tag:blogger.com,1999:blog-267536222024-03-19T03:47:49.349-05:00Spam Resource: All Things DeliverabilityAl Iverson's blog about email deliverability, marketing best practices, blocklists and stopping spam.Al Iversonhttp://www.blogger.com/profile/14312013852191097352noreply@blogger.comBlogger1499125tag:blogger.com,1999:blog-26753622.post-72140794942467681842024-03-18T07:00:00.002-05:002024-03-18T09:12:16.028-05:00Spam Resource Spotlight: Skyler Holobach<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy0Qx6hfVg5qANAhaG7Pal3Cs_Bg9qRd-8cAIvstQ-iT0EtlU4kA0WopmoLbv59PbpoMOqvB7Ez9GXy-bhvy9r5g4O2azJhyphenhyphen3FPKcG5MKzKrATks2QhYnCnkBF4w1yNoq34YB40I60g3exmnlmc_fM5A-R0etXWUlCGZv-YhzrbHlWbZ_g2_-t/s1200/sr-spotlight-skyler.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy0Qx6hfVg5qANAhaG7Pal3Cs_Bg9qRd-8cAIvstQ-iT0EtlU4kA0WopmoLbv59PbpoMOqvB7Ez9GXy-bhvy9r5g4O2azJhyphenhyphen3FPKcG5MKzKrATks2QhYnCnkBF4w1yNoq34YB40I60g3exmnlmc_fM5A-R0etXWUlCGZv-YhzrbHlWbZ_g2_-t/s16000/sr-spotlight-skyler.jpg" /></a></div><br />My friend <a href="https://www.linkedin.com/in/skyler-holobach/">Skyler Holobach</a> is Vice President of Product Experience and Design for <a href="https://www.socketlabs.com">SocketLabs</a>. She knows her way around the email space, from deliverability consulting, to best practices and policy compliance, and on to product enablement and product design and innovation. I had the pleasure of working closely with Skyler back in our Salesforce days, both of us having been assimilated into the <i>Benioff Mothership</i> by way of acquisitions of Pardot and ExactTarget. (Well…ET acquired Pardot, then SF acquired ET, but let's not get too pedantic about it.) Skyler is smart, detail oriented, and thinks big. What's next and where are things going? Her career growth and her rise into the higher ranks of SocketLabs make it clear that she does have some idea where it's all going.<p></p><p><a href="https://www.linkedin.com/in/skyler-holobach/ ">You can find her Linkedin profile here</a>.</p><p><b>Skyler, thank you for taking the time to talk to me today! You've come a long way from when I first knew you as a member of the policy compliance team for the Pardot email platform. Was that your start in email? How did you land in this world?</b></p><p>Thank you for interviewing me! I got my start in compliance while I was working at the University of Georgia, somewhat by accident. I worked in student tech support, so it was mostly dealing with network issues on the campus wifi. </p><p>I wound up volunteering for a project that boiled down to, "go take this device (that looked like a large, BRIGHT YELLOW golf club, it could not have been goofier), walk around all the dorms, and figure out what dorm rooms have private wifi networks set up, so we can tell them to cut it out and use the main campus wifi". I had SO MUCH FUN with that project. I liked the idea of finding people who were doing the wrong thing (to be fair, usually accidentally!), educating them on why they needed to cut it out, and making the wifi experience better for everyone else. </p><p>As fun as it is, waving a wifi-detecting golf club around dorms doesn't quite make a living, so I eventually wound up joining Pardot's support team. During a team meeting, our manager asked if someone wanted to do email deliverability, because we needed more than one person on that team. I had no clue what email deliverability was, but I volunteered anyway because it sounded interesting. I wound up doing dual roles in deliverability and compliance until we needed to scale, then I focused entirely on building out our compliance team. And now, (mumble) years later, here I am! </p><p><b>We've both moved back and forth between deliverability/compliance and product management. What do you think your background in compliance and deliverability does to help inform what you do as a product manager?</b></p><p>I've never been asked this, but wow do I love this question. There's so much I could wax poetic about, but I think the absolute biggest contributor to my success as a product manager has been the concept of <b>not being my job.</b> It's served as the foundation upon which I've built effectively everything else, and I'm so excited to nerd out about it here. Fair warning, I majored in psychology with a particular emphasis on social psychology, and it's one of my favorite ADHD hyperfocus topics. :) </p><p>So! The manner in which we identify ourselves is one of the most fascinating and complex topics in psychology. In modern society, we've wrapped a LOT of our identities up in what we do for work. If I ask you, "What do you do", you're more likely to jump to telling me what you do for work versus what your hobbies are. That's totally understandable: you spend SO MUCH time at work, thinking about work, maybe explicitly not thinking about work but in doing that you're paradoxically thinking about it, it's hard to not have it merge with who you define yourself to be.</p><p>Now, let me wrap that concept into where I'm going: compliance is not for the faint of heart. It involves telling a lot of angry people no, then telling them no again, then telling some other person no, then justifying why you're saying no, then getting shouted at after you said no, then then, then, ad nauseam. It can be exhausting, isolating work. If you cannot figure out how to untangle the role from the self, it's a recipe for significant mental health problems (you'll never guess how I know that). For the longest time, I didn't untangle the role from my personal identity. At one point, I was talking to a career coach about how "everyone hated me", because I am the one who tells people no. She immediately stopped me and said, "They hate the ROLE, not YOU". I wound up writing that down and sticking it behind my laptop as a reminder that my job is not who I am. I am not Skyler, <job title>. I am Skyler, <long list of other things that make me, me>. </p><p>Game. Changer.</p><p>That concept, that my job is not who I am, and learning that through the fires of compliance, set me up for a great deal of success in product management. I do not fear "looking stupid" through making a mistake or asking 500 questions of my engineering team, because my job is not who I am. Someone being mad because their request got deprioritized has nothing to do with me as a human. They do not hate Skyler for saying no, they hate that the thing they wanted isn't being done right now. I don't come into a room NEEDING to be the one who is right or the winner in a negotiation, because the focus isn't on protecting my personal identity, the focus is on actually solving an issue.</p><p>I think that mindset has been the biggest contributor to our success as an organization, as it's built a massively trusting relationship between me and my engineering team. I don't feel a need to protect my ego on any decisions I make, because my job and my ego have nothing to do with one another. If there's a better call we can make as a team, we make it. </p><p>Oh, and I learned some really intensive negotiation tactics and communication skills, which always helps. :) </p><p><b>I love this! It's a great way to get away from the angst of "will they hate me for asking questions" so you can be open and honest about the hunt for knowledge that you need to get the job done!</b></p><p><b>You've told me a bit about the cool stuff you're working on now over at SocketLabs. Here's your chance to tell the world! What cool things have you been working on?</b></p><p>So, most recently, we released Spotlight (<a href="https://www.socketlabs.com/hub/spotlight-diagnostics/">https://www.socketlabs.com/hub/spotlight-diagnostics/</a>) , which connects to your SendGrid account and provides actionable insights into your email program. </p><p>I feel like Oprah saying "YOU GET A CAR" when I talk about my favorite pieces of the platform. You've got scoring! You've got the ability to filter your data in extremely flexible ways! You've got context as to what's actually going on with your email program so you can actually act on your data instead of trying to sort through it blindly! You've got the ability to look at all of your SendGrid subusers from one place, so you can actually get a sense of the full picture of your infrastructure! You want MailGun data in there? You'll GET MailGun data (soon!). </p><p>I think one of the things I'm most proud of with it is how easy it is to set up. If you can copy paste, you can set up Spotlight. There's no need to involve an engineering team at all, and I'm incredibly proud of the work my engineering team put in to make that a reality. It was kind of wild to have built it to be that way, I KNEW it was built that way, and then it was demoed back to me and I briefly panicked to my lead engineer- "did we forget something? How is it this simple?". It's so cool to see what happens when you let engineering do what they do best: solve problems and build interesting stuff.</p><p>I don't know if you relate to this, but I feel like being in Product is perpetually being the person who is planning a surprise party. I know SO MUCH cool stuff is coming on top of the cool thing we just built, but I can't tell you because then I'd ruin the party. Is that a common feeling?</p><p><b>Not as much as I wish it was! Sometimes it has been more like ... plan 14 surprise parties, then cancel 13 of them. Then scale the last one back. Now maybe we split a muffin. Sigh. But yeah, when you do actually have the resources to make things happen and you know what is coming, it really is a great feeling!</b></p><p><b><a href="https://www.spamresource.com/2024/01/spam-resource-spotlight-alison-gootee.html">Alison Gootee</a> and I agreed recently that raisins ruin everything. Do you agree, or are you wrong? If not raisins, what is one foodstuff or ingredient that you believe should simply NOT exist, something you can't believe people knowingly enjoy?</b></p><p>I couldn't possibly agree more. I share a visceral hate of an oatmeal raisin cookie lacking in chocolate chips. I'm making myself angry just thinking about it.</p><p>And here's the part of the interview in which I get canceled for my food opinions: I cannot stand tomato ketchup. I love tomatoes, but the second you add sugar to a tomato, it's dead to me. Fascinatingly, ketchup wasn't always made with tomatoes! The original ketchup was made with fish and soybeans. Mushroom ketchup was also a thing for a bit, before Heinz came in with their sugary tomato abomination and dominated the market. </p><p><b>Ha. Ironically, my wife loves ketchup but hates tomatoes. Speaking of Alison, she's quite the master-of-memes. And we've got another friend who is a self proclaimed "<a href="https://www.spamresource.com/2024/03/spam-resource-spotlight-carmi-jones.html">margarita enthusiast</a>." What do you do for fun? Dogs? Purple hair? Home repair?</b></p><p>With ADHD comes a whole mess of hobbies that I generally bounce between. Right now, my husband and I are completely gutting and renovating our house, room-by-room. We just passed a waterproofing test on the shower we built (24 hours of water in the shower pan, if the water level doesn't drop, you're good to go!), so now we're ready for tile! We're DIY-ing as much as possible, which has been one heck of a learning experience. In the last year, I've learned how to swap plugs and switches, do drywall, install flooring, remove floor squeaks, deal in basement flood management, it's been….a lot.</p><p>Non-drywall-dust-covered hobbies include crocheting, sewing, leatherworking, cross stitching, watching garbage reality TV, and papercrafting. I used to teach laser cutter safety at a makerspace and I loved it, so I've got plans to get a giant laser cutter after the home reno is done. Don't ask me how many ongoing crafty projects I have. :) </p><p><b>So much (too much) of deliverability is based around "tricks" or "hacks" to try and get into an inbox or to stay out of the spam folder. If you could get the attention of every email marketer on earth to try to convince them of one myth they absolutely need to stop perpetuating, what would it be and why?</b></p><p>If 👏the 👏spammers 👏 know 👏 the 👏 hack 👏 it's 👏 not 👏 useful 👏. <a href="https://www.spamresource.com/2022/11/take-your-spam-trigger-words-and-go-away.html">SPAM TRIGGER WORDS ARE NOT A THING</a>. If there was a magic list of words that guaranteed your email would land in the spam folder, the spammers would simply ✨ also not use those words ✨, rendering the magic list entirely useless. There's a reason the inboxing filters and rules and such are such highly guarded secrets, and it's entirely to prevent spammers from figuring it out. Focus on sending wanted mail to people who have asked for it, that's what is actually key to inboxing. </p><p>So go on, use that exclamation point. Use two, even. FREE THE ALLCAPS! </p><p><b>Skyler, thanks so much for your time and words and knowledge and opinions! I appreciate you!