Isn’t technology wonderful?

I am somewhat sad to announce that the cult of SPF still lives. The most recent example is the number of people that have taken me to task for a recent post I wrote pointing out that SPF records aren’t actually that important for email delivery. My example was that a client of mine had incorrect SPF records (with a -all even) but was still getting inbox delivery at Hotmail. We repaired the records, re-registered them with Hotmail and Hotmail not only isn’t checking them but also sent mail to me admitting they don’t check SPF for incoming email.

My statement was that SPF wasn’t really important to getting email delivered. This seems to have upset a number of people. Someone on twitter pointed out that a valid SPF record gave you a positive score with SpamAssassin. What they didn’t mention was that a valid SPF record gives you an entire -0.001 with SpamAssassin.

Today I get a comment from Tom (which seems more like an ad for his company than an actual comment) that says

When the received timestamp on a message can make the difference as to whether or not you get a multi-million dollar contract or not, do you want to take the risk of having to explain to management that you didn’t take the 5 minutes to register a single DNS entry that may have made a difference?

Tom, I don’t think you understand what SPF is. SPF has nothing to do with timestamps. Having a record or not having a record doesn’t change anything about the time of a message. If a sender doesn’t have a SPF record the time of lookup for that SPF record is going to be the same as if they did.

In fact, in the quick and dirty test I just did here looking at two major ISPs: Yahoo, which doesn’t publish SPF and Hotmail which does publish SPF. Both records are coming back in less than 100 msec. If tens of milliseconds are the difference between getting the contract and not, you have bigger problems than the presence or absence of a SPF record.

So, yes, the cult of SPF still lives, and still makes no sense. SPF still doesn’t do anything to authenticate email. It doesn’t do anything to make any of us safer. Most of the major players in the SPF movement have moved on to other projects. Even Hotmail, that evangelized SenderID (spf v.2), has mostly abandoned it. But, still, the true-believers come out of the woodwork with anecdata about how SPF is vital and important.

Except it’s not actually vital nor important. And it’s long past time for the cult of SPF to die.

They are admitting they can’t persuade, cajole, influence or pressure their companies to actually follow best practices. Some of the comments public and private comments I’ve heard from various industry leaders:

• “But my boss tells me we can’t stop what we’re doing, even though we’re getting less than 80% inbox delivery.”
• “In my heart, I believe that most email marketers have good intentions. They are not out to spam you. They don’t want to send you email that you don’t want, that you’ll delete, or that your (gasp) mark as spam. They want to do the right thing. The challenge is that their [sic] is constant pressure to squeeze more juice out of email marketing. “
• “My company can’t stop customers from sending to purchased lists, but want a list of really bad vendors so we can ban lists purchased from them. What sellers should we ban?
• “as an individual who has been doing email marketing for over 10 years now, I can tell you that there are internal pressures, IT resource constraints and just about anything you can imagine that can hinder a email marketer from doing what is right for the subscriber. Understand that as a professional, I strive everyday to become a better email marketer, but I sometimes fail. That in no way makes me stupid…it makes me human.”

I know that people want to squeeze every possible bit of revenue possible out of email. The problem is that, as the above people have admitted, squeezing every possible cent out of email means adopting practices that are disrespectful of the recipient. They are practices that cause most recipients to label mail as spam. That mail is indistinguishable from spam. Delivery is poor and contributes to the general noise in all our mailboxes.

Email marketers need to stand up and stop adopting practices used by spammers. Your recipients don’t care that it might be hard or expensive to not send them mail they didn’t ask for and don’t expect. Your recipients don’t care that you have pressure from your boss to meet quotas this month. Your recipients really only care about themselves and their mailboxes. Respect your recipients ahead of your bottom line.

Other highlights from the report include:

• Spam accounts for over 92% of all email.
• 95% of spam was sent from botnets at the end of July 2010.
• One in 327 emails contains malware and one in 363 emails is a phish.
• The number of rustock infected machines is falling, but the amount of mail each one is sending is increasing.
• More than 107 billion emails are being sent through botnets every day.

The end of the report things that, to my mind, should be of significant concern to legitimate marketers. Spammers are adopting tactics from marketers in order to hook users and probably evade detection by ISPs. These include personalizing email (examples) and using image only spam (examples).

One of the recommendations that I’ve repeatedly made here is that legitimate senders should not do things that make their mail look like spam. Sending image only emails is one way for marketers to look like spammers.

The other thing that stands out to me from this report is how small the percentage of legitimate marketing email is. 92% of email is spam. Let’s assume that no one reading this blog is part of that 92%, that means only 8% of mail is not-spam. How much of that is marketing is probably up for debate, but I don’t think that more than 50% of legitimate email is marketing (the other 50% is mail from friends and family, social networking notices and discussion groups).

With those numbers, I can understand why ISPs don’t focus as much as some marketers might like on false positives with spam filtering. In percentage terms it is a tiny fraction of mail and most consumer ISPs provide end users with the ability to override bulk foldering if the recipients really want that mail.

ISPs are the front line against criminals on the Internet. Blocking email is one of the primary ways they protect people. Given the extent of spam and malevolence of spammers they are to be commended for creating systems that have such a low percentage of false positives.

