I'm still here!

I'm still here, but blogging has been a bit of a challenge lately as I've picked up new responsibilities at the office and I'm also in the midst of moving across country. So, my apologies as it is likely to be a little while longer before I get back into the thick of things.

In the mean time, make sure you're keeping up with Laura Atkins and Steve Atkins over at Word to the Wise. They're my go-to source for what's going on in the email world.

Text to Image ratios in email

Laura Atkins of Word to the Wise explains: "The text to image ratio is not going to make or break delivery." I've certainly had people try to tell me that they think the secret to inbox placement is based on a certain specific text-to-image ratio. Like Laura, I know that this is not true, and I am happy to link to her excellent explanation of how this all works.

Verizon Email Transition Update

From Network World, here is an update on the winding down of Verizon's email service, which I previously reported on here. When is the transition happening?
"Once customers are notified, they are presented with a personal take-action date that is 30 days from the original notification. If you happen to miss the deadline and still want to retain your address, you can choose Option 1 and switch over to AOL.  
"Based on the current rate of migration it looks like Verizon will probably get through all of the customer notification waves by mid-summer. At that point, the company will assess when the platform might be entirely wound down."
Note: Like I mentioned before, keep in mind that subscribers can indeed keep their verizon.net email if they like. It'll just be handled by AOL's systems and user interface going forward.

Network World says that "Verizon controls 4.5 [million] Verizon.net email accounts, and [Verizon] figures about 2.3 million of them are active." Active meaning that they have been accessed in the last 30 days.

June 26, 2017 Update: As related to me and others by AOL, the Verizon mailboxes that remain have now been transitioned to AOL's mail servers.

New Anti-Phishing Protection in Gmail on Android

Gmail app users on Android, rejoice -- Google just added phishing protection. If you try to click on a link deemed to be problematic, you'll get warned: “The site you are trying to visit has been identified as a forgery intended to trick you into disclosing financial, personal, or other sensitive information,’ the notice states. “You can continue to [the link] at your own risk.”

Read more about it over at the Consumerist.

Why list-unsub doesn't let you "opt-down"?

If you're familiar with the "list unsubscribe" functionality, support for which is implemented in Apple's iOS Mail Client, as well as Gmail and Outlook.com, you might wonder why these implementations might not allow you to land at a preferences page when clicking on the link. Clients have certainly asked me why they aren't allowed to add a step in the middle of this process -- instead of just logging the unsubscribe request, can't they ask the subscriber if they might want to receive fewer emails (opt-down instead of opt-out) or otherwise adjust their preferences, instead of losing them?

The problem here, is differing expectations between marketers and internet service providers (ISPs).

Microsoft's Terry Zink explains specifically why Outlook.com does not support the HTTP method of list-unsubscribe (which would potentially allow driving to a preferences page instead of just capturing an opt-out): Because it's their user interface, and it's up to them (Microsoft) to ensure that their users have the best experience possible, and they really intend this to be a simple "unsubscribe" and nothing more. He explains that #1 the experience is really supposed to be "you are unsubscribed," not click this checkbox or hit this button, and #2, he explains their concerns over the potential for a third-party interface not necessarily spinning up properly, resulting in a poor subscriber experience, and an unlogged unsubscribe request.

Jump on over to Terry Zink's blog post where you can read it in his own words. That, in a nutshell, is why it works the way it does, at least as far as Microsoft's Outlook.com platform is concerned.

Orange UK Email Closure

United Kingdom-based ISP Orange (now part of Everything Everywhere aka EE) has announced that they are shutting down their email service as of May 31, 2017. This affects users at these domains: orange.net, orangehome.co.uk, wanadoo.co.uk, freeserve.co.uk, fsbusiness.co.uk, fslife.co.uk, fsmail.net, fsworld.co.uk, fsnet.co.uk. This does not affect non-UK Orange email users.

Follow this link for more details.

New DMARC Record Lookup Tool

If you use the DNS tools over on XNND, you might notice that the DMARC record lookup feature now links to a new DMARC record lookup tool, kindly provided by Steve Atkins of Word to the Wise. Thanks, Steve!