</b></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-64207609573664372102024-03-17T15:00:00.019-05:002024-03-17T15:00:00.231-05:00Bonus: Beyond The Basics: An Email Requirements Roundtable with Google, Yahoo and Valimail<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZZLq6l2DSObsKKayC7LUiOZPslPoJu-1BHKTGTGX8KXe0wZ3-eotdhREr62YuJrglAPb7xbUTFeF3gpgrDNSVcFp9klLKNXmizVUbKGdT-e3cb-gT90mMHCf0pmhvXOylmWcHft5FVuqZb2RMjeXuGwpRic4XC5t8jcvXD3QitggPYbkVZ0q3/s1200/vm-basics.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="675" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZZLq6l2DSObsKKayC7LUiOZPslPoJu-1BHKTGTGX8KXe0wZ3-eotdhREr62YuJrglAPb7xbUTFeF3gpgrDNSVcFp9klLKNXmizVUbKGdT-e3cb-gT90mMHCf0pmhvXOylmWcHft5FVuqZb2RMjeXuGwpRic4XC5t8jcvXD3QitggPYbkVZ0q3/s16000/vm-basics.jpg" /></a></div><br />For this wondering what's going on with all that Yahoo and Google stuff -- or if you're hoping to get beyond it and hear what's next -- either way, this is something you'll want to attend. Join Seth Blank from Valimail in a round table discussion with Neil Kumaran from Google and Marcel Becker from Yahoo look to clear up any pending confusion and identify the path forward for security and trust in email. I'm looking forward to this and I'll be listening in myself! <a href="https://www.valimail.com/resources/webinars/beyond-the-basics-an-email-requirements-roundtable-with-google-yahoo-and-valimail/">Click here for more details or to register</a>. The fun happens on Thursday, March 21st at noon central time.Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-84634324276217537072024-03-15T07:00:00.013-05:002024-03-16T12:24:18.420-05:00Gmail: New compliance dashboard in GPT<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAz5mfnX4mU_70_3ysjH84rLZKK2w2Xt-O7odWJ9xgRgQ1SCIS0B2djn_6S3bNRRqBVVZI2phlDoLVX_bwGXvJjGwmbhL-tzcNa5sV_iJIxos3T1KhcG-g8-Jmwki9o1t9MnWIWyPfMdfny1THHluO0Y8Gu5NYHw5ovAIsIqdKRaxM8eQ0Av5U/s1200/gpt-newdash2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAz5mfnX4mU_70_3ysjH84rLZKK2w2Xt-O7odWJ9xgRgQ1SCIS0B2djn_6S3bNRRqBVVZI2phlDoLVX_bwGXvJjGwmbhL-tzcNa5sV_iJIxos3T1KhcG-g8-Jmwki9o1t9MnWIWyPfMdfny1THHluO0Y8Gu5NYHw5ovAIsIqdKRaxM8eQ0Av5U/s16000/gpt-newdash2.jpg" /></a></div><br />Google recently released an update to <a href="https://www.gmail.com/postmaster/">Google Postmaster Tools</a>. There is now a new dashboard available to users that specifically highlights compliance pass/failure with their newly updated 2024 sender requirements.<p></p><p>On the new dashboard, we've got SPF and DKIM authentication status, From alignment status, DMARC authentication status, send encryption (TLS) compliance, User-report spam rate compliance (meaning you're under the threshold), DNS record compliance (meaning your sending IPs and domains have proper forward and reverse DNS) and placeholders that will later show compliance with the one-click unsubscribe (RFC 8058) header requirement and "honor unsubscribe" compliance. I would expect that last one to identify whether or not a sender continues to email recipients after those recipients have unsubscribed. En masse, it's a sign of major list hygiene/permission problems. (Though, like everything else, it gets tricky. What about transactional mail? But I digress.)</p><p>If you don't already use GPT to monitor your sender reputation and send compliance, now's the time to configure it. It's free, safe and <a href="https://www.spamresource.com/2023/12/is-google-postmaster-tools-secure.html">secure</a>. If you do use GPT, now you've got a new dashboard to review, specifically geared to help you comply with the new <a href="https://www.spamresource.com/2024/01/yahoo-mailgmail-2024-easy-sender.html">Yahoo and Google requirements</a>. Good stuff, for sure!</p><p>If you've already got access to Google Postmaster Tools and want to jump directly to this new compliance dashboard, the URL is: <a href="https://postmaster.google.com/v2/sender_compliance">https://postmaster.google.com/v2/sender_compliance</a></p><p><i>[ Special thanks to Iterable's <a href="https://www.linkedin.com/in/annesophiemarsh/">Anne Sophie Marsh</a>, who was kind enough to share an example screen capture. She mentioned that the fine folks at Iterable have been very excited to explore this new tool. And additional thanks to Iterable's <a href="https://www.linkedin.com/in/corbetttom/">Tom Corbett</a>, who was kind enough to send me an update after Google added "from alignment" to the set of compliance checks.]</i></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-90431380592591837112024-03-14T07:00:00.002-05:002024-03-17T11:53:48.138-05:00DELIVTERMS: CASL<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijeYEkSM3sjqWMyzNyhf4zqtKDugWL_4l4r9VwY1yc-eGp3X7B6xOVaBO2BDHp5E5eQPnSfBW_Vkjh4JiO3iDqRaNomYg5t70vsz6YjPKJwL0y0xQ8hNGRKvSdNQMZINp2DxPb71qrRcnwF9ry8jJ9KgnFLzAyYMZKgx1q_TtskC0GjDzuuQsG/s1200/dt-casl.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijeYEkSM3sjqWMyzNyhf4zqtKDugWL_4l4r9VwY1yc-eGp3X7B6xOVaBO2BDHp5E5eQPnSfBW_Vkjh4JiO3iDqRaNomYg5t70vsz6YjPKJwL0y0xQ8hNGRKvSdNQMZINp2DxPb71qrRcnwF9ry8jJ9KgnFLzAyYMZKgx1q_TtskC0GjDzuuQsG/s16000/dt-casl.jpg" /></a></div><br />It seems like a good day to decode another deliverability acronym. It's DELIVTERMS! The annoyingly random ongoing feature from Spam Resource, where we explain all those confusing deliverability terms.<div><br /><div>Today we're talking about CASL, which stands for "<b><a href="https://fightspam-combattrelepourriel.ised-isde.canada.ca/site/canada-anti-spam-legislation/en">Canada's Anti-Spam Legislation</a></b>." If you're American, think of it as the Canadian version of <a href="https://www.spamresource.com/2022/07/delivterms-can-spam.html">CAN-SPAM</a>, the US federal anti-spam law, but with some important differences. I know a fair amount about CAN-SPAM (disclaimer: I'm not a lawyer) but I know less about CASL. I wanted to learn more, so I asked for guidance from Canadian Deliverability expert Matthew Vernhout (<a href="https://www.linkedin.com/in/vernhout/">who is currently VP, Deliverability North America for Netcore Cloud</a>). Here are a few good links that he kindly shared with me.<p></p><p></p><ul><li>The Canadian government has an official CASL website here: <a href="http://Fightspam.gc.ca">Fightspam.gc.ca</a></li><li>Matthew's "Email Karma" blog published a <a href="https://emailkarma.net/?s=CASL+Countdown">CASL Countdown series</a> back in 2014, but the information there still seems to be very relevant.</li><li>That's just part of a whole <a href="https://emailkarma.net/?s=CASL">CASL section that one can find on the Email Karma website</a>.</li><li>Privacy Agency NewPort Thomson has <a href="https://newportthomson.com/regulations/canadian-anti-spam-legislation-casl/">published a CASL ebook</a> that has lots of useful information for marketers.</li><li>The <a href="https://thecma.ca/search?indexCatalogue=site-index&searchQuery=CASL&wordsMode=AllWords">Canadian Marketing Association regularly posts CASL-related info</a>, and offers up training sessions and materials.</li><li>The Canadian Radio-television and Telecommunications Commission publishes reports on <a href="https://crtc.gc.ca/eng/internet/pub/20220331.htm">CASL compliance actions here</a> as part of their broader <a href="https://crtc.gc.ca/eng/internet/anti.htm">CASL-focused website</a>.</li><li>This <a href="https://www.reddit.com/r/CASL/">CASL forum on Reddit</a> tracks enforcement actions.</li></ul><div>And don't forget to follow Matt Vernhout's blog, <a href="https://emailkarma.net/">Email Karma</a>. Thanks, Matt, for sharing all of this great info!</div><div><br /></div><div>(Full disclosure: Most of this is recycled from a 2022 blog post, but I believe this content to be accurate as of 2024.)</div><div><br /></div><div>Don't forget to browse the <a href="https://www.spamresource.com/search/label/delivterms">DELIVTERMS</a> section here on Spam Resource, chock full of explanations of deliverability and email marketing terminology.</div></div></div>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-83598233752207210632024-03-12T16:23:00.002-05:002024-03-13T10:37:48.516-05:00Come to the CSA Email Summit April 22-24 in Cologne<div class="separator" style="clear: both; text-align: center;"><a href="https://summit.certified-senders.org" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUzYRIHPzcaO8TfkWIGm-erNpm_0nABed_3h_Z9Pda5JEfcX7f87dm5b9369dyHWYBphYdXhQDe7Nj-GRBJQIMf3X8EMxV6d_nQZ1AcQawCTLT9HzQB0DJzCqk7W-oCAjHCbdgN1W02Li6I1_dUK-al7hPk9yRy4i_sOi7j8a7Bh_35fvg2foT/s16000/csa-summit-3.jpg" /></a></div><br />The <a href="https://certified-senders.org">Certified Senders Alliance</a> is a valuable organization in the email ecosystem. A neutral interface between mailbox providers and senders of commercial emails, they bring together many email senders, email receivers and Internet Service Providers to connect and collaborate on common issues. And now is your chance to experience this opportunity for that collaboration and connection in person! The upcoming <a href="https://summit.certified-senders.org">2024 CSA Email Summit</a> (their 20th anniversary!) will be held in <a href="https://summit.certified-senders.org">Cologne, Germany on April 22-24, 2024</a>. You'll hear from representatives from Yahoo, Orange, 1&1 (GMX/Web.de/Mail.com), Vade, Omnivery, Iterable, Sitecore, ActiveCampaign and more! To purchase tickets, plan your visit, or if you just want to learn more information about this jam-packed three day event, <a href="https://summit.certified-senders.org">click on through here</a>.<p></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-24742975392752703092024-03-12T07:00:00.009-05:002024-03-12T07:00:00.233-05:00Fun with bad data: That doesn't go there!<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCIVBTf29N1uoOebe1_gQQimvjA_FSp8Klx2g2T9FmyUjZ3uvqbyq4qpLvSXwRXWks7CL_lkUoym_-c1h79fI3hNK0KkfgIbsh-0PxPBI6xyz2Db1dXPcemcWckverw9zlrlEDdSGIJqIocXWsqaKYWv3tzBsk1PldHxtnh23o0_pPVNzndE9M/s1200/bad-dmarc2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCIVBTf29N1uoOebe1_gQQimvjA_FSp8Klx2g2T9FmyUjZ3uvqbyq4qpLvSXwRXWks7CL_lkUoym_-c1h79fI3hNK0KkfgIbsh-0PxPBI6xyz2Db1dXPcemcWckverw9zlrlEDdSGIJqIocXWsqaKYWv3tzBsk1PldHxtnh23o0_pPVNzndE9M/s16000/bad-dmarc2.jpg" /></a></div><br />Today's data question: What if we scanned the top one million domains, looking for DMARC records and DKIM records misconfigured so that they're living at the top level of the organizational domain? Well, I did that, and it turns out that there are more than 11,000 domains with either a misconfigured DKIM or DMARC record (or in a few cases, both), living at the top level of the domain.<p></p><p>Methodology:</p><p></p><ul style="text-align: left;"><li>Looking for TXT record containing "v=dmarc1" at top level of the organizational domain (think <a href="https://www.wombatmail.com/dns.cgi?t=txt&d=spamresource.com">spamresource.com</a>, not <a href="https://www.wombatmail.com/dns.cgi?t=txt&d=_dmarc.spamresource.com&m=">_dmarc.spamresource.com</a>). If so, we've got a DMARC record living where it shouldn't.</li><li>Looking for a TXT record containing "v=dkim1" at the top level of the organizational domain, OR looking for a TXT record containing a fingerprint of a commonly used CRM/ESP DKIM key, whether or not it contains v=DKIM1. (There's a broadly used public key used by a couple of different platforms that omits the v=spf1.) If I find either of these, we've got a DKIM record living where it shouldn't.</li></ul><p></p><p>And that leaves us with 11,890 domains with <i style="font-weight: bold;">some</i> form of broken DKIM or DMARC record lying about. Break it down and you get 5,918 domains with a funky DKIM record, 6,333 domains with a funky DMARC record, and 361 domains that managed to get funky with both records.</p><p>What I didn't check is whether or not they also have valid DMARC or DKIM records in place. I'm sure a lot of them do, as when they get an alert saying that the record isn't found, few checkers go look for it instead at the top level of the organizational domain. So people probably don't go back and fix the errant, leftover DNS record, leaving it to sit and fester forever.