Laura Atkins

Laura Atkins

Founding partner of anti-spam consultancy & software firm Word to the Wise
Joined on November 12, 2009
Total Post Views: 369,466


Laura Atkins is a founding partner of the anti-spam consultancy and software firm Word to the Wise. I have over seven years of experience in tracing Internet abuse and am a recognized leader in the anti-spam arena. At Word to the Wise, I advise clients on how to manage mailing risks, to respond to spam complaints, interact with ISPs, and navigate the ever changing and challening world of email delivery. I also act as a neutral arbitrator during discussions with ISPs and blocklists.

Prior to founding Word to the Wise, I built and led the Mail Abuse Prevention Systems’ outsourced abuse desk team. This project was founded to advise ISPs on the most effective ways to manage their customers and complaints about their customer’s behavior. While there, I established and managed the abuse desk for a tier one backbone provider.

Except where otherwise noted, all postings by Laura Atkins on CircleID are licensed under a Creative Commons License.

Featured Blogs

Spam Is Never Timely Nor Relevant

One of the ongoing recommendations to improve deliverability is to send email that is timely and relevant to the recipient. The idea being that if you send mail a recipient wants, they're more likely to interact with it in a way that signals to the mailbox provider that the message is wanted. The baseline for that, at least whenever I've talked about timely and relevant, is that the recipient asked for mail from you in the first place. more

Spamtraps Are Overblown… by Senders

One of the fascinating parts of my job is seeing how different groups in email have radically disparate points of view. A current example is how much value senders put on spamtraps compared to ISPs and filtering companies. I understand why this is. In all too many cases, when a sender asks why they're mail is going to bulk or being blocked, the answer is "you're hitting spamtraps." The thing is, spamtraps are almost never the only reason mail is being blocked. more

My Domain Reputation Is Bad, Should I Get a New Domain?

Many companies have the occasional "oops" where they send email they probably shouldn't have. This can often cause a decrease in reputation and subsequent delivery problems. Some companies rush to fix things by changing domains. Brand new domains, those registered less than 30 days, have really bad reputations. Blame the spammers and scammers who exploited a loophole and sent tons of untraceable spam from newly registered domains that they then abandoned without paying for them. more

Email Marketer’s Dilemma: Disappearing Domains

On May 31, British broadband provider EE discontinued service for a number of email domains:,,,,,,,, and These domains were acquired by EE as part of multiple mergers and acquisitions. On their help page, EE explains that the proliferation of free email services with advanced functionality has led to a decrease in email usage at these domains. more

Large Companies (Un?)knowingly Hire Spammers

This morning, CSO and MacKeeper published joint articles on a massive data leak from a marketing company. This company, River City Media (RCM), failed to put a password on their online backups sometime. This leaked all of the company's data out to the Internet at large. MacKeeper Security Researcher, Chris Vickery discovered the breach back in December and shared the information with Spamhaus and CSO online. The group has spent months going through the data from this spammer. more

Yahoo Collaborating With US Intelligence Agencies

It was revealed yesterday that Yahoo has been scanning people's email for the federal government. This activity was, apparently, authorized by Yahoo CEO Marissa Meyer but not the former CSO Alex Stamos. Mr. Stamos left Yahoo in June 2015. He also publicly disagreed with the director of the NSA back in February 2015 about the NSA having access to encrypted data. more

Trump’s Fundraising Email - Bad Data Drives Delivery Problems

It's a wild election season here in the US. In the past few presidential elections, email has played a bigger and bigger role in messaging and fundraising. President Obama's campaign used email effectively, but sent huge volumes. In fact, the volume was so heavy, it led to a joke on the Daily Show... This year there is a stark difference in how the candidates are using email. more

Security, Backdoors and Control

Encryption is a way to keep private information private in the digital world. But there are government actors, particularly here in the US, that want access to our private data. The NSA has been snooping our data for years. Backdoors have been snuck into router encryption code to make it easier to break. Today at M3AAWG we had a keynote from Kim Zetter, talking about Stuxnet and how it spread well outside the control of the people who created it. more

Are Botnets Really the Spam Problem?

Over the last few years I've been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they're not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email. Botnets are a problem online. They're a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins... more

The Death of IP Based Reputation

Back in the dark ages of email delivery the only thing that really mattered to get your email into the inbox was having a good IP reputation. If your IP sent good mail most of the time, then that mail got into the inbox and all was well with the world. All that mattered was that good IP reputation. Even better for the people who wanted to game the system and get their spam into the inbox, there were many ways to get around IP reputation. more

Is Spamhaus Still Relevant?

