Recent Posts

Spamhaus rolls out anti-snowshoe filters

Spamhaus announced today that they are rolling out a new system to detect snowshoe spammers.
What is a snowshoe spammer?
Snowshoe spammers send spam not from compromised servers or botnets, but from large numbers of IP addresses that they are using legitimately. They try to stay below the radar of spam filters, and so get their unwanted email through to the inbox, by looking like a lot of little senders of email rather than one big volume of email.
While a legitimate user of lots of IP addresses might ask for a /23 (500 adjacent IP addresses) from their ISP, and put their real name on the network registration, a snowshoe spammer might instead have 50 blocks of 8 or 16 IP addresses scattered all across their ISP. And they won’t have their real names on the network registrations – instead there’ll be no records at all, or fake but plausible looking company names.
Like a legitimate sender a snowshoe spammer uses real domain names in the mail they send – but unlike the legitimate sender instead of using one real domain name they’ll typically use hundreds of different ones. They’ll sometimes be created completely randomly, such as dreamingdisposal.com or acrosticvienna.com, sometimes they’ll be created so as to sound vaguely like plausible businesses. The contact information on the domain registration is falsified, usually by using one of the commercial domain registration anonymization services such as DomainsByProxy.
And, just like botnet spam, the snowshoe spammer will send low volumes of email from each IP address, to stay below the threshold where someone might look closely at a particular source. This spreading their activity out, so there’s not too much noticable pressure at any one point, is where the term snowshoe spammers comes from.
What are Spamhaus doing?
Spamhaus CSS is a list of IP addresses that Spamhaus think are being used by a snowshoe spammer. It isn’t being published as a separate blacklist, rather it’s being published as part of the Spamhaus SBL, so it’ll be used automatically by everyone using the SBL or Zen lists from Spamhaus. This will help Spamhaus react much more quickly to block snowshoe spammer infestations.
Does this affect me?
If you’re a legitimate sender, this should be yet another reason for you to make sure that you’re being transparent about who you are and what you do.
If you don’t want to risk being mistaken for a snowshoe spammer make sure you’re using one or two real domains with a web presence rather than dozens or hundreds of opaque domain names. Use mail1.yourcompany.com – mail25.yourcompany.com rather than yc1.com – yc25.com.
And make sure you have real contact information in all your domain and network registration information, not false or out of date information and definitely not an anonymisation service.

Read More

Sharing content, sharing reputation

Over at SpamResource Al talks about how sharing content is like sharing needles.

Read More

Email address validation

One thing anyone collecting email addresses anywhere has to think about is address validation. How do you prevent users from typing bad addresses into your forms?
I ran into this yesterday attempting to take an online quiz. Before I was allowed to take the quiz, I had to provide my name, phone number and email address. Initially I attempted to use a tagged email address. This is one that delivers to my wordtothewise.com mailbox, but lets me identify who I initially gave the address to. The form wouldn’t let me give a tagged address “contains invalid characters.” Well, no, it doesn’t, but there are a lot of websites that think + and – and other characters are invalid.
So what did I do? I ended up using a yahoo address associated with my yahoo IM account. An account that may actually not be accepting mail any longer as I rarely log into it.
What did address validation get them in this case? Well, it got them an address I don’t read and may not even be active rather than the address I wanted to give them which would have delivered directly to my primary mail box. Somehow I don’t think this solution is really ideal for them. (It’s great for me, I’ll never know if they ever attempt to contact me.)
Coincidentally, UserGlue posted about email address validation and alternatives to “make them type their address twice.” (Do people do this? I typically cut and paste my address instead of retyping.)
How are other people validating email addresses?

Read More

Links for 9/29/09

A little bit of link sharing today.
Mark Brownlow posts about how critical clicks are to conversion. He also looks at successful techniques that various marketers have used to engage customers.
Chris Wheeler has an insightful post at SpamResource discussing reputation, engagement and what the ISPs are looking at when making delivery decisions. J.D. Falk touches on some of the same themes in his blog post “The Spam Folder is Your Chance to Shine.”
Neil Schwartzman talks about delivery emergencies from the ISP side of the desk.
Terry Zink gives a brief background on sender reputation and a followup looking at how ISPs are working to prevent spammers from stealing their reputations.
Seth Godin continues to turn marketing on his head with his discussion of how marketers have gone from renting to owning.

