Recent Posts

Indictments in Yahoo data breach

Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo’s servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals.
Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.

Engagement, Engagement, Engagement

I saw a headline today:
New Research from Return Path Shows Strong Correlation Between Subscriber Engagement and Spam Placement
I have to admit, my first reaction was “Uh, Yeah.” But then I realized that there are some email marketers who do not believe engagement is important for email deliverability. This is exactly the report they need to read. It lays out the factors that ISPs look at to determine if email is wanted by the users. Senders have to deal with vague metrics like opens and clicks, but the ISPs have access to user behavior. ISPs can see if mail is replied to, or forwarded or deleted without reading. They monitor if a user hits “this-is-spam” or moves the message to their junk folder. All of these things are signals about what the users want and don’t want.
Still, there are the folks who will continue to deny engagement is a factor in deliverability. Most of the folks in this group profit based on the number of emails sent. Therefore, any message about decreasing sends hurts their bottom line. These engagement deniers have set out to discredit anyone who suggests that targeting, segmentation or engagement provide for better email delivery and getting emails to the inbox.
There’s another group of deniers who may or may not believe engagement is the key to the inbox, but they don’t care. They have said they will happily suffer with lower inbox delivery if it means they can send more mail. They don’t necessarily want to discredit deliverability, but they really don’t like that deliverability can stop them from sending.
Whether or not you want to believe engagement is a critical factor in reaching your subscribers, it is. Saying it’s not doesn’t change the facts.
There are three things important in deliverability: engagement, engagement, engagement.

More CASL enforcement

Last week the CRTC published a CASL enforcement action wherein they fined an individual $15,000 for 10 violations of the act.

Blackboxes and unknown effects

In my previous career I studied the effect of alcohol on developing embryos. It’s a bit weird I ended up in that field because embryological development always seemed to complex to me. And it was and is complicated. In a lot of ways, though, it was good training for deliverability. We dealt with a lot of processes that seem, on the surface, straightforward.
Fertilization happens, then you get a flat group of cells, those cells fold up into the neural tube, cells migrate around, things happen, limbs form, organs form and 21 days later you have a fluffy little chick.
The details in all those steps, though. They’re a bit more complicated, looking something like this:
There are lots of different things going on inside the embryo to take it from a single cell up to a complex multicellular being. Genes turn on, genes turn off at different times in development, often driven by overlapping concentration gradients. Genes turn each other and themselves on and off. It’s complex, though, and there are things that happen that we don’t quite understand and have to black box. “If I add this protein, or take this gene and that gene away… what happens?”
A lot of that is like what email reputation is these days. There isn’t one factor in reputation, there are hundreds or thousands. They interact with each other, sometimes turning up reputation, sometimes turning down reputation. We figure this out by poking at the black box and seeing what happens. Unlike development, though, delivery rules are not fixed. They are changing along the way.
It’s not simple to explain delivery and how all the moving parts interact with each other. We don’t always know that doing A will lead to X. Because A -> X is not a straight line and there are other things that impact that line. Those other things also impact A, X and each other.
Delivery is a tangled web. On the surface it seems simple, but when you start peeling back the layers you discover the jumble of factors that all interact with each other. It’s what makes this a challenging field for all of us.

International Women's Day

Today is International Women’s Day. In recognition of this day, there has been a call for a general woman’s strike. I thought long and hard about how I would participate in this event. Even yesterday I had no clear view of whether or not I would be working today.
As a self-employed woman, me not working today only hurts me and my clients. There’s no one to leave work for, I either do it before or after. It’s got to get done and it’s my responsibility to do it. But at the same time, I recognize the unpaid and underpaid work most women do and fully support the strike.
After much thought, I decided that my contribution to the strike would be to do what I needed to do for work. But that I would remove myself from public conversations about email today. I spend quite a bit of my time doing unpaid work that supports the email industry: standards work, answering questions in various fora, supporting different initiatives, writing documents, blogging about industry events. I won’t be doing any of that work today.
Yes, there are questions I could answer, advice I could give, industry events that I have comments and insight on. But today, today I’m not going to do any of that.

Verizon changes but no time line

Yesterday there was a lot of talk about Verizon moving out of email and transitioning all their customers over to the AOL backend. The source was a page in the Verizon help center about transitioning an email address. There is no date on the page, so it’s unclear when this is going to happen or when it started.
I posted about Verizon beginning this transition back in May of 2016: Changes coming to Verizon email. The wording on the AOL page I link to is very similar to the wording on the page that was passed around yesterday.
Without a date it’s hard to really provide any advice, other than to maintain your list hygiene (you do have list hygiene programs, right?) and remove addresses that hard bounce. Quite honestly, I don’t think this will really have any effect on delivery. It doesn’t appear these changes are happening all at once, and Verizon customers have the option to keep their verizon.net address. They’re just going to have to access it differently.
For companies that use an email address as a primary key for logins or accounts, it’s probably a good time to contact customers with a verizon.net address and ask them to update their address. That’s a good idea most of the time, but when we know changes are happening at a domain level, it’s a requirement.