Senders: What should you do about verizon.net?

As mentioned in a previous post, Verizon recently announced that it is getting out of the email hosting business.

Verizon users are being given a choice. They can:
  • Give up their verizon.net email address; or
  • Continue to use their verizon.net email address, but it will now be hosted by AOL.
Note also that Verizon has yet to announce a deadline as to when users will have to make this choice.

What does this mean for senders? What should senders "do" about verizon.net subscribers?

Truth be told, senders really shouldn't have to do anything here. The email domain verizon.net is not going away. Current users are going to be able to keep their existing email addresses. It is just that going forward, those email addresses will be hosted by AOL.

If a user chooses to give up their verizon.net email address, mail to that address with eventually start bouncing. Any good list management software or ESP platform should be able to denote those bounces and suppress that email address, after it goes dormant. There really shouldn't be any negative impact to email deliverability.

Even if senders wanted to do something with this segment of subscribers -- there isn't much they could do. You could email all of your verizon.net subscribers today, but what would you tell them? You don't know which ones plan to keep their email address and which ones plan to move.

I think all senders really need to do here is:
  1. Keep your regular mailing cadence;
  2. Make sure you have an easy "update your email address" process as part of your email footer; and
  3. Make sure your email platform automatically recognizes and suppresses no-longer-valid email addresses.
Beyond that, really, no special action is needed.

ETA: There's certainly no harm if you want to send all verizon.net users an email message asking them if they want to update their email address. I think it all boils down to how much effort you want to put forth to try to save a percentage of a percentage of users. How big the value you'll get from that is really impossible to measure without doing it. That's why my guidance is to just let the email platform work it out for you.

Do you care about WHOIS?

There's an effort underway within ICANN where the net result could be that publicly-available domain ownership info is no longer available under any circumstances. Does that strike you as the best way to go? I personally don't think it is. WHOIS is a valuable forensic tool for security researchers and spam filterers.

Does a business have a right to privacy on the internet? I say no. If you're a company in the real world, your company registration is public knowledge. If you're a company on the internet, shouldn't that registration information be at least as available?

If WHOIS matters to you, please consider joining the "Next-Generation gTLD Registration Directory Services to Replace Whois" ICANN group and sharing your opinion, voting in the surveys they publish, and responding to the questions people may ask about why WHOIS matters.

Verizon Users: Leave, or move to AOL

As reported last May, the Verizon email user transition to AOL continues, with Verizon now announcing that they have decided to "close down our email business."

Existing verizon.net email users have two options:

  1. Continue to use their verizon.net email address, but it will be hosted by AOL Mail.
  2. Give up their verizon.net email address and find a new email/webmail provider.

From a deliverability perspective, I think it is safe to assume that most of the Verizon email infrastructure is being retired, and that the verizon.net email address domain lives on a just another of the AOL email domains (like cs.com, wmconnect.com, aim.com, wow.com, etc.) There likely won't be any difference in reputation or filtering systems between verizon.net and aol.com mailboxes, when the transition is fully complete. This could be subject to change, so stay tuned.

Update: Laura Atkins of Word to the Wise rightly points out that there's no timeline or deadline published anywhere in this Verizon notice. When exactly will Verizon shut it all down? We shall see.

June 26, 2017 Update: As related to me and others by AOL, the Verizon mailboxes that remain have now been transitioned to AOL's mail servers.

Password Reset Emails: Best Practices

I've been thinking about best practices for password reset emails lately. Instead of trying to re-invent a wheel that other folks have already capably designed, I'll just highlight a couple of thoughts and link to some more detailed info from a couple of folks with have good insight to share.

The most important thing to remember, I think, might be this: Always reset, never remind. Meaning, don't email a password to the user. It could spit out the password to the wrong person, if abused. Also, aren't your passwords one-way encrypted? Don't store it in the clear, don't send it out in the clear.