</p><p>It might be harmless, but it also might be confusing and it's never a great thing to leave bits of bad data oozing out from the DNS for your domain name. I think it might be time for DKIM and DMARC testers to look for and fail records found in that wrong place. If we want people to get better at implementing email authentication, we've got to give them better guidance and feedback while they attempt to do so.</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-11199931818127501852024-03-11T07:00:00.054-05:002024-03-11T09:17:35.842-05:00RQIBAADL: Random questions I've been asked about DMARC lately: a FAQ<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTrGyrbyv6K5MBmZW4PRQ-cgABy1KdjbjmMjR2NMdygr47l57VwobvSd91GEZYdkM8VwbRnAzTJgaC8fMX6cu4KrzWZC0QykajGcTRZ-9DQIu3KfRCjKn3DiEa1yAxIaktq6EyA1HCyXk6Vo6xyus0lp3AkFudgrXdXrjmDtDQsp9tqixLbsSr/s1200/dmarc-faq.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTrGyrbyv6K5MBmZW4PRQ-cgABy1KdjbjmMjR2NMdygr47l57VwobvSd91GEZYdkM8VwbRnAzTJgaC8fMX6cu4KrzWZC0QykajGcTRZ-9DQIu3KfRCjKn3DiEa1yAxIaktq6EyA1HCyXk6Vo6xyus0lp3AkFudgrXdXrjmDtDQsp9tqixLbsSr/s16000/dmarc-faq.jpg" /></a></div><br />Uh, <a href="https://www.youtube.com/watch?v=0GiKNTnWI4U">zoom, zip</a>! A quick one today -- allow me to cobble together a blog post made up of some quick answers to recently asked questions about DMARC. Let's jump right in to it.<p></p><p><b>My DNS provider's control panel won't let me configure a DMARC record. I get an error that says that underscores are not allowed in domain names. What should I do?</b></p><p>Technically, underscores are not allowed in domain names. (There is no such thing as spam_resource.com.) However, underscores are allowed in DNS hostnames, like "<a href="https://www.wombatmail.com/dns.cgi?t=dmarc&d=spamresource.com">_dmarc</a>", the hostname or DNS entry you need to create under your domain name to enable DMARC. I'm not going to name names, but there are some domain registrars and DNS control panels that misunderstood the "no underscores in domain names" rule and think it means that you can't have underscores in DNS hostnames. Which is wrong. If you run into this, submit a support ticket to the DNS host or domain registrar and point out that millions of people have created DMARC records for their domains, and each one of those records contains an underscore. In some cases your domain registrar can add the DMARC record for you manually. And if they can't, maybe you'll need to move your domain to a different registrar.</p><p>It seems as though platforms affected by this are racing to fix things, if they haven't already. So let us hope that this becomes a thing of the past, very soon. (For those looking to nerd along from home, <a href="https://www.rfc-editor.org/rfc/rfc2782.txt">RFC 2782</a> specifies using a DNS record starting with an underscore, when implementing that DNS record to indicate a link to a service.)</p><p><b>When checking my DMARC record, I get an error that says I have no policy set. What does that mean?</b></p><p>The "policy" setting is the p= value in your DMARC record. It can be none, quarantine or reject. It has to be exactly one of these. Not more than one, not worded differently. Also make sure you didn't accidentally type "policy=" instead of "p=" into the DMARC record, which I myself am guilty of doing at least once.</p><p><b>When checking my DMARC record, I get an error that says that I have two DMARC records for my domain. But I followed the instructions that my ESP gave me! What gives?</b></p><p>A few domain registrars and email sending platforms blindly told customers to add a new DMARC record for their domain in order to become compliant with the new Yahoo/Google sender requirements. Without checking to see if the domain already had a DMARC record in place. This led to some folks ending up with two DMARC records, when there should only be one for the domain. Ignore the bad guidance; make sure you only have one DMARC record for your domain, and delete the second one.</p><p><a href="https://www.spamresource.com/2024/01/dont-double-up-on-dmarc.html">More on that here</a>.</p><p><b>That's great, but now I've got two DMARC records. Which one do I keep?</b></p><p>That's going to vary, but the short answer is -- if you use a DMARC service, you'll probably want to keep the one that references the DMARC service. In other words, if you have two DMARC records and one of them references sending reports to something-something@vali.email, keep that one, because it probably means that you or your company have engaged <a href="https://www.valimail.com">Valimail</a> (or whoever) for DMARC monitoring and reporting. Do your research to confirm this, and write down the old DMARC record, in case you get it wrong and need to swap it out later.</p><p><b>Okay, I included a RUA (reporting address) in my DMARC record, and set it to my own email address. Now I'm getting these weird emails with a ZIP attachment. I open it to find an XML file and a bunch of data wrapped in code. What do I do with this?</b></p><p>Not much, really. These are DMARC reports. They're human readable, but just barely, and not really meant to be manually processed. If you want to take the XML file from one of those emails and parse it to see what it actually tells you, there are online tools that can do that. Here's links to ones from <a href="https://mxtoolbox.com/DmarcReportAnalyzer.aspx">MX Toolbox</a> and <a href="https://easydmarc.com/tools/dmarc-aggregated-reports">EasyDMARC</a>.</p><p>If you want to deal with DMARC at scale, you need to either install unix tools to collect and process the data (if you're that kind of unix nerd), or sign up for service from a DMARC provider, to have them do it for you. DMARC providers ingest these reports and use them to generate dashboards to help you monitor sightings of your email domain(s) out in the wilds of the internet. Different DMARC providers have different levels of functionality and may offer add-ons or additional security-focused features or guidance, but at its very core, what a DMARC provider does is ingest DMARC reporting and convert it into something that you can usefully read and understand.</p><p>Mark Alley publishes a <a href="https://dmarcvendors.com">DMARC tools and vendors list here</a>.</p><p><b>Hey, I set up DKIM and DMARC and all of this stuff and now my open rates have gone way down. What gives?</b></p><p>DKIM and DMARC don't really govern your open rates or click through rates. Together, what they do is make it easier for Yahoo and Gmail (and many other mailbox providers) to recognize you as you. It is entirely possible that some senders were getting good open rates with some sort of data source or list hygiene issue, and now that loophole is closed with these new requirements.</p><p>Also, when you first implement DKIM authentication, or if you just set up a new domain name, immediately sending big volume (thousand of messages or more all at once), might get Gmail and others to treat you as suspicious, resulting in delayed mail or spam folder placement.</p><p>Let me say that all again:</p><p></p><ol style="text-align: left;"><li>Especially in the long term, DKIM/DMARC just makes it easier for mailbox providers to accurately rank your mail without including anybody else's mail in their calculations. For some folks, this means your engagement rates could be too low, or complaint rates be too high, and now Gmail can better see it, and could be more likely to put mail in the spam folder instead of delivering your mail to the inbox.</li><li>If it's just newness of the DKIM set up (or domain purchase), slow down sending for your first few sends. If you would normally send 25,000 emails today, try breaking that up across a few days for a few sends. If it's just a case of newness, opens and clicks will rebound. Consult your friendly neighborhood deliverability consultant for assistance as needed.</li></ol><p></p><p>TL;DR: If you're really sure that you're not a sub-standard sender, that people really do want your mail, open rates and click rates will probably bounce back after a few weeks.</p><p><b>But I thought DMARC was going to help me get to the inbox!</b></p><p>Sorry, friend, that's not what DMARC does. It has an indirect positive impact on deliverability for good senders, yes, but it is not a switch you turn on that somehow guarantees inbox placement.</p><p>If I had a dollar for every time I've heard somebody complain that DMARC was supposed to guarantee inbox placement, but that it's not working properly....I'd have at least nine dollars.</p><p><b>How do I test that I've got this thing configured correctly?</b></p><p>Send to Gmail. View message source (three dots menu -> "View Original").. Look at the authentication settings at the top. It'll highlight SPF, DKIM and DMARC success or fails. That's an easy way to get started. Want to do a more comprehensive test? I recommend Steve Atkins' Aboutmy.Email tool. It even has a "Good Practice" section which refers specifically to Yahoo/Google compliance.</p><p>If you just want to specifically troubleshoot your DMARC record, not full email headers and authentication from a sent email message, there are a fair number of tools out there that can do that, including this one from <a href="https://domain-checker.valimail.com/dmarc">Valimail</a>.</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com1tag:blogger.com,1999:blog-26753622.post-73359644453334806752024-03-09T10:46:00.001-06:002024-03-09T13:39:13.961-06:00Spotted at Aldi: Maple SPAM!<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ZAsACBfmglPC-A1_IJ7TkAmlxLUvPvUJGO6GVy2uL4q6w54PAa7p9ixdtn0ZTZgJk18pkLXqgBhaSvSR85STqyncxds4JbUcuzpqy3oquq1p4lmDRfOQ4xv7sr4kKOwzlo_aiT6zg8Jhn874TAUjSSHFad38XGBDy3NqTRdNNT1hZFnXmCdB/s1200/maple-spam2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ZAsACBfmglPC-A1_IJ7TkAmlxLUvPvUJGO6GVy2uL4q6w54PAa7p9ixdtn0ZTZgJk18pkLXqgBhaSvSR85STqyncxds4JbUcuzpqy3oquq1p4lmDRfOQ4xv7sr4kKOwzlo_aiT6zg8Jhn874TAUjSSHFad38XGBDy3NqTRdNNT1hZFnXmCdB/s16000/maple-spam2.jpg" /></a></div><br />Apparently this isn't THAT new, as I can find some blogs and recipe sites talking about it <a href="https://sporked.com/article/maple-spam-review/">back in summer 2023</a>. But it's new to me! And personally observed by yours truly at an Aldi grocery store near home here in Chicago, IL, which means it's a limited time Aldi special buy. What is it? Maple-flavored SPAM! Which sounds like a great idea to me. Why not? Maple sausages are delicious, and SPAM makes a great breakfast meat. Alas, my wife would not let me purchase this to try it first hand, so we'll have to rely on the <a href="https://www.allrecipes.com/i-tried-the-new-maple-flavored-spam-7562308">reviews of others</a> (spoiler: tasty! breakfasty! less salty!) and if you're looking for this near you, but not sure where to go, <a href="https://www.spam.com/varieties/spam-maple">Hormel's got a page</a> with details and info on where and how to buy this delicious treat. Enjoy!<p></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-30876537135814545452024-03-08T07:00:00.002-06:002024-03-17T12:02:28.871-05:00DELIVTERMS: B2B and B2C<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLywG4hC_zGG351PCClU4zx1jxEqTOoGV8TYYGhCJZI-mM9b4eGXTukRCD8VFl2mnB00RR-3WT81SdGUT5NxpPQ4hIqe6JmWoxn7pGSI8mD-BK8MHRzsX6PaZVIPnUfIYiPLM0qvV5ZsvmZwG2cBGU7t1veRBEp9F8NCIJvIJGc5dgMaQ8uzY0/s1200/dt-b2b.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLywG4hC_zGG351PCClU4zx1jxEqTOoGV8TYYGhCJZI-mM9b4eGXTukRCD8VFl2mnB00RR-3WT81SdGUT5NxpPQ4hIqe6JmWoxn7pGSI8mD-BK8MHRzsX6PaZVIPnUfIYiPLM0qvV5ZsvmZwG2cBGU7t1veRBEp9F8NCIJvIJGc5dgMaQ8uzY0/s16000/dt-b2b.jpg" /></a></div><br />It's that time again! Let's spend a few minutes decoding those delicious deliverability and email marketing acronyms -- it's DELIVTERMS from Spam Resource!<p></p><p>This is a simple one (for some folks), but believe it or not, I do get asked about this from time to time. Throwing around shorthand and abbreviations can confuse people, so it's important that we pause occasionally, and give folks a chance to catch up.</p><p>In email marketing and deliverability, we often talk about <a href="https://www.spamresource.com/search/label/b2c">B2C</a> marketing versus <a href="https://www.spamresource.com/search/label/b2b">B2B</a> marketing.