Isleton Spam Festival: There's still time

You've got just over two weeks until it's time for Isleton, California's Spam Festival. The February 18th affair has in the past offered up treats like SPAM Fudge, SPAMbalaya, and -- good lord -- a SPAM-eating contest? Read all about it here. Be sure to drop me a line if you happen to attend.

AOL Announces Mail System MX Changes

As expected, AOL announced yesterday that the MX records for their domains are being updated:

As AOL and Yahoo come together under the OATH umbrella, we will merge the mail infrastructure serving our consumer brands.

As a first step, starting this week, the majority of AOL's MX records will point to our new combined servers. This should be transparent to any sender as those servers will operate in simple pass-through mode. This means senders with established FBLs will continue to receive them from our AOL mail infrastructure.

While we do not foresee any issues, you are welcome to reach out to the AOL postmaster team at if you should encounter anything.

Over the next few months we will continue to make adjustments as we further combine our systems. Watch this space for additional notes in the future.

Thanks to the folks at AOL/Yahoo/OATH for taking the time to make a public statement about this. Transparency is a good thing, and this is much appreciated.

Reference: Time Warner/Road Runner/Spectrum Email Domains

Sometimes it comes in handy to know all of the common domains associated with a given Internet Service Provider (ISP) or webmail provider.

I believe these are all of the common, legitimate email domains associated with Time Warner (TWC) / Road Runner / Spectrum Cable ISP properties as of January, 2018.

Using ClamAV? Update Now

ClamAV is a popular open source anti-virus engine, that among other things, is popularly used to scan emails on Linux/Unix systems for bad stuff. There's talk of a vulnerability out there relating to PDFs (source in German, but Google translate worked well) and users are advised to update to the latest version. I recommend reading the ClamAV-Users mailing list to figure out what's up with that latest version; it sounds like there is some confusion or a potential issue -- some users are attempting to download the latest 0.99.3 version but are getting beta code, not final production code. It's all a bit confusing and I'm hoping that admins running ClamAV will be able to decipher it all a bit better than I'm able to from afar.

More Transitions: AOL/Yahoo Consolidation

Remember how I said that I thought 2018 would be the year of consolidation?

First you had the Microsoft platform consolidation, the merging of their Office 365 and Hotmail platforms. A lot of senders are still dealing with issues around that transition.

Now we're getting word that AOL and Yahoo are going to begin to merge their platforms, starting in February. Step one: Inbound mail to the AOL domains will now be handled by the Yahoo inbound mail servers.

2018 is going to be a wild ride.

H/T: Word to the Wise

History Repeating: Challenge/Response again?!

At least one mailing list operator on Mailop is reporting that he's receiving mail from something called BitBounce. It sounds like some combination of crypto-currency based "pay to send email" thing (remember Hashcash? Or is this more like e-postage?) where you attempt to limit spam by requiring each individual sender to pay some extra fee (which doesn't really work unless the whole world buys into the model) and "challenge/response" email filtering wherein you attempt to limit spam by spamming back to the sender a requirement that they click on a link and do a little dance to prove they're human. Which still doesn't work very well, not back when I talked about it in 2014, not back when I talked about it in 2006.

Whaaaaat? This nonsense again? Nobody reads the history books anymore, do they? Kids today...

Canada and Japan joining forces to stop spam

The Canadian Radio-television and Telecommunications Commission (CRTC) has signed an agreement with Japan’s Ministry of Internal Affairs and Communications. The two groups pledge to work together to "combat unsolicited commercial electronic messages." It sounds like they'll be sharing information to trace spamming bad guys across borders. The agreement came into force on January 1st, 2018.

The CRTC further indicated that it "has entered into similar bilateral agreements with the United Kingdom’s Information Commissioner’s Office, the United States Federal Trade Commission, the United States Federal Communications Commission, the New Zealand Department of Internal Affairs and the Australian Communications and Media Authority."

You use 2FA for your Google account, right?

If so, eventually you'll end up replacing your phone, and you might need a guide on how to transfer that 2FA code generation from the current phone to the new phone. How do you do that? Gizmodo's Field Guide has you covered.

They also explain how to do this with Apple and Microsoft accounts, as well.

You DO use 2FA (two factor authentication), right? Please do. It can perhaps be imperfect, but I've personally seen it save the day when people have tried to nefariously access the email accounts of my friends (and even my own account).

