Recent Posts

Thoughts on SenderScore

Kevin Senne posted over on the Oracle blog about how we need to stop caring about SenderScore and why it’s not as useful a metric as it used to be.
I can’t argue with anything he’s said. I think there is way too much focus on IP reputation and SenderScore. There’s so much more to deliverability than just one or two factors.
In fact, if you’ve been to any of my recent webinars or talks you will probably have seen some version of this image in my slides:
SenderScore99_cropped
Basically, just because you have a great SenderScore doesn’t mean you’re going to have good delivery.  Likewise, having a poor SenderScore doesn’t mean your mail is destined to be undelivered.
I tell clients, and people who ask about SenderScore that it reflects the data that Return Path gets, run through their proprietary algorithms to come up with a score. And that score is relevant for those ISPs that pay attention to it. But most ISPs make the deliver or not deliver decision based on their own internal data, not on the IPs SenderScore.

Read More

When did the reject happen?

conversation_for_blogEarlier today I approved a comment from Mike on a post about problems at AOL from 2012. The part of the comment that caught my attention:

Read More

DOD breaks links in .mil clients

DataSecurity_IllustrationThe Department of Defense is breaking HTML links in mail to .mil domains. This is part of the DoD’s attempt to curtail phishing.

Read More

Filter complexity

URLBlockingForBlogDuring the Q&A last week, I mentioned an example of a type of filter trying to demonstrate how complex the filters are. There was some confusion about what I was saying, so I thought I’d write a blog post explaining this.

Read More

Thanks for the great session

I had a great time answering questions at the 2015 All About eMail Virtual Conference & Expo today. Thanks so much to everyone who participated and asked questions. They were great and I’m sorry we didn’t have more time.
I did get some questions on twitter (@wise_laura) afterwards. One was about an example I gave to explain how filters are complex. There have been rumors going around recently that Gmail is filtering mail with more than 3 URLs in it. Let me just say right now THIS IS NOT TRUE emails with more than 3 URLs in them are being delivered just fine to Gmail.
There is a situation involving the number (and type) of URLs that I think are a useful example of the filter complexity happening at some places, like Gmail. I started working on it, but don’t quite have time to finish it today, but will keep working on and it should go up in the next day or so.
Thanks again to everyone who joined the session. You asked some great questions and I had fun answering them.
 

Read More

All About Email: Q & A session tomorrow

virtualShow_forblogLive! Tomorrow! the 2015 All About eMail Virtual Conference & Expo12:30 Eastern, 9:30 Pacific. Come hear Ken ask me about email and contribute your own questions!
Want to ask about spamtraps? Purchased lists? How about engagement? Just want to listen to what myths other people are interested in asking about? Come and listen.
 

Read More

ESP attacks, again. Be wary.

There seems to be an uptick in phishing attacks that have an impact on ESPs recently.
Your CEO
The most critical one is targeted spear-phishing attacks that claim to be internal documents sent by senior staff within the company, e.g. from the company CEO.
It’s likely that the attached documents will compromise and backdoor your machine, and from their most of your internal network, using an infected document to load a remote administration tool (RAT) such as Netwire.
Be very, very wary of document attachments, especially in generic looking emails that you weren’t expecting, from senior people. Making sure your antivirus signatures are up to date is a great idea, but nothing will protect you as effectively as not opening the infected documents.
Your domain registrar
The other campaign I’m aware of is emails that claim to be abuse reports from registrars (e.g. opensrs, tucows, etc) aimed at domain registration contacts, claiming that a domain has been suspended and that the recipient should click on a link to “download a copy of complaints received”.
e.g.

Read More

SPF debugging

Someone mentioned on a mailing list that mail “from” intuit.com was being filed in the gmail spam folder, with the warning “Our systems couldn’t verify that this message was really sent by intuit.com“. That warning means that Gmail thinks it may be phishing mail. Given they’re a well-known financial services organization, I’m sure there is a lot of phishing mail claiming to be from them.
But I’d expect that a company the size of Intuit would be authenticating their mail, and that Gmail should be able to use that authentication to know that the mail wasn’t a phish.
Clearly something is broken somewhere. Lets take a look.
Looking at the headers, the mail was being sent from Salesforce, and (despite Salesforce offering DKIM) it wasn’t DKIM signed by anyone. So … look at SPF.
SPF passes:

Read More

October 2015: The month in email

When you spend most of your day working on email and spam issues, it starts to cross into all aspects of your life. In October, I was amused by authors who find names in spam, SMTP-related t-shirts on camping trips, and spam that makes you laugh. Maybe I need a vacation?
We were quite busy with conference presentations and client work this month, but took time to note the things that captured our attention, as always. We highlighted a few things we enjoyed reading around the web: Brian Krebs’ Reddit AMA, the results of Jan Schaumann’s survey on ethics in internet operations, and a great post on Usenet from Joe St. Sauver.
In industry news, we covered a few glitches that are worth noting, in case you missed them: Yahoo FBL confirmation emails, Google postmaster tools, Network Solutions email, and weird Lashback listings. Even though these have mostly been resolved, it’s useful to keep track of the types and frequency of these sorts of issues, as they can significantly impact your deliverability and may be useful as your clients or business stakeholders raise questions about campaign performance.
Steve contributed a few key technical posts this month, including a short post on IPv6 authentication issues, following up on the issues he outlined back in July. He also noted Gmail’s upcoming move to DMARC p=reject, which is notable for the ways they are are looking to mitigate risks with their ARC proposal.  Finally, he wrote that it’s worth looking at false positives every now and then, as it can reveal interesting patterns in the ESP landscape.
Finally, a good suggestion from the best practices file: engagement through confirming user names, and a not-so-good plan for an app that’s sure to invite abuse and harassment.

Read More

Deliverability, email and lessons learned from Insight2015

biohazardmailDeliverability is a challenge, I think everyone who has ever tried to send bulk mail will acknowledge that. There are a lot of reasons for this. One of the big reasons is that there are bad players who spend a lot of time trying to get around filters. And a lot of these people are sending very bad mail. Phishing. Spear Phishing. Viruses. Malware.
Email is a prime vector for a lot of criminals.
A lot of deliverability discussions really gloss over the dangers, though. We don’t often think about it, because we’re not sending bad mail. But we still have to go through the same filters that ask: Is this message safe?
Security was a big deal at the recent Sparkpost / MessageSystems conference.

Read More
Categories
Tags