Beware the Fake News Spam

Terry Zink reports on the most recent ball of spam that he (and most of us) have been receiving: Fake news alerts that claim to be from CNN.

Yahoo Insights and Subcriber Engagement

Mark Brownlow talks about Yahoo's take on subscriber engagement here. After you read that, check out Mark's more generalized theory on what ISPs consider when determining whether or not email is unwanted. Comments from Yahoo's Mark Risher confirm what many of us already knew -- subscriber engagement matters.

Anti-spammers and deliverability people both get hung up on opt-in (alone) sometimes. A sender will say, this mail is opt-in, how dare an ISP choose not to deliver it. Various blacklists will harp on confirmed opt-in (alone) as the sole arbiter of whether or not mail should be delivered.

Truth is, they're both wrong.

Sure, opt-in matters. Your mail has to be opt-in, and confirmed opt-in is the best way to do it. If your mail isn't opt-in, all bets are off.

But, ISPs care about *more* than just that. They're figuring out whether or not recipients care about mail from any given sender. If the people on your list don't care about your mail, the ISP doesn't care about your mail, and that doesn't bode well for your ability to deliver that mail.

List Reconfirmation Example

Hey, fellow anti-spammers: "Re-Engagement Strategy" is what email service providers or deliverability people would call a reconfirmation email or a permission pass.

DJ Waldow has a good write up over on Bronto Blog of a recent re-engagement email he received from It's chock full of good tips you should share when you're working with some list manager having problems, and you want to convince them to reconfirm their list.

Ken Magill on the Eddie Davidson Coverage

Ken says what I'm thinking, as is often the case. Spam bad? Yup. Davidson a scumbag? Yup. Happy about a murder suicide? Nope. Happy about just the suicide? Nope, never.

All I can say is, if you can crack jokes about this guy killing himself and/or others, then you've never had to deal with the aftermath of a suicide. It's horrible, it's gross, it hurts you, it chews you up, and you never forget it. It's not something I would ever wish on anyone, worst enemy or not.

COI Can't Protect Against Stupid

Here's a tale from Matt Blumberg, CEO of ReturnPath, on how confirmed opt-in, aka double opt-in, isn't necessarily enough to 100% prevent spam complaints. Why? Because there's no fool proof guard against stupid. The stupid, in this case, comes from the recipient. The recipient who signed up, CONFIRMED, then went on a rampage of idiocy hassling Matt's wife and making threats. Over mail he signed up for, with confirmed opt-in.

Matt kindly decides against outing the waste of space responsible. Which is a shame, as they deserve to be outed.

Oddly enough, this reminds me of my days back at the Artists' Quarter in St. Paul, MN. Occasionally we'd have a patron who would go off the rails. Decide they don't like the music, or the guy next to them, or the phase of the moon. They'd start inappropriately shouting, yelling, poking at people around them, the bartnder, waitresses, door man. On the few occasions that I observed this, my solution was to physically eject that patron from the club, at whatever level of effort it took. In my estimation, this was the right solution. If you're an idiot, you forfeit your right to hang with us, and it's not inappropriate for me to push you out of the circle.

Sadly, it's probably not possible for ReturnPath to force this guy off of the internet. But if I were Matt, I'd probably be sure this guy never received a piece of ReturnPath-related email ever again, no matter how he signs up or verifies consent.

Backscatter in Detail

Backscatter has long annoyed me. But, I've been even more annoyed at the lack of comprehensive information online explaining exactly what backscatter is, and why it sucks. Without material to reference, it's hard to explain the problem to others. Thankfully, this is starting to change, as more savvier email administrators learn about the problem of backscatter, and share their expertise with the world.

Here's a great example of that. Terry Zink of Microsoft's Exchange Hosted Services has done a very detailed write up on backscatter. What it is, why it happens, what you can do to prevent it, and more.

Let's start at the end. Terry writes:

  • Don't make the problem worse by contributing to it:
  • Don't accept mail, and then bounce.
  • Don't use Challenge/Response, and don't allow your users to, either.
  • Configure your virus scanner to silently strip or discard viruses/worms instead of sending a notification back to the sender.
  • Don't run autoresponders, out-of-office notifications, etc. (Or maybe you only send auto-responses to senders who pass a DKIM or SPF check.)

After you've read and digested that, I recommend reading the rest of the series:

Terry's my hero for taking the time and spending the effort to document the backscatter problem in this much detail. Thanks, Terry!