parties can’t reach an agreement if they’re not even having the same conversation.

I realized this is just as true in email as it is in politics. All too often we’re not having the same conversation. Look at the comments thread on my spamtraps post. Steve Henderson and I weren’t having the same conversation. He believes spam is illegal and that identifying email as spam is the same as calling the sender a criminal. I don’t think spam is illegal and am not making any comments about the legal status of the sender.

This is one recent example, but it’s not an unique occurrence. Failing to have the same conversation is rampant in the email space. One of the more obvious situations where this happens is when dealing with blocks.

The blocked sender tells the blocking recipient, “We don’t send spam! Remove the block, please!” The sender thinks this is the relevant bit of information and that all they need to do is assert that they aren’t intentionally sending spam.

The blocking recipient looks at their systems, they look at their customer data, they look at the patter of email and say, “We can’t remove this block.” The receiver thinks this is the relevant bit of information. They work on data, not intentions.

I frequently describe my job as translating from sender to receiver. I sit in the middle of the conversation and make sure both sides are having the same conversation.

In politics and in email delivery, the only way things get done is when both sides have the same conversation. Understanding the goals and perspectives of the “the other side” is critical to getting what you want.

This mail finally hit my annoyance threshold, so I’ve been submitting reports and complaints to the senders the last few weeks. The mail, with full headers, goes with an explanation that the address that received it was harvested off a website more than 5 years ago and never opted in to receive any mail.

One of the ISPs I sent the report to has a web form where the complainant and the customer can see the report and both can comment on it. The customer replied to my complaint on it.

Email compliant with best practice, lazy user. Have clicked the unsubscribe link for them

As you can imagine this annoyed me. I mean, I’m really happy they’re going to stop sending me spam advertising clubs a 12 hour plane flight away, but they could do that without claiming that I was a lazy user.

I replied to the complaint.

Despite what your customer says I am not a “lazy user.” The email was sent to an address harvested off a website more than 5 years ago. I never signed up for it, I never asked for it.

Your customer is a spammer.

To the ISP’s credit, they did take the complaint a lot more seriously than their customer.

Network access to server has been suspended

Boy, did that change the customer’s tune.

I will speak again to my customer and seek clarification from them as to the source of my email. My comment was in relation to email content such as headers and unsubscribe details

While I know it’s tempting to treat every complaint as a “lazy user” who just won’t unsubscribe, it can be a very bad idea. It’s not that I’m too lazy to hit the unsubscribe button, it’s that the sender is clearly a spammer, either buying or harvesting address lists. Why should I trust that spammer to actually honor an unsubscribe? I don’t. Thus, I send in a complaint.

A few months ago, there were a bunch of rumors that GFI had divested themselves from SORBS. There were also rumors that SORBS was purchased by Proofpoint. Based on publicly available information many of us suspected that GFI was no longer involved in SORBS. Yet other information suggested that Proofpoint may truly have been the purchaser.

This week those rumors were confirmed.

Proofpoint, Inc., the leading provider of cloud-based security and compliance solutions for enterprise messaging and collaboration, today announced it has acquired the assets of the SORBS (Spam and Open Relay Blocking System) service (http://www.sorbs.net). Approximately 200,000 organizations worldwide leverage the SORBS DNS-based Block List (DNSBL) to effectively block email from more than 12 million host servers known to disseminate spam, phishing attacks and other forms of malicious email.

I have to wonder how reflective of actual usage numbers the “200,000 organizations” is. I do suspect that many organizations are querying the list, but I don’t know how much it’s affecting delivery. Most spamassassin installations query SORBS DUL by default. However, being listed on SORBS DUL only counts for 0.001 points. Being queried doesn’t matter if those queries don’t really affect delivery.

We recently wrote about problems with the Trend/MAPS lists. Many people have contacted us about that and indicated they are no longer seeing any blocking at Comcast based on a MAPS listing. The Comcast postmaster page hasn’t been updated, but I haven’t heard of anyone having problems with listings at Comcast recently.

I’m hearing conflicting reports about the other major US Trend/MAPS user, RR.com. Some people are telling me they’re seeing inbox delivery for MAPS listed IPs. Other people are telling me they’re seeing deferrals for MAPS listed IPs.

In either case, it appears that the effect of a MAPS listing on delivering mail to US ISPs is less than it was a few months ago.

