Spam Resource Spotlight: Tara Natanson

Tara Natanson, manager of ISP relations for email service provider Constant Contact, is a friend that I've known for more years than I can remember. And like me, she's made a long career out of stopping spam and helping clients play by the rules when it comes to email marketing. We've never worked for the same company, but we've worked collaboratively within the industry to help address shared challenges and trying hard to keep the baddies from doing bad things with email. I thought it would be fun to connect with Tara to talk about her background, where she sees things going in the future, and what of raisins?

You can find her Linkedin profile here.

Tara, thanks so much for agreeing to participate in my interview series! I often try to kick these things off by looking back to how you got your start in the realm of email, deliverability, and abuse prevention. Like mine, your resume goes back all the way back to that formative time, before CAN-SPAM, back when the MAPS (Mail Abuse Prevention System) RBL (Realtime Blackhole List) was a big deal. How did you end up in the email/anti-spam space?

All right kids. Sit back, as this one goes waaay back to the 70's. I was an internet baby. Both of my parents worked for Digital back in the day and then my dad moved on to BBN where the ARPAnet project created the original packet switching model the internet was built on. He programmed with punch cards and worked with Ray Tomlinson. My mother worked in chip design and her initials were etched in the initial production batches of Digital's Alpha chip. We had 2 phone lines in the 1980s so my mom could come home early and work the rest of the day via dial-up modem. I didn't know anyone else with a working mom. Because it kept her so busy, I hated computers and vowed never to work with them like my parents did.

When I went to college, I still had no idea what I wanted to be when I grew up and bounced from major to major until I ran out of time to declare. I ended up in Archeology, mainly because it meant I got to spend a semester abroad in Belize. It was an amazing experience and I have no regrets but when I graduated I had no idea what I wanted to do next, so I simply continued working in the school's IT department. After 6 months of looking at all that was out there (and what I needed to pay my rent and car payment) I landed a job in support at GTE Internetworking (previously BBN Planet, Previously BBN). When I joined someone came over and handed me a trash basket that had been in my dads office. It had his name written on it in silver sharpie and had traveled around the company for the previous 10 years since he'd left!

Anyhow... (I promise, I'm getting to the spam part now), on my first day I was told they were re-doing the entire new-hire onboarding process and that I wouldn't be able to go through training for another 6 weeks. So to keep me busy, they would train me on just one thing. I was told that 3rd shift usually handled our abuse complaints, but the numbers were rising and they couldn't get to them all every night, so I would be the daytime abuse complaint handler. This was before FBLs, and we received around 5000k a day which were handled one by one through a ticketing system. It was nearly impossible to aggregate them. On top of that, GTE Internetworking (which later became Genuity) was a backbone internet provider. The spammers weren't our customers, they were our customers' customers. We sold access to the pipe that went across the country. Most of my time was spent reading headers, determining which provider was using that IP at that time and forwarding the complaint on to them. Usually a Verizon DSL user, or a Dial up user on AOL, Juno, or Compuserve, but also a variety of smaller hosting and service provider companies.

It was soon decided that dedicated resources were needed to figure out what to do about all of these complaints so my job was moved over to the security group. Under the tutelage of my 2 mentors, Kelly J. Cooper and David Bowie, I grew an abuse desk from just me to 5 reps.

Back then it was such a different time. MAPS (whom I was associated with for a hot minute) was begging people to sue them over spam blocking ... and eventually, they got what they wished for, and not in a good way. It seemed like such a wild west era, especially looking back upon it today. What was your take on that time? Do you ever look back on any part of it and just think, wow, what a crazy environment it all was?

It was nutz. We had no idea what we were doing and the spammers were 5 steps ahead of us the entire time. We were drowning just sorting out just how to handle the volume of complaints. It became apparent we were being duped by some of our customers. I'd forward some small "ISP" a handful of complaints and they would respond saying they "took care of it" and a week later it would happen again, lather, rinse, repeat. I finally caught on that our customer was not actually an ISP but really a spammer fronting as one. They'd buy a T3 line and claim themselves as a reseller.

I remember we finally got enough evidence to shut down one of these fake "ISP" customers for violating our Terms and Conditions. They had been warned, and given repeated notices. We went through legal and they agreed. It was the first time we'd terminated a customer and it was huge. So I walked over to my friend on the network team, and we shut down their router. Great! Job well done. Well, we somehow missed the step where we told the billing department to stop sending them bills and they called us 3 months later furious. We were figuring it out as we went along and documenting it so we could improve on the process next time around. And every time we figured out one spammer trick, there would be 10 new ones to evade us. It was a lot of work and I felt like I was wearing a lot of hats all at once. When GTE internetworking then became Genuity and was acquired by XO Communications I was let go. I was told they had a shell script that did my job, so I took my dads trash bin and left. The internet bubble was bursting left and right and I had barely started.

Not everybody has the same background -- only a few folks in our deliverability community came up from the "abuse desk" side of things and come informed with more of an understanding of the even worse problems that face email sometimes, beyond out of control email marketing. Do you think your ISP/abuse desk background (network abuse specialist at GTE) was a good foundation for the world of deliverability? How did that experience propel you into the deliverability world?