</p><p>In B2C email marketing, we're talking about businesses (B's) marketing to consumers (C's). Some folks might also call this DTC (direct-to-consumer) marketing. What it means is email marketing where the target audience is the actual buyers or potential buyers of a consumer-oriented product or service. If I make cool purple widgets and sell them from my online store, I'll probably build up my email list by way of my newsletter signup, an opt-in process during the purchase/checkout process, etc., and I'll probably contact them again later, via email, trying to sell them a second purple widget. (Or maybe a cool green one.)</p><p>In B2B email marketing, we're talking about businesses (B's) marketing their product or service to other businesses (B's). Think of an online store -- or even a "brick and mortar" store, like my <a href="https://tastefoodnwine.com">friend's wine store</a>. They use Square to manage online and in person orders, and they also use Square to help them with email marketing efforts. That means Square is active in both the realms of B2C and B2B marketing. For B2C, they help my friend's wine store communicate directly with the wine store's customers. But Square is also active in the B2B realm themselves, marketing their own products and services to businesses like the wine store. So when Square is mailing their own customers, offering them additional products or services to help those customers sell better to THEIR customers, that's B2B email marketing in action.</p><p>B2B email marketing and B2C email marketing have different deliverability challenges. The target audiences are different, and even the mailbox providers that an email marketing platform sends mail to are somewhat different for B2C versus B2B:</p><p></p><ul style="text-align: left;"><li>B2C email marketers are sending primarily to the top consumer mailbox providers. In the US, that means Google (Gmail), Yahoo, Microsoft (Outlook.com), Apple, and Comcast at the big end, followed by a bunch of smaller providers.</li><li>B2B email marketers have lists that look quite different (many more different domains, beyond yahoo.com/ gmail.com/ outlook.com) but ultimately, at the big end of things, Google and Microsoft host a ton of mail for business domains. But then there are also various B2B mailbox providers and email security services, that are more often seen in the B2B realm. Examples of these include <a href="https://www.wombatmail.com/data/mx-barracudanetworks-com.html">Barracuda</a>, <a href="https://www.wombatmail.com/data/mx-pphosted-com.html">Proofpoint</a>, <a href="https://www.wombatmail.com/data/mx-mimecast-com.html">Mimecast</a>, <a href="https://www.wombatmail.com/data/mx-iphmx-com.html">Cisco</a>, <a href="https://www.wombatmail.com/data/mx-arsmtp-com.html">Appriver</a>, <a href="https://www.wombatmail.com/data/mx-emailsrvr-com.html">Rackspace</a>, and there are zillions more out there. This is one of the things I <a href="https://www.wombatmail.com/data/">track with my Wombatmail data</a>.</li></ul><p></p><p>For a lot of companies trying to sell to other companies (B2B), they often start small and are sending very low volumes of mail. They also sometimes engage in sending "cold lead emails" -- usually low volumes of unsolicited email advertising (aka spam), and the low volume combined with low engagement of the emails means that a B2B email marketing misstep can cause deliverability issues that are particularly difficult to resolve.</p><p>And it's probably fair to say that most of the time, when talking about email marketing and deliverability issues, guidance is typically B2C-oriented. That tends to be where the big email volume (and thus the big challenges/big money) are. Because of this, I wouldn't always assume that non-specific deliverability guidance applies to B2B scenarios. Always best to investigate and ask before assuming, as there's a good chance that somebody's deliverability guidance was generally B2C-oriented, even if not stated explicitly. (I know I'm guilty of this!)</p><p>Want to learn more?</p><p></p><ul style="text-align: left;"><li><a href="https://www.spamresource.com/2022/08/b2b-deliverability-is-different-and.html">I've talked more about why B2B deliverability can be trickier here</a>. </li><li><a href="https://www.spamresource.com/2022/09/b2b-domain-hosting-data-sneak-peek.html">Who are the big mailbox providers in the B2B space? Here's a snapshot from 2022</a>.</li><li><a href="https://www.spamresource.com/2023/04/guest-post-understanding-deliverability.html">Here, Bob Sybydlo explains what you need to know about understanding deliverability in the B2B space</a>.</li><li><a href="https://www.spamresource.com/2023/09/jwz-us-b2c-domain-rankings-in-wild.html">Here's an example of who the biggest mailbox providers are in a typical (US) B2C email list</a>.</li></ul><p></p><p>And of course, don't forget to check out the <a href="https://www.spamresource.com/search/label/delivterms">DELIVTERMS</a> section here on Spam Resource, where we define the common terms used in email technology and deliverability.</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-62461118275636454672024-03-07T07:00:00.015-06:002024-03-07T07:00:00.148-06:00Spam Resource Spotlight: Wayne Mehl<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI__PC9fzANcRk0n7RwitmHwfNs6A-FMknQUV4vMDdGZIgPX4dYPvyoz622g3hqBwQ06SfzWFeQg25ZS2zr_g75JeVJzAtCo3vGGYUgcYnGY_hi52c433ZiCBHbnp_PBGeaeJNAR5v3-mQza86SufxoUvQHdXwaiNbXfQGFAH3M1qIUZsMpuJB/s1200/sr-spotlight-wayne.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI__PC9fzANcRk0n7RwitmHwfNs6A-FMknQUV4vMDdGZIgPX4dYPvyoz622g3hqBwQ06SfzWFeQg25ZS2zr_g75JeVJzAtCo3vGGYUgcYnGY_hi52c433ZiCBHbnp_PBGeaeJNAR5v3-mQza86SufxoUvQHdXwaiNbXfQGFAH3M1qIUZsMpuJB/s16000/sr-spotlight-wayne.jpg" /></a></div><br />Wayne Mehl and I have a few things in common. We both had periods of time where we worked in the role of unix admin. We've both set up MTAs and reviewed MTA log data with an eye toward monitoring for deliverability issues and looking for SMTP connectivity problems to resolve. His path took him from Bellsouth/AT&T to ExactTarget to Salesforce to SparkPost (aka "Bird"). He was on more of the MTA admin/email operations path, where I ended up veering off into consulting land. Different roles, but same universe, and in our time of overlap at ExactTarget and Salesforce, we worked together quite regularly to solve tough problems. Which is how I've come to know and vouch for Wayne Mehl. He's truly a smart guy that I enjoy working with and still keep in touch with, even as our paths have diverged.<p></p><p><a href="https://www.linkedin.com/in/wayne-mehl-31b2693/">You can find his Linkedin profile here</a>.</p><p><b>Wayne, thank you for taking the time to talk to me today! I usually kick these things off asking about how you got started in email and/or deliverability. Looks like you came to it through the internet service provider (ISP) route, no? Did your initial unix-related role at Bellsouth involve email, or did that come later as everything got borg'd into AT&T?</b></p><p>Most MTA admins fall into the work by accident. If you have a room of 100 unix admins and ask "who wants to run the MTA?" no one will raise their hand. I was a brand new admin so I was foolish enough to volunteer for the work. I worked at a mom and pop dial up ISP in the mid 1990's. One of the main reasons to get a dial up account was to get email. I worked my way up from phone support to unix admin and was put in charge of our single MTA server. It was a Sun OS box running Sendmail. I like text based work, found out I was good at unix shell and regex, and had a knack for running live services. Email was much more appealing than coding. </p><p>I did not start out at SBC as an MTA admin. But again, there was a project to retire the legacy MBP for Americtech/Swbell/Pacbell. Again, no one on staff had MTA experience except me. A 60 day project turned into a 5 year project. If you remember, SBC planned to use Prodigy as their ISP. That fell apart. Later it was SBC/Yahoo, and that project was completed. This was my first big platform, about 1 billion emails per month. </p><p>After the SBC/Yahoo project, I heard about a startup in Indy called ExactTarget. They were sending email for commercial messaging. After several false starts, I got in touch with the right people and as they say, the rest is history. My first month at ExactTarget, we sent 1 billion emails. As of Black Friday/Cyber Monday 2023, the platform I designed for SFMC sent almost 7 billion emails. </p><p><b>I've found that deliverability folks that have worked both the sender side (ESPs, etc.) and receiver side (ISPs and mailbox providers) tend to have a better understanding of the challenges that mailbox providers face – that there's a universe of bad things and challenges that reach far beyond simple marketing mail. Do you think your ISP experience helped you in your later ESP-related roles? And if so, how?</b></p><p>Working both sides has helped me a great deal. At my ISP jobs, I had to manage anti-abuse methods to keep our services running. At SBC, we were not allowed to use vendor products for anti-abuse. I ended up writing my own RBL and automations to report to the policy team. Understanding how ISPs manage their services helps me be a good sender. My basic rule is "do no harm". If I see a pattern of sending that I know would stress their infrastructure, I will modify sending to align with their postmaster policies and my general knowledge of email gateways. </p><p><b>I noticed lately that the new Yahoo/Google requirements seem to have resulted in a dramatic shift in MTA queue averages for some senders and platforms. Gmail's deferring a lot more mail than they have done in years past, which means in some cases MTA queues and MTA disks are fuller for longer, with the potential to impact platform health if it isn't well accounted for. What kind of other client, MTA, system or platform issues can jump out at you, identifiable from MTA logs and MTA data?</b></p><p>At my most recent job we have been monitoring the new blocking by Gmail. So far the blocking has been light, but Google stated that they would be rolling out the new policies from February to June. We see two types of blocking, blocks due to lack of auth and blocks for unwanted emails based on SPF or DKIM. This is the obvious shift away from IP based policies to domain based policies. We will have to wait and see how Gmail handles these new policies. </p><p>A few details on the new SPF/DKIM blocking. Lack of AUTH has both 4XX and 5XX DSN's. I assume the policy is to compensate for transient DNS resolution issues. Once the gateway has confirmed that SPF or DKIM do not exist, the block moves to a permanent 5XX block. </p><p>The other detail to note, some of the older IP based block DSN's have been retired. You may want to check your existing Gmail sending rules to see if they are still working as expected. </p><p><b>And you made me think of an important point – basically, that "your mileage may vary" – what happens next will vary, depending on the nature of your client mail streams, what they're sending, and whether or not they were already authenticating. It's possible that big, enterprise senders might see fewer issues than MTA pools made up of entirely SMB/newsletter traffic, much of which might not have been fully authenticated before.</b></p><p>Technically there is no reason a SMB cannot make the leap to proper authentication. It is a bit of a challenge in shared pool space, but it can be done. I think the real challenge will be education and tools. It will be up to the email community to educate why auth matters and to create tools to make provisioning auth easier. </p><p><b>After you got laid off recently, your next move seemed to be to eat a taco. Are you a big taco fan? What makes the perfect taco?</b></p><p>Really there is no such thing as a bad taco. But one of the students I mentor at my children's high school likes to put ketchup on her tacos. I do not approve. </p><p><b>It has been said (accurately so) that raisins ruin everything. Do you agree, or are you wrong? If not raisins, what is one foodstuff or ingredient that you believe should simply NOT exist, something you can't believe people knowingly enjoy?</b></p><p>I seek out raisins. That makes me highly questionable to some. </p><p><b>What's the one bit (or two bits or three bits) of advice you wish you could give every email marketing or bulk email sender? Is there guidance, a recommendation, or a wish, that marketers just haven't understood or haven't heeded so far, where you wish you could snap your fingers and just change their mind without argument?