Amazon Starting Email Service

According to multiple sources, Amazon is starting up a cloud-hosted email service. Called WorkMail, it looks as though it'll be price competitive to similar offerings from Microsoft and Google. Looking into my crystal ball, I assume they'll get some adoption in 2015. What does this mean to you, dear sender? Get ready, because eventually you'll have a new platform to send to, with a potentially new set of spam and reputation filters to contend with. Let's stay tuned and see if this takes off, shall we?

Microsoft Updates Use of List Unsubscribe Header

What is a list-unsusbcribe header, you might ask? It's an email header, typically hidden from the end user, that includes information that allows the MUA (mail user agent; meaning your email client, email reader, or webmail platform) to submit an unsubscribe request on your behalf. This is typically linked up to an "unsubscribe" button in a webmail provider's user interface. If you see an "unsubscribe" button or link in the Gmail or Outlook.com user interface for a given email message, that message likely contains a list-unsubscribe header.

The header itself is defined in RFC 2369 from 1998. It's very common for email service providers and list management tools to provide support for this header; and if you're building any sort of new tool or list mail sending service, I would recommend including it. Doing so makes it just as easy for a subscriber to click "unsubscribe" as it does for them to click "report spam." Making it easier to unsubscribe means you're likely to garner fewer spam complaints, and thus your deliverability and sending reputation will be at least slightly higher than they would have been without this functionality.

There are two methods of specifying how to unsubscribe a subscriber using the list-unsubscribe header. There's the HTTP method, and the MAILTO method. The HTTP method implies that when it is time to request unsubscribing of that particular user, a particular web page will be visited. The URL would typically include all of the parameters necessary to denote which subscriber, for which sender, is requesting to be unsubscribed. The MAILTO method implies that when it is time to request unsubscribing of that particular user, an email message will be generated to the email address specified in the list-unsubscribe header. (The destination email address typically would include all of the parameters necessary to denote which subscriber, for which sender, is requesting to be unsubscribed.)

A few days ago, Melinda Plemel of Return Path clarified that Microsoft is now only utilizing the MAILTO method and that they are not supporting the HTTP method at this time. (It is implied that Microsoft properties previously supported both the MAILTO method and the HTTP method, but I don't have a lot of experience with the HTTP method myself and I was not able to confirm this.)

TL;DR? Implement a list-unsubscribe header, or make sure your email platform provides one. If you're building it yourself, only implement the MAILTO-based functionality, as it is the most broadly supported. (I'm aware of multiple ISPs supporting the MAILTO method, but I am not aware of any others that are or were supporting the HTTP method, other than Microsoft.)

Ask Al: Help! AHBL is blocking inbound mail!

Mickey writes, "I'm being blocked by AHBL. I own a tax and accounting firm. We send out two newsletters per year to our existing clients using an ESP. We give our clients every opportunity to be removed from the list if they so choose. We do not and have not spammed ever. How did I get blocked by AHBL? No one is able to send me email. Please help. If I did something wrong let me know what. I have no clue and I need my emails working again."

Mickey, if nobody can send email TO you, that strongly suggests that something is up with YOUR mail server. When I tried to send you email at your domain, the message bounced back to me with this error message: "550 5.7.1 74.125.82.46 has been blocked by AHBL."

What this means: Your mail server, or your ISP's spam filtering system, is configured to use the spam filtering blacklist called AHBL. Unfortunately, that blacklist announced that they were shutting down, way back in April 2014. At the end of 2014, the publisher of AHBL moved the blacklist to a sort of "wildcard mode," meaning that anybody who was previously using the AHBL blacklist as a spam filter is now blocking all mail.

That means you -- your mail server, set up by you, your IT consultant, or your ISP, have to go into your mail server's configuration settings and remove any references to AHBL. Once that is done, you will be able to receive mail again.

All mail server administrators should remember to check their mail server spam filter settings periodically. When's the last time you checked to see which blacklists you are using? Are you sure all of those blacklists are still active and publishing? There's a section over on my DNSBL.com blacklist information website all about dead DNSBLS -- make sure you're not using any blacklist shown there, or you could run into troubles like this.

Yahoo Shuts Down Its Email Service In China

As reported on TechCrunch and elsewhere, Yahoo's Chinese email service is no more. Warned all the way back in April, current users of the Chinese version of Yahoo! Mail were given the opportunity to transition their accounts to Alibaba's email service, Alimail.

