spam resource

Apple iOS 15 Mail Privacy Protection Changes: A roundup

Is this every possible blog post or FAQ page explaining Apple's MPP changes aka the death of open tracking? No, probably not. But here's a bunch. Some I found myself, others were shared with me by many kind folks in the deliverability space. If you want to work your way through all of the guidance to see what you can glean from it, here you go.

It's a lot to read, but there are useful tidbits to be found in just about all of these articles. I hope you found this list useful!

Comcast.net has new sending IP addresses

American multinational telecommunications conglomerate Comcast, most well-known to us Internet users here in the US as the provider of cable modem-based internet service Xfinity, has announced that they'll be sending outbound mail from subscribers via new (additional) IP addresses ranges.

On the Mailop list, a representative from Comcast shared that the new IP ranges are as follows:

ip4:96.103.146.48/28 ip4:96.102.19.32/28 ip4:96.102.200.0/28
ip6:2001:558:fd01:2bb4::/64 ip6:2001:558:fd00:56::/64 ip6:2001:558:fd02:2446::/64

These are indeed included in the comcast.net SPF record.

OK, dear sender. You've been unblocked. Now what?

You did it! You got Yahoo or Microsoft to unblock you. Perhaps you even figured out why they "hate" you. Perhaps your friendly neighborhood deliverability consultant just closed the ticket you submitted, letting you know that the ISP has unblocked your sending IP address and telling you that you should now be "good to go."

So...now what? What should you do next? What should you send, how much, in what order? What's the best way to ramp things back up? This seems something that is missing from a lot of deliverability consultation -- the "now what?" after getting you unblocked. I sense an opportunity! Allow me to share my take on what you should do next, after getting unblocked by an ISP like Yahoo or Microsoft.

WAIT. Wait a period of time -- 24 hours if Yahoo, 48 hours if Microsoft, before doing any significant sending. (For other ISPs, wait until the next morning in US time.) Why? Because not all ISP spam filters update immediately. Most update overnight. Microsoft might only update every two days. You don't want to try to send until you're sure that the spam blocking has been removed. So, best to wait.

SPLIT. Split up your next sends. Don't immediately push the button to send one big send to six million people. Can you split that up? Over three days? Or in six batches, one every 12-18 hours? This will give you a chance to pause after a segment, if you notice the blocking recurring. It also flattens out the volume, making send volume look a bit more consistent instead of spiky. Do this ongoing, too. If you can split up future sends into chunks to launch throughout a day (or across multiple days), you slightly reduce the chances of blocking based just on volume spiking, especially at Microsoft domains. Microsoft hates volume spikes!

REVIEW. Something happened to cause that blocking. The ISP isn't guaranteeing that they won't block your mail again. If sending to a bad list is what caused the block before, sending to that bad list again is going to cause that blocking again. What can you review, and change, about what you're sending, to try to improve things? If you have a list segment that you know is iffy, that is something you should hold back on. Put it on pause, don't include it in the next send. It'll help reduce the chances of blocking recurring. This is an area where improvement almost always necessitates change.

FOCUS. Focusing on engaged subscribers is almost always a good thing to do. It helps to boost your sending reputation. Even at an ISP that doesn't directly look at engagement as a filtering metric, it'll still help. (Just a little more indirectly.) This means identifying people who haven't opened or clicked on any email from you in a long time, and stopping mail to those people. Suppress them, at least temporarily. What your date cutoff for engagement is varies based on industry (and is something of a moving target in the industry), but if you're not sure where to start, try six months. Meaning, if a person hasn't opened or clicked on an email from you in the last six months, stop sending to them. (Yes, Apple's Mail Privacy Protection leads us to a more complex discussion in the longer term, but today, this is still valuable.)

LEARN. Sign up for Microsoft SNDS. Sign up for Google Postmaster Tools. Use your favorite inbox monitoring suite to help capture and report on any and all bits of feedback. Use this to monitor. Now that you've gotten unblocked, and you're suppressing unengaged subscribers, and you've ditched that questionable list data, is your complaint rate going down in SNDS or GPT? Is your domain or IP reputation trending up? Feedback here helps you confirm that you're on the right path.

Of course, this is all pretty high level guidance. It's just the starting point, and different scenarios require different strategy to address. But I hope it gives you some idea of how to kick things off -- how best to recover after getting unblocked, and how to position yourself for success going forward. Hopefully these tips will help you to minimize the chances that you'll get blocked again immediately. Good luck and good sending!

Fastmail dealing with DDOS attack

The good people at email platform provider Fastmail (whom I've blogged about more than once previously) are dealing with a distributed denial-of-service (DDOS) attack. Not fun. I feel for them.

From Twitter:

Over the last two days, service has been interrupted several times. This is the result of an ongoing attack against Fastmail as well as other email providers. We're working with network service providers and law enforcement to put an end to the problem.

-- @Fastmail - 9:31 PM - Oct 22, 2021

Fastmail users and interested parties, you can find current status information on their system status site here. Their two most recent updates that I see (current as of 6:25 pm Chicago time on Saturday October 23rd) combine to say:

"We have multiple mitigations in place against the DDOS attacks and we are continuing to monitor. No mail has been lost, your data remains safe and services are operational." ... "DDOS protection can throttle or disrupt customer traffic. Some regions are affected if they are where attack traffic is also coming from. We apologize to affected customers."

Currently, from Chicago, I am able to access my Fastmail account successfully, and I'm able to send and receive mail there. Hopefully that means their DDOS-mitigation efforts are working and that they're recovering.