</b></p><p>1. Read the DSN. When the DSN says "you have been blocked for a high volume of unwanted email" that means no one wants your email. </p><p>2. This is how I feel some days working with clients:</p><p>Client: If you want to keep our business you to find a way to get 1 percent more emails to Gmail</p><p>Me: OK, let me take a look (whistles)</p><p>Client: we plan to triple our list the first week of November….</p><p>As my friend Karen would say, clients cannot do simple maths….</p><p>3. Clients, you control list quality. List quality is the primary variable for delivery. Engaging content and product is the primary variable for deliverability. </p><p><b>Wayne, thanks so much for sharing your time and expertise today. It's really fun to get to catch up and geek out about MTAs and I look forward to future chances to chat about this sort of thing with you!</b></p><p><b>Also, people! <a href="https://www.linkedin.com/in/wayne-mehl-31b2693/">You should hire this guy</a>!</b></p><div><br /></div>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-14748848526913008442024-03-06T11:25:00.004-06:002024-03-10T15:08:11.756-05:00DMARC: Fun with external destination verification<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnr4V_tdaCwSSUdzE_ZVj8zS8SaEfnb3L9yMgTPUDg7okjkgF3lmejGGklh1tCQko_a9_4B41_vwdoEdRTMZeJYHLq7zMbzxfdABwKj3sRARzL95G9NhtfGucqLj1RWrYSGTypylnUEZZ2aTaO6tHsRKnCOKQjULiBlD0pwO3iEssigATQWglk/s1200/dmarc-edv.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnr4V_tdaCwSSUdzE_ZVj8zS8SaEfnb3L9yMgTPUDg7okjkgF3lmejGGklh1tCQko_a9_4B41_vwdoEdRTMZeJYHLq7zMbzxfdABwKj3sRARzL95G9NhtfGucqLj1RWrYSGTypylnUEZZ2aTaO6tHsRKnCOKQjULiBlD0pwO3iEssigATQWglk/s16000/dmarc-edv.jpg" /></a></div><br />If you know, you know. And if you don't know, I'm going to tell you, because not everybody knows this.<p></p><p>The DMARC spec is such that you're really not meant to be able to just randomly send DMARC reports (RUF or RUA) to any random mailbox in the world. Why? So you can't level a denial-of-service attack at an unsuspecting email user (or their email server or mailbox provider). Sneaky bad guys could configure the DMARC record for their domain to point at my mailbox, then send a bunch of email messages that fail authentication checks to various mailbox providers, and then later, those mailbox providers could end up sending DMARC reports via email to my mailbox. Even though it's not my domain. Even though I might not want that.</p><p>So, section 7.1 (<a href="https://datatracker.ietf.org/doc/html/rfc7489#section-7.1">Verifying External Destinations</a>) of <a href=" https://datatracker.ietf.org/doc/html/rfc7489">RFC 7489</a> specifies a reference mechanism that the receiving domain (where the DMARC reports are being delivered to) is supposed to utilize to say that yes, they do want DMARC reports for this given sending domain.</p><p>It works like this: If I want to receive DMARC reports for mail sent by (or claiming to be sent by) aliverson.com, but I want those reports to come to dmarcreports@wombatmail.com, I need to create a DNS record, a TXT record of aliverson.com._report._dmarc.wombatmail.com that contains "v=DMARC1;".</p><p><b>This leads to two very important questions:</b></p><p>First, what? Are you sure that this has to be done? I'm a DIY'er, and I've set up a DMARC record for my 30+ domains, and it's all going to one address at one of the domains, and I seem to be getting reports.</p><p>If you look closely, you'll see that you're mostly only getting reports from Google, Godaddy (secureserver.net) and a few other (mostly smaller) platforms. You're not getting reports from Microsoft, Yahoo, or a lot of other big mailbox providers or security services. That's because support for this external domain verification is a bit imperfect. As <a href="https://dmarc.org/2015/08/receiving-dmarc-reports-outside-your-domain/">DMARC.org suggests</a>, a few providers may have decided to skip the verification check, perhaps in the name of helping to speed up DMARC adoption.</p><p>But, many providers <i>DO</i> respect the verification check, so if you want to receive DMARC reports reliably for your domain, at a mailbox <b>not</b> in your domain, you'll need to set that DNS record up for the receiving domain.</p><p>Which leads to the second question. What? Are you sure that has to be done? None of the DMARC providers (Valimail, EasyDMARC, Proofpoint, Red Sift, etc.) told me that this had to be set up when I started using their DMARC monitoring service.</p><p>That's because they're the ones that need to set it up; not you. And if you're a DMARC provider, you can simply put a wildcard DNS record so that you tell the world that you'll happily accept DMARC reports via email for any email sending domain in the world. If I wanted to open this up for Wombatmail, I'd publish a wildcard DNS TXT record so that any query for "(anything)._report._dmarc.wombatmail.com" resulted in a "v=DMARC1;" response.</p><p>Since the DMARC providers really only need to set this up once, and it's on the <i>RECEIVING</i> end of DMARC reporting (so <i>clients</i> of DMARC providers don't really have to think about it), you don't see them talking about it too much. Which means that a hobbyist or DIYer might not notice this requirement.</p><p>And now you know.</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-71017525827026087652024-03-05T10:06:00.002-06:002024-03-05T10:06:47.003-06:00Vade acquired by Hornetsecurity Group<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTOQeLwASJjFci9KO-hrbR0dkC6XAGPzmJJTHAw5O5ksudd_BrmTytrrhwXbfOHrDzBviLrbUDUeiLf8slY6d50AijRsDt4GIswbN-5LI6pC7zQflDKOXs5ytLAdbvVTexM6foUmhWyIj-wkofj-yvqkzwaAElu1t0GVhRtLkbo1Z6O20HKyCz/s1200/vade-money.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTOQeLwASJjFci9KO-hrbR0dkC6XAGPzmJJTHAw5O5ksudd_BrmTytrrhwXbfOHrDzBviLrbUDUeiLf8slY6d50AijRsDt4GIswbN-5LI6pC7zQflDKOXs5ytLAdbvVTexM6foUmhWyIj-wkofj-yvqkzwaAElu1t0GVhRtLkbo1Z6O20HKyCz/s16000/vade-money.jpg" /></a></div><br />Business and email security vendor consolidation is in the news today. <a href="https://www.vadesecure.com/en/">Vade</a> (previously known as Vade Retro), known for its Microsoft O365 email security add-on Vade Secure as well as the <a href="https://www.spamresource.com/2020/06/what-is-vade-threat-list-how-do-i.html">Vade Threat list</a>, used for filtering by various mailbox providers, has been acquired by German B2B security provider <a href="https://www.hornetsecurity.com/us/">Hornetsecurity</a>.<p></p><p><a href="https://www.techerati.com/press-release/hornetsecurity-group-expands-with-vade-acquisition/">Read more about it here</a>.</p><p>I don't have much familiarity with Hornetsecurity so I can't really speak to what this means for the future of Vade and its offerings, but I think it's safe to assume that for now, things keep rolling today, just as they were yesterday, as far as current spam filtering and deliverability impact on senders goes.</p><p>And, I can't mention Vade without pointing out that their previous name "Vade Retro" was probably inspired by the latin term "<a href="https://en.wikipedia.org/wiki/Vade_retro_satana">Vade Retro Satana</a>," meaning "Step back, Satan!"</p><p>H/T: <a href="https://www.linkedin.com/company/top-deliverability/">Top Deliverability</a> and <a href="https://www.linkedin.com/in/wayne-mehl-31b2693/">Wayne Mehl</a></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-36814944745863045652024-03-05T07:00:00.006-06:002024-03-05T07:00:00.132-06:00Arne Allisat, GMX and mail.com: spam is on the rise<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPMJBeHk9PgmtnyrZnHfysh4tFF07FUQcmtGzByMIqirgNwh-y4Q92MIIJTAcst3XJSDDxF0vF_-ZO6_DkBEokYnBC0kvVR82ykKbLkruMagHNT_FffD1H3oLSQGJnmD-NBjoivUfNYdQta5z3wE-MKrpo8MuXAaovchqHGMWrFUGroRGDJmW0/s1200/hacker-rising.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPMJBeHk9PgmtnyrZnHfysh4tFF07FUQcmtGzByMIqirgNwh-y4Q92MIIJTAcst3XJSDDxF0vF_-ZO6_DkBEokYnBC0kvVR82ykKbLkruMagHNT_FffD1H3oLSQGJnmD-NBjoivUfNYdQta5z3wE-MKrpo8MuXAaovchqHGMWrFUGroRGDJmW0/s16000/hacker-rising.jpg" /></a></div><br />Writing for Data Centre Review, Arne Allisat, Head of Email Security, GMX and mail.com, explains that spam is on the rise, and that he believes AI is a big reason why. After all, the impact of Artificial Intelligence is growing in almost all sectors of tech and the internet, so why wouldn't spammers look to embrace this new technology? Thankfully, the good guys are also using AI to better identify trends in bad activity.<p></p><p><a href="https://datacentrereview.com/2024/03/the-hidden-arms-race-to-protect-your-inbox/">Read more here: <b>The hidden arms race to protect your inbox</b></a><b>.</b></p><p>1.5 billion spam messages a week would be, what, just over 21 million bad emails every day, on average. And they're not even the largest mailbox provider out there. It just blows my mind how much garbage there is that providers have to block!</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-43362565721839081622024-03-04T07:00:00.003-06:002024-03-04T07:00:00.243-06:00Spamhaus: A new website, with new data<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzChiLy88qsjEpi5UmUAeSJuUGQgDzCK0keedivkWrVw-PzbFaW0LawSi6IGvxWDDZjPcoPERQa5sL3vGFKDfcON9ZxUtqNNZSEqHTHhj2SL-67ydSaBq9zKFipVtc-Y6hjP7f-heFOcQ9lO9snJVGjskLq7JBU2FbBxwr0cUjNdfZcegN-6CM/s1200/spamhaus-data.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzChiLy88qsjEpi5UmUAeSJuUGQgDzCK0keedivkWrVw-PzbFaW0LawSi6IGvxWDDZjPcoPERQa5sL3vGFKDfcON9ZxUtqNNZSEqHTHhj2SL-67ydSaBq9zKFipVtc-Y6hjP7f-heFOcQ9lO9snJVGjskLq7JBU2FbBxwr0cUjNdfZcegN-6CM/s16000/spamhaus-data.jpg" /></a></div><br />International anti-spam and security experts <a href="https://www.spamhaus.org">Spamhaus</a> have been teasing the launch of their new website for a while now. And <a href="https://www.spamhaus.org/resource-hub/ip-reputation/a-website-to-effect-change/">now that it's finally here</a>, you'll want to <a href="https://www.spamhaus.org">check it out</a>. Besides the usual domain and IP blocklist lookup tools, there's also more overall "reputation" <a href="https://www.spamhaus.org/about-the-research/">scoring available</a>, and easy access to everything that Spamhaus offers, all the freed datasets and tools they have, some of which you were aware of, and perhaps others that you weren't aware of.<p></p><p>My favorite bit? The new <a href="https://www.spamhaus.org/reputation-statistics/">Reputation Statistics</a> section. Which networks emit the most spam? Which TLDs are most associated with malware or phishing? Which domain registrars seem to have more spammer-related domains than others? All this and more data, suitable for giving yourself a snapshot view of what the bad guys are doing.</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-49207812283447161502024-03-01T07:00:00.015-06:002024-03-06T12:39:30.741-06:00Spam Resource Spotlight: Carmi Jones<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCIJJNNy91WP_GLshnDiDCxbiJAGrRf2TH630Zq3RQgjberq7_NjBMpjV5B8-s1UpuTWWSPV1-ZJ3cDmhQfp_6aHn6zD_igYu9DEXbllY4df0_d1SEi-tN52oEgi57Wnsw-fsdPncyR1Fgio021eIa6dtYbUidsYnSYOzLoaPGny0elR1c1TSN/s1200/sr-spotlight-carmi.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCIJJNNy91WP_GLshnDiDCxbiJAGrRf2TH630Zq3RQgjberq7_NjBMpjV5B8-s1UpuTWWSPV1-ZJ3cDmhQfp_6aHn6zD_igYu9DEXbllY4df0_d1SEi-tN52oEgi57Wnsw-fsdPncyR1Fgio021eIa6dtYbUidsYnSYOzLoaPGny0elR1c1TSN/s16000/sr-spotlight-carmi.jpg" /></a></div><br />Carmi Jones knows deliverability <b>very well. </b>Right about the same time I was getting my start as Director of Deliverability at ExactTarget, she landed in an account management/deliverability consultant role at Return Path, the once preeminent provider of deliverability tools and expertise. She has since brought her multi-platform expert deliverability knowledge to bear across a number of companies, now most recently as Manager of Deliverability Success for HubSpot. From her consulting work to knowledge shared via webinars and industry events, many of us in the space have been lucky to work with, partner with, or collaborate with her over time, and I'm sure that many, if not all, would agree with me that she's a kind and smart person.<p></p><p><a href="https://www.linkedin.com/in/carmijones/">You can find her Linkedin profile here</a>.</p><p><b>Carmi, thank you for taking the time to talk to me today! Is it accurate to say that your email career started at Return Path? How did you end up there, and did you realize then what a huge industry email is and what you were getting yourself into?