Dead email domain:

A reader wrote in asking me if anybody was home at the email domain

I performed a handful of checks to see:
  1. Does the domain have an A record? No. We're getting a server failure response or server not found response.
  2. Does the domain have an MX record? No. We're getting a server failure response or server not found response.
  3. Does that MX or A record answer as a mail server when you try "telnet (hostname) 25"? Doesn't matter, can't find either.
  4. Search the web -- what do I find? Two things: First, Matt Vernhout blogged about this domain shutting down back in 2009. Second, here's information from an AT&T message board suggesting maybe the domain still worked in 2016. 
According to this timeline, Windstream seems to have indeed picked up much of the Alltel user base at some point in the past through M&A, but AT&T may have later acquired some of the Windstream properties back later? Confusing. But regardless, the domain certainly seems dead today. There's no point in sending to it, and if you've got subscribers on your list, then something is funny. Is your list old? Are you sure it's all people who recently opted-in to receive email from you?

TinyLetter: Don't freak out just yet!

Slate reports that popular email service provider Mailchimp plans to phase out TinyLetter, the neat simple newsletter service they have owned since 2011. It sounds like people are jumping the gun on freaking out, though. Mailchimp says that things will change eventually but they actually don't seem to have pulled the plug on the thing yet, or even announced when they might do so.

So stay calm, Tiny fans! Mailchimp even says that even if/when they roll TinyLetter back up into Mailchimp, "it will still have the same super-simple newsletter building functionality, but it’ll be refreshed and updated for improved user experience."

More on "Smart Unsubscribing"

I mentioned recently that Google has implemented a feature wherein they'll suggest to "Inbox by Gmail" users that the user may want to unsubscribe from communication from a sender under certain circumstances. Turns out Yahoo Mail does something similar. Tom Sather explains in more detail over on the Return Path blog.

Challenges in 2018?

It's the first working day of the new year. What do you think are going to be some of the challenges we face in the realms of email and deliverability this year?

Here's three concerns that are on my mind for 2018:
  1. Continuing platform consolidation. Microsoft started merging their (Hotmail) and Office 365 Outlook email platforms in 2017. From the outside, things didn't always seem to go so smoothly, and indeed, are perhaps not today all that smooth in some cases. Some senders were seeing unexpected blocking with confusing (or no) error messages, for example, and the receiving systems appeared as though they were perhaps overwhelmed. That's potentially still ongoing for some folks today.

    And then we have to look forward to a potential merger between the webmail systems of Yahoo and AOL. Now that they're owned by the same company, it makes sense to assume that they would standardize down to one single webmail platform. That's a whole lot of mailboxes and data to transfer (in either direction) and I admit that I'm a little nervous wondering about how things will go if/when they pull that off. (It's not that I think the Oath people are dumb, by any means. Very smart folks-- I just wonder about the scale of such a platform merge.)

  2. Getting serious about DMARC. I might have called 2015 the year of DMARC, as it was all over the news, but 2018 is the year all should start implementing DMARC. Too many folks are ignoring it until they run into problems. Implementing it while something bad is happening can be tougher (like trying to do math while the building is burning) and it takes some finesse and technical skill to ensure that you're doing it right, which is why I think you should partner with a DMARC specialist service instead of trying to do it yourself.

    And don't send mail that wouldn't pass DMARC, even if you don't have a DMARC record set up or policy enabled. My very non-scientific observations suggest that at least one large webmail provider will effectively give you a modest positive delivery boost if your mail is DMARC-compatible and a modest negative deliverability drop if your mail isn't DMARC-compatible.

    And it goes without saying that in 2018, you should no longer use a from address domain that you don't control or own.

  3. More Stringent Filtering. This past holiday season (Q4), a lot of folks saw a higher-than-expected amount of inbound mail being deferred by multiple large webmail providers, possibly because their systems were overwhelmed with so many senders attempting to send so much mail. I'm sure that to some degree, those platforms will be looking to beef up their inbound mail capacity, but that can get really expensive really quickly, and they aren't likely to endlessly scale up to accept all the mail that every sender in the world cares to send. That means that those providers are probably going to have to look to other means to keep their systems up and stable, and that suggests to me that spam filtering could become more stringent. If you don't have enough resources to accept all the mail, you're going to try to figure out which senders are the better senders and accept their mail first. The not-as-good senders might not get as much mail through, or perhaps even be locked out outright. ISPs and spam filters constantly stack rank senders against each other and this is just yet another example of how they could choose to do that. It's not that different than the way things work today, just keep in mind that what is allowed as far as practices and percentages is likely to be tightened up.

    What that means for a sender is, keep your nose clean. Practices that were edge case and perhaps OK a few years ago (old lists, low engagement, etc.) are going to be problematic today. Don't just keep on skating along on what you've been doing for years. Instead, be forward looking and ensure that you're fully on top of everything when it comes to permission and best practices.
Let's regroup in about 350 days and see how things turned out, shall we? I'm sure there will be another five or more big considerations that hit us in 2018 that we didn't consider up front.