Large companies (un?)knowingly hire spammers

This morning, CSO and MacKeeper published joint articles on a massive data leak from a marketing company. (Update: 2019: both articles are gone, a cached version of the CSOnline link is at https://hackerfall.com/story/the-fall-of-an-empire-spammers-expose-their-entire) This company, River City Media (RCM), failed to put a password on their online backups sometime. This leaked all of the company’s data out to the Internet at large. MacKeeper Security Researcher, Chris Vickery discovered the breach back in December and shared the information with Spamhaus and CSO online.
The group has spent months going through the data from this spammer. As of this morning, the existence of the breach and an overview of the extent of their operation were revealed by CSO and MacKeeper. Additionally, Spamhaus listed the network on the Register of Known Spamming Operations (ROKSO).

There are a couple interesting pieces of this story relevant to legitimate marketers.
The biggest issue is the number of brands who are paying spammers to send mail from them. The CSO article lists just some of the brands that were buying mail services from RCM:

February 2017: The Month In Email

Happy March!

As always, I blogged about best practices with subscriptions, and shared a great example of subscription transparency that I received from The Guardian. I also wrote about what happens to the small pool of people who fail to complete a confirmed opt-in (or double opt-in) subscription process. While there are many reasons that someone might not complete that process, ultimately that person has not given permission to receive email, and marketers need to respect that. I revisited an older post on permission which is still entirely relevant.
Speaking of relevance, I wrote about seed lists, which can be useful, but — like all monitoring tools — should not be treated as infallible, just as part of a larger set of information we use to assess deliverability. Spamtraps are also valuable in that larger set of tools, and I looked at some of the myths and truths about how ISPs use them. I also shared some thoughts from an industry veteran on Gmail filtering.
On the topic of industry veterans, myths and truths, I looked at the “little bit right, little bit wrong” set of opinions in the world of email. It’s interesting to see the kinds of proclamations people make and how those line up against what we see in the world.
We attended M³AAWG, which is always a wonderful opportunity for us to catch up with smart people and look at the larger email ecosystem and how important our work on messaging infrastructure and policy really is. I was glad to see the 2017 Mary Litynski Award go to Mick Moran of Interpol for his tireless work fighting abuse and the exploitation of children online. I also wrote about how people keep wanting to quote ISP representatives on policy issues, and the origin of “Barry” as ISP spokesperson (we should really add “Betty” too…)
Steve took a turn as our guest columnist for “Ask Laura” this month with a terrific post on why ESPs need so many IP addresses. As always, we’d love to get more questions on all things email — please get in touch!

End of an era

A few moments ago, I cancelled one of my email addresses. This is an address that has been mine since somewhere around 1993 or 4. It was old enough to vote. And now it’s no more.
I am not even sure why I kept it for so long. It was my dialup account back when I was in grad school in Delaware. When I moved to Madison to work at the university, I kept it as a shell account and email address. I gave it up as my primary email address about the time it was bought by a giant networking company. By then I had my own domain and a mail server living behind the futon in the living room. That was back when we started WttW, somewhere around 2002.
15 years the address has mostly laid dormant. I used it for a couple yahoo groups accounts, but just lists that I lurked on.
I did use it as research for some past clients, typically the ones using affiliate marketers. “Our affiliates only ever send opt in mail!” Yeah, no. See, look, your affiliate is spamming me. My favorite was when said customer put me on the phone with the affiliate.

Confirmed Opt-In: An Old Topic Resurrected

Looking back through my archives it’s been about 4 years or so since I wrote about confirmed opt in. The last post was how COI wasn’t important, but making sure you were reaching the right person was important. Of course, I’ve also written about confirmed opt-in in general and how it was a tool somewhat akin to a sledgehammer. I’m inspired to write about it today because it’s been a topic of discussion on multiple mailing lists today and I’ve already written a bunch about it (cut-n-paste-n-edit blog post! win!).
Confirmed opt-in is the process where you send an email to a recipient and ask them to click on a link to confirm they want the mail. It’s also called double opt-in, although there are some folks who think that’s “spammer” terminology. It’s not, but that’s a story for another day. The question we were discussing was what to do with the addresses that don’t click. Can you email them? Should you email them? Is there still value in them?

We have to treat the addresses as a non-homogenous pool. There are a lot of reasons confirmation links don’t get clicked.