Recent Posts

AHBL Wildcards the Internet

AHBL (Abusive Host Blocking List) is a DNSBL (Domain Name Service Blacklist) that has been available since 2003 and is used by administrators to crowd-source spam sources, open proxies, and open relays. By collecting the data into a single list, an email system can check this blacklist to determine if a message should be accepted or rejected. AHBL is managed by The Summit Open Source Development Group and they have decided after 11 years they no longer wish to maintain the blacklist.
A DNSBL works like this, a mail server checks the sender’s IP address of every inbound email against a blacklist and the blacklist responses with either, yes that IP address is on the blacklist or no I did not find that IP address on the list. If an IP address is found on the list, the email administrator, based on the policies setup on their server, can take a number of actions such as rejecting the message, quarantining the message, or increasing the spam score of the email.
The administrators of AHBL have chosen to list the world as their shutdown strategy. The DNSBL now answers ‘yes’ to every query. The theory behind this strategy is that users of the list will discover that their mail is all being blocked and stop querying the list causing this. In principle, this should work. But in practice it really does not because many people querying lists are not doing it as part of a pass/fail delivery system. Many lists are queried as part of a scoring system.
Maintaining a DNSBL is a lot of work and after years of providing a valuable service, you are thanked with the difficulties with decommissioning the list. Popular DNSBLs like the AHBL list are used by thousands of administrators and it is a tough task to get them to all stop using the list. RFC6471 has a number of recommendations such as increasing the delay in how long it takes to respond to a query but this does not stop people from using the list. You could change the page responding to the site to advise people the list is no longer valid, but unlike when you surf the web and come across a 404 page, a computer does not mind checking the same 404 page over and over.
Many mailservers, particularly those only serving a small number of users, are running spam filters in fire-and-forget mode, unmaintained, unmonitored, and seldom upgraded until the hardware they are running on dies and is replaced. Unless they do proper liveness detection on the blacklists they are using (and they basically never do) they will keep querying a list forever, unless it breaks something so spectacularly that the admin notices it.
So spread the word,

Email is inherently a malicious traffic stream

It’s something many people don’t think about, but the majority of the traffic coming into the SMTP port is malicious. Spam is passively malicious, in that it just uses resources and bothers people. But there is a lot of actively malicious traffic coming into the SMTP port. Email is used as a vector to spread viruses and other malware. Email is also used for phishing and scamming. Many of the major hacks we’ve heard about over the last few years, including those in the email space, started with a single user getting infected through email.
We talk a lot about delivery here with clients and primarily focus on making sure their mail looks as unlike malicious mail as possible. We focus on spam filters, but every piece of mail goes through filters that also look for viruses, phishes, malware and other malicious traffic.
Mail servers are under attack constantly. The only reason our inboxes are useful is through the hard work of many people to filter out the bad and keep users from seeing the bulk of the mess attacking them.

ESPs and consolidation

Earlier this week Bloomberg news reported that an anonymous source told them Verizon was looking to acquire or investigate a partnership with AOL. It didn’t take long for the Verizon CEO to quash the acquisition rumors. Acquisitions and partnerships have always been around in technology, this is nothing new. But it made me think a little bit about the acquisitions and mergers in the ESP space.
The last 2 years have seen unexpected purchases of ESPs. Oracle bought Eloqua. Deluxe acquired Vertical Response. IBM has acquired a number of players in the email space, including parts of mail.com, SilverPop and Pivotal Veracity. eBay acquired e-Dialog. Salesforce acquired ExactTarget. Big companies seem to use the acquisition process to acquire the technology needed to send mail to and on behalf of their customers.
I’ve heard some people claim this is the beginning of the end of the stand alone ESP. I disagree. I think there is enough market demand to support stand alone ESPs. But the market is crowded and there are a lot of ESPs out there. There will be some consolidation. Some ESPs will be bought, either for their technology or their staff. Some ESPs will change and add more features. Some big companies will decide to install big appliances to run their own marketing in house.
Things will change but that’s what happen as a market matures. And the ESP market is maturing.
Who do you think will be bought next?

Dodging filters makes for effective spamming

Spam is still 80 – 90% of global email volume, depending on which study look at. Most of that spam doesn’t make it to the inbox; ISPs reject a lot of it during the SMTP transaction and put much of rest of it in the bulk folder. But as the volumes of spam have grown, ISPs and filters are relying more and more on automation. Gone are the days when a team of people could manually review spam and tune filters. There’s just too much of it out there for it to be cost effective to manually review filters.
In some ways, though, automatic filters are easier to avoid than manual filters. Take a spam that I received at multiple addresses today. It’s an advertisement for lists to “meet my marketing needs.” I started out looking at this mail to walk readers through all of the reasons I distrusted this mail. But some testing, the same sorts of testing I do for client mails, told me that this mail was making it to the inbox at major ISPs.
What told me this mail was spam? Let’s look at the evidence.

