Spamhaus Best Practices

James Koons

Online marketing expert Ken Magill recently asked Steve Linford of The Spamhaus Project to answer some questions posed by readers of his newsletter.  The response was amazing.  Ken received over 50 questions from readers which he then passed along to Steve.

One question caught my eye as it was the topic of a recent discussion that I had.  The question was:

“How is Spamhaus working with legitimate marketers to improve list hygiene? Do they have a list of ‘best practices’ that they’d ideally like brands to follow that are business friendly (getting that customer email address) as well as good for business (legitimate email address)?”

I really enjoyed reading Steve’s answer - pointing to Spamhaus’ marketing FAQ, but adding in some additional tips:

“Our Marketing FAQs cover the fundamentals of bulk emailing. While it is a rather old FAQ, we’ve updated it several times and it still provides a solid basis for proper address acquisition and list hygiene.

Some additional ideas we like:

1) Include a “this is not me” link in receipts and other transactional email so that victims of spam sent to a ‘typoed’ email address can tell the company that the email address was ‘typoed’ and to stop sending email to it.

2) Send transactional emails and marketing emails from different IPs.

3) Confirm any email address before sending marketing emails to it, or before continuing to send ongoing transactional mail. The receipt can carry the request for a unique opt-in confirmation of, “Would you like to subscribe to our newsletter?”

4) Mail a list frequently enough to retain good customer engagement. Measure that engagement and remove non-engaged customers as appropriate.

5) Be sure to remove and/or suppress addresses which hard-bounce, and correctly manage unsubscribes as well.

6) Once addresses are retired from a list, whether due to unsubscribe, bounce or non-engagement, don’t try to squeeze some unknown value from those addresses by mailing them again.”

To read all the responses from Spamhaus, see the original Magill Report post.  It is well worth the read!

Spamhaus: Keep That List Clean!

James Koons

During a recent ESPC call, I had the chance to speak with Alan Murphy, an investigator with The Spamhaus Project.  Among other topics, Alan discussed the importance of list hygiene, especially when sending transactional messages.  He pointed out that recently many bloggers wrote about The Spamhaus Project’s “new” spamtraps, which were targeting transactional messages.  Alan assured coalition members that The Spamhaus Project did not suddenly begin to “target” transactional mail.  In fact, he explained that they use several types of spam traps, including typo domains (typographical errors made by users when inputting their email address) as a data source, something they have been doing for over 10 years.  Alan indicated an increase in email address collection errors with address often being incorrectly entered.

In addition, he told us that change is constant at Spamhaus, and in fact several things had changed in late December of last year.  Some of these changes included more cross-referencing among their many spamtraps, improved communication among their maintainers, and a more in-depth machine analysis of spam headers.  Alan referenced the following case study, once again emphasizing the importance of list hygiene:

In this example, a domain expired in early to mid-2010, was re-registered by Spamhaus, and was placed in timeout for more than two years.  (Most new spamtrap domains are placed in timeout for at least six months, and many for year or more, before being put into production as a spamtrap.  While email is properly rejected during that aging process, data can still be collected before the SMTP rejection, hence the Subject history during that period.)  This spamtrap was configured to reject all email from this particular source, but the sender, after two years, still did not realize that the original recipient was not receiving their messages.

2011/01/15 Your receipt #{deleted}
2011/01/15 Your receipt #{deleted}
2011/01/17 Your receipt #{deleted}
2011/02/11 Your receipt #{deleted}
2011/02/15 Your receipt #{deleted}
2011/02/26 Your receipt #{deleted}
2011/03/10 Your receipt #{deleted}
2011/03/28 Your receipt #{deleted}
2011/03/28 Your receipt #{deleted}

2012/10/12 Your receipt No.{deleted}
2012/10/30 Your receipt No.{deleted}
2012/11/07 Your receipt No.{deleted}
2012/11/14 Your receipt No.{deleted}
2012/12/14 Your receipt No.{deleted}
2012/12/16 Your receipt No.{deleted}
2012/12/24 Your receipt No.{deleted}
2013/01/11 Your receipt No.{deleted}
2013/01/14 Your receipt No.{deleted}
2013/01/18 Your receipt No.{deleted}

In this example it is painfully obvious that this sender is not looking at their bounce logs.  They are also not performing any sort of list hygiene, as the messages were rejected in the SMTP conversation.  This case illustrates the problems caused when senders of transactional and bulk email ignore SMTP rejections.  The ongoing flow of presumably unintended bulk email from unattended mail systems operated by well-intentioned but careless senders is considered spam.

Alan concluded the call by reminding ESPC members that the mission of The Spamhaus Project is to keep unsolicited bulk email out of their users’ inbox.  Spamhaus is continually making adjustments in the data available for SBL listings and in how they handle the data.  Sometimes, as in the case above, those adjustments identify other spam problems.  List owners should be aware of hygiene issues, pay attention to bounce messages and proactively remove potentially incorrect addresses to keep themselves off of blacklists.