What is UCENET?

Formerly known as the London Action Plan, UCENET (Unsolicited Communication Enforcement Network) exists to promote international spam enforcement cooperation and address spam related problems, such as online fraud and deception, phishing, and dissemination of viruses. Its members include government and internet industry representatives and public agencies from 27 countries.

You can learn more about UCENET's recent activities here.

(H/T to the Mainsleaze blog.)

Ask Al: What of Senderbase?

Emanuel writes: "I need assistance with Senderbase. What ISP report to Senderbase? Is there a way to view Senderbase complaints? We add all ours IPs in the feedback loop, but not in the feedback loop of Yahoo. Is it possible that the lack of a Yahoo feedback loop is the problem?'

Emanual, I'm sad to say that it has been a very long time since I have run into client issues that I believe to relate to Cisco's Senderbase. I don't know if Yahoo complaint data is fed to them, to be honest. But I'll throw the question out here and we'll see if someone else out there has some other ideas. Feel free to share your thoughts in comments, and thank you in advance!

List-unsubscribe on Gmail: Frequently Asked Questions (FAQ)

Google has long provided support for the list-unsubscribe header (as defined in RFC 2369) in Gmail. It is listed in their bulk sender guidelines as "strongly recommended." Meaning that if you're a good guy sender, it is expected that you will implement support for this functionality.

Google announced support for the list-unsubscribe header in Gmail back in 2009. Since then, lots of ESP folks have some idea of how it works, but it seems to be a bit lightly documented. So here I will throw together a few frequently asked questions (with answers) that I hope will help folks trying to understand how this functionality works.

Frequently Asked Questions (FAQ)

What method does the Gmail list-unsubscribe functionality utilize?

Gmail supports both the MAILTO and HTTP types of list unsubscribe functionality. When the Gmail unsubscribe link is clicked, here's what happens for each type:
  • The MAILTO method results in an email message being sent back to a special email address found in that list-unsubscribe header.
  • The HTTP method results in Gmail linking you to the sender's unsubscribe page where you can finish submitting your unsubscribe request.
For comparison, Both Apple's iOS10 email client and Microsoft's webmail properties (Hotmail/ Live.com/ Outlook.com) only provide support for the MAILTO method.

Why does the "Unsubscribe" link not show for all messages?

Even if an email messages includes a list-unsubscribe header, Gmail's user interface will not display the "unsubscribe" link if Google believes the sender's reputation is poor. It turns out that this is one of those things that is lightly documented, but widely observed. The best proof of this reputation-related requirement can be found here, where Google said the following when announcing support for this functionality:
"This only works for some senders right now. We're actively encouraging senders to support auto-unsubscribe — we think 100% should. We won't provide the unsubscribe option on messages from spammers: we can't trust that they'll actually unsubscribe you, and they might even send you more spam. So you'll only see the unsubscribe option for senders that we're pretty sure are not spammers and will actually honor your unsubscribe request. We're being pretty conservative about which senders to trust in the beginning; over time, we hope to offer the ability to unsubscribe from more email."
Why do ISPs like Gmail and Hotmail want to utilize this list-unsubscribe functionality?

I think Return Path's Melinda Plemel explains it well here:
"So how do the Mailbox providers benefit from the use of list-unsubscribe? Since their users were using the “report spam” button in a way that wasn’t originally intended, businesses would often see inflated complaint rates. This in turn caused false positives with mailbox providers’ spam filters, and flagged opt-in permission-based email as spam. By creating a trusted way for people to unsubscribe, spam complaint rates have been more accurate, and mailbox providers have gotten better at separating spam from graymail. This also explains why both Outllook.com and Gmail use the list-unsubscribe functionality leverage the list-unsubscribe option when for senders with good sending reputations. Neither Google or Microsoft want the list-unsubscribe to be abused by spammers, too."
In other words, it helps ISPs better tell good senders apart from spammers. This, in turn, benefits good senders, because making it easier to unsubscribe results in fewer spam complaints, and fewer spam complaints equates to a better chance of getting email reliably delivered to the inbox.

Should I be concerned about this List Unsubscribe functionality making it too easy for recipients to unsubscribe?

Litmus's Chad White has put together a fantastic analysis for the impact the recent launch of Apple iOS10's support for list unsubscribe, helping to allay concerns that marketers may have. Its guidance also applies equally well to concerns over the Gmail and Microsoft versions of the list unsubscribe functionality.