Recently the relevancy of Spamhaus and whether it is still necessary has been raised in various discussions and in particular among marketers. I think this is an interesting question for a lot of reasons. One is because there's such a broad range of opinions about Spamhaus and almost none of them are ambivalent. Another is because so many people don't really know what Spamhaus does, other than publish the SBL and ROKSO. more

J.D. Falk Award

This morning M3AAWG announced the creation of the J.D. Falk award to recognize and honor people like J.D. who work to make the Internet safer for all users... J.D. was a legend in the abuse prevention world when I first started learning about spam and abuse prevention back in the late 90's. more

Email Delivery Challenges Increasing

Return Path published their most recent Global Deliverability report this morning. It shows that inbox placement of mail has decreased 6% in the second half of 2011. This decrease is the largest decrease Return Path has seen in their years of doing this report... Filters are getting more sophisticated. This means they're not relying on simply IP reputation for inbox delivery any longer. more

IP Address Reputation Primer

There has been a lot of recent discussions and questions about reputation, content and delivery of email. I started to answer some of them, and then realized there weren't any basic reference documents I could refer to when explaining the interaction. So I decided to write some. This post is about IP address reputation with some background on why IPs are so important and why ISPs focus so heavily on the sending IP. more

Biggest Botnet Takedown to Date

Yesterday law enforcement officials arrested 6 people and charged them with running a massive internet fraud ring. Over 4 million PCs were part of the botnet. According to the FBI, "the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA." more

Government and Botnets

The US government is looking at telling ISPs how to deal with compromised customers and botnets. They're a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. more

Censorship, Email and Politics

Spamfiltering blocks email. This is something we all know and understand. For most people, that is everyone who doesn't manage an email server or work in the delivery field or create spamfilters, filtering is a totally unseen process. The only time the average person notices filters is when they break. The breakage could be blocking mail they shouldn't, or not blocking mail they should. more

Holomaxx v. Yahoo and MS: The Hearing

I visited Judge Fogel's courtroom this morning to listen to the oral motions in the Holomaxx cases. This is a general impression, based on my notes. Nothing here is to be taken as direct quotes from any participant. Any errors are solely my own. With that disclaimer in mind, let's go. more

Goodmail Shutting Down

Yesterday Goodmail sent out mail to all their customers announcing they are ceasing operations and taking all their token generators offline as of 5pm pacific on February 8th. While this is a bit of a surprise on one level, I'm not that shocked. Ken Magill mentioned in August that Goodmail was on the sales block and rumors have been circulating for weeks about significant changes coming to Goodmail. ... Despite the free service, people at some of those ESPs told me they were having difficulty getting customers to adopt Goodmail. more

Spam Volumes In 2010

I started hearing various people comment about lower spam volumes sometime in mid December. This isn't that unusual, spam volumes are highly variable and someone is always noticing that their spam load is going up or going down. The problem is extrapolating larger trends from a small selection of email addresses. more

Email and Law in the News

A couple things related to the intersection of email and law happened recently. The 6th circuit court ruled that the government must have a search warrant before accessing email. The published opinion is interesting reading, not just because of the courts ruling on the law but also because of the defendant. more

Best Practices: A Meaningless Term

Chad White wrote an article for MediaPost about best practices which parallels a lot of thinking I've been doing about how the email marketing industry treats best practices. After several conversations recently about "best practices," I'm convinced that the term is now meaningless. It's been bastardized in the same way that the definition of "spam" has shifted to the point that it has very different meanings to different groups of people. more

Broken Policies

As an email policy wonk, I think a lot about how specific policy implementations can go wrong. Sure, every policy can go wrong, or not fit a common case. A lot of people only write polices that address common cases and don't worry about the rarer cases. The problem is there are some rare cases that may cause significant harm and those cases should be addressed. Consumerist has a case up about email policy gone wrong with a clear path to harm but no policy for handling the issue. There are a couple places I see where this policy hole can be fixed. more

