More Transitions: AOL/Yahoo Consolidation

Remember how I said that I thought 2018 would be the year of consolidation?

First you had the Microsoft platform consolidation, the merging of their Office 365 and Hotmail platforms. A lot of senders are still dealing with issues around that transition.

Now we're getting word that AOL and Yahoo are going to begin to merge their platforms, starting in February. Step one: Inbound mail to the AOL domains will now be handled by the Yahoo inbound mail servers.

2018 is going to be a wild ride.

H/T: Word to the Wise

History Repeating: Challenge/Response again?!

At least one mailing list operator on Mailop is reporting that he's receiving mail from something called BitBounce. It sounds like some combination of crypto-currency based "pay to send email" thing (remember Hashcash? Or is this more like e-postage?) where you attempt to limit spam by requiring each individual sender to pay some extra fee (which doesn't really work unless the whole world buys into the model) and "challenge/response" email filtering wherein you attempt to limit spam by spamming back to the sender a requirement that they click on a link and do a little dance to prove they're human. Which still doesn't work very well, not back when I talked about it in 2014, not back when I talked about it in 2006.

Whaaaaat? This nonsense again? Nobody reads the history books anymore, do they? Kids today...

Canada and Japan joining forces to stop spam

The Canadian Radio-television and Telecommunications Commission (CRTC) has signed an agreement with Japan’s Ministry of Internal Affairs and Communications. The two groups pledge to work together to "combat unsolicited commercial electronic messages." It sounds like they'll be sharing information to trace spamming bad guys across borders. The agreement came into force on January 1st, 2018.

The CRTC further indicated that it "has entered into similar bilateral agreements with the United Kingdom’s Information Commissioner’s Office, the United States Federal Trade Commission, the United States Federal Communications Commission, the New Zealand Department of Internal Affairs and the Australian Communications and Media Authority."

You use 2FA for your Google account, right?

If so, eventually you'll end up replacing your phone, and you might need a guide on how to transfer that 2FA code generation from the current phone to the new phone. How do you do that? Gizmodo's Field Guide has you covered.

They also explain how to do this with Apple and Microsoft accounts, as well.

You DO use 2FA (two factor authentication), right? Please do. It can perhaps be imperfect, but I've personally seen it save the day when people have tried to nefariously access the email accounts of my friends (and even my own account).

Now Hiring: Postmark

Postmark is an api-based email service provider for transactional email messages. Postmark's Chris Nagele reached out to me to let me know that they are hiring, looking for somebody to fill the "Head of Deliverability" role.

Have you worked as a lead overseeing large scale email volume? Do you understand SMTP from a technical perspective? Know SMTP response codes and how to react to them? Able to segment mail streams to mitigate risk across a large customer base? Very familiar with email authentication protocols such as SPF, DKIM, DMARC, and ARC?

If so, this might be the job for you! Click on through to the job posting for full details and information on how to apply.

Now Hiring: Groupon

Another day, another email job opportunity! This time, it's for Groupon. They're looking for a Senior Messaging Engineer.

Responsibilities include: leading and performing problem recognition and analyzing the root cause of messaging issues across all protocols (smtp, smpp, mobile push, mta-haproxy) engaging with their direct supervisor as required. Also, recommending configuration changes based on acquired data to resolve delivery issues. And to participate in cross-functional efforts on collaboration in region to identify issues and increase inbox placement, and more.

For full details and information on how to apply, click here.

Dead email domain: alltel.net

A reader wrote in asking me if anybody was home at the email domain alltel.net.

I performed a handful of checks to see:
  1. Does the domain have an A record? No. We're getting a server failure response or server not found response.
  2. Does the domain have an MX record? No. We're getting a server failure response or server not found response.
  3. Does that MX or A record answer as a mail server when you try "telnet (hostname) 25"? Doesn't matter, can't find either.
  4. Search the web -- what do I find? Two things: First, Matt Vernhout blogged about this domain shutting down back in 2009. Second, here's information from an AT&T message board suggesting maybe the domain still worked in 2016. 
According to this timeline, Windstream seems to have indeed picked up much of the Alltel user base at some point in the past through M&A, but AT&T may have later acquired some of the Windstream properties back later? Confusing. But regardless, the domain certainly seems dead today. There's no point in sending to it, and if you've got alltel.net subscribers on your list, then something is funny. Is your list old? Are you sure it's all people who recently opted-in to receive email from you?

Now Hiring: Microsoft

Looking for a new opportunity? Email and anti-spam jobs are a unique enough unicorn that I will share them here when able, hoping to help employers reach the right folks among my blog readers.

And here's one of those right now! Microsoft is looking for somebody in the anti-abuse/malware mitigation realm. Here are details:

Microsoft’s Office 365 information protection team is an industry leader in email filtering and advanced thread protection scenarios. We are looking to grow our human intelligence team with analysts who are experts in fighting online abuse, spam, phishing and malware. If you are passionate about security and care about creating a safe cloud productivity environment, we want to talk to you.