The decisions to make this information public  were not made lightly. On balance, blocklists are a valuable and important part of the email ecosystem. But they are a bit of a black box. Very few people who don’t run blocklists actually have insight into how they work and how they make decisions. There are good reasons the blocklists do this, but it does make them a bit of an unknown entity to many.

In response to the ongoing damage to the email ecosystem, we decided share this information publicly. Many people tried discussions with the list maintainers and their parent companies: by phone, by email and in person. These efforts were only partially effective at getting wanted mail delivered.

Because this problem was ongoing and because so many different people were attempting to resolve the problem unsuccessfully, we decided to make the information we knew public. While the listing policies don’t seem to have changed, the overall damage to the ecosystem seems to be lessening.

There are a lot of people who worked very hard to bring about these changes. Many of them cannot be named, for obvious reasons. But their contribution should not be overlooked. Our position in the industry means people share issues with us and that we can share information publicly. But just because we’re the public face doesn’t mean we’re the only actors.

For the major ISPs, the people who plan, approve, design and monitor the filters usually want to maximize customer happiness. They want to deliver as much real mail as possible while blocking as much bad mail. Blocking real mail and letting through bad mail both result in unhappy customers and increase the ISP’s costs, either through customer churn or through support calls. And this is a process, filters are not static. ISPs roll out new filters all the time, sometimes they are an improvement and sometimes they’re not. When they’re not, they’re pulled out of production. This works both for positive filters like Return Path and negative filters like blocklists.

Then there is mail filtering that doesn’t have to do with spam. Business filters, for instance, often block non-business mail. Permission of the recipient often isn’t even a factor. Companies don’t often go out of their way to block personal mail, but if personal mail gets blocked (say the vacation plane ticket or the amazon receipt) they don’t often unblock it. But when you think about why a business provides email, it makes perfect sense. The business provides email to further its own business goals. Some personal usage is usually OK, but if someone notices and blocks personal email then it’s unlikely the business will unblock it, even if the employee opted in.

In the case of email filters, the free market does work. Different ISPs filter mail differently. Some people love Gmail’s filters. Other people think Hotmail has the best filtering. There are different standards for filtering, and that makes email stronger and more robust. Consumers have choices in their mail provider and spamfiltering.

There have been two symptoms I’ve been hearing about. One is an increase in bulk folder delivery for mail that previously was reliably hitting the inbox. The other is a bit more interesting. I’ve heard of 3 different mailers, with good reputations and very clean lists, that are seeing 4xx delays on some of their mail. The only consistency I, and my colleagues at some ESPs, have identified is that the mail is “bursty.”

The senders affected by this do send out mail daily, but the daily mail is primarily order confirmations or receipts or other transactional mails. They send bi-weekly newsletters, though, exploding their volume from a few tens of thousands up to hundreds of thousands. This seems to trigger Gmail to defer mail. It does get delivered eventually. It’s frustrating to try and deal with because neither side is really doing anything wrong, but good senders are seeing delivery delays.

For the bulk foldering, Bronto has a good blog post talking about the changes and offering some solid suggestions for how to deal with them. I’m also hearing from some folks who are reliable that Gmail may be rolling back some of the bulk foldering changes based on feedback from their users.

So if you’re seeing changes at Gmail, it’s not just you.

The reality is many of the people at ISPs and blocklists don’t want to talk to these types of senders. They may answer a friendly question from someone they know and trust, but sometimes not even then.

Some very large ISPs and major blocklists don’t even take sender questions. They won’t communicate with anyone about any delivery issues.

I’ve had to tell more than a few clients recently that various ISPs and blocklists weren’t interested in helping those clients with their delivery problems. There are two classes of reactions I get from clients. Some clients focus on moving forward. “OK, now what? How can we identify the issue, what data do we have and how can we figure out what the problem is?”

Other clients continue to look for ways to talk to whomever is blocking their mail. They’re convinced if they can just “explain their business model” or be told what they’re doing wrong, that all their delivery problems will magically disappear.

Needless to say those clients who focus on moving forward and looking at the information they do have have much better success resolving their delivery problems. What many senders don’t understand is the wealth of data they have that will help them resolve the issue. And even if they know it’s buried in their files, they don’t always know where to start looking or even what they’re looking for.