A close second: Make sure your emails don't look like phishing. Everything should properly authenticate with SPF and DKIM. Your domain should have a DMARC policy in place. Lock that domain down, to make it harder for faked password resets (or other notifications) to get through to the inbox.

And finally, delivery speed really matters -- though busy email systems can often still deliver emails pretty quickly, you will find that delivery delays due to poor reputation will absolutely kill you here. This highlights why you need to keep your nose clean with your marketing emails -- so your reputation is stellar enough that the same communication channel is open and available to you for very quick delivery of very important user notifications, like password reset emails.

AOL, Yahoo, Gmail (and possibly other ISPs) seem to delay delivery of inbound email when a sender's reputation is only so-so. And you can't always try to segregate that mail to work around the issue. You might not have enough transactional mail volume to warrant a dedicated IP address just for notifications. And your domain name is going to be the same across all types of email, assuming you want to stick solidly to your primary brand and its domain.

Microsoft's Troy Hunt has put together an excellent number of suggestions on the topic of resetting your password,  and Postmark's Garrett Dimon dives deeper into the email side of this equation. They're both worth reading.

New Outlook.com/Hotmail IP ranges

Microsoft's Terry Zink announced yesterday on the Mailop list that Microsoft is combining the infrastructure for Outlook.com (Hotmail) and Office 365. As part of this infrastructure update, Microsoft is letting the world know that soon, all outlook.com (hotmail.*, live.*, msn.*, etc.) consumer email traffic will originate from IP addresses in the ( - network range. Folks running spam filters will want to update their systems accordingly.

AOL User Mike Pence

I usually try to avoid getting too political around these parts, but this one I just can't resist.

Turns out, then-Indiana governor Mike Pence was a big fan of using his personal AOL email account for state business.

That can't be right, can it? After all, that party sure made a big fuss about another party's presidential candidate using personal email for business purposes.

Indeed, the Indy Star and USA Today report that "Pence fiercely criticized Clinton throughout the 2016 presidential campaign, accusing her of trying to keep her emails out of public reach and exposing classified information to potential hackers."

Yet, "[While] Indiana Gov. Eric Holcomb's office released more than 30 pages from Pence's AOL account, ... [the office] declined to release an unspecified number of emails because the state considers them confidential and too sensitive to release to the public."

Strange how politicians attack rivals over things they themselves engage in, isn't it?

IBM Patents Out-of-Office Reply functionality

The United States Patent and Trademark Office has granted patent number 9,547,842 to IBM for an "Out-of-office electronic mail messaging system." What? I don't even.

Guest Post: A Guide to Microsoft SNDS

Deliverability Expert Chris Truitt was kind enough to reach out to me after he noticed my prior post lamenting the lack of guidance on what you should do with Microsoft SNDS data. Here are his suggestions for what you should be thinking about when looking at Microsoft SNDS data. Thanks, Chris! -- Al Iverson

Sean Spicer and WHOIS

ARS Technica reports on Trump minister of propaganda (I think that's his title) Sean Spicer and how he registered a handful of domains a few years ago with his still-current contact information, including his still-current phone number.

Howto: Maximize Inbox Delivery to Yahoo

What is the path to deliverability success at Yahoo! Mail? Here are five simple considerations that will help point you in the right direction.

What can SNDS tell you?

Microsoft Hotmail / Outlook.com's SNDS (Sender Network Data Services) portal is a useful interface where you register to be able to look up reputation data specific to your sending IP addresses. In my "How to troubleshoot Microsoft Outlook.com / Hotmail Delivery Issues" article, I suggest signing up for it.

The Scunthorpe Problem

Have you heard of the Scunthorpe Problem? It highlights the side effects associated with trying to filter out profanity.

What is UCENET?

Formerly known as the London Action Plan, UCENET (Unsolicited Communication Enforcement Network) exists to promote international spam enforcement cooperation and address spam related problems, such as online fraud and deception, phishing, and dissemination of viruses. Its members include government and internet industry representatives and public agencies from 27 countries.

You can learn more about UCENET's recent activities here.

(H/T to the Mainsleaze blog.)