</b></p><p>Hi Al! Thanks so much for inviting me to this party! Its an honor. It's absolutely true that my email career path began at Return Path (lucky me!) It was a swell ride. I spent 9 years there and I learned so much and made forever friends.</p><p>My prior experience was offline database and direct marketing when I met Heather Goff at Return Path. She convinced me that I would be a great deliverability consultant when I couldn't even spell <a href="https://en.wikipedia.org/wiki/Domain_Name_System">DNS</a>. It was such an interesting role because I'm a marketer at heart, and lots of brands who I'd worked with offline were building their online brand; email was becoming an integral part of their strategy. </p><p>I had no idea what I was in for. It was a career shift that changed me in innumerable ways. And it's the collaboration and community that have made all the difference.</p><p><b>You've worked both as an outside consultant (third party, not representing a sending platform) and as a consultant (or manager of consultants) for a number ESP/CRM platforms. What are some of the challenges that you'd highlight when it comes to deliverability consulting “inside versus outside”? And would you ever say that one is better than the other?</b></p><p>I think the biggest challenge working for a consultancy is access to platform data. Working for an ESP/MA/CRM platform can be really rewarding because we have ready access to all the data we need to piece together the puzzle, and we can supplement with other third party data. In my early days, we had only a piece of the equation and were reliant on our customers to bring us logs and share response data to get a full picture. I LOVE having all the signals and data at my fingertips. I'd say there's definitely more challenge on the third party consultant to get to the heart of the matter, so if you're really into unraveling a mystery, that's a sweet gig.</p><p><b>There's been a fair amount of FUD (Fear, Uncertainty, Doubt) out there about the new Gmail and Yahoo Mail Sender Requirements. What's your take? Are you worried that the updated requirements are going to be a different challenge for marketing senders to overcome?</b></p><p>So here's the thing, I've been around these parts for nearly 20 years, so I've seen my fair share of FUD about allllll the things that have changed/evolved/disappeared. I think this is the direction we've been headed for years. The largest brands have teams of bright people who will button this up with just a little effort.</p><p>Where there's an opportunity to be really helpful is to the <a href="https://www.kumospace.com/blog/smb-meaning">SMB</a> senders of the world, who are just making their mark. For some SMBs, managing these changes is going to feel really hard. The good news is there are plenty of smart people across the industry offering up their insights, tools and experience to solve for the part of the market that likely will need the most support. And those platforms who cater to this niche are working hard to make tools and wizards to simplify what can be overwhelming.</p><p><b>Not just an email nerd, your Linkedin profile also mentions that you're a margarita enthusiast. What makes the best margarita? Is it more a question of frozen versus rocks, salt versus nothing on the rim, or do you get fancy when searching for that perfect margarita to cool off on a hot day?</b></p><p>Seriously now I'm craving a margarita, thanks, Al. I love them, but I'm not snobby about them. Yeah, sure some people will do fancy infusions with their tequila or rim their glass with a smoked salt (I don't hate those!) But my jam is to use fresh citrus (lime and orange), my fave tequila (mine are blancos generally,) an orange liqueur and some salt and <a href="https://en.wikipedia.org/wiki/Tajín_seasoning">Tajin</a> on the rim. On the rocks, NEVER frozen. Well, I take that back. I've been known to make a refreshing frozen watermelon margarita in the summatime.</p><p><b>Is it just margaritas, or might it include…nachos to go with the margarita?</b></p><p>Nachos are great but my fave dish to pair with margaritas is green chili chicken enchiladas. My family is from New Mexico where the best (Hatch) green chilis come from. No shade to Pueblo (Colorado) chili, but <a href="https://www.usatoday.com/story/tech/2023/09/09/iykyk-meaning-slang-definition/70681345007/">IYKYK</a>. Can you get green chili in Chicago, Al? I may need to ship you a batch with our family recipe!</p><p><b>I am ashamed to say that I have no idea where to get the best chilis in Chicago!</b></p><p><b><a href="https://www.spamresource.com/2024/01/spam-resource-spotlight-alison-gootee.html">Alison Gootee</a> and I agreed recently that raisins ruin everything. Do you agree, or are you wrong? If not raisins, what is one foodstuff or ingredient that you believe should simply NOT exist, something you can't believe people knowingly enjoy?</b></p><p>I'm probably wrong. I can live with or without raisins but let me tell you...my aunt makes the BEST oatmeal CRaisin cookies. It's the little tang I appreciate.</p><p>Let's talk cilantro. A perfect partner for my fave salsa and Mexican dishes but the dry seeds called coriander are just the worst. It's soapy and gross.</p><p><b>Okay, we're putting coriander seed on the list!</b></p><p><b>Back to the topic of the blog. Email marketers so often come to us after the problem has already happened. Deliverability remediation, not deliverability prevention. If you could corner every single email marketer in the world and inject 1-3 specific points of knowledge or best practices directly into their brain – to try to help them avoid stepping into that bear trap of a deliverability problem in the future, what would you tell them?</b></p><p>Yes! So true. I think deliverability consulting is more often pain relief than self-care!</p><p>Ok top tips:</p><p></p><ol style="text-align: left;"><li>Be a smart marketer! Segment and tailor your messaging, apply creative approaches that resonate, be intentional and memorable with your tone and cadence.</li><li>Set and manage expectations from hello. Tell subscribers what to expect and how often and let them snooze when their interest wanes.</li><li>Permission isn't granted forever. Low response, unsubscribes and complaints are your subscribers telling you they need a break...or a break up. Proactively <a href="https://www.spamresource.com/2023/05/the-goal-of-sunsetting.html">sunsetting non responders</a> is key to inbox.</li><li>Can I add a fourth, because why not? Use every tool you can get your hands on. SNDS, Google Postmaster, bounce logs, your ESP reporting, third party data, alerting on reputational signals like blocklistings, email geeks and women of email and other communities. It's not always cheap (but sometimes it's free!) and you have to know how to interpret the data, but it will all provide perspective to round out your world view and get you to resolution faster.</li></ol><p></p><p><b>Carmi, thanks so much for your time and words and knowledge and opinions! I'm so glad you're part of our deliverability community and HubSpot is lucky to have you.</b></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-57734715949278042182024-02-29T07:00:00.001-06:002024-03-17T12:04:29.345-05:00DELIVTERMS: COI/DOI<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIgJPXMcwygWSyLuVZU-9fAvrHuFN1CFEkmlXQE1y8qb0IufunyU6NTsj_aaebPibiWsC5ASIbUjokPzQvK21KoP5pT1QSCTZnvN10KvVUoRs4G-8qSSuB_NI9NltpSkkNKXj51S_Z63vOrESGshkbhkh4cEbFqhIJDOQ2MiuBZcxsHvXGVO1M/s1200/dt-coi-doi.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIgJPXMcwygWSyLuVZU-9fAvrHuFN1CFEkmlXQE1y8qb0IufunyU6NTsj_aaebPibiWsC5ASIbUjokPzQvK21KoP5pT1QSCTZnvN10KvVUoRs4G-8qSSuB_NI9NltpSkkNKXj51S_Z63vOrESGshkbhkh4cEbFqhIJDOQ2MiuBZcxsHvXGVO1M/s16000/dt-coi-doi.jpg" /></a></div><br />DELIVTERMS: the ongoing series here at Spam Resource that helps you decode those pesky deliverability acronyms and technical terms. Today we're going to talk about COI and DOI.<p></p><p>Confirmed opt-in (COI) and double opt-in (DOI) are two different terms that effectively refer to the same process. COI/DOI refers to the process of confirming email addresses in a certain and specific way. It works like this:</p><p></p><ol style="text-align: left;"><li>A person who wishes to sign up for your email list enters their email address into your signup form.</li><li>You then send the recipient a confirmation email.</li><li>The recipient must click on the link in that confirmation email to finish the signup process (and you don't consider the person fully subscribed to your list until that person has clicked on the link in the confirmation email.)</li></ol><p></p><p>It <b>requires</b> that active final step from the recipient before that subscription request succeeds. What you're doing here is ensuring that the person in question can actually receive emails from you, AND logging a positive response -- the click -- that shows you that they want to receive your email messages.</p><p>This is a strongly positive thing from the perspective of positive deliverability (and spam prevention). Confirmed opt-in / double opt-in leaves you with a cleaner list. Fewer of your email messages will bounce due to invalid addresses. You're very likely to see fewer spam complaints about your mail; as it is nigh impossible to forge subscribe somebody to a double opt-in list.</p><p><b>What's the downside? </b>The only downside is really that until the potential subscriber completes the confirmation step, you can't really consider them a subscriber. They won't end up on your list. And if they're not savvy enough to know to watch for the confirm email and click on the link, they'll perhaps think they're signed up, when they're not. Confirmation emails can get blocked, missed, or ignored. <a href="https://www.spamresource.com/2013/04/coi-another-list-managers-view-or-two.html">It happens</a>.</p><p>Should you implement double opt-in? Not everybody does, but I strongly recommend it, especially for smaller senders. In 2023, an anti-spam blocklist seemed to specifically start hunting for spamtrap hits from customers of certain email service providers that service small senders. It can lead to tough problems that small email senders, especially non-technical ones, will want to avoid at all costs. <a href="https://www.spamresource.com/2023/07/do-you-double-opt-in-and-should-you-in.html">I've talked a bit more about that here</a>.</p><p><b>Is it called double opt-in or confirmed opt-in?</b> Historically, people involved in spam fighting; running a blocklist, or involved in other "anti-abuse" measures would call it confirmed opt-in. Almost everyone else calls it double opt-in. Some people take umbrage if you use the wrong term; but the point, in my opinion, should really be about the practice, and I believe it to be a waste of time to argue about the name. <a href="https://www.spamresource.com/2003/05/double-opt-inconfirmed-opt-in.html">More on that here</a>.</p><p><b>How do you implement double opt-in?</b> If you're building an email platform and want to implement double opt-in, <a href="https://www.spamresource.com/2006/02/double-opt-in-how-to.html">here's a how-to guide that I wrote way back in 2006</a>, and is still pretty much useful and accurate for today.</p><p>Some people claim that double opt-in is required in Germany. Is it? <a href="https://www.spamresource.com/2022/03/does-germany-require-coidoi-updated-for.html">I've written more about that here</a>.</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-71472794842787166182024-02-28T07:00:00.009-06:002024-02-28T07:00:00.146-06:00Fun with data: Apple Domains<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2TedoIm4IVKTJXPepCPuSvLDXK9ffGSeQDG2kigziy3V8ui_UZL8bFhak0BFoK0rEG110Xm2avutyE3vCtXZpxmA4JWcZxtipOyUhtAh6yM1EIBCxdZ54d-CIvtOLMqxKChbAH2y17G0izdURLcTSVIHvIVotiDhhFyfgXMYFOlauwCQCYtk6/s1200/apple-data.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2TedoIm4IVKTJXPepCPuSvLDXK9ffGSeQDG2kigziy3V8ui_UZL8bFhak0BFoK0rEG110Xm2avutyE3vCtXZpxmA4JWcZxtipOyUhtAh6yM1EIBCxdZ54d-CIvtOLMqxKChbAH2y17G0izdURLcTSVIHvIVotiDhhFyfgXMYFOlauwCQCYtk6/s16000/apple-data.jpg" /></a></div><br />For a fun little multi mini-snapshot of MX domain data, let's take a look at Apple. What do they host, mail-wise, for who and for what domains? <a href="https://www.wombatmail.com/data/">Wombatmail Data</a> to the rescue! Let's see what we can pull out from the top ten million domains.<p></p><p><b>Corporate mail domains hosted by apple.com?