The email problem no one is talking about: mistaken identity

Mashable's Chris Taylor talks about the problem of misdirected emails. A good read and it helps to expose a real issue that I don't think many people stop and consider.

I'll add my own questions here. What if, because of this, a sender is exposing PII (personally identifiable information) to a random third party? Couldn't that lead to some sort of legal liability at some point? How does a recipient stop emails like that? Are you, as a sender, putting a "this is not me" link in your transactional messages?

I have a bunch of spamtrap domains. One of them is a typo variation of a very popular ISP domain. The number of misdirected order confirmations and password reset requests it gets is ... staggering. If I was a bad guy, think of all the bad things I could do with that information being fire-hosed directly to me. I could probably take over hundreds of Instagram accounts. I could probably cancel or redirect orders from online stores. Or worse.

More reasons why you can't just assume that any email address given to you is correct. is 11 years old today

I've long had a little banner at the bottom of my DNS tools site that says "since 2008" but it looks like I'm going to have to change that. Looking through my notes, the site actually launched eleven years ago today!

XNND exists because back then there was a commonly used "DNS stuff" site out there that I felt like was trying to scare people into buying services from them and I didn't like it, so I decided to put together my own little DNS lookup site that was bullshit-free and simple to use. I registered the domain on June 14th, 2007 and then launched the site on June 17th.

I redesigned the site recently to make it a bit easier on the eyes. And yep, that's all done with HTML tables, like it was built in 1997 instead of 2007 or 2018.

I've had to erase and reload the server so many times, I don't even know how much traffic it really gets. But it seems to be a busy little guy, and I hope folks continue to find it useful.

I've got setting up a server to be down to a science. Every time there's any sort of hint of a security or hardware issue, I just nuke the whole thing and populate a new installation. Sometimes servers crash, sometimes weird stuff happens, and I've even had one hosting provider just up and disappear from the internet.

Special thanks to Don Berryman and Steve Atkins who were very helpful with bits of code and hosting when it was first getting up and running.

Revisiting Spam, the Documentary

Remember this blast from the past? Back in 2007, email expert John Levine sat down with Canada's CBC News to be interviewed for what became "Spam, the Documentary." It wasn't widely available in the US then, but appears to be viewable on YouTube right now.

How much has spam changed since 2007?

Gmail's Promotional tab: How to escape

How do I keep my email messages out of Gmail's Promotional tab? This is a common question lately. Is there one common answer? Ask six different people, and you'll get six different answers. And I'm not sure which answer is the best one, so I'll collect them here and we can all learn together.

I think I lean toward following Return Path's guidance on the topic, which boils down to this: Promotions tab placement generally shouldn't hurt read rate, customers still find your messages, and will still buy from you. Placement in the Promotions tab might even mean your mail is less likely to be reported as spam by Gmail users. And Promotions tab placement, Return Path rightly points out, is inbox placement. It's better than the spam folder.

Agency COSO Media attempts to address some raised concerns. Appealing directly to senders who have "noticed a recent drop in your open rate on your email marketing campaigns," COSO Media suggests that "the best way to get emails back into the primary tab is to have your subscribers put you there."

Email Service provider MailChimp similarly suggests that you "encourage your subscribers to take these actions: Add your From email address to their Google Contacts[, and] Move your emails to the Primary tab."

Collaborative email builder Chamaileon provides this checklist of considerations:
  1. Don’t sell
  2. Authenticate your domain with DKIM and SPF records 
  3. Greet recipients by name
  4. Have no more than one link in the email 
  5. Don’t include pictures
  6. Don’t use RSS campaigns
  7. Keep the email short
  8. Don’t use heavy HTML
Email service provider Infusionsoft provides some similar guidance on things to avoid:
  • Lots of images in your email
  • More than one or two links in your email
  • If it’s “from” your brand, rather than you
  • Lots of fancy HTML code in your email
  • Links to your social media profiles in your signature 
Finally, Transactional Email API Service Mailgun points out that 35% of Gmail users have disabled the tabs functionality. They also warn that "gaming the system isn’t a great idea." They go on to say that to improve your chances of landing in the Primary tab, that "your best shot is by sending to users who want your messages (double opt-in for the win!) and sending high quality content that’s related to what they signed up for."

Maybe you can't follow every step suggested here. Maybe not every suggestion makes sense for every sender (I certainly see lots of "complex" HTML email messages in the Primary tab). But hopefully these suggestions give you some idea of things to try when troubleshooting this issue (or deciding that it's fine to leave as is). Got something to add? Share it in comments below.

The big red warning box of doom

Here's the updated DOOM WARNING that appears on a suspicious message in the new Gmail user interface. But why, I ask, would it appear on this particular message that I received? The message in question fully authenticates, it was sent from a reputable ISP, and it was an email message from my city government. It's an email list that I've opted-in to. 

They use an ESP that uses a group of IP addresses to be shared among all clients, so I assume what happened is that the shared reputation has gotten dinged by some bad sender doing something wrong sometime prior to this send. It sucks, though, because this message isn't actually dangerous and the warning is probably going to freak people out.