Founding partner of anti-spam consultancy & software firm Word to the Wise
Joined on November 12, 2009
Total Post Views: 376,814
About |
Laura Atkins is a founding partner of the anti-spam consultancy and software firm Word to the Wise. I have over seven years of experience in tracing Internet abuse and am a recognized leader in the anti-spam arena. At Word to the Wise, I advise clients on how to manage mailing risks, to respond to spam complaints, interact with ISPs, and navigate the ever changing and challening world of email delivery. I also act as a neutral arbitrator during discussions with ISPs and blocklists.
Prior to founding Word to the Wise, I built and led the Mail Abuse Prevention Systems’ outsourced abuse desk team. This project was founded to advise ISPs on the most effective ways to manage their customers and complaints about their customer’s behavior. While there, I established and managed the abuse desk for a tier one backbone provider.
Except where otherwise noted, all postings by Laura Atkins on CircleID are licensed under a Creative Commons License.
One of the ongoing recommendations to improve deliverability is to send email that is timely and relevant to the recipient. The idea being that if you send mail a recipient wants, they're more likely to interact with it in a way that signals to the mailbox provider that the message is wanted. The baseline for that, at least whenever I've talked about timely and relevant, is that the recipient asked for mail from you in the first place. more
One of the fascinating parts of my job is seeing how different groups in email have radically disparate points of view. A current example is how much value senders put on spamtraps compared to ISPs and filtering companies. I understand why this is. In all too many cases, when a sender asks why they're mail is going to bulk or being blocked, the answer is "you're hitting spamtraps." The thing is, spamtraps are almost never the only reason mail is being blocked. more
Many companies have the occasional "oops" where they send email they probably shouldn't have. This can often cause a decrease in reputation and subsequent delivery problems. Some companies rush to fix things by changing domains. Brand new domains, those registered less than 30 days, have really bad reputations. Blame the spammers and scammers who exploited a loophole and sent tons of untraceable spam from newly registered domains that they then abandoned without paying for them. more
On May 31, British broadband provider EE discontinued service for a number of email domains: Orange.net, Orangehome.co.uk, Wanadoo.co.uk, Freeserve.co.uk, Fsbusiness.co.uk, Fslife.co.uk, Fsmail.net, Fsworld.co.uk, and Fsnet.co.uk. These domains were acquired by EE as part of multiple mergers and acquisitions. On their help page, EE explains that the proliferation of free email services with advanced functionality has led to a decrease in email usage at these domains. more
This morning, CSO and MacKeeper published joint articles on a massive data leak from a marketing company. This company, River City Media (RCM), failed to put a password on their online backups sometime. This leaked all of the company's data out to the Internet at large. MacKeeper Security Researcher, Chris Vickery discovered the breach back in December and shared the information with Spamhaus and CSO online. The group has spent months going through the data from this spammer. more
It was revealed yesterday that Yahoo has been scanning people's email for the federal government. This activity was, apparently, authorized by Yahoo CEO Marissa Meyer but not the former CSO Alex Stamos. Mr. Stamos left Yahoo in June 2015. He also publicly disagreed with the director of the NSA back in February 2015 about the NSA having access to encrypted data. more
It's a wild election season here in the US. In the past few presidential elections, email has played a bigger and bigger role in messaging and fundraising. President Obama's campaign used email effectively, but sent huge volumes. In fact, the volume was so heavy, it led to a joke on the Daily Show... This year there is a stark difference in how the candidates are using email. more
Encryption is a way to keep private information private in the digital world. But there are government actors, particularly here in the US, that want access to our private data. The NSA has been snooping our data for years. Backdoors have been snuck into router encryption code to make it easier to break. Today at M3AAWG we had a keynote from Kim Zetter, talking about Stuxnet and how it spread well outside the control of the people who created it. more
Over the last few years I've been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they're not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email. Botnets are a problem online. They're a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins... more
Back in the dark ages of email delivery the only thing that really mattered to get your email into the inbox was having a good IP reputation. If your IP sent good mail most of the time, then that mail got into the inbox and all was well with the world. All that mattered was that good IP reputation. Even better for the people who wanted to game the system and get their spam into the inbox, there were many ways to get around IP reputation. more
Recently the relevancy of Spamhaus and whether it is still necessary has been raised in various discussions and in particular among marketers. I think this is an interesting question for a lot of reasons. One is because there's such a broad range of opinions about Spamhaus and almost none of them are ambivalent. Another is because so many people don't really know what Spamhaus does, other than publish the SBL and ROKSO. more
This morning M3AAWG announced the creation of the J.D. Falk award to recognize and honor people like J.D. who work to make the Internet safer for all users... J.D. was a legend in the abuse prevention world when I first started learning about spam and abuse prevention back in the late 90's. more
Return Path published their most recent Global Deliverability report this morning. It shows that inbox placement of mail has decreased 6% in the second half of 2011. This decrease is the largest decrease Return Path has seen in their years of doing this report... Filters are getting more sophisticated. This means they're not relying on simply IP reputation for inbox delivery any longer. more
There has been a lot of recent discussions and questions about reputation, content and delivery of email. I started to answer some of them, and then realized there weren't any basic reference documents I could refer to when explaining the interaction. So I decided to write some. This post is about IP address reputation with some background on why IPs are so important and why ISPs focus so heavily on the sending IP. more
Yesterday law enforcement officials arrested 6 people and charged them with running a massive internet fraud ring. Over 4 million PCs were part of the botnet. According to the FBI, "the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA." more
The US government is looking at telling ISPs how to deal with compromised customers and botnets. They're a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. more