</b> <a href="https://www.wombatmail.com/data/mx-apple-com.html">There's twenty of them</a>. All different corporate and brand domains, from the look of it. Filemaker still exists? And has a website at <a href="https://www.filemaker.com">www.filemaker.com</a>. And maybe has some sort of emails that get sent out from filemaker.com? Huh. I did not know.</p><p><b>Consumer email service for Apple users?</b> As I've <a href="https://www.spamresource.com/2018/04/reference-apple-email-domains.html">mentioned before</a>, the consumer email domains for Apple users are icloud.com, me.com and mac.com. But wait, there's more! You can use a custom domain with Apple's email service, and you can even <a href="https://www.spamresource.com/2023/05/psa-you-can-buy-domain-directly-from.html">purchase that domain directly from your iPhone</a>. I don't know how many people have pointed their custom domain at Apple's email service, but <a href="https://www.wombatmail.com/data/mx-icloud-com.html">you can see here</a> that more than 4600 of the top ten million domains have MX records pointing at Apple's iCloud mail. Everything from number four on down is likely to be a custom domain used by an Apple customer to host email for that domain.</p><p>Nothing too fancy, but I find it fun to visualize the data...and I hope that you do, too!</p><p>(FileMaker still exists! And if you're looking for a FileMaker Pro expert, it turns out that a friend of a friend is an expert FileMaker Pro consultant. <a href="https://www.linkedin.com/in/kupietz/">You can find him here</a>.)</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-72049819727623796462024-02-26T07:00:00.009-06:002024-03-15T15:16:27.419-05:00SFMC tip: Salesforce Marketing Cloud and multi-bounce domain<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZsg-l7FUKWwYsCXwwM4GJWjoC_ElBz41s7clmRrQp5NfSSlk2-0wVKUfQJ3a9ghwW1dE3Da0HcLR6LfgAgQ7YwiCIMKRlvRbnfhB2ZwrIYcx1k8pSzluOjpojgBF3o9HxSc5Wop_8UgULq4OlnTcSRXhGK5wnTVjbwDRn8MDcsakJUlplUouY/s1200/random-cloud2.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZsg-l7FUKWwYsCXwwM4GJWjoC_ElBz41s7clmRrQp5NfSSlk2-0wVKUfQJ3a9ghwW1dE3Da0HcLR6LfgAgQ7YwiCIMKRlvRbnfhB2ZwrIYcx1k8pSzluOjpojgBF3o9HxSc5Wop_8UgULq4OlnTcSRXhGK5wnTVjbwDRn8MDcsakJUlplUouY/s16000/random-cloud2.jpg" /></a></div><br />Here's a tip that I think Salesforce Marketing Cloud users will find useful, especially in the context of the new Yahoo and Google sender requirements.<p></p><p><b>Multi-bounce domain:</b> Enable this feature to fully ensure "domain alignment" when managing (sending from) more than one domain in a given SFMC business unit or account.</p><p>It's quite common for enterprise Salesforce Marketing Cloud clients to send from multiple domains inside of one or more business units (business units being the sub-accounts or child accounts in an enterprise account structure). Usually, the primary domain is configured via Sender Authentication Package, and if you allow Salesforce to host the DNS for that, everything you need for full authentication and compliance (SPF, DKIM and DMARC) will be in place when sending emails from Marketing Cloud using that "Sender Authentication Package" domain in the from address.</p><p>For the additional domains, which are usually configured as "private domains," it gets a little bit trickier. If configured properly, by default, they're going to pass DKIM authentication automatically. They may or may not pass DMARC checks – it depends on how the domain was configured, is it a subdomain of an existing domain that may already have a DMARC policy, or was one configured automatically by Salesforce during set up. Depending on when and what you requested, any of these could be the case. DMARC is a tricky pain in the rear in this scenario.</p><p>SPF is a bit easier to deal with, though. That's where "multi-bounce domain" comes into play. This is a Marketing Cloud feature that helps ensure SPF alignment, which gives you better coverage for authentication and DMARC compliance. SPF alignment, in this case, means that your bounce domain matches or is in the same domain as ("aligns with") your from domain. Without multi-bounce domain enabled, your bounce domain (aka SPF domain or return-path domain) is always going to be the bounce domain setting associated with your Sender Authentication Package domain. It will be static. With multi-bounce domain enabled, the bounce domain will be dynamic, it will always be configured to be the word bounce, followed by a dot, followed by your private domain name. If your private domain is aliverson.com, then it'll make the bounce domain bounce.aliverson.com. Both are part of the domain aliverson.com, thus this gives you SPF alignment.</p><p>To enable multi-bounce domain, an SFMC user must request that support turn it on. The switch to enable this feature is not visible to SFMC users.</p><p><b>There is mild risk with this configuration. </b>Last time I checked, the SFMC platform won't actually check to make sure that bounce.(domain) exists in DNS. It will just assume it does. Which means that if you send as a private domain that lacks a bounce sub-domain, you're going to run into a deliverability issue, as many ISPs reject mail from domains and sub-domains that don't exist in DNS. (If/when this happens, note that it doesn't create a "lingering" deliverability issue; fix the DNS and the issue will go away, with no long term reputation issues.) Thus, if you're DNS savvy, use your favorite DNS tool to check DNS to make sure that there's an SPF record, MX record and A record for the bounce subdomain for every private domain you're utilizing, in any account or enterprise structure where you're planning to enable multi-bounce domain. This isn't exactly entry-level stuff, but it's not THAT hard, either, if you already know how to look up MX records on <a href="https://www.wombatmail.com/dns.cgi?t=mx&d=">Wombatmail</a>.</p><p>Fellow ex-SFMC'er <a href="https://www.linkedin.com/in/lunow/">Lukas Lunow</a> has written about multi-bounce domain <a href="https://salesforce.stackexchange.com/questions/319524/adding-private-domains-for-sending-without-additional-dedicated-ip">here</a> and <a href="https://digitalmarketingoncloud.com/deliverability/private-domain-in-salesforce-marketing-cloud/">here</a>. I recommend reading to learn more.</p><p><b>DMARC gets a bit trickier, </b>as I don't think there is any default assignment of a DMARC record for private domains when configured in DNS by Salesforce (like there is for Sender Authentication Package domains). You'll want to check that out for yourself, and make sure that every domain you're sending from has a <a href="https://www.wombatmail.com/dns.cgi?t=dmarc&d=">DMARC policy</a> in place. Keep in mind that DMARC policies are most often implemented at the top level for a domain, and that they "trickle down" to subdomains. So if you have a private domain of email.aliverson.com, and you're trying to see if it has DMARC in place you'll need to check for a DMARC record both for email.aliverson.com AND aliverson.com. If you find one only for the latter, that's okay – by default, policy specified there applies to email.aliverson.com.</p><p><b>And a bonus tip: Do you miss the Reputation Audit? </b>The Reputation Audit tool was something I built approximately <i>(mumble)</i> years ago, where you (usually an SFMC user) would send an email to a certain address, and a report gets generated, showing you, among other things, your IP reputation and authentication status. It was a handy tool for troubleshooting authentication-related configuration issues. Alas, I'm long gone from Salesforce, but that won't stop me from naming a spiritual successor to the Reputation Audit: <b>Steve Atkins' <a href="https://aboutmy.email">Aboutmy.email</a>. </b>This tools has everything that I would have wanted to put into a modern 2024 version of Reputation Audit, with a particular focus on the new Yahoo/Google sender requirements. Steve really knocked it out of the park with this one, and he has kindly made this tool free for all to use. If you're looking for an online tool to help check to ensure your SFMC authentication settings are correct, or trying to confirm that you're all set as far as Yahoo and Google sender compliance, then this is the tool for you. (I've written more about that tool <a href="https://www.spamresource.com/2024/01/aboutmyemail-is-cool-new-tool-you-need.html">here</a>.)</p><p><i>(Just to clarify, I had no hand in creating Aboutmy.email. I wish I had! But I don't want anybody to think that I'm trying to take credit for his fantastic work.)</i></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-69132865117073830492024-02-25T19:35:00.001-06:002024-03-15T15:16:35.194-05:00Bonus SFMC Tip: Configuring reply handling in Salesforce Marketing Cloud<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVussd4VRtomNN4ZkueSEBQMEvb6L7GPRyAOp9gtQN6HM0G8UkL8Rdc-j0kd-NaPohBXul4EsArHRwgL5La5O0PwmdlHf-2H3A9fPDfFal9PzBIjRazVWDnTf7k74elYHBliza4QZSUCRKRKNq4W1rMcpPbrFKVSdCY_pgliodq5dMpUs8VMyQ/s1200/cloud-bonus.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVussd4VRtomNN4ZkueSEBQMEvb6L7GPRyAOp9gtQN6HM0G8UkL8Rdc-j0kd-NaPohBXul4EsArHRwgL5La5O0PwmdlHf-2H3A9fPDfFal9PzBIjRazVWDnTf7k74elYHBliza4QZSUCRKRKNq4W1rMcpPbrFKVSdCY_pgliodq5dMpUs8VMyQ/s16000/cloud-bonus.jpg" /></a></div><br />Here's a bonus Salesforce Marketing Cloud tip for those SFMC users out there in Spam Resource land. Wondering how to configure the Reply Mail Management reply handling functionality? If so, very smart SFMC wizard <a href="https://www.linkedin.com/in/donnaredmond/">Donna Redmond</a> has got just what you need: a <a href="https://lightyourfires.com/f/forwarding-and-logging-email-replies-in-salesforce-marketing-clou">blog post</a> (and a package manager and video) that explain what you can do with this functionality, and how to configure it. <a href="https://lightyourfires.com/f/forwarding-and-logging-email-replies-in-salesforce-marketing-clou">Check it out here</a>.<p></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-89302762390167954522024-02-23T14:55:00.002-06:002024-02-23T14:55:16.135-06:00Google is not sunsetting Gmail<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyE6Tqlbk1eysBgCKLvGRsxBu9y89KM1jehfxtXIESmkG0stbH_a_dlHyZ4cEeyY-Lz7znRHZOCmLgdybQpl96SPT443_UhSyv5cK-S-qB6QLmAuipShRmWNOBgFkDc8Pb5wne1v6JlzcVfkxYhRruU9RIpyVzTLCkw4xEn1du-rNG3ypWPpPs/s1920/gmail-june.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1280" data-original-width="1920" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyE6Tqlbk1eysBgCKLvGRsxBu9y89KM1jehfxtXIESmkG0stbH_a_dlHyZ4cEeyY-Lz7znRHZOCmLgdybQpl96SPT443_UhSyv5cK-S-qB6QLmAuipShRmWNOBgFkDc8Pb5wne1v6JlzcVfkxYhRruU9RIpyVzTLCkw4xEn1du-rNG3ypWPpPs/s16000/gmail-june.jpg" /></a></div><br />If you didn't already know, that screenshot that's been all over social media, suggesting that Google is telling users that Gmail is to be sunsetted in August 2024, is a hoax. Don't believe the hype. You can read more on this <a href="https://www.bbc.com/news/technology-68374424">from the BBC here</a>. <p></p><p>An interesting side note: Apparently Elon Musk used this as an opportunity to suggest that a Musk-provided alternative, called X Mail, <a href="https://www.dailymail.co.uk/sciencetech/article-13117105/Elon-Musk-Gmail-rival-dubbed-XMail.html">is coming</a>. There isn't much more to say about that until/unless something actually happens. Stay tuned.</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-44629801387784107252024-02-23T07:00:00.003-06:002024-02-23T07:00:00.132-06:00Spam Fried Rice: Doesn't this sound delicious?<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBrdJjJDrvBYJzCofw9XD7vT890rW2aZdvWdb7CSjv_ukQMpq64DSiKawYsNbr5zNBKyWMWYeMq1blxWuymwrsE6BifOXmDpwm_SQwIiUuYN8CIYw5cscQxPVk8sTpWMeCuEUmwyXj5VfLcVjSTibdoQ9WlojTuAEhaDSXDVyFHpCIDKRCE41Z/s1200/spam-frying-pan.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBrdJjJDrvBYJzCofw9XD7vT890rW2aZdvWdb7CSjv_ukQMpq64DSiKawYsNbr5zNBKyWMWYeMq1blxWuymwrsE6BifOXmDpwm_SQwIiUuYN8CIYw5cscQxPVk8sTpWMeCuEUmwyXj5VfLcVjSTibdoQ9WlojTuAEhaDSXDVyFHpCIDKRCE41Z/s16000/spam-frying-pan.jpg" /></a></div><br />Yes, I do have various Google alerts set up watching for food-related spam articles. Or SPAM, in this case! Without those alerts, I wouldn't have stumbled across this deliciously described spam fried rice recipe courtesy of the Recipe Critic. A simple combination of pan-fried spam, fluffy rice, eggs, and veggies, it seems very much like your typical fried rice recipe, but the addition of the diced, salty SPAM luncheon meat kicks things up a notch and this one is going on my "gotta try this" list immediately.