But that is, of course, why you hire someone like me who understands spamfiltering and email. I help senders understand how email filters work and identify what parts of their programs are likely to be responsible for delivery issues. I often find the most valuable service I provide to clients is a fresh set of eyes that can see the forest. With my help, they manage to stop obsessing unproductively about one particular symptom and focus on the underlying problems.

Senders who think the holy grail of problem resolution is speaking to the right person at an ISP or blocklist generally are disappointed, even when they hire someone who knows all the right people at the ISPs.  They can’t always get what they want. But I can often help them get what they need.

Anyhow, Mickey beat me to it and posted much of what I was going to say about Ken Magill’s response to a very small quote from Neil’s guest post on expiring email headers last week.

I, too, was at that meeting, and at many other meetings where marketers and the folks that run the ISP spam filters end up in the same room. I don’t think the marketers always understand what is happening inside the postmaster and filtering desks on a day to day basis at the ISPs. Legitimate marketing? It’s a small fraction of the mail they deal with. Ken claims that marketing pays the salaries of these employees and they’d be out of a job if marketing didn’t exist. Possibly, but only in the context that they are paid to keep their employers servers up and running so that the giant promises made by the marketing team of faster downloads and better online experiences actually happen.

If there wasn’t an internet and there weren’t servers to maintain, they’d have good jobs elsewhere. They’d be building trains or designing buildings or any of the thousands of other jobs that require smart technical people.

Ken has no idea what these folks running the filters and keeping your email alive deal with on a regular basis. They deal with the utter dregs and horrors of society. They are the people dealing with unrelenting spam and virus and phishing attacks bad enough to threaten to take down their networks and the networks of everyone else. They also end up dealing with law enforcement to deal with criminals. Some of what they do is deal with is unspeakable, abuse and mistreatment of children and animals. These are the folks who stand in front of the rest of us, and make the world better for all of us.

They should be thanked for doing their job, not chastised because they’re doing what the people who pay them expect them to be doing.

Yes, recipients want the mail they want. But, y’know, I bet they really don’t want all the bad stuff that the ISPs protect against. Ken took offense at a statement that he really shouldn’t have. ISPs do check their false positive rates on filtering, and those rates are generally less than 1% of all the email that they filter. Marketers should be glad they’re such a small part of the problem. They really don’t want to be a bigger part.

The 6th circuit court ruled that the government must have a search warrant before accessing email. The published opinion is interesting reading, not just because of the courts ruling on the law but also because of the defendant. Berkeley Premium Nutraceuticals toyed with spamming to advertise their product as a brief search of public reporting sites shows. The extent and effort they went to in order to stay below the thresholds for losing their merchant accounts is reminiscent of the effort some mailers go through to get mail through ISP filters.

The other bit of interesting reading is the Microsoft motion to dismiss the case brought against them by Holomaxx. It is a relatively short brief (33 pages) and 3 of those pages are simply a listing of the relevant cases demonstrating ISPs are allowed to filter mail as they see fit. 2 more pages are dedicated to listing the relevant Federal and State statutes. I strongly encourage anyone considering suing any large ISP to to read this pleading. These lawyers understand email law inside and out and they are not going to mess around. They also have both statute and case law on their side. They point this out before the end of page 1:

Holomaxx’s claims against Microsoft are without merit. First, Claims 3-6 and 9—based on Microsoft’s filtering of Holomaxx’s e-mails—are barred by the Communications Decency Act of 1996 (“CDA”), 47 U.S.C. Section 230. The CDA explicitly exempts service providers such as Microsoft from liability for filtering of objectionable content, including objectionable e-mail.

Through the CDA, Congress immunized Microsoft from precisely the sort of liability that Holomaxx seeks to impose here. Indeed, one federal court recently held that claims based on e-mail filtering were barred by the CDA. See e360Insight, LLC, 546 F. Supp. 2d at 609-610. The same analysis should be adopted here. Further, even accepting Holomaxx’s allegations as true, every cause of action based on Microsoft’s filtering activities (Claims 1-6 and 9) independently fails to state a claim upon which relief may be granted, as Holomaxx has failed to allege legally sufficient facts and puts forth theories that are unsupported in the law.

Suing ISPs to force them to accept mail is a failed business model, the law is just not on the senders’ side.

Who should go to MAAWG from your company?

Send at least one person from your compliance or abuse desk. At the very, very least send someone who sets your policies. Don’t just send high level executives or anyone who sets the goal to collect as many business cards as possible.

