Industry Updates

Spamcannibal’s brief zombie run

Earlier this week the spam blacklist Spamcannibal, which had been returning no listings for a few months, had its domain expire and become redirected to some pretty nasty auto-downloads. Many of us suspected malware because of the multiple redirects and prompts to download a Flash update, but that has yet to be confirmed.

In the meantime, though, Al Iverson was able to get in touch with the operator, who has since retaken control of the domain and is working to sunset the list in a more respectable fashion. So Spamcannibal remains dead, but at least the malware zombies no longer have control of the domain.

– BG

Advertisements
Industry Updates

UCEProtect gets busy; Spamcannibal calls it quits (maybe?)

UCEP

This past Friday, May 25th, was a very busy day in the email and privacy world. The EU’s Global Data Protection Regulation (GDPR) went into effect, prompting all sorts of privacy policy updates (which in turn prompted all sorts of emails about those updates). From my own experience and the shared experiences of many others, it seems most of these emails cast a very wide net – devoid of targeting or list hygiene. Many of us received updates from brands we don’t remember engaging – and others with which we never did. As a result of all this email, the German UCEProtect blacklist was also very busy, seeing a surge in IPs appearing on its blacklists (h/t Word to the Wise). We’ve seen a small surge in the number of client IPs on UCEProtect as well, but haven’t been able to correlate it directly to GDPR notices. As Laura notes, UCEProtect is not typically a list that causes many bounces, so seeing your IP(s) there is more of a nuisance in most cases.

spamcan1In other blacklist-related news, it appears the Spamcannibal blacklist has shut down. The domain (don’t go there, really) now presents a number of nefarious redirects instead of the blacklist content. No official announcement has been provided, but the Spamcannibal list was considered among the less-reliable blacklists by many in the industry. If the shutdown is permanent, the impact is likely to be minor as the list was not widely used for inbound mail filtering.

– BG

Industry Updates

More missing Google Postmaster data (UPDATE – it’s back)

6/1/18 UPDATE: And just like that, the data is back. Reports (as well as my own account) indicate the data is currently populated until 5/30. The data typically runs about 2 days behind in my experience, so it seems the issue is likely resolved.

This Monday’s Memorial Day (US) holiday and its extended weekend was accompanied by many reports of missing data in Google’s Postmaster Tools. In my own account (as in most of the reports I’ve seen) the data stopped rolling in on May 24th. Unlike some previous instances, all GPT data appears affected – Spam Rate all the way down through Delivery Errors.

img_2830
We’re as confused as this guy. (courtesy Google)

Each time this happens, many of us hope it’s the oft-promised Postmaster Tools update – the one that brings API access, flexible dashboards and other as-yet-unannounced Google Goodness™. Thus far that hope has been unrealized….but there’s always next time. In the meantime, we’ll just stick to hoping Google restores the missing data in a timely fashion.

Industry Updates

Missing data at Google Postmaster Tools

Over the past week, there have been many reports of missing data for Google Postmaster Tools. From what we can see, it appears data on the Spam Rate, IP Reputation, Domain Reputation, Feedback Loop, and Delivery Errors tabs stopped updating for some folks around April 11th or 12th. According to information posted in an industry forum, Google is aware of the issue and working to resolve it. Some progress has been made, but no official statement has been made (seems to be par for the course with Google).

GPT

As of this morning in my own account, most tabs have data up to 4/13 (with a gap on 4/12) and data for 4/17, but everything between is missing. It remains to be seen whether the missing data will be restored. After a similar issue last September, Google was able to restore the data pretty quickly – hopefully that will be the case here as well.

– BG

Industry Updates

US sees increase in inbox placement, still lags behind world average

In late February Return Path released the 2017 installment of their annual Deliverability Benchmark Report, which tallies inbox and spam folder rates by country and industry. Each year the data is generated by monitoring more than 2 billion consumer emails to identify trends and averages for each region and industry segment.

RM Global Delivery
The data, compiled between June 2016 and June 2017, shows little change overall from last year’s report. On average, around 20% of mail worldwide never reaches the inbox, with the majority of that – 70% – rejected at the server gateway (bounced). As in years past, the US falls short of that average: just 77% of mail made it to the the inbox. The good news for US senders is that this represents an increase of around 4% from ’15-16 numbers.

Around the world, Canada and Australia tied for the highest inbox rates, with 90% of mail in those countries reaching the inbox. The merits of Canada’s Anti-Spam Law may be disputed, but it certainly seems to have had a positive impact on inbox placement there. Prior to the law taking effect in 2014, inbox rates in Canada dipped as low as 79% – but they have hovered around 90% since then. CASL certainly isn’t guaranteed to be the cause, but it’s a good bet there’s some correlation there.

Results by industry

The breakdown of inbox rates by industry uncovered a couple of interesting trends. Among the 16 industries tracked, none averaged below 76% inbox rate on the year. The Automotive industry, previously in last place with 66%, now edges out the Nonprofit/Education/Government sector by a point at 77%. Meanwhile the Insurance industry, perennially at the low end of the spectrum, saw a 13-point jump to 89%. Apparel, Electronics, and Home Improvement all saw decreases but remained at 85% or above, while Finance took the top spot with 94% of their mail reaching the inbox.