At first that experience just made me think that all marketing mail was spam. After Genuity I worked for Habeas which was acquired by ReturnPath. I was still fighting the spammers, only now I was doing it with copyright law as a safelist provider. My role was to create partnerships with the ISPs to use our safelist so in 2003 I was the first person with the title of "ISP Relations." I also got to help write the processes we used to thoroughly vet each incoming customer which definitely drew on my previous experiences. Also, because I spent time in the trenches of email support I did come out with a deep understanding of mail headers and DNS that I'm not sure everyone in the deliverability ecosystem starts with. When I started at Constant Contact in 2004 it was as if those previous 2 experiences had perfectly equipped me to do exactly what they needed. They hired me to do ISP Relations (no one had coined the term deliverability yet). They wanted me to reach out to ISPs who were blocking us, to get unblocked, but I realized that problem #1 was that we weren't really doing compliance very efficiently yet. I had seen exactly what an abuse desk needed and how badly it could go without the right tools and so I helped create that from the ground up with Dave Smith, who was hired a month before me. I then moved on to helping fix the deliverability issues that the lack of compliance had caused. I was able to see how closely the two were intertwined. As a result, I never asked an admin to unblock my mail without first asking WHY they blocked it and fixing that issue first

I hate it when people ask me what the state of email will be like in 2025 (or beyond). I don't resent people for wondering, but my crystal ball is faded and cracked and I just feel like I have no idea what new things are going to fall down from the sky on us and shake up the world of email and deliverability in the future. But people always ask me, so I'm going to pay it forward by asking you! We know that DMARC will continue to be a big thing -- adoption is exploding and will likely continue to grow in a very big way. Email authentication was finally upgraded from a "best practice" to an "absolute requirement." Got any thoughts on anything we should add to this list?

My crystal ball has also failed me in this department. Back around 2007 (maybe?) we put all of our eggs into the "domain reputation" basket and encouraged customers to let us DKIM sign their mail with a unique domain so they could stand apart from the rest. We really hoped that IP blocks were going to be a thing of the past and that domain "reputation" would prevent collateral damage in our shared IP infrastructure. Yet here we are almost 17 years later and we're just barely there. If I had to guess, I think teaching people to use DMARC reports to bring their domains into alignment is where the next big focus will be in the small business sphere. I remember when DMARC first came out, everyone said "don't worry, it's just for big brands." I wish I'd known then that I would eventually have to get every small business domain owner of mine into DMARC compliance with 2 weeks notice!

Enough about email! Let's talk about fun stuff. Like your well-known love of the Grateful Dead! What do you love about their music and the fan scene? Even though they're no more, tribute groups and shows abound and I see that you attend them from time to time. Tell me about the fun of it.

I managed to catch the very last Grateful Dead tour before Jerry passed away in 1995. My boyfriend at the time drove an old volvo wagon and we loaded it up and followed the dead's summer tour. I was hooked on their music long before that but traveling in that community was a new experience all together. We sold grilled cheese and jewelry I made and had a glorious summer. Their music is like a comfortable old blanket I can wrap myself in and feel happy. When they stopped playing I was in college and craved that live music community so I started seeing the band Phish and haven't stopped. In fact I'm taking my youngest to their first show this summer. It's taken me a long time to sort out what is so special but it's a combination of the live music itself, dancing to it, singing to it and moving along with thousands of other people in a shared experience. I still see a lot of live music but now I prefer seeing local bands in smaller venues. The Boston music scene is amazing. My current passion is a band called Neighbor. Before the pandemic, they played every Tuesday night at Thunder Road in Somerville, MA. The bar has since closed down but the band has taken off and I'm honored to be a part of their community and watch them soar to new heights. I've seen nearly 60 shows in the last 5 years! When they aren't touring I'm usually seeing my favorite dead cover band or some other local music. When I hear the music playing I just start dancing, it can't be helped.

Alison hates raisins. Skyler is not not okay with tomato catchup. Two strong opinions that I very much agree with. Do you agree, or are you wrong? What's an example of a food that you just absolutely hate -- one where you can't believe that people actually enjoy it?

Hey, to each their own. But if you've eaten or touched an olive please don't come near me. I like pretty much all foods, Except OLIVES. They are nasty foul things. I have tried many different kinds and I just cannot handle even the smell of them, they make me gag. I would seriously take a raisin dipped in ketchup over a single olive.

Oh my goodness -- you and my wife have that in common. She would divorce me if we didn't keep the olives away. And so that leads me to wonder, what is your favorite food and/or drink? Either a guilty pleasure to enjoy at home after finishing up a hard day's work, or something fancy that you and your husband would want to enjoy together, all dressed up for a night on the town?

Oh, this is a hard one. Because outside of olives I love pretty much all foods. Food can be very situational for me. My biggest guilty pleasure though is super creamy mac and cheese with the bread crumbs on top. I don't get to eat it often, but it is my go-to comfort food. I can't go near the ocean in the summer without having a lobster roll. When my husband and I go out for a nice meal I like to try new things. A few years ago I had fish tacos and now I like to try them at almost every restaurant I go to. Everyone does them differently and I love that.

Yum -- I love a good lobster roll myself! Okay, one tiny pivot back to the email realm for the final question.  We know that deliverability is really one of those "an ounce of prevention is worth a pound of cure" kinds of things, where so much pain could be avoided if certain marketers listened to us upfront more before proceeding down the wrong path. Is there one (or two, or three) things that you wish you could force every email sender or email marketer to hear you say, to be a better sender or to not be a spammer?

CONSENT! Did you get consent from that person before you added them to your list? Did they ask to get mail from you? If you think the answer is yes, but you got that "list" from a 3rd party (paid or not) then you did not get consent. A chamber list is not permission based, a conference attendee list is not permission based, an MLS list is not permission based. If they did not directly opt-in to receive emails from you, then you WILL have deliverability problems. Maybe not now, maybe not tomorrow, but someday, and fixing that is no easy task.

Tara, thanks so much for taking the time to share your thoughts and expertise with me and with my readers. I appreciate you!
Post a Comment