October 25, 2021 Update: Things seem to have returned to normal. Fastmail is reporting the following on their status page: "System status is currently normal for all users. We're continuing to monitor the situation for any further hostile activity. No mail has been lost throughout this period."

[ H/T: Jennifer Nespola Lantz ]

Vegan spam? Again? I can't even.

This isn't the first time I've blogged about vegan SPAM, which is a sentence I never thought I would write. But here we are, and it's making my brain hurt.

From VegNews: "Hormel Foods Corporation—known best for its canned meat product SPAM—is developing new plant-based meat alternatives. Under an exclusive partnership with food-technology company The Better Meat Co., Hormel’s venture company 199 Ventures will work to bring new plant-based meat products to the market using The Better Meat Co.’s unique fermentation technologies."

CheetahMail merges with CM Group

CM Group has announced a merger with email service provider/customer engagement platform Cheetah Digital (aka CheetahMail, once upon a time owned by Experian, later spun out standalone, with leadership and a lot of higher-level positions more recently filled by ex-ExactTarget and Salesforce folks). This would seem to bring Cheetah under common ownership with Campaign Monitor, Emma, Delivra, Sailthru and Selligent.

This is very clearly being presented as a merger and I'm not seeing any information about a potential cost for acquisition. Usually these kind of things happen because private investors want to cash out -- I'm assuming there's something to that here, and I suspect we'll see more on this in the tech industry press in the coming days. Stay tuned!

Read the press release here.

Pictured: The Guaranty Building in downtown Indianapolis, which was one of the first headquarters for ExactTarget, now Salesforce Marketing Cloud. If you look closely, you can see the "Cheetah Digital" oval sign on the pillar to the right of to the front door. I spent a lot of time in this building, once upon a time. And in that fantastic cocktail lounge located on the lower level. (Image from Google Earth.)

[ H/T: Keith Kouzmanoff and Andrew Bonar ]

Spamhaus: When doorbells go rogue!

From Spamhaus: Here's a bonkers tale about a spamming doorbell. Oof, crappy "internet of things" devices are a scourge unto the internet. Alex Grosjean shares this very interesting story of tracking down where the spam was coming from on a home broadband subscriber's network. And why ISPs ought to be blocking port 25. And why IOT devices need to be more secure.

[ H/T: Kiersti Esparza and Atro Tossavainen ]

Now hiring: Epsilon

Epsilon (owned by French multinational advertising and public relations company Publicis Groupe since 2019) is "seeking a Deliverability Manager who can help Epsilon maximize deliverability across multiple platforms by ensuring necessary processes and projects are fulfilled successfully."

Responsibilities include working with clients and client teams to introduce and implement deliverability projects, products and solutions, investigating, diagnosing and resolving deliverability and spam escalation issues, and more.

For more information and/or to apply, click here.

Be careful: Using Spamhaus with open resolvers is bad news

Do you use any of the Spamhaus blocking lists (DNSBLs) to protect yourself from inbound spam and email threats? If so, you're not alone. The Spamhaus data is quite popular and used by many ISPs as a front door gatekeeper for IP (and domain) reputation.

Google Postmaster Tools (GPT) is back

Multiple sources are reporting that Google Postmaster Tools (GPT) has returned. I've confirmed it myself; graphs and data are back. As previously mentioned, Google Postmaster Tools went down around October 4th (and DMARC reports ceased to be sent, around the same time).

In my Google Postmaster Tools dashboard, I'm getting a warning that says "Data shown with missing records. Some data may be unavailable," suggesting that Google could still be working on loading missing data.

Google began to send DMARC reports again starting on October 9th or 10th.

Spam Resource is going weekly

If you subscribe to Spam Resource via email, thank you! No matter how you choose to consume this content, I appreciate you. But the email subscribers are helping me keep my skills sharp, allowing me to build and run my own mailing list manager software, and write my own automation to send out the actual posts as email messages, from my own server.

Lucy Mazalon from THE DRIP recently explained the good marketing reasons that would drive you to want to implement a winback campaign: "Marketing considered these leads qualified once, and sales even progressed the conversations. You could say they are the “low hanging fruit” – the most likely to be interested in your product or service – could you capture their interest again?"

Taking holiday prep to the next level: 2021 edition

Just recently, I shared my top five (plus) tips on how to be prepared to maximize deliverability success this holiday season. It's a starting point, and I hope you found it useful! But what if we take that to the next level? And by "we," I mean not me. Somebody else beat me to it -- Konstantinos Karagkounis, Deliverability Operations Lead at Emarsys.

Cloudflare plans to eat Proofpoint's lunch?

Here's one I almost missed, from a couple of weeks ago: According to Wired, Cloudflare is moving into the email security space. The goal? To better protect against email-delivered threats (think phishing). They see a gap there; one I've noticed myself.

Google Postmaster Tools and DMARC reporting offline

I've received multiple reports from different folks that Google Postmaster Tools (GPT) and Google's DMARC reporting have both been offline since sometime around October 4th. GPT is still accessible but has no data later than 10/3, and for those used to receiving DMARC reports from Google, none have been received since 10/3.

I'll share more information when known. Feel free to drop me a line if you have any updates.

(As an aside, Google has a helpful DMARC overview and tutorial for domain administrators. It's worth reading!)

[ H/T: Hagop Khatchoian, Benjamin Billon and others. ]

Saturday, October 9th, 2021 Update: Hagop Khatchoian and others have confirmed that Google is sending DMARC reports again. No word on GPT data yet; I've re-registered my domains with GPT again to test, but it'll take some time for me to be able to personally verify if data is flowing. What are you seeing?

Monday, October 18th, 2021 Update: GPT is back, more detail here.