Spamhaus Motion to Reconsider

A few weeks ago, Spamhaus filed a motion to have the judge reconsider his recent $27,002 award to e360. Their brief hangs on three arguments. ... it's clear Spamhaus is prepared to take this to the Court of Appeals (again) if the judge doesn't reconsider. In my lay reading of the law, and the memo in support of motion to alter judgement I don't think Spamhaus is out of line in asking for the judge to reconsider. I expect that if the judge doesn't reconsider, then we'll see an even more aggressive filing taking it up to the Court of Appeals. more

Reputation and “The Cloud”

As Reddit recently learned it's not a great idea to use the Amazon EC2 cloud to host mailservers. There are a number of reasons for this, most of them related to the reputation of mail coming from EC2 servers. When you're using machines in the cloud, changing IP addresses is as simple as initializing a new server. Spammers discovered this almost as soon as the EC2 cloud became public. more

Define “Spam”

In my consulting and working with clients, I rarely use the word spam. There are so many different definitions of spam, I have no way to know if my clients understand what I am saying, so I avoid the term as much as humanly possible. An example of some of the few definitions of spam I've seen used over the years... more

Taking Permission

Permission is always a hot topic in email marketing. Permission is key! the experts tell us. Get permission to send email! the ISPs tell us. Marketers have responded by setting up processes to "get" permission from recipients before adding them to mailing lists. They point to their privacy polices and signup forms and say "Look! the recipient gave us permission." In many cases, though, the permission isn't given to the sender, permission is taken from the recipient. more

Protecting Customer Data

There have been a number of reports recently about customer lists leaking out through Email Service Providers (ESPs). In one case, the ESP attributed the leak to an outside hack. In other cases, the ESPs and companies involved have kept the information very quiet and not told anyone that data was leaked. People do notice, though, when they use single use addresses or tagged addresses and know to whom each address was submitted. Data security is not something that can be glossed over and ignored. more

Comcast and e360 Settle Lawsuit

e360 initially filed suit against Comcast early in 2008. They asserted a number of things, including that Comcast was fraudulently returning "user unknown" notices and that they were certified by ReturnPath. Comcast filed a countersuit alleging violations of CAN SPAM, violations of the computer fraud and abuse act, as well as a number of other things including abuse of process. In April of 2008 the judge ruled in favor of Comcast and dismissed e360's case, while allowing the countersuit to proceed. more

Email Related Predictions for 2010

As my recent series of posts has indicated, I am seeing a lot of future changes in the email industry. What do I think we can look forward to in email in 2010? ...In the realm of real authentication, the protocol most are using is is DKIM. While people will probably continue to publish SPF records (and Microsoft will continue to cling to the hope it becomes widespread) its relevance will continue to decrease. more

What Makes a Good ESP?

There are a number of things that make a responsible Email Service Provider (ESP), including setting and enforcing standards higher than those set by the ISPs. One of the responsible ESPs is Mailchimp. (Full disclaimer, I do consult for Mailchimp.) This ESP focuses on businesses with small to medium sized lists. They screen new customers for source of permission as well as mail content. more

Email Service Providers and the Coming Changes

Yesterday I talked about how I'm hearing warnings of a coming paradigm shift in the email industry. While these changes will affect all senders, Email Service Providers (ESPs) in particular are going to need to change how they interact with both ISPs and their customers. Currently, ESPs are able to act as "routine conveyers." The traffic going across their network is generated by their customers and the ESP only handles technical issues. more

ISPs Are Speaking, Is Anyone Listening?

Lately I've been seeing and hearing a lot of quiet warning noises coming from ISPs and spam filtering companies about sender behaviour. I believe they're forecasting changes in how ISPs treat commercial email and what new issues senders are going to have to negotiate. The short version is that commercial mail is a mixed bag. more

Privacy Policies in the Real World

This weekend we took the car in for service. Instead of dropping it off at the dealership, we found a small, local garage. Prominently positioned on the counter was their Email Privacy Policy... If a little garage can provide such an understandable and readable privacy policy, how is it that so many email and internet experts fail to do the same? more

Topic Interests

LawSpamPrivacyEmailAccess ProvidersCybersecurityPolicy & RegulationData CenterThreat IntelligenceCloud ComputingCensorshipInternet GovernanceCyberattackCybercrimeMalwareDNS IPv4 MarketsIPv6 TransitionDomain Names

Recent Comments

Popular Posts

Goodmail Shutting Down

IP Address Reputation Primer

Spam Is Never Timely Nor Relevant

The Death of IP Based Reputation

My Domain Reputation Is Bad, Should I Get a New Domain?