Job responsibilities:

  1. Analyze emerging spam, phishing and malware attacks and devise innovative automated rules and strategies to mitigate them
  2. Perform post-facto data analysis and gather intelligence to help improve our Machine learning and automated systems
  3. Work closely with engineering, researchers and Product Managers to bring new security solutions to market
  4. Work closely with security experts across Microsoft and help keep Office 365 and Microsoft secure

Ideal Candidate
1. BS plus in computer science, Math or related engineering or science field
2. Five plus years of experience in related security areas (anti-spam, anti-phish, anti-malware) as an analyst or engineer
3. Expertize and familiarity with email systems and protocols
4. Expertize in development and scripting technologies like PowerShell, Perl, regex, C# etc.
5. Expertize and familiarity with data analysis at large scale and ability to apply relevant tools (SQL, excel, etc.). Familiarity with Big data tools is a plus

Does this sound like the job for you? If so, contact [email protected] with a copy of your resume in either Word, PDF or plain text format.

TinyLetter: Don't freak out just yet!

Slate reports that popular email service provider Mailchimp plans to phase out TinyLetter, the neat simple newsletter service they have owned since 2011. It sounds like people are jumping the gun on freaking out, though. Mailchimp says that things will change eventually but they actually don't seem to have pulled the plug on the thing yet, or even announced when they might do so.

So stay calm, Tiny fans! Mailchimp even says that even if/when they roll TinyLetter back up into Mailchimp, "it will still have the same super-simple newsletter building functionality, but it’ll be refreshed and updated for improved user experience."

More on "Smart Unsubscribing"

I mentioned recently that Google has implemented a feature wherein they'll suggest to "Inbox by Gmail" users that the user may want to unsubscribe from communication from a sender under certain circumstances. Turns out Yahoo Mail does something similar. Tom Sather explains in more detail over on the Return Path blog.

Challenges in 2018?

It's the first working day of the new year. What do you think are going to be some of the challenges we face in the realms of email and deliverability this year?

Here's three concerns that are on my mind for 2018:
  1. Continuing platform consolidation. Microsoft started merging their Outlook.com (Hotmail) and Office 365 Outlook email platforms in 2017. From the outside, things didn't always seem to go so smoothly, and indeed, are perhaps not today all that smooth in some cases. Some senders were seeing unexpected blocking with confusing (or no) error messages, for example, and the receiving systems appeared as though they were perhaps overwhelmed. That's potentially still ongoing for some folks today.

    And then we have to look forward to a potential merger between the webmail systems of Yahoo and AOL. Now that they're owned by the same company, it makes sense to assume that they would standardize down to one single webmail platform. That's a whole lot of mailboxes and data to transfer (in either direction) and I admit that I'm a little nervous wondering about how things will go if/when they pull that off. (It's not that I think the Oath people are dumb, by any means. Very smart folks-- I just wonder about the scale of such a platform merge.)

  2. Getting serious about DMARC. I might have called 2015 the year of DMARC, as it was all over the news, but 2018 is the year all should start implementing DMARC. Too many folks are ignoring it until they run into problems. Implementing it while something bad is happening can be tougher (like trying to do math while the building is burning) and it takes some finesse and technical skill to ensure that you're doing it right, which is why I think you should partner with a DMARC specialist service instead of trying to do it yourself.

    And don't send mail that wouldn't pass DMARC, even if you don't have a DMARC record set up or policy enabled. My very non-scientific observations suggest that at least one large webmail provider will effectively give you a modest positive delivery boost if your mail is DMARC-compatible and a modest negative deliverability drop if your mail isn't DMARC-compatible.

    And it goes without saying that in 2018, you should no longer use a from address domain that you don't control or own.

  3. More Stringent Filtering. This past holiday season (Q4), a lot of folks saw a higher-than-expected amount of inbound mail being deferred by multiple large webmail providers, possibly because their systems were overwhelmed with so many senders attempting to send so much mail. I'm sure that to some degree, those platforms will be looking to beef up their inbound mail capacity, but that can get really expensive really quickly, and they aren't likely to endlessly scale up to accept all the mail that every sender in the world cares to send. That means that those providers are probably going to have to look to other means to keep their systems up and stable, and that suggests to me that spam filtering could become more stringent. If you don't have enough resources to accept all the mail, you're going to try to figure out which senders are the better senders and accept their mail first. The not-as-good senders might not get as much mail through, or perhaps even be locked out outright. ISPs and spam filters constantly stack rank senders against each other and this is just yet another example of how they could choose to do that. It's not that different than the way things work today, just keep in mind that what is allowed as far as practices and percentages is likely to be tightened up.

    What that means for a sender is, keep your nose clean. Practices that were edge case and perhaps OK a few years ago (old lists, low engagement, etc.) are going to be problematic today. Don't just keep on skating along on what you've been doing for years. Instead, be forward looking and ensure that you're fully on top of everything when it comes to permission and best practices.
Let's regroup in about 350 days and see how things turned out, shall we? I'm sure there will be another five or more big considerations that hit us in 2018 that we didn't consider up front.