As of January 1st, any attempt to mail a user at the yahoo.com.cn or yahoo.cn domains is rejected with a "550 relaying denied" error message.

If you run an email service that maintains a filter of dead ISPs or dead domains, I recommend adding yahoo.com.cn and yahoo.cn to your "dead domains" list or similar. There's no point allowing mail to be sent to those domains, as no mail will be successfully delivered.

There is nothing to indicate that users will automatically have the same username at Alimail that they had in Yahoo! Mail, so it likely is not safe for senders to just try to automatically update addresses in their email lists.

Third party post-purchase research emails: spam?

My wife and I were lucky enough to be able to purchase a new car earlier this year. It's a nice car and we love it. But ever since then, seemingly once a month or so, I get a survey request related to automobiles and the automotive industry. Some from known entities, some from unknown entities. A number of them are coming from third parties that I didn't specifically hand my email address to.

The anti-spammer in me tells me that these emails are spam. Somebody I don't recognize is sending me list mail or bulk mail, to an address that I did not give to them.

But when talking with clients or potential clients I have had a lot of them try to tell me that this kind of mail is expected and that it's not spam.

For the moment, forget about who's right or wrong here.

Consider this: Just about all of those surveys have gone to my Gmail spam folder, including the most recent one. Why? Poor sender reputation, I think. Why? I would guess that perhaps I am not the only one questioning why I'm receiving mail from somebody I didn't give my email address to. I didn't report this mail as spam, but it sure looks like enough other people are reporting this sender's mail as spam and thus, making it near impossible for them to reliably get to the inbox.

That's the practical consideration. Not whether or not you think what you're doing is legal or expected or common or necessary; what recipients think is given greater weight. Enough weight that it can bog down your sender reputation.

That's why a mail stream or marketing program or survey program probably just doesn't work without clear cut permission. Regardless of what you think is right or wrong, your opinion (and my opinion) is only a tiny part of the equation.

Now Hiring: Word to the Wise

It sounds like consultancy Word to the Wise is growing! Laura Atkins is looking to hire a Deliverability Specialist to "perform technical investigation into client email systems, reviews messages sent by clients, and make recommendations based on analysis of the client’s email programs." Interested? Click here to learn more.

Is Yahoo.com a wireless domain?

First published in 2005, the FCC's Wireless Domains list was intended to be a list of domains associated with mobile devices (cell phones, pagers, etc.) and that senders of commercial messages were to avoid those messages unless appropriate consent was obtained for each recipient. It sounds like a simple "don't spam me" list, but the form of consent referenced "must include the subscriber’s signature, which may be in digital or electronic form as allowed under the federal E-Sign Act and state counterparts" and the FCC has said that the burden of proof to resolve any complaint rests squarely on the sender, so the net was that most email service providers prohibited their clients from sending to those domains, unless the client implements verifiable consent compatible with the E-Sign Act or similar. (A longer discussion on what constitutes appropriate consent might make sense here but I don't have the time to dive deep and my focus today is more on the Yahoo.com domain landing on the list, see below.)

Email industry insiders noted that the domain yahoo.com had landed on the FCC wireless domains list sometime in the past few days, meaning that if this procedure were to be followed, email services providers would have thirty days at max before they would be forced to restrict their clients from sending mail to subscribers at Yahoo Mail's primary domain name.

That's potentially a big deal! Thankfully, it seems to be recognized as an error and is being addressed. I know that both the FCC and Yahoo have been notified of this and my understanding is that it is likely to be resolved very soon, meaning that it probably won't be necessary for a bunch of senders to suddenly stop sending mail to their yahoo.com subscribers. Whew!

(Update: Yahoo.com has been removed from the FCC Wireless Domains list.)

Interesting SBLs is back

Ever seen the @InterestingSBLs twitter account? It's kind of interesting and occasionally entertaining. It highlights various SBL entries that its anonymous author finds "interesting" by whatever criteria that may be. Because it's an ESP? An ESP's client? A Fortune 500 company? Not sure, but all have appeared there. My own employer has occasionally been called out on it, as have others. Some representatives of some companies have gotten really upset over being mentioned by that Twitter account, but not me. To me, it's really just a synopsis of a public record. And good companies occasionally have Spamhaus issues, too-- not just bad companies. It tells me it's something "interesting" to go look at, not that so-and-so is a scumbag spammer. If you or your company gets mentioned there, take a deep breath and look into it.

