That screenshot above is from an email message that I received recently. I get a lot of wacky emails, but this one takes it to a whole new level. This person did not research his target very well, and I find the content to be borderline deceptive. They are careful to say “I have results about” not “I see that you’re having trouble” to sort of hedge the bet, as if to say “I have information about your spam folder percentage” only to find out that the percentage is zero, and to be met with the defense “but zero is a percent.”This is silly. And I share this silliness not to name and shame (note that I have not shared the sender’s last name or company), but to point out that you can’t always trust everything that people tell you. In this case, I run my own dedicated MTA, with
Adam Silver silver is a “contract interaction designer with a strong technical background” and a savvy blogger, who just figured out something that I’ve known for a while: One-click unsub is a bad idea. I don’t fault him for being new to the party — you don’t know, until you know. And he frames the problem in a new context: links are for navigation, buttons are for actions. It’s a good way to look at it. Link to a form page, require a button push to unsubscribe, and thus, evade security link scanning that causes false positive unsubs.It seems so simple to me.
Or, how to scare your potential new customers by doing a whole bunch of things wrong all at once, leading to the big warning box of doom. Cold leads, not sending using a full name, and not authenticating properly. Trying to be friendly and sending mail as “Bob” can backfire, especially if your employer has four other people already named Bob, Gmail can’t tell which is which, and Gmail is concerned because your DKIM configuration is busted and you didn’t configure SPF properly. Good job, Bob.This brings me back to the common question, are SPF and/or DKIM required for inbox placement? Well, the lack of them in this case sure didn’t help Bob. Don’t be like Bob. Make it easy for Gmail to identify you and authenticate your mail.
A friend recently shared a link to a spammer’s blog post bragging about how what they’re doing isn’t illegal. Weird flex, but OK. Going on your blog and defend your business model that way? “We’re not actually breaking the law! We promise! Cold lead emails are totally legal!” You do what you gotta do, I guess. But remember, farts are not illegal either, and they’re just about as broadly unloved as cold lead email campaigns.So, yeah, duh. Spam is not illegal. I’ve been pointing that out for years – here’s me mentioning back in 2010 that CAN-SPAM does not actually prohibit spam. It’s legal, flat out. But, as an argument to defend bad practices, “this is legal” is a red herring. What you should be asking is: how does CAN-SPAM regulate spam and what does it say about mail filtering and blocking? As I wrote about just a couple of
From Bleeping Computer: A woman in Australia was arrested for sending over 32,000 emails to a Federal Member of Parliament, impacting systems enough that people weren’t able to do their normal jobs as a result. She faces charges that could result in a prison term of up to ten years. Read more.Is 32,000 a lot of emails? I guess so, for a regular mailbox. Here I am today, deleting 12,000 messages out of this mailbox, 6,000 out of that mailbox, times about a hundred, for the various deliverability tracking stuff at work, so it doesn’t seem that overwhelming to me. Back at my last job, I had Gmail test mailboxes that would occasionally fill up and I’d be deleting upwards of 150,000 messages at a time. But still, I probably wouldn’t want to be on the receiving end of that have to work around it to get to the emails
This is one of those things that a client learned about the hard way, so I wanted to share with you all with the hope that you can avoid some of the same pain that they, and I, experienced, while helping them troubleshoot this issue.Avoid including emojis in the friendly from field.The friendly from is not exactly a header, but it’s part of the from header, the text that goes along with your from email address. (Learn more about what it the friendly from is here.) People love to customize the friendly from to various ends: it could be an effort to drive better recognition of their brand, it could be to suggest a personal connection between sender and recipient, or it could be something done to help drive more sales. Or maybe sometimes you might even modify it just to look cool. That’s okay; we’ve all done it.But what you
The other day, I ran across a complaint on Linkedin. “Just saw another email go to the Promotions Folder with DKIM, SPF, and DMARC set up perfectly. Stop telling people this will fix their e-mail problems!” It’s not the first time I’ve heard this, and I can understand why the author is frustrated. But, it’s important not to miss the true point — email authentication will help to improve inbox delivery. Because it does! But there’s a nuanced explanation to go along with that. The devil truly is in the details.Email authentication is fantastic. SPF and DKIM both allow you to set yourself up as YOU in the eyes of mailbox providers — as opposed to just being one of the many clients of ESP or CRM platform X, based on a shared IP address or shared DKIM domain. This is a good thing, but it’s just the start.Setting yourself
Another day brings us another simple reminder that buying lists will cause you trouble. Toshi Onishi, writing for the Dotdigital blog, succinctly shares with us the three major issues around transparency (and consent) that comprise insurmountable roadblocks when it comes to purchasing email lists. And if you need more ammo to help explain to a boss or marketing manager why buying lists isn’t cool, don’t forget to check out https://www.shouldiuseapurchasedemaillist.com where you’ll find more links to articles that break down why it’s a bad practice and so broadly prohibited.
Lucas Ropek for Gizmodo explains: “Turns out it’s pretty damn easy to spam the entire Air Force using just one email address.”Oh, no. Really? Yep, as it turns out.
Rene Holt writing for We Live Security has shared a recent tale that gives me pause: What can go wrong if you get your SPF record wrong. Usually the risk here is that you make your SPF record too restrictive, resulting in the rejection of legitimate mail. But here’s an alternate case — what if your SPF record is so wide, so broad, that bad guys can easily send spam from certain IPs and pass authentication checks, successfully pretending to be you (or at least, successfully sending from your domain).I think the moral of the story is that you’ve got to get SPF right, both in how tight and how loose your SPF record should be. Don’t just blindly add a zillion IP addresses because somebody told you to; investigate and question and review.Rene Holt: How a spoofed email passed the SPF check and landed in my inbox