“Project Conduit (or the ‘Company’) is a leading email certification provider guaranteeing delivery of email for senders (brands) and their distribution or marketing agents,” the pitch letter said. “The Company’s core solution is certified email – an email delivery technology designed to ensure that the email bypasses spam filters and reliably reaches the recipients with links and images intact.”

Ken talked to Goodmail, Return Path and ISIPP. Both Return Path and ISIPP denied being the company referenced. Goodmail, on the other hand, responded to Ken’s inquiry with a short statement.

Several months ago, Goodmail began a large scale industry initiative to leverage on its successful email certification business and its unique enhanced email technology which enables video and interactivity.

While we courted participation in this initiative, we caught the attention of several very large companies. These companies expressed interest that went beyond participation. In response, to help us evaluate this interest and determine whether a transaction is in the best interest of our shareholders, we retained the services of an investment bank.

Ken’s article also discusses the implications of Goodmail no longer in use by Yahoo. Go read the whole article (and sign up).

2005 – Pew Internet announces “email may be at the beginning of a slow decline”

2006 – USA Today announces “Email has become the new snail-mail”

2009 – The Wall Street Journal announces “The End of the Email Era”.

That’s not surprising, and it’s due to the importance of email – in the same way that most high-end smartphones have to be pitched as “iPhone killers”, no new communication channel will get any respect unless it’s pitched to the blogosphere (and the venture capitalists) as an “email killer”.

That claim has been debunked lots of times. Repeatedly. Many, many times. More times than that.

But sometimes you need something to make you notice quite how alive email is. I signed up for a Facebook account about three years ago, and had half forgotten about it. After a couple of people mentioned it at a pool party on Saturday, I added three friends yesterday.

This is what my mailbox looks like today (with a couple of private mailing lists blanked out):

Email is looking quite healthy.

If anything does ever kill it, I’m betting it won’t be social networking.

“SPAMHAUS BLOCKS GOOGLE!!!” the headlines scream.

My own opinion is that Google doesn’t do enough to police their network and their users, and that a SBL listing isn’t exactly a false positive or Spamhaus overreaching. In this case, though, the headlines and the original article didn’t actually get the story right.

Spamhaus blocked a range of IP addresses that are owned by Google that included the IP for www.gmail.com. This range of IP addresses did not include the gmail outgoing mailservers.

Spamhaus says

Some Google-owned server IPs hosting severe malicious spam problems – specifically Google’s “Google Docs” service – do get rightly listed in the Spamhaus SBL when Google does not take action fast enough to stop the serving of malicious sites via Google Docs. Such listings act as pointers to the abused resource but do not in any way affect Google’s Gmail service or any Google outbound mail service.

Spamhaus goes on to talk about the responsibility providers have to police their userbase and the fact that large providers who are not policing their users are cost shifting to the rest of us.

We at Spamhaus surely understand the challenges that the cloud service providers face. These problems are not easy to solve and the scale and complexity of the systems involved certainly does not make things easier. What we are puzzled by is how the rest of the internet has to keep carrying the burden of this abuse. The companies that host these services all without exception make hundreds of millions of dollars each year. They employ some of the best and brightest engineers. Surely they can spend a little of their immense resources on making the internet they rely on for their business, a better and safer place.

Unfortunately, Google doesn’t seem to see any value in policing their customers and users. If they can’t make a buck at it, then it doesn’t get done. And if Google’s costs of doing business are shifted to other companies, so much the better. Good for Spamhaus for standing up and pointedly telling Google they can’t keep supporting spam and spammers.

In a recent survey published by Help Net Security, approximately half of all employees said they would take data, including customer data, when leaving a job.

This has major implications for ESPs, where employees have access to customer data and mailing lists. There are at least 2 cases that I am aware of where employees have walked out of a company with customer mailing lists, and I’m sure there are other incidents.

ESPs should take action to prevent employees from stealing customer data.

Ken is really trying to make this report an example of how to do ad supported email newsletters right. When I subscribed yesterday I received the following welcome message:

Please click here to confirm your subscription to The Magill Report.

What You Can Expect

As part of your subscription, you will receive The Magill Report weekly newsletter each Tuesday and possibly one stand-alone ad or survey on Thursdays.

You will receive no more than two e-mails per week from The Magill Report.

And, no, you can’t opt out of the Thursday e-mails and still get The Magill Report. Those Thursday ads are what will be keeping Magill in vodka martinis and cigars.

What You’ll Get in The Magill Report

• Fearless reporting on Internet marketing available nowhere else
• Rare insights from someone with real-world direct-marketing experience
• Regular reports on studies and surveys relevant to your business
• Intelligent, brash and sometimes laugh-out-loud funny analysis
• The real stories behind the PR nonsense regurgitated elsewhere
• Occasionally, even some juicy gossip (Magill loves gossip)
• Authoritative, insightful, how-to and reference information related to getting things done
• The ability to comment and submit content for potential publication
• Occasional references to Magill’s unhealthy relationship with alcohol.

He hit all the high points you should in a welcome message. He told me how frequently I’d hear from him and when, he also included information about future content.

Ken has been reporting on the email marketing industry since very early on and always has an interesting perspective on what’s happening. Go sign up!