Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread Karen Balle 
I'd be happy to share a frosty cold beverage and some of my (un)fortunate
insight into the spammy side of list composition data analysis.  There are
benefits to being known for cleaning up certain types of spam.

On Wed, Aug 29, 2018 at 1:28 PM Laura Atkins 
wrote:

>
> On Aug 29, 2018, at 12:10 PM, Michael Wise via mailop 
> wrote:
>
>
> Agreed.
> There are other ways of checking list sanity when a new customer presents
> it to you.
> But many of the most promising ways to my mind are actively frowned upon.
>
>
> We should sit down over cold frosty beverages next time we’re in the same
> town. (SF next feb? Budapest next June?)
>
> laura
>
>
>
> --
> Having an Email Crisis?  We can help! 800 823-9674
>
> Laura Atkins
> Word to the Wise
> la...@wordtothewise.com
> (650) 437-0741
>
> Email Delivery Blog: https://wordtothewise.com/blog
>
>
>
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>


-- 
Love is strong yet delicate.
It can be broken.
To truly love is to understand this.
To be in love is to respect this.
~ Stephen Packer ~
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread Michael Rathbun 
On Wed, 29 Aug 2018 13:28:32 -0700, Laura Atkins 
wrote:

>We should sit down over cold frosty beverages next time we’re in the same 
>town. (SF next feb? Budapest next June?)

Ooh, I'd love to be in on that one.  Not bloody likely, alas.

mdr
-- 
"Honest folk do not wear masks when they enter a bank."
   -- Unspiek, Baron Bodissey


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread Michael Rathbun 
On Wed, 29 Aug 2018 18:13:46 +, Michael Wise via mailop
 wrote:

>
>It’s abuse.
>And it takes many forms.
>There are many stories like Mr. Rathbun’s … already enunciated.
>And then there’s stuff like this:
>
>  http://www.honet.com/Nadine/default.htm

Thanks for jogging my memory.  I've updated the total received from 90K to
400K.

What's satisfying is that Harris Polls (now part of Nielsen), one of the
earliest villains in the narrative, is now a client of mine, with subscription
policies so restrictive that I wasn't able manually to subscribe a seed 
account -- their fraud detector detected me and locked me out.  I had to make
a phone call to get sample traffic.  Some days, the magic works.

mdr
-- 
The Duckage Is Feep.
   -- Vaul Pixie


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread Benjamin BILLON 
(not Brooklyn? I'd gladly share a frosty beverage too)

--
Benjamin

From: mailop  On Behalf Of Laura Atkins
Sent: Wednesday, 29 August, 2018 22:29
To: Michael Wise 
Cc: mailop 
Subject: Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist 
with strange reputation issue


On Aug 29, 2018, at 12:10 PM, Michael Wise via mailop 
mailto:mailop@mailop.org>> wrote:


Agreed.
There are other ways of checking list sanity when a new customer presents it to 
you.
But many of the most promising ways to my mind are actively frowned upon.

We should sit down over cold frosty beverages next time we’re in the same town. 
(SF next feb? Budapest next June?)

laura


--
Having an Email Crisis?  We can help! 800 823-9674

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741

Email Delivery Blog: https://wordtothewise.com/blog






___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread Laura Atkins 

> On Aug 29, 2018, at 12:10 PM, Michael Wise via mailop  
> wrote:
> 
>  
> Agreed.
> There are other ways of checking list sanity when a new customer presents it 
> to you.
> But many of the most promising ways to my mind are actively frowned upon.

We should sit down over cold frosty beverages next time we’re in the same town. 
(SF next feb? Budapest next June?)

laura
> 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: https://wordtothewise.com/blog 







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread Laura Atkins 
You use the data you’ve got to try and find bad behavior. Bounces are a data 
point and *sometimes* can lead you down the path of a problem sender. Less and 
less, that’s for sure, but it’s still a valid point. 