<p></p><p><a href="https://therecipecritic.com/spam-fried-rice/">Spam Fried Rice Recipe | The Recipe Critic</a></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-90798190523296283302024-02-22T07:00:00.002-06:002024-03-17T12:06:31.304-05:00DELIVTERMS: NDR<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0jc96QUkY_mSCVmk1Gj41mfpRPBvhlzKV-o_fUT6QgRi4Vm42qXnT3MHO8WknHwn4UrMMWxAkH6XO1KMojYQlCSp7brdEL1SMZdvGuiu2sXaqCDEFf5qGvWi0TjpJp8b82ruVuGOoT4i6HDfqsQR93GYxku_F04dXvD3JliHucpgubU28AsJt/s1200/dt-ndr2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0jc96QUkY_mSCVmk1Gj41mfpRPBvhlzKV-o_fUT6QgRi4Vm42qXnT3MHO8WknHwn4UrMMWxAkH6XO1KMojYQlCSp7brdEL1SMZdvGuiu2sXaqCDEFf5qGvWi0TjpJp8b82ruVuGOoT4i6HDfqsQR93GYxku_F04dXvD3JliHucpgubU28AsJt/s16000/dt-ndr2.jpg" /></a></div><br />It's time to decode another deliverability acronym. Today, we're going to tackle NDR, which stands for "Non-Delivery Report."<p></p><p>NDR is another way to say "bounce message." I consider them essentially to be synonyms. In my opinion, the acronym <a href="https://learn.microsoft.com/en-us/exchange/troubleshoot/email-delivery/ndr/non-delivery-reports-in-exchange-online">NDR</a> is a bit of a Microsoft-ism, and the more appropriate generic term is probably "<a href="https://en.wikipedia.org/wiki/Bounce_message">bounce message</a>."</p><div>What's a bounce message? Whenever you try to email somebody, but you get a notification email back that tells you that your attempt to mail that someone was unsuccessful. That response, notifying you of the delivery failure is an NDR or bounce message.</div><p>When you use an email service provider, CRM or newsletter tool to send email messages, these tools typically receive and process any bounces for you automatically. It's not always necessary to generate a whole NDR email message when a message doesn't go through -- much of the time, when a newlsetter tool or other bulk email platform attempts to deliver a mesasge, but is unable to, that rejection happens "inline" during the SMTP communication between sending and receiving server. The sending server often just logs the rejection directly in their system, without generating a notification email back to the person who initiated the email send. If these email tools did not process bounces for the sender, those sending large enough volumes of bulk email or newsletters would find themselves inundated with bounce messages after each email send, and the sender would have to choose wether or not to manually suppress or unsubscribe each bouncing address. This makes automatic bounce processing a significant time saver for those sending lots of email messages.</p><p>"What percentage of a sender's mail is bouncing" can sometimes be used as a metric to determine how spammy a sender is (or isn't). As email addresses churn over time, addresses not emailed in a long time, or obtained via methods other than opt-in permission, have a higher likelihood of no longer being valid by the time a sender attempts to mail to them. This is a bit of an oversimplification as the whole equation can get a bit complex, but the short version is, if a high percentage of a list is getting bounced back with "user unknown" rejections, that sender likely has a list hygiene issue and is likely to have deliverability issues.</p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-16006529502106046412024-02-21T07:00:00.006-06:002024-02-21T09:44:06.868-06:00Picking the right email newsletter platform<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQWapzANFgfD3VbjkK4ZcebknNPt1mv0fIbwf8VP5tigtHwUpNF2zVtAKHSn8AgRF8Ekk-c9aX9Nye3hEPqkzHG-9TPF6IgzNogHlNg1opUFm04gFa3_ShR9g2Y9Tk3C28guwRoVqfSteIlkaUhY3KGlRsS0BLbzQsGAJ14QqNFZ6X5pHhzS2U/s1200/which-one.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQWapzANFgfD3VbjkK4ZcebknNPt1mv0fIbwf8VP5tigtHwUpNF2zVtAKHSn8AgRF8Ekk-c9aX9Nye3hEPqkzHG-9TPF6IgzNogHlNg1opUFm04gFa3_ShR9g2Y9Tk3C28guwRoVqfSteIlkaUhY3KGlRsS0BLbzQsGAJ14QqNFZ6X5pHhzS2U/s16000/which-one.jpg" /></a></div><br />Here's a question I get asked a lot: <b>What platform should I use for my email newsletter?</b> And of course, the answer is, <i style="font-weight: bold;">it depends</i>, not only because I'm a weirdo who built his own email newsletter platform. Spam Resource is fully homegrown, with signup form code that dates originally back to the late 1990s (double opt-in is timeless, ha ha), to my own custom RSS->email scraper and message builder.<p></p><p>But you're not me, and so I don't expect you to build it all yourself. So the question becomes, what then? I've used Mailchimp and AWeber a lot recently, Beehiiv looks pretty neat, and I don't know anything at all about ConvertKit. And for the platforms that I <i style="font-weight: bold;">have</i> used, I don't know if I know enough to guide you one way versus the other. So, allow me to defer to Dan Oshinsky, who back in December, <a href="https://inboxcollective.com/aweber-beehiiv-convertkit-ghost-mailchimp-substack-which-is-the-right-esp-for-your-indie-newsletter/">shared his guide to picking the right email newsletter platform</a>.</p><p>Keep in mind that they all have <a href="https://www.spamresource.com/2023/12/comparing-espnewsletter-sender-free.html">different levels of free usage</a>, as well. Do you necessarily need to plan big for huge growth? Maybe not. If it's all organic growth and a niche topic (like my own newsletter, for example), a limit of 500 subscribers in a free tier is probably going to suit you fine for good long while. May you be lucky enough to be the publisher of that one-in-a-million newsletter that takes off like gangbusters.</p><p><i>Credit: <a href="https://www.linkedin.com/in/danoshinsky/">Dan Oshinsky</a> runs email consultancy <a href="https://inboxcollective.com">Inbox Collective</a> and is somebody that you should follow.</i></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-44635581471643599572024-02-20T07:00:00.000-06:002024-02-20T07:00:00.130-06:00Encrypted email service Skiff to shut down<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTcBbavSUNO6YXVJEWvUUWO9xOK9WlP8eXmqEjGx7Uz3zjeOZC33ggfeIDNSYGEvTG8xY0JeHcdXkcJo-JkRQGcZld2dcmvYDGT8o6KOKyqLRk4hCyvNnGf-2r-HDlnyD0ol8Wa9bRzu_ZxF5kOmp_SXW5mADtq3GEjiSvnsi4kaQmMkF5qj9X/s1200/dead-domain-2024.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTcBbavSUNO6YXVJEWvUUWO9xOK9WlP8eXmqEjGx7Uz3zjeOZC33ggfeIDNSYGEvTG8xY0JeHcdXkcJo-JkRQGcZld2dcmvYDGT8o6KOKyqLRk4hCyvNnGf-2r-HDlnyD0ol8Wa9bRzu_ZxF5kOmp_SXW5mADtq3GEjiSvnsi4kaQmMkF5qj9X/s16000/dead-domain-2024.jpg" /></a></div><br />Add this one to the <a href="https://www.spamresource.com/search/label/dead%20domains">dead domains</a> list ... eventually. Secure email (mailbox) provider <a href="https://skiff.com">Skiff</a> has announced that due to being acquired by a company called Notion, the Skiff secure email service will be shutdown. <a href="https://skiff.com/data-migration">As far as timing</a>, access to the Skiff suite of services will cease on August 9, 2024, but automatic email forwarding will continue on, through February 9, 2025.<div><br /></div><div>Skiff promises that users should be easily able to migrate data out of the Skiff service, allowing users to <a href="https://skiff.com/data-migration">download email messages</a> in MBOX or EML format.<p></p><p>Besides the core skiff.com domain, Skiff appears to have hosted mail for around 120 of the top ten million domains (and it ranked 48,665 on that list itself, as of December, 2023).</p><p><a href="https://arstechnica.com/gadgets/2024/02/encrypted-email-service-skiff-gets-acquired-will-shut-down-in-six-months/">More on the shutdown from ARS Technica</a>.</p></div>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0tag:blogger.com,1999:blog-26753622.post-78972121639287952272024-02-19T07:00:00.000-06:002024-02-19T07:00:00.139-06:00ISP Deliverability Guide: Mimecast<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRUhDhFicoFokWyNE1HTmgiJEOAPuD10xoC3zKSZG7UGvF-iyqP5GAP4CHfykC8vroWmuAGELFhkxuZmekGDF2XI5zlSGXkAuoWv7sls0uosBmndv2WxhDWzu14QMWG8g-76ZZZfEBVIbX4jX5-NJiMLMWj1gUSDCLlpBubW1kXex_A9-ZoOqO/s1920/mimecast.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1280" data-original-width="1920" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRUhDhFicoFokWyNE1HTmgiJEOAPuD10xoC3zKSZG7UGvF-iyqP5GAP4CHfykC8vroWmuAGELFhkxuZmekGDF2XI5zlSGXkAuoWv7sls0uosBmndv2WxhDWzu14QMWG8g-76ZZZfEBVIbX4jX5-NJiMLMWj1gUSDCLlpBubW1kXex_A9-ZoOqO/s16000/mimecast.jpg" /></a></div><br />Mimecast provides “cloud cybersecurity services for email, data and web,” specializing in cloud-based email management for Microsoft Exchange and Microsoft Office 365, including security, archiving, and continuity services to protect business mail.<p></p><p>To clients and users, Mimecast may seem like an integrated Microsoft add-on, but from a sender’s perspective, Mimecast is effectively its own mailbox provider. Typical Mimecast customers point their domains’ MX records at Mimecast infrastructure and any inbound mail is rejected or accepted by that infrastructure before being logged, processed, archived (if archiving is enabled), before being forwarded to the actual end user mailbox for the email message’s destination.</p><p>Mimecast hosts inbound email services for <a href="https://www.wombatmail.com/data/mx-mimecast-com.html">many thousands of email domains</a>. When cross-referenced against the top 10 million domains, Mimecast shows up in the MX record for over 37,000 of those domains. While this is smaller than Google (~800,000) and Microsoft (~727,000), a lot of the entities you’ll see utilizing Mimecast for email security and routing are heavy hitters – known brands, Fortune 500 companies, and big players in various industries. As of November 2023, companies that utilize Mimecast include Forbes, HP, USA Today, Gannett, Aetna, Anheuser Busch, Cleveland Clinic, the NFL, and Sanofi.</p><p>For senders finding themselves blocked by Mimecast, they do operate an unblock request form (<a href="https://community.mimecast.com/s/sender-feedback">https://community.mimecast.com/s/sender-feedback</a>) but are quick to caution that senders are likely to have the best chance at addressing a blocking issue by working directly with the B2B enterprise client who has chosen to implement Mimecast security and filtering, as those users are able to create and manage whitelist/allowlists and blocklists at the sender level, via “Permitted Senders Policy” settings in the Mimecast administration console.</p><p>Mimecast publishes detailed information regarding 4xx and 5xx SMTP deferrals and rejections. Find that information here: <a href="https://community.mimecast.com/s/article/email-security-cloud-gateway-mimecast-smtp-error-codes">https://community.mimecast.com/s/article/email-security-cloud-gateway-mimecast-smtp-error-codes</a></p><p>There you’ll find information regarding the limit of concurrent SMTP connections (20), limits of recipients per DATA (100), when a 4xx deferral denotes greylisting, and more. Keep in mind, as noted above, Mimecast administrators (i.e. customers of Mimecast) may choose to block some senders, IP addresses, or domains, so that even though you're blocked by Company X, and Company X uses Mimecast for inbound email handling and email security, it doesn’t mean that Mimecast themselves have instituted a block against you.</p><p>The top 25 email domains (ranked slightly non-scientifically, based on website traffic, not email traffic) hosted by Mimecast are:</p><p></p><ol style="text-align: left;"><li>penguinrandomhouse.com</li><li>forbes.com</li><li>steamcommunity.com</li><li>ultipro.com</li><li>bkstr.com</li><li>hp.com</li><li>hubspot.com</li><li>betfair.com</li><li>teamviewer.com</li><li>usatoday.com</li><li>audacy.com</li><li>aetna.com</li><li>surveymonkey.com</li><li>disqus.com</li><li>coldwellbankerhomes.com</li><li>pokemon.com</li><li>lionsgate.com</li><li>newsmax.com</li><li>tandfonline.com</li><li>toasttab.com</li><li>flipkart.com</li><li>fanatics.com</li><li>cambridge.org</li><li>optimizely.com</li><li>redhat.com</li></ol><p></p><p><i>Note: A common question I get is, why do I rank domains against website traffic rankings instead of based on email data? It’s because I don’t have the right level of granular email data available to me to put similar rankings together based on email-related criteria. While this makes email rankings slightly imperfect, I think it still provides a “good enough” methodology to provide insight into how big or how well-known various domains (and their companies) are.</i></p>Al Iversonhttp://www.blogger.com/profile/09944971155267588303noreply@blogger.com0