Who shouldn’t go to MAAWG from your company?

People who have nothing to do with stopping abuse from your systems shouldn’t go. People who think that this is a marketing conference shouldn’t go. People who think it is acceptable to follow someone into the bathroom and ask them for a business card at a urinal, shouldn’t be allowed out of the house without supervision.

What should you do at MAAWG?

There are a lot of things to do at MAAWG, and a wide breadth of sessions about messaging abuse. Many of them don’t always have to do with sending mail, some of them are from elected officials (or their representatives), law enforcement or policy makers.

1. Go to all the sender sessions.
2. Pick at least one session that doesn’t have to do with sending mail. Even if it isn’t your area, listen to what other people are talking about and doing in the field of messaging abuse.
3. Respect people’s time. A lot of participants have packed schedules and may not have time to talk to strangers.
4. Outside of sessions talk about things other than email.
5. Inside sessions don’t be afraid to comment, but avoid making every comment about how that isn’t going to work for marketers or bulk senders or is going to make things harder for them.

What shouldn’t you do at MAAWG?

To quote Wil Wheaton: don’t be a dick. Need some examples?

1. Don’t hover around the edges of conversations waiting to be able to hand an ISP rep your business card.
2. Don’t start every conversation with “we don’t send spam.”
3. Don’t chase people into restrooms looking to exchange cards.
4. Don’t expect ISP reps to be interested in talking to you about your specific email problems in the hallway, or at the social events.

They’re wrong.

MAAWG is the Messaging Anti-Abuse Working Group. The intention of the group is to provide a setting where companies providing internet services can work together to stop abuse. Email is one of the major platforms talked about, but there are also discussions about other forms of messaging abuse.

This conference is unique both in its content and in the people who attend. For many ISP reps this is their sole opportunity to get together with peers, former co-workers and friends. Many of the ISP folks are actually low to mid-level employees who are working the front lines fighting abuse every day. MAAWG is a chance for them to work and socialize with people who understand their jobs and the challenges associated with handling abuse on a daily basis. It’s a place to look at the larger issues and blow off steam.

There are a number of folks who show up at the conference that don’t deal with abuse in any capacity, however. They don’t have to deal with rampant levels of spam heavy enough to take down a mailserver. They don’t have to deal with the horror that is child porn. They don’t have to deal with angry subscribers. They don’t have to deal with criminals.

In short, they’re not abuse desk folks. They are, at best, a delivery person but more often are some high level executive at a marketing firm. These folks treat MAAWG as a place to wheedle business cards and contacts from the ISP reps. Stop abuse? The only abuse they see is that their email isn’t instantly delivered to the inbox.  Spam? That’s what other people send. Phishing? Child porn? Not important.

All too many of them are not even subtle or coy about the fact that their only concern is finding contacts. One ISP rep tells the story of some marketer that followed him into the bathroom and attempted to trade business cards while the ISP person was at the urinal. Make no mistake, this is not an isolated incident. The badgering is so bad that some ISP reps refuse to state who their employer is.

The ISP folks are there to actually spend time with their peers and y’know, do actual work. ISP reps are not there to get hassled by dozens of marketers.

To be fair, a number of ESPs send delivery folks who are actually working to stop abuse. They do chase spammers through their systems. They do deal with criminals. Unfortunately, because they are from ESPs they are prohibited from actually working with the ISPs.

Why? Because so many of the ESP reps aren’t actually there to stop abuse that MAAWG has had to draw firm lines between ESPs and ISPs to make the ISP reps feel comfortable. I can’t fault MAAWG for that even as I can see there are ESP reps who perform the exact same job functions as the ISP reps.

The ESPs have created this situation. Instead of sending folks on their side who deal with messaging abuse, they send high level executives and marketers. They send people who think that the ISPs owe them something. That believe the ISPs will let mail through just because they shared a beer at the conference. That believe there is some inner circle and if they join they can find out the secret sauce so they can get their mail through filters. They send people who think that ISPs should be forced to sit at a table and listen to marketers yell about “the false positive problem.”

This isn’t to say ESPs and marketing companies shouldn’t join MAAWG and go to conferences. There’s a lot of abuse that both groups have to deal with. But MAAWG isn’t a marketing conference. Sending only marketers or executives to the conference not only misses the point of the organization, it actively sabotages it.