laura 


> On Aug 29, 2018, at 11:17 AM, Michael Wise via mailop  
> wrote:
> 
>  
> Monitor … yes, most definitely. Especially for bounces indicating that the 
> addressee is no longer valid, or that you’ve been blocked for whatever reason.
>  
> … for signs of lack of opt-in …
>  
> IMHO, you have that the wrong way around.
>  
> Aloha,
> Michael.
> --
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Got the Junk Mail Reporting Tool 
>  ?
>  
> From: mailop mailto:mailop-boun...@mailop.org>> 
> On Behalf Of David Hofstee
> Sent: Wednesday, August 29, 2018 2:36 AM
> To: Brandon Long mailto:bl...@google.com>>
> Cc: mailop mailto:mailop@mailop.org>>; Laura Atkins 
> mailto:la...@wordtothewise.com>>
> Subject: Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist 
> with strange reputation issue
>  
> > Without confirmed opt-in, you're at the mercy of what random junk people 
> > happen to stick in there
> True, but then the real problem is that the opt-in is invalid. As an ESP you 
> should evaluate these lists beforehand and monitor for signs of a lack of 
> opt-in (e.g. high complaint rates by FBL or unsubscribes). Having these 
> typo's are often good indicators for me to start looking further beforehand. 
> E.g. a...@hotmail.com  is the perfect example of 
> people not wanting to provide their real email address.
>  
> A double-optin only confirms there was a relationship with some sender at 
> some point in time. It avoids typo's. However, it does not state with who the 
> opt-in was, when it was provided, for what content, for what frequency, under 
> what circumstances and for how long that is valid. It is not watertight at 
> all. 
>  
> Yours,
>  
>  
> David 
>  
> On Wed, 29 Aug 2018 at 00:24, Brandon Long  > wrote:
> I would also point out that seeing differences between mailbox providers in 
> this instance is not really a surprise.  It may have more to do with which 
> random address people use in these situations.  They may be choosing Gmail 
> more than Yahoo for whatever reason, or the address they're choosing at Gmail 
> may exist and be used, and hence getting spam markings.
>  
> Without confirmed opt-in, you're at the mercy of what random junk people 
> happen to stick in there, and there's no guarantee that that junk is equally 
> distributed.
>  
> And as Laura points out, it also depends on what they are getting from the 
> form.  Some forms may get low to zero junk, others are probably mostly 
> untrusted.
>  
> Brandon
>  
> On Tue, Aug 28, 2018 at 2:28 PM Laura Atkins  > wrote:
> The difference here is that people may want the quote but not want the 
> associated email that comes from the company. So they will fill in a “fake” 
> email address, and one that happens to deliver to some random person.
>  
> Not all subscription forms are alike, and not all subscription forms have the 
> same risk of wrong addresses. For companies that have a high risk of folks 
> giving a fake address, like quote sites or download sites or even whitepaper 
> sites, the site owners need to take steps to protect themselves. 
>  
> laura 
>  
>  
> On Aug 28, 2018, at 6:27 AM, David Hofstee  > wrote:
>  
> Hi Otto,
>  
> It is not my experience that many people will fill in other people's email 
> address. I've seen 100's of millions of subscribers. Most did not have double 
> opt-in. It mostly went very well. There are cases of form-spam (see e.g. 
> Spamhaus a few years ago) and double opt-in prevents typo's. But there are 
> other methods to deal with abuse (in all of its appearances).
>  
> So I'm not sure that your opinion towards double opt-in (where customers not 
> using it should be seen as spamming) is in line with the numbers I saw. I 
> understand the push from the anti-spam community (who have issues in 
> discriminating criminals and commercial senders having equally bad/good data 
> quality). But this technical solution is, imho, the wrong tool for that. As 
> Microsoft, Yahoo and Google have found out, feedback from users via alternate 
> systems is much better. But that is not yet integrated into RFCs for the rest 
> of us to use. 
>  
> I'll leave the "confirmed opt-in" vs "double opt-in" discussion as it is.
>  
> Yours,
>  
>  
> David 
>  
>  
> On Tue, 28 Aug 2018 at 09:02, Otto J. Makela  > wrote:
> On 2018-08-23 22:10, Jan Schapmans wrote:
> 
> >   * customer doesn’t want to do double optin, we are pushing to only 
> > implement
> > it for gmail & googlemail addresses.
> 
> This should definitely raise

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread Michael Wise via mailop 

Monitor … yes, most definitely. Especially for bounces indicating that the 
addressee is no longer valid, or that you’ve been blocked for whatever reason.

… for signs of lack of opt-in …

IMHO, you have that the wrong way around.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool ?

From: mailop  On Behalf Of David Hofstee
Sent: Wednesday, August 29, 2018 2:36 AM
To: Brandon Long 
Cc: mailop ; Laura Atkins 
Subject: Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist 
with strange reputation issue

> Without confirmed opt-in, you're at the mercy of what random junk people 
> happen to stick in there
True, but then the real problem is that the opt-in is invalid. As an ESP you 
should evaluate these lists beforehand and monitor for signs of a lack of 
opt-in (e.g. high complaint rates by FBL or unsubscribes). Having these typo's 
are often good indicators for me to start looking further beforehand. E.g. 
a...@hotmail.com is the perfect example of people not 
wanting to provide their real email address.

A double-optin only confirms there was a relationship with some sender at some 
point in time. It avoids typo's. However, it does not state with who the opt-in 
was, when it was provided, for what content, for what frequency, under what 
circumstances and for how long that is valid. It is not watertight at all.

Yours,


David

On Wed, 29 Aug 2018 at 00:24, Brandon Long 
mailto:bl...@google.com>> wrote:
I would also point out that seeing differences between mailbox providers in 
this instance is not really a surprise.  It may have more to do with which 
random address people use in these situations.  They may be choosing Gmail more 
than Yahoo for whatever reason, or the address they're choosing at Gmail may 
exist and be used, and hence getting spam markings.

Without confirmed opt-in, you're at the mercy of what random junk people happen 
to stick in there, and there's no guarantee that that junk is equally 
distributed.

And as Laura points out, it also depends on what they are getting from the 
form.  Some forms may get low to zero junk, others are probably mostly 
untrusted.

