, nor is it that widely loved, because it has a pretty big flaw. Very little spam has legitimate from address on it. Most of the time, the from address is forged. It goes back to some innocent, unrelated party. In those cases (i.e. “for most spam,”) the challenge email is sent to the wrong person. So, you end up spamming unrelated people with “challenges.” Ever received a challenge request in reply to an email you never sent? Yup, that’s what’s happening. It’s just as bad as the spam itself, in my opinion. It’s an annoying email, probably sent in bulk, to people who didn’t ask for it.
Occasionally marketers freak out, thinking, “OH MY GOSH! MY MESSAGES AREN’T GETTING THROUGH!! THEY’RE GETTING TRAPPED BY THESE FILTERS!!!” That reaction is overkill. Don’t freak out! This kind of filter is not widely used — and it is not new at all. Heck, just about four years ago, I helped to answer a challenge/response question for Email Insider’s Email Diva column.
I guess this is one of those things that comes up again periodically, because there are always new people in our industry who haven’t stumbled across it before.
An industry colleague of mine, who works for a major ISP, was asked what he makes of those filters. “It is what it is,” he replied. Meaning, perhaps, that these filters are not great, but there’s not much you can do about them, and they are really not worth losing all that much sleep over.

Read More

Email append: Do you hate it?

Hi! Al Iverson here. I offered to guest blog for my friend Laura Atkins, as she’s off to a conference for a few days. If you like my posts, c’mon over and visit me at my blog, Spam Resource.
A few weeks ago, an industry colleague asked me why I’m so anti-email append. I’m not specifically anti-email append, I’m just not very fond of things that cause deliverability problems. And any time I have some huge, horribly complex client deliverability problem to deal with, the underlying source of the problem tends to be some sort of third party data thing, like email append or co-registration. It’s pretty straight forward, from my perspective. You’re sending mail to people who didn’t give you their email address. I know it’s legal, the ISPs know it’s legal. But the ISPs see that this causes spam complaints to spike, and they hate enabling delivery of mail that causes complaints, so it gets you blocked.
Email Append -> Add those addresses to your list -> You get higher spam complaints -> You get blocked.
Why does this happen? Why are these people complaining about my mail? This is a simple question to answer, too: Subscribers don’t want this mail. Most of the people who get this mail, they were not expecting it. They didn’t give you their email address. They’re surprised that you have their email address. They’re probably already getting a lot of unexpected mail (you don’t think you’re the only one who “appended” their email address, do you?), and they are experiencing inbox fatigue. Click, select all, report spam.
You have no idea what our subscribers want, you might say. Really? No idea at all? If you do this, and you find yourself  blocked, as you likely will, THAT RIGHT THERE IS AN EXCELLENT DATA POINT THAT SHOWS THAT PEOPLE DON’T WANT THIS MAIL. You’re making assumptions about what you think your subscribers want, and the data is telling you that you’re wrong. Listen to that data, learn from it.
If you don’t, you’re not going to have much success getting mail delivered successfully to the inbox.

Read More
Categories
Tags