– BG

Industry Updates

AOL confirms move to shared mail infrastructure with Yahoo

Last week I wrote about the changes taking place at major email providers, specifically the convergence of AOL and Yahoo’s mail servers. Today on their Postmaster blog, AOL issued confirmation of these changes. The statement indicates the “majority of AOL’s MX records” will be routed to the new combined mail servers with little if any visible impact to senders.

The message also assured senders that established feedback loops (FBLs) should continue to function without interruption. While AOL notes that issues are unlikely, if you see any abnormalities postmaster@aol.com remains the best way to reach out for assistance.

– BG

Best Practices, Delivery Essentials

Fact or Fiction: Can you REALLY clean spam traps from your email list?

320px-busted_in_rustEarlier this month I spent a week in sunny Toronto for the Fall M³AAWG meeting, featuring a variety of sessions and conversations around all things anti-abuse. At any industry event like this, spam traps are usually a popular topic of discussion (check out this post for a primer on spam traps and why they matter). Senders want to know how to avoid or get rid of them, while many blacklist operators consider them a necessary evil to help identify poor sending practices. One of the most hotly-debated questions regarding spam traps surrounds how to remove them from your list. Many senders and solution vendors claim to be able to identify and remove spam traps, while trap operators go to great lengths to keep their traps anonymous. Let’s look at a couple of the most commonly-cited ways of identifying spam traps and how effective they really are.

List Validation & Hygiene Vendors

As mailbox providers have made it harder to reach the inbox, list hygiene services have become a booming segment of the industry. While some employ dubious methods, even prompting a warning from Spamhaus, there are a number of services that are considered reputable and are commonly used by legitimate marketers and even ESPs. For our discussion, let’s focus on these more reputable vendors.

As a basic rule, list validation services will take your file of contacts and provide a grade or score for each record. The data will indicate whether the email address is confirmed valid, confirmed invalid, or somewhere in between. Most of these vendors claim (some more prominently than others) to be able to identify spam trap addresses. Therefore, if you believe or know you have traps in your list, you should be able to purchase these services and solve your problem, right?

Not so fast, hot shot. Spam traps are secret by nature – if you know an address is a spam trap, then it has lost its effectiveness. As a result, trap operators make efforts to ensure traps are not identified by any outside party, including validation services. The traps identified by these services may have been actively used in the past, but at this point have likely been abandoned by their operator. Even those traps that are still in use would represent only a fraction of the spam traps that exist in the wild. So you may clean a few traps off your list, but you’re not going to solve any major spam trap issues using one of these services.

Effectiveness grade: F

Segmentation and isolation

Over the years I’ve run across many senders (and even some vendors) who believe that identifying spam traps in your list is as simple as pinpointing the time of the trap hits and/or the affected message(s) and/or the group that contains the traps. These senders will often slice up affected lists, sending to smaller and smaller segments of contacts until they have isolated a very small number of records that are, or may be, traps. They can then remove these bad apples from the list and go on sending willy-nilly to the rest of the recipients.

In reality, there are a couple of problems with this approach. First, most trap operators or blacklist admins aren’t going to provide you with the type of data that is required for this process. If you are considered a relatively trustworthy sender, you might get very limited data about trap hits – a date or a subject line, perhaps – but this is almost always just a sample of the full data set. If you get details on a single trap hit, there are likely 10 or 20 or 100 more hits that you can’t see. Trying to narrow down your list based on incomplete data is not likely to generate accurate results.

Effectiveness grade: D

Nullification

Similar to the previous method, this process involves using data provided by the trap operator to isolate and remove affected recipients. This is most often implemented by senders who use highly targeted segments and who may be sending to only a few dozen or hundred recipients at a time. Because of the small segment size, the sender often finds it more appealing to simply remove the entire list that was targeted on the specific day or with the specific message identified as hitting traps.

While removing the entire recipient list could be a slightly more effective solution, this method suffers from the same deficiency as the last: lack of data. This method is only effective if the trap operator provides the full list of trap hits with timestamps – which is extremely unlikely. So even if you suppress the list of recipients called out for one hit, you are likely to be missing the lists that contain additional traps. .

Effectiveness grade: C-

As you can see, none of these methods are especially effective at resolving spam trap issues, and it’s for a simple reason: they address the symptoms (spam traps) instead of the underlying problem (poor list acquisition or hygiene practices). Many trap operators will recommend reconfirming your contact database, the only truly effective method to remove spam traps from your database. However, you’re likely to lose some valid recipients in the process so most senders will only do this as a last resort. We’ve found that a better solution is a hybrid approach that includes both engagement and confirmation elements.

Engagement-based list cleanup

One fact we know about spam traps is that they don’t open email (with very few exceptions). As such, excluding recent openers and clickers from your confirmation efforts will help minimize potential losses to your list. Once you’ve identified those recipients who haven’t engaged in the past 6-12 months, you can temporarily suppress them from further mailings, then send them a confirmation request. Those who engage with the confirmation request can be returned to your active mailing list, and the rest should remain suppressed.

Effectiveness grade: A

It’s nearly impossible to isolate and remove spam traps from your database, so it’s best to stop them from getting there in the first place. Getting clear permission for all new recipients and using an engagement-based list hygiene process can all but eliminate the risk of spam traps in your list and make sure you never need to put these methods to the test.

– BG