Email predictions for 2015

Welcome to a whole new year. It seems the changing of the year brings out people predicting what they think will happen in the coming year. It’s something I’ve indulged in a couple times over my years of blogging, but email is a generally stable technology and it’s kind of boring to predict a new interface or a minor tweak to filters. Of course, many bloggers will go way out on a limb and predict the death of email, but I think that’s been way over done.

Even major technical advancements, like authentication protocols and the rise of IPv6, are not usually sudden. They’re discussed and refined through the IETF process. While some of these changes may seem “all of a sudden” to some end users, they’re usually the result of years of work from dedicated volunteers. The internet really doesn’t do flag days.
One major change in 2014, that had significant implications for email as a whole, was a free mail provider abruptly publishing a DMARC p=reject policy. This caused a lot of issues for some small business senders and for many individual users. Mailing list maintainers are still dealing with some of the fallout, and there are ongoing discussions about how best to mitigate the problems DMARC causes non-commercial email.
Still, DMARC as a protocol has been in development for a few years. A number of large brands and commercial organizations were publishing p=reject policies. The big mail providers were implementing DMARC checking, and rejection, on their inbound mail. In fact, this rollout is one of the reasons that the publishing of p=reject was a problem. With the flip of a switch, mail that was once deliverable became undeliverable.
Looking back through any of the 2014 predictions, I don’t think anyone predicted that two major mailbox providers would implement p=reject policies, causing widespread delivery failures across the Internet. I certainly wouldn’t have predicted it, all of my discussions with people about DMARC centered around business using DMARC to protect their brand. No one mentioned ISPs using it to force their customers away from 3rd party services and discussion lists.
I think the only constant in the world of email is change, and most of the time that change isn’t that massive or sudden, 2014 and the DMARC upheaval notwithstanding.
But, still, I have some thoughts on what might happen in the coming year. Mostly more of the same as we’ve seen over the last few years. But there are a couple areas I think we’ll see some progress made.

December 2014: The month in email

2014 has been a busy and exciting year at Word to the Wise (look for more on that in a year-end wrap-up post next week!) and this month was particularly thrilling for us as we officially doubled our size with the addition of Josh and Meri on our client services team.
If you’re a regular reader of our blog, you’ve probably spotted Josh’s byline on a few posts: Google’s Inbox Team answers questions on Reddit, which looks at what this new email client portends for both consumers and email marketers, and M3AAWG Recommends TLS, which reviews M3AAWG’s recommendation that mailbox providers phase out SSL encryption in favor of TLS. Look for more smart insights from Josh in 2015.
Steve contributed a post on the proper syntax for displaying a friendly email address, and a very helpful guide for generating useful test data that doesn’t compromise personally identifiable information from your actual customer data. He also detailed the brief DBL false positive from Spamhaus’ new “Abused-Legit” sub-zone and best practices for handling unrecognized responses.
I wrote about some of the subtleties inherent in how brands decide to “converse” with customers in email and other channels. We’ll just keep saying it: companies need to respect the inbox as personal space. I want to thank both Steve and Josh for picking up my slack on blogging. 7+ years is a long time to try and say new things on the blog and I needed a bit of a break.

New Year's Resolutions

“Figure out what email is.”

Merry Christmas

A retro merry christmas from everyone at Word to the Wise!

M3AAWG Recommends TLS

SSL or Secure Sockets Layer is protocol designed to provide a secure way of transmitting information between computer systems. Originally created by Netscape and released publicly as SSLv2 in 1995 and updated to SSLv3 in 1996. TLS or Transport Layer Security was created in 1999 as a replacement for SSLv3. TLS and SSL are most commonly used to create a secure (encrypted) connection between your web browser and websites so that you can transmit sensitive information like login credentials, passwords, and credit card numbers.
M³AAWG published a initial recommendation that urges the disabling of all versions of SSL. It has been a rough year for encryption security, first with Heartbleed vulnerability with the OpenSSL library, and again with POODLE which stands for “Padding Oracle on Downgraded Legacy Encryption” that was discovered by Google security researchers in October of 2014. On December 8, 2014 it was reported that TLS implementations are also vulnerable to POODLE attack, however unlike SSLv3, TLS can be patched where as SSL 3.0 has a fundamental issue with the protocol.