Got any other questions? Leave them in comments, and I'll update this post as time allows.

(H/T to Laura Atkins, who helped me hunt down that original Google announcement. Laura has her own thoughts on List Unsubscribe, as well.)

5 Reasons List-Unsubscribe Concerns Are Overblown

Over on the Litmus blog, Chad White shares why marketers shouldn't panic or try to disable the list-unsubscribe header on their email messages. Great insight, and the research aligns with what I've been seeing as well.

Microsoft breaks DKIM signature?

It's kind of rare, but not rare enough. Every now and then I hear of a client who is seeing intermittent DKIM failures at Microsoft Outlook.com/Hotmail properties. A Delivery Team Lead for one of the bigger ESPs posted about this on the Mailop list recently, looking for feedback and thoughts. The discussion that ensued seemed to come to a consensus that there are (rare) times when Microsoft may be modifying message content slightly, and thus causing the DKIM signature to break.

Steve Atkins of Word to the Wise has done a fantastic job of writing up some best practice suggestions on how an ESP can deal with this type of thing.

In addition to Steve's excellent suggestions, I would add, if it's not easy for you to modify your DKIM signing configuration, one thing to try when you run into these issues is, remove all tabs from the body content. It was suggested in one of the examples shared that an intermediate Microsoft server may have converted tabs to spaces, which potentially caused the DKIM signature failure. Of course, Steve Atkins is spot on to take the conversation to a higher level and look at how to modify the DKIM config to address this overall, but if you're looking for something to try right now, this is also something I would try.

What You Need to Know About DMARC and Deliverability

Bronto's Chris Truitt explains how DMARC works, how it impacts deliverability and he outlines things to consider when configuring your DMARC record.

Spam Museum Welcomes 100,000th Visitor

From the not-just-email department: Local TV station KAAL-TV reports that the Hormel Spam Museum in Austin, Minnesota welcomed its 100,000th visitor last week. Her prize? 200 can of Spam. Yum.

Yuck: iCloud Calendar Spam

Are you one of the many millions of unlucky souls receiving spammy calendar invites? Apple is apparently aware of and working to address this type of thing, according to the iMore blog. But if you can't wait for that, the Verge has a few suggestions on what you can do about it.

Virgin Media is so rustic and artisan you get to hand-sort your own spam

Can't beat that headline. UK ISP Virgin Media is having a few problems with its spam filters, reports the Register. Previously hosting user mailboxes on Google-managed systems, the ISP was forced to bring it back in house after Google stopped selling the service to ISPs. Apparently, hilarity has ensued.

Good news for senders: Instead of blocking mail outright, suspected spam will now be routed to the spam folder. Sounds like ISP users will be able to identify spam and non-spam to the ISP, to help improve the filter over time.

A quick search suggests that @ntlworld.com and @blueyonder.co.uk are probably the relevant Virgin Media email domains affected by this issue. I'll update this post if I learn more.

MegaRBL DNSBL FUBAR

Over on the Word to the Wise blog, Laura Atkins explains what happened with that spate of short-term MegaRBL DNSBL listings you may have noticed last week.

AOL FBL Sending Address Changing

The AOL Postmaster Blog reports that on January 16, 2017, the from address for AOL feedback loop complaints will change from
scomp@aol.net to fbl-no-reply@postmaster.aol.com

AOL Postmaster Lili Crowley reports that this change is being implemented at the same time as they implement DKIM signing of all complaints sent.

AOL seems to be timing the change to occur after the busiest part of the Holiday email season has passed.

Putting Spam to the culinary test

Time for a distraction. The Staunton (VA) News Leader reports on the Virginia Military Institute's Spam challenge, wherein chefs are tasked to "create an entree and two sides using only five mystery ingredients and anything from the pantry, which was comprised of items that would have been available to the World War II-era home cook." Spam croquettes, anyone?

Holiday Season Tip: Don't Experiment

Hey, November and December are a big, important time period for online retailers. Lots of people always ask me what they should do to minimize the risk of deliverability problems during this period. Keeping in time that ISP email volumes are up (way up), ISP staff managing unblocking requests are probably getting more requests than usual, and that they all have holidays they're going to go on at some point. There's not always going to be a backup contact able to help. Responses are going to be slower. Maybe even less forgiving, out of frustration.