Brandon

On Tue, Aug 28, 2018 at 2:28 PM Laura Atkins 
mailto:la...@wordtothewise.com>> wrote:
The difference here is that people may want the quote but not want the 
associated email that comes from the company. So they will fill in a “fake” 
email address, and one that happens to deliver to some random person.

Not all subscription forms are alike, and not all subscription forms have the 
same risk of wrong addresses. For companies that have a high risk of folks 
giving a fake address, like quote sites or download sites or even whitepaper 
sites, the site owners need to take steps to protect themselves.

laura


On Aug 28, 2018, at 6:27 AM, David Hofstee 
mailto:opentext.dhofs...@gmail.com>> wrote:

Hi Otto,

It is not my experience that many people will fill in other people's email 
address. I've seen 100's of millions of subscribers. Most did not have double 
opt-in. It mostly went very well. There are cases of form-spam (see e.g. 
Spamhaus a few years ago) and double opt-in prevents typo's. But there are 
other methods to deal with abuse (in all of its appearances).

So I'm not sure that your opinion towards double opt-in (where customers not 
using it should be seen as spamming) is in line with the numbers I saw. I 
understand the push from the anti-spam community (who have issues in 
discriminating criminals and commercial senders having equally bad/good data 
quality). But this technical solution is, imho, the wrong tool for that. As 
Microsoft, Yahoo and Google have found out, feedback from users via alternate 
systems is much better. But that is not yet integrated into RFCs for the rest 
of us to use.

I'll leave the "confirmed opt-in" vs "double opt-in" discussion as it is.

Yours,


David


On Tue, 28 Aug 2018 at 09:02, Otto J. Makela mailto:o...@iki.fi>> 
wrote:
On 2018-08-23 22:10, Jan Schapmans wrote:

>   * customer doesn’t want to do double optin, we are pushing to only implement
> it for gmail & googlemail addresses.

This should definitely raise red flags at your end: customer doesn't
care about how good the "leads" are, as long as there are many.
This is "Millions CD" level thinking.

BTW, a much better term is "confirmed opt-in", because that's what it is.
Most companies that want to contact you by email can get it right (send single
email with confirmation link as part of registration etc.), why should your
customer get a special pass not to do it?

--
   /* * * Otto J. Makela mailto:o...@iki.fi>> * * * * * * * * * */
  /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
 /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
/* * * Computers Rule 0100 01001011 * * * * * * */

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread Laura Atkins 

> On Aug 29, 2018, at 2:35 AM, David Hofstee  
> wrote:
> 
> > Without confirmed opt-in, you're at the mercy of what random junk people 
> > happen to stick in there
> True, but then the real problem is that the opt-in is invalid. As an ESP you 
> should evaluate these lists beforehand and monitor for signs of a lack of 
> opt-in (e.g. high complaint rates by FBL or unsubscribes). Having these 
> typo's are often good indicators for me to start looking further beforehand. 
> E.g. a...@hotmail.com  is the perfect example of 
> people not wanting to provide their real email address.

There is an entire segment of the legitimate email industry that provides list 
cleaning services for a fee to anyone with cash. A significant portion of the 
time a non-opt-in list will pass all of the tests (and dozens more) that you 
mention above.There’s also vast amounts of work and products in the spammer end 
of the email industry that folks like me never see, but are also designed to 
prevent ESPs from identifying spammers. 

Back in 2002, I was investigating a list of addresses. The question was are 
these addresses opt in? I had a sample of addresses from the list, don’t 
remember how many. Included in the data was signup IPs, home addresses, phone 
numbers and zip codes. I ran buckets of tests. I did reverse lookups, I mapped 
IPs to locations, I did everything I could think of to identify if this address 
list was opt-in. The data was clean. Very clean. Zip codes matched IP 
locations. rDNS was accurate between the signup IP and the address signed up. 

At the time there were no such things as FBLs, so I had no complaint levels. I 
didn’t have access to unsubscribe data. But nothing about the data I had 
looked, in any way, like it was collected in any way other than an opt-in 
fashion. I would have even believed it was double opt-in. 

Until. I ran one final test. I searched for a local part I use at some freemail 
providers. And my address was on the list, with a totally fake name, IP address 
somewhere in Texas and matching zip code and phone data. 

The only way I was able to identify that list was a problem was because one of 
my own addresses was on there. Had they grabbed a different subset of the list, 
I would have never been able to ID the list as problematic. Had I not thought 
to look for my own addresses, I would have never caught the problem. 

That was 16+ years ago. The ability of spammers to create plausible looking 
data has only increased. The services I mentioned above, the ones that are used 
by the legitimate folks? They will test your list for deliverability before you 
send your first mail. They’ll clean off the typos. They’ll clean off (some of) 
the spamtraps. They’ll remove anything that will give an ESP insight into the 
list. There’s one service that has purchased every email address list they can 
find, and sells that to ESPs so they can detect purchased lists. The services 
on the spammer end of the industry? They’re even better and more dodgy. They 
include shared lists of address that complain, or shared lists of addresses 
that regularly open. The whole business 

A naive scanning like you suggest wasn’t sufficient for the spammers of 16 
years ago. It’s certainly not going