Read More

The secret to dealing with ISPs

What is the secret to dealing with ISPs?
The short answer is: Don’t do it if at all possible. Talking to ISP reps generally isn’t going to magically improve your reptuation.  There is no place in the reputation systems where delivery can be modified because the delivery specialist knows or is liked by the postmaster at an ISP.
With my clients, I work through delivery issues and can solve 80 – 90% of the issues without ever having to contact anyone at the ISPs. 90% of the remaining issues can be handled using the publicly available contacts and websites provided by the ISPs.
In the remaining cases, the “secret” to getting useful and prompt replies is to:

Read More

DKIM: what it's not

An ESP twittered this past week about their new DKIM implementation going live. They were quite happy with themselves. Unfortunately, in their blog post, they mentioned 3 things that DKIM would provide for their customers, and got it wrong on all 3 points. Their confusion is something that a lot of people seem to get wrong about DKIM so I thought I would explain what was wrong.

Read More

How reputation and content interact

Recently, one of my clients had a new employee make a mistake and ended up sending newsletters to people in their database that had not subscribed to those particular newsletters. This resulted in their recipients getting 3 extra emails from them. These things happen, people fat-finger database queries or aren’t as careful with segmentation as they should be.
My clients were predictably unhappy about sending mail their users hadn’t signed up for and asked me what to do to fix their reputation. I advised they not do anything other than make sure they don’t do that again. The first send after their screw-up had their standard 100% inbox delivery. The second send had a significant problem with bulk foldering at Hotmail and Yahoo. The third send had their standard 100% inbox delivery.
So what happened on the second send? It appears that on that send they had a link or other content that “filled the bucket.” Generally, their IP reputation is high enough that content isn’t sufficient to send their mail into the bulk folder. However, their reputation dipped based on the mistake last week, and thus the marginal content caused the bulk foldering.
Overall, these are senders with a good reputation. Their screw up wasn’t enough to damage their delivery itself, but may have contributed to all their mail going into the bulk folder the other day. I expect that their reputation will rebound quickly and they will be able to send the same content they did and see it in the inbox.

Read More

Delivery emergencies

There is no such thing as a delivery emergency. They just do not happen.
Delivery is fluid, delivery is changing, delivery is complex.
But when delivery goes bad it is not an emergency. There is no need to call up an ISP person at home on a Saturday afternoon and ask them to remove the filters. (And, BTW, experience indicates if you do this that you may have future delivery issues at that ISP.)
I’m sure that people will provide me with examples of delivery emergencies. And, in some cases I might even concede that the receivers will be happy to receive email immediately when it was sent. However, email as a protocol was designed for store and forward. It was not designed to transmit messages instantaneously from sender to receiver. Sure, it works that way much of the time these days. On the whole the Internet is fairly reliable and major servers are connected 24/7 (which wasn’t always the case).
Among many people, particularly recipients and ISP employees, there isn’t the expectation that bulk email is instantaneous. This leads to the belief that delivery problems are not an emergency. Everyone faces them, they get dealt with, life goes on. Demanding an escalation to deal with a “delivery emergency” may backfire and slow down how long it takes to get a response from an ISP.

Read More

Technology does not trump policy when it comes to delivery

Recently Ken Magill wrote an article looking at how an ESP was attempting to sell him services based on the ESPs ‘high deliverability rates.’ I commented that Ken was right, and I still think he is.
Ken has a followup article today. In the first part he thanks Matt Blumberg from Return Path for posting a thoughtful blog post on the piece. Matt did have a very thoughtful article, pointing out that the vast majority of things affecting delivery are under the control of the list owner, not under the control of the ESP. As they are both right, I clearly agree with them. I’ve also posted about reputation and delivery regularly.

Read More

Goodmail sued for patent infringement

Late last week RPost sued Goodmail for infringing two patents. One patent authenticates content and delivery of documents. The second verifies the message was received by the recipient.
Patent #6,182,219: Apparatus and method for authenticating the dispatch and contents of documents.

Read More
Categories
Tags