bad domains
Michael Crider (staff writer for PCWorld) is one of the many folks reporting on Google’s new real-time anti-phishing protection in the Chrome web browser. This means checking every domain you’re trying to visit against some sort of domain or URL blocking list. Aside from the privacy concerns (which I’ll leave to Michael to cover), I’m wondering about how likely this live monitoring and check process will be to subject to false positives. Is this just a quicker check against a now more-quickly updated Google Safe Browsing blocklist? If you find your email or website domain on your list in error, do you still go to this same “report error” page as before? How swiftly will they review and reset accidental listings? When something like this is scaled up and sped up, accuracy and/or manual review doesn’t always seem to scale up with it. So, color me full of concerns. Read
Apologies for the clickbait headline! I couldn’t resist. My intent is to deceive, but only slightly. What is this all about? I was just reading Brian Krebs and his excellent recent reporting, summarizing and analyzing of data from The Interisle Consulting Group, which shows that domains in the “.us” TLD are amazingly prevalent in BEC (business email compromise/aka “phishing”) scams.What this has to do with deliverability is this: while in theory deliverability based on domain reputation is based on the send stats linked to your domain name, your choice of domain can indeed matter to some degree, because spam filters react to what they see. Some might do so with bayesian filtering, some might be manual rulesets updated by a person, or it could be some fancy new artificial intelligence coming to take our jobs someday (yay, Skynet!) — but any of them could, and some likely will, treat mail from domains
I was just testing an email for a friend of a friend. Part of that testing involved running the email through my KBXSCORE checker. It came back with very few issues; most of the header bits are configured properly and the email is fully authenticated.But I had a weirdly higher-than-expected SpamAssassin score, and when I looked at what rule caused the score to spike, it was this one: PDS_OTHER_BAD_TLD. This particular SpamAssassin rule is meant to warn users of “untrustworthy TLDs” (top level domains) like, for example, .click. Meaning that the makers of SpamAssassin believe that linking to a “dot click” domain is a spam sign.But this email didn’t link to a “dot click” domain. Or did it? I couldn’t see it at first, but then I went through the text version with a fine tooth comb and here’s what I saw (slightly redacted):Thank you for subscribing to receive emails from…
SocketLabs’ Brian Godiksen and Campaign Monitor’s Travis Hazlewood joined forces in this excellent blog post to explain what can go wrong when you use a subdomain (under a domain you don’t own) to send mail. Example? Some registrars offer up this goofy thing where you can buy a “domain” “under” uk.com, like spamresource.uk.com. Neat idea, except it’s really just a subdomain. And the domain uk.com has a poor reputation at Gmail, making it kind of hard to get email delivered to the inbox reliably, if I use a uk.com subdomain as my sending domain.So as to not totally steal their thunder, I’ll make you click on through to get their thoughts on what to do instead, and how to measure risk with regard to your choice of TLD (top level domain). This is one you need to read before you buy a new domain name to use for email!