There are often big gaps between when @InterestingSBLs posts, but he or she seems to have been active as recently as just over a week ago.

If that doesn't interest you, there's always the Spamhaus SBL "Latest Entries" page, showing you what has been recently entered or recently removed into Spamhaus's main blacklist. This can be pretty interesting. I once knew an alleged spammer who spent most of his day hitting "refresh" on this page every few minutes, looking to find that partners in (alleged) crime may have been caught in the Spamhaus cross hairs.

Keep in mind that all Spamhaus SBL entries are effectively public information. Spamhaus does not password protect or otherwise obviously restrict access to the listing information available on their website. (I'm not necessarily making a case for whether or not they should be public or not, just noting how it is today.)

Purchased lists? DOA.

MailChimp's John Foreman explains the usual reasons why sending to purchased lists is a bad idea, but then he adds on one important practical fact: They perform very poorly. Click on over to the MailChimp blog to learn more.

Pre-order Spam Nation by Brian Krebs

From Brian Krebs: "The backdrop of the story is a long-running turf war between two of the largest sponsors of spam. A true-crime tale of political corruption and ill-fated alliances, tragedy, murder and betrayal, this book explains how the conditions that gave rise to this pernicious industry still remain and are grooming a new class of cybercriminals.

But Spam Nation isn’t just about junk email; most of the entrepreneurs building and managing large-scale spam operations are involved in virtually every aspect of cybercrime for which there is a classification, including malware development, denial-of-service attacks, identity theft, credit card fraud, money laundering, commercial data breaches and extortion."

I'll be ordering my copy soon!

Does Gmail use Spamhaus blacklists?

Probably, implies Return Path based on a correlation between a typical Spamhaus blacklisting and drop in inbox delivery rates at Gmail. I think it's safe to assume that Google does use Spamhaus data for some sort of reputation calculation impacting Gmail deliverability.

Ask Al: Should I add a DMARC record to fix the Yahoo issue?

A friendly representative of a company who helps small businesses sell products asked: "We're having problems forwarding mail from our customers back to our users due to the new Yahoo and AOL restrictive DMARC policy. If we add a DMARC record for our own domain name, would that help address the Yahoo/AOL bouncing issue? Would that explain to the ISPs that we're not spoofing when we forward on that mail?"

No, this wouldn't fix your issue. It's probably not a bad idea for you to implement a DMARC record for your domain, especially if the domain is one you use for email marketing or online retail and want to make it harder for bad guys to spoof it. (But be sure you learn more about DMARC before proceeding; I would recommend partnering with somebody like Return Path or Agari to use their tools and benefit from their expertise with regard to anti-phishing/spoofing and DMARC.)

The reason this wouldn't fix your issue is because the Yahoo and AOL DMARC policies affect only mail that has a Yahoo or AOL domain in the from address. Also, they have the potential to affect all/any mail with a Yahoo or AOL domain in the from address. What other domain you might have in the message or message headers has no bearing on that fact. Whatever DMARC policy setting you publish wouldn't override whatever policy setting the owner of those domains may have published. In other words, if it's AOL.com in the from address, it's always going to be the AOL.com policy that applies, no matter what.

The real fix for the issue is to figure out how to get it so only your own domain name shows up in the from address. That might necessitate a change in your message flow process. It might make you have to reconsider whether or not you forward on messages through your system at all. Or you might have to rewrite headers, if you still want to be able to forward on that mail.

Need to contact Live.com/Hotmail?

On a mailing list I subscribe to, someone recently asked for assistance with getting mail delivered to Microsoft's Live.com and Hotmail.com domains. Apparently the poster works for an internet provider that had a compromised account or two, and Microsoft was blocking their mail as a result.

A kind soul posted this reminder in response:

"The most efficient and effective way to address any deliverability problem is by submitting the issue to our dedicated deliverability support team. Senders can do this by filling out a form with detailed information necessary to diagnose the problem. The form can be found here: https://support.msn.com/eform.aspx?productKey=edfsmsbl&ct=eformts&st=1&wfxredirect=1. Going directly to deliverability support will ensure that we have the right information to investigate the cause and recommend the right solutions quickly."

Those of us who have been around a while already have that URL bookmarked, but I thought I would share it here for new folks who might not already know it.