Spamfiltering blocks email. This is something we all know and understand. For most people, that is everyone who doesn't manage an email server or work in the delivery field or create spamfilters, filtering is a totally unseen process. The only time the average person notices filters is when they break. The breakage could be blocking mail they shouldn't, or not blocking mail they should. more
I visited Judge Fogel's courtroom this morning to listen to the oral motions in the Holomaxx cases. This is a general impression, based on my notes. Nothing here is to be taken as direct quotes from any participant. Any errors are solely my own. With that disclaimer in mind, let's go. more
Yesterday Goodmail sent out mail to all their customers announcing they are ceasing operations and taking all their token generators offline as of 5pm pacific on February 8th. While this is a bit of a surprise on one level, I'm not that shocked. Ken Magill mentioned in August that Goodmail was on the sales block and rumors have been circulating for weeks about significant changes coming to Goodmail. ... Despite the free service, people at some of those ESPs told me they were having difficulty getting customers to adopt Goodmail. more
I started hearing various people comment about lower spam volumes sometime in mid December. This isn't that unusual, spam volumes are highly variable and someone is always noticing that their spam load is going up or going down. The problem is extrapolating larger trends from a small selection of email addresses. more
A couple things related to the intersection of email and law happened recently. The 6th circuit court ruled that the government must have a search warrant before accessing email. The published opinion is interesting reading, not just because of the courts ruling on the law but also because of the defendant. more
Chad White wrote an article for MediaPost about best practices which parallels a lot of thinking I've been doing about how the email marketing industry treats best practices. After several conversations recently about "best practices," I'm convinced that the term is now meaningless. It's been bastardized in the same way that the definition of "spam" has shifted to the point that it has very different meanings to different groups of people. more
As an email policy wonk, I think a lot about how specific policy implementations can go wrong. Sure, every policy can go wrong, or not fit a common case. A lot of people only write polices that address common cases and don't worry about the rarer cases. The problem is there are some rare cases that may cause significant harm and those cases should be addressed. Consumerist has a case up about email policy gone wrong with a clear path to harm but no policy for handling the issue. There are a couple places I see where this policy hole can be fixed. more
A few weeks ago, Spamhaus filed a motion to have the judge reconsider his recent $27,002 award to e360. Their brief hangs on three arguments. ... it's clear Spamhaus is prepared to take this to the Court of Appeals (again) if the judge doesn't reconsider. In my lay reading of the law, and the memo in support of motion to alter judgement I don't think Spamhaus is out of line in asking for the judge to reconsider. I expect that if the judge doesn't reconsider, then we'll see an even more aggressive filing taking it up to the Court of Appeals. more
As Reddit recently learned it's not a great idea to use the Amazon EC2 cloud to host mailservers. There are a number of reasons for this, most of them related to the reputation of mail coming from EC2 servers. When you're using machines in the cloud, changing IP addresses is as simple as initializing a new server. Spammers discovered this almost as soon as the EC2 cloud became public. more
In my consulting and working with clients, I rarely use the word spam. There are so many different definitions of spam, I have no way to know if my clients understand what I am saying, so I avoid the term as much as humanly possible. An example of some of the few definitions of spam I've seen used over the years... more
Permission is always a hot topic in email marketing. Permission is key! the experts tell us. Get permission to send email! the ISPs tell us. Marketers have responded by setting up processes to "get" permission from recipients before adding them to mailing lists. They point to their privacy polices and signup forms and say "Look! the recipient gave us permission." In many cases, though, the permission isn't given to the sender, permission is taken from the recipient. more
There have been a number of reports recently about customer lists leaking out through Email Service Providers (ESPs). In one case, the ESP attributed the leak to an outside hack. In other cases, the ESPs and companies involved have kept the information very quiet and not told anyone that data was leaked. People do notice, though, when they use single use addresses or tagged addresses and know to whom each address was submitted. Data security is not something that can be glossed over and ignored. more
e360 initially filed suit against Comcast early in 2008. They asserted a number of things, including that Comcast was fraudulently returning "user unknown" notices and that they were certified by ReturnPath. Comcast filed a countersuit alleging violations of CAN SPAM, violations of the computer fraud and abuse act, as well as a number of other things including abuse of process. In April of 2008 the judge ruled in favor of Comcast and dismissed e360's case, while allowing the countersuit to proceed. more
As my recent series of posts has indicated, I am seeing a lot of future changes in the email industry. What do I think we can look forward to in email in 2010? ...In the realm of real authentication, the protocol most are using is is DKIM. While people will probably continue to publish SPF records (and Microsoft will continue to cling to the hope it becomes widespread) its relevance will continue to decrease. more
There are a number of things that make a responsible Email Service Provider (ESP), including setting and enforcing standards higher than those set by the ISPs. One of the responsible ESPs is Mailchimp. (Full disclaimer, I do consult for Mailchimp.) This ESP focuses on businesses with small to medium sized lists. They screen new customers for source of permission as well as mail content. more
Yesterday I talked about how I'm hearing warnings of a coming paradigm shift in the email industry. While these changes will affect all senders, Email Service Providers (ESPs) in particular are going to need to change how they interact with both ISPs and their customers. Currently, ESPs are able to act as "routine conveyers." The traffic going across their network is generated by their customers and the ESP only handles technical issues. more
Lately I've been seeing and hearing a lot of quiet warning noises coming from ISPs and spam filtering companies about sender behaviour. I believe they're forecasting changes in how ISPs treat commercial email and what new issues senders are going to have to negotiate. The short version is that commercial mail is a mixed bag. more
This weekend we took the car in for service. Instead of dropping it off at the dealership, we found a small, local garage. Prominently positioned on the counter was their Email Privacy Policy... If a little garage can provide such an understandable and readable privacy policy, how is it that so many email and internet experts fail to do the same? more