Email Blogs
CDP (customer data platform) and marketing communication platform Simon Data is looking to fill the role of Senior Manager, Email Deliverability. In that role, the perfect person would: Provide hands-on strategic deliverability expertise and guidance during account architecture, sender onboarding, and infrastructure warmup to help ensure client success. Expand both the scope and reach of both basic and premium deliverability service offerings to include the broader Simon Data customer base. Ensure Simon Data is on top of the latest compliance and deliverability trends, technologies, and strategies by engaging with industry leaders and organizations (this may also include representing Simon Data externally with industry groups) and more! Does this sound like it might be the right role for you? If so, click here to learn more and/or to apply.
If you’re suffering from DMARC-related malaise, perhaps this will help you forget about it for a few minutes. For absolutely no useful business reason, I share with you a cover of Feel Good Inc. (originally performed by Gorillaz) being played on a (number of) Stylophones. This makes me smile and I hope it does the same for you. Thanks, maromaro1337, whoever you are!
The Certified Senders Alliance (CSA) provides a whitelist, reputation data and training related to email marketing best practices. It is a service of the Europe-based internet industry association eco. As the CSA describes themselves, “[they act] as a neutral interface between mailbox providers and senders of commercial emails.” Internet company (mailbox provider, web portal and search engine) Seznam has joined the CSA and has implemented the CSA “certified IP list.” Seznam operates the largest Czech freemail service, Email.cz, which is actively used by more than six million users every month. Learn more about the CSA here.
Brian Krebs posted his usual “Patch Tuesday” update for Fat Tuesday (yesterday, February 13th) and listed in there was a doozy, an email-client specific bug that I almost missed: “CVE-2024-21413, a critical remote code execution bug in Microsoft Office that could be exploited just by viewing a specially-crafted message in the Outlook Preview pane.” Brian points out today: “Microsoft has updated its security advisory for [this] critical Outlook bug they patched on Tuesday: They’re now saying it’s under active attack.” Not good. Be safe, and make sure you’re up to date with latest versions and all security patches!
Mickey Chandler and I go way back. He’s been working in the realms of email deliverability, policy, abuse prevention, and more for the entire time I’ve known him. Way back in the day, we both spent a brief stint working for the Mail Abuse Prevention System, one of the first big blocklist spam filterers out there. Later, he worked for and then with me at ExactTarget, later to become Salesforce Marketing Cloud, working very hard to keep clients on the right side of legal and best practice requirements. His most recent experience even overlaps with the world of mobile messaging abuse prevention. And he’s looking for a job. Are you hiring? You can find his Linkedin profile here: https://www.linkedin.com/in/mickeychandler/ Mickey, thank you for taking the time to talk to me today! Can you tell me how you came to get started in the email industry? Like many others, I fell
CheckMyLink (at https://www.checkmylink.gr/) is a cool tool I stumbled across the other day that lets you check domain names and URLs that might be malicious. I wasn’t quite sure of the scope or exactly what they’re checking, so I reached out to my friend, Sarah Papadopoulou, who happens to be the person who runs this useful checker, which has been created along with Scamadviser.com. Here’s what she had to say about CheckMyLink: “Along with members of the anti-scam community we built and support an anti-scam online checking system for domain names / urls, to protect consumers! “CheckMyLink lets consumers quickly check a suspicious link they received via WhatsApp, WeChat, Facebook, email, or other social media. In combination with an annual marketing campaign CheckMyLink can “train” consumers to always first check a link before they click on it. “CheckMyLink is already live in several countries: United Kingdom: with GetSafeOnline and CIFAS
Email infrastructure vendor Halon is hiring! “The leader in email infrastructure for service providers” is looking for fill the role of Integrated Solutions Engineer II. That person should be coding savvy, a pro at all things Linux, and would assist in onboarding customers, in addition to providing support during installations and evaluations, including installations, building integrations and services, answering customer support questions, and more. Interested? Find more details and/or apply here.
I thought it would be fun to take a moment and look back at a prior webinar. This presentation that Tonya Gordon and I put together for Klaviyo users in early 2023 was one the most popular webinar I put together for my then-employer. Klaviyo users seem to hunger to learn more about deliverability and best practices, and I think the guidance here is still accurate and will help put folks on a solid deliverability footing. In the webinar, Tonya and I break down the difference between delivery and deliverability, how to put your best deliverability foot forward (it starts with your authenticated domain name), how to measure and monitor for deliverability issues, and much much more! Google and Yahoo’s new sender requirements had yet to be announced when we presented this webinar; thus we did not touch on them. Klaviyo has put together a Yahoo/Google compliance guide here; and
Just recently discovered in my own inbox: a notice from Google indicating that they’re going to require OAuth access for third party applications connecting to “Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP.” Most modern apps support OAuth already, but there are a number of legacy tools out there that do not — anything where you might have configured an app password to link that third party functionality to your Google (Workspace) account. Starting June 15, 2024, Google will remove the allow “less secure access” app password settings from Google Workspace admin. Currently configured apps and passwords should continue to work until September 30, 2024, at which time support for that functionality will be disabled for Google Workspace users. Read more details here. Does this affect you? Impact here likely isn’t broad, and certainly I’m a fan of better security. But I also do
It’s time to decode another deliverability acronym. Today, we’re going to tackle DMARC, which stands for “Domain-based Message Authentication, Reporting and Conformance.” It’s a bit of a mouthful, but it’s actually a relatively simple and good thing. This domain-level setting allows a domain owner to: Tell receiving internet service providers (ISPs) and mailbox providers (MBPs) (think Gmail, Yahoo, Outlook.com and others), what to do with email messages sent to email users on their platforms, purporting to be from your domain, but failing authentication checks. Protect your domain name by locking it down, setting a policy that says that mailbox providers should not trust mail from my domain unless it authenticates properly. Instruct mailbox providers where to send reports to help summarize and monitor for email authentication compliance. DMARC is implemented via a DNS text record. Learn more about that here. DMARC effectively requires correctly configured SPF (Sender Policy Framework) and/or