Recent Posts

Valentine's day semi-fluff

There comes an inevitable point in some of my longer term consulting gigs where my client asks me some version of the following question:

It has been a rather busy day today, I do not have a full blog post. I did see a couple posts come across my RSS feeds. Both of them have content I want to talk about and discuss in a little more detail, as I think they touched on some very interesting issues.
Network World has an article interviewing Mark Risher from Yahoo. The article discusses Yahoo’s use of DomainKeys as part of their inbound mail filtering.
Mickey has an article about how to deal with ISPs when attempting to troubleshoot a blocking issue.
More details and commentary on both articles later this week.

ESP unwittingly used to send spam

Late last week I heard from someone at AOL they were seeing strange traffic from a major ESP, that looked like the ESP was an open relay. This morning I received an email from AOL detailing what happened as relayed by the ESP.

Email authentication

The great folks over at MailChimp have compiled a list of which authentication methods (DK, DKIM, SPF and SenderID) are in use at which ISPs.
Good stuff and very clear showing who is using what authentication.

CAN SPAM compliance.

Over on the ET blog, Al posted about how CAN SPAM compliance is not sufficient for you to not be spamming.
It’s a bit different perspective, but very complimentary to my post yesterday about what is and is not spam. He and I have both heard from ISP people about how many requests for whitelisting or unblocking are prefaced with, “We comply with CAN SPAM” and how meaningless that statement really is. Al has a longer discussion of why.

What really is "spam" anyway?

A few days ago I was reading the attempt by e360 and Dave Linhardt to force Comcast to accept his mail and to stop people posting in the newsgroup news.admin.net-abuse.email from claiming he is a spammer. The bit that pops out at me in this complaint of his, is the fact that he believes that by complying with the minimal standards of the CAN-SPAM act, he is not spamming.
The problem with this claim is that CAN SPAM lists the minimal standards an email must meet in order to avoid prosecution. CAN SPAM does not define what is spam, it only defines the things senders must do in order to not be violating the act. There is no legal definition of spam or of what is not spam.
To add to the confusion there are a number of confusing and contradictory definitions of spam. Definitions people have used over the years include:

Updating SenderID records for Microsoft

In the past, bulk senders who wanted Microsoft to check SenderID had to email information to a special Microsoft address. Microsoft would then cache the senderID data from the sender’s DNS records and verify incoming email.
Microsoft has simplified the process and now has a webform to submit the data.
http://support.msn.com/…
In order to submit your information you will need a contact email address, the domains that you want to add and the SPF records of those domains.

Predictions for 2008

I did not have a lot of predictions for what will happen with email at the beginning of the year so I did not do a traditional beginning of the year post. Over the last 3 – 4 weeks, though, I have noticed some things that I think show where the industry is going.
Authentication. In January two announcements happened that lead me to believe most legitimate mail will be DK/DKIM signed by the end of the year. AOTA announced that approximately 50% of all email was currently authenticated. They did not separate out SPF/SenderID authentication from DK/DKIM authentication, but this still suggests email authentication is being widely adopted. AOL announced they will be checking DKIM on their inbound mail. I expect more and more email will be DKIM signed in response to this announcement.
Filtering. The end of 2007 marked a steady uptick in mail being filtered or blocked by recipient domains. I expect this trend to continue throughout 2008. Recipient domains are rolling out new technology to measure complaints, evaluate reputation and monitor unwanted email in ways that tease out the bad actors from the good. This means more bad and borderline email will be blocked. Over the short term, I expect to see more good email blocked, too, but expect this will resolve itself by Q2/Q3.
Sender Improvements. As the ISPs get better at filtering, I expect that many borderline senders will discover they cannot continue to have sloppy subscription practices and still get their mail delivered. Improved authentication and better filtering let ISPs pin-point blocks. Instead of having to block by IP or by domain, they can block only some mail from a domain, or only some mail from an IP. There are a number of senders who are sending mail that users do not want mixed with mail that recipients do want. Right now, if there is more mail that recipients want in that mix, then ISPs let the mail through. This will not continue to happen through 2008. Senders will need to send mail users actively want in order to see good delivery.
Less is more. A lot of other email bloggers have talked about this, and I will echo their predictions. Less email is more. Send relevant mail that your customers want. Target, target, target. Good mailers will not send offers to their entire database, instead they will send mail to a select portion of their database.
Feedback loops. Use of feedback loops by recipient domains will continue to grow.
Mobile email. More recipients will be receiving email on mobile devices.
Suggestions for 2008

SenderScore Certified expands

ReturnPath announced yesterday that SenderScore Certified now covers 1.2 billion inboxes, including mail handled by Hotmail, Time Warner Cable, GoDaddy and eventually Yahoo. A number of filters are also using SSC, including Spam Assassin, IronPort Systems, Barracuda Networks and Cloudmark.

e360… AGAIN

This time e360 is in court suing a number of individuals for calling him a spammer.
Mickey has docs up on SpamSuite.com and Ken Magill has written about it as well.
Dave has also responded to ReturnPath, through Ken, with a public letter explaining why his statement disagrees with ReturnPath’s statement about his acceptance into the SenderScore Certified program.
Rumor has it that Dave is claiming he is out of money. If that’s true, who is funding these cases?