So what is the one most important thing you can do to make sure you don't have to deal with any of this? Avoid surprises. This isn't the time of the year to experiment. Don't add a new list. Don't buy a list. Don't mail a seven year old list that you just found in the back of a cabinet (that really happened). New lists, new data sources, anything you haven't been mailing to recently already, that adds new risk. Without knowing the reputation history of mailing to these "new to you" subscribers -- and how they're going to react to your mail in particular, you're opening yourself up to deliverability trouble.

Avoid that trouble. Don't start changing things now. Get through the season before adding more variables to what you're doing.

Gmail Updated on iOS

Google announced an updated version of the Gmail email client for iOS devices today. The big new enhancements seem to be "undo," "swipe to archive or delete" and a faster search function. There does not appear to be any support at all for list-unsubscribe functionality, which Gmail's Android client appears to have. Poking around in the new version of the iOS app, I can't get it to trigger any sort of action based on the list-unsubscribe header whatsoever. Strange, given Gmail was long a driver of this functionality.

Email and the 2016 Presidential Election

Just a few more days until the election, and then everybody can calm down and get back to their normal lives, I hope.

Every time I read the Washington Post, I see another article about email servers or weird DNS server activity. It's tiring.

I don't have the strength or energy to debate folks about the Hillary Clinton email server saga, so I'll just link back to this Word to the Wise post from July where Steve Atkins quotes Lane Winree on how plausible the explanation for the HRC email server scenario actually was. I do personally find it quite plausible. Of course, some commenters disagree, but security best practices aren't a monolith now, nor were they then.

Then there's this whole question of whether or not a Trump owned/managed server was communicating with a Russian bank. One of the people quoted in the Salon article is Paul Vixie. I worked for Paul around 15 years ago. We're not friends, but I generally think of him as a smart guy. Unfortunately, the more I read about this, the more it smells like this was probably just an email service provider running a dedicated outbound email server for marketing campaigns for some business of Trump's. The traffic could just be "typical ESP stuff" -- click tracking connections, image hosting lookups, performing DNS-based authentication checks, etc. and I could pretty much see a few really smart DNS nerds getting confused and thinking something more nefarious was afoot. I think the folks at the Intercept probably agree with me.

So, little to see on one hand and nothing to see on the other. Back to work, everyone.

Barracuda (was) down

Founded in 2003, Barracuda Networks provides anti-spam and security-related hardware and services and was believed to have more than 150,000 clients as of 2014.

Looks like if Barracuda hosts your spam filtering or mail services, you might not be receiving email right now. Multiple folks are telling me that they're having trouble connecting to Barracuda servers to deliver mail. The Register (UK) has mention of Barracuda downtime today as well.

As of 2:26 pm Eastern Time on Wednesday, November 2, 2016, Barracuda's status website says: "Investigating - Customers are experiencing delays with inbound message delivery. Outbound is unaffected.  [...] Engineering and Operations teams are still working to resolve delays in mail delivery."

Update: November 3, 2016: "Barracuda Networks is still continuing to see a large number of inbound connections from unverified sources for customers using Essentials for Email Security and Cloud Protection Layer. We have successfully filtered and are actively monitoring the situation while taking the appropriate actions when needed. Email processing has returned to normal. Previously delayed emails are now being accepted and processed."

Now you can read your email on Xbox One

Jess Nelson of MediaPost's EmailMarketing Daily shares news of the first-ever email client for the Xbox: MailOnX. Though, designers, I wouldn't necessarily start worrying about focusing your email marketing design efforts on Xbox as a platform JUST yet.

Beware: Student loan forgiveness spam

SC Magazine shares details of a Symantec report identifying student loan forgiveness spam as a path for the unwitting to get infected with malware. Particularly timely, given all the news lately about for profit colleges shutting down, leaving ex-students wondering what comes next with regard to their loans.

These spammers aren't very discriminating with whom they're targeting, based on the never-valid addresses I'm seeing the spam come in to. I called the number in one of the spams last Friday and talked to a very unhelpful young lady who didn't want to tell me anything about the unwanted mail she was somehow connected to. But at least I perhaps kept her from scamming somebody for a few minutes.

Not only should you be careful not to believe promises made in these spam messages, but even if they weren't spammers, you apparently still shouldn't be paying for debt consolidation or student loan discharge help.

And remember, no legitimate company is ever going to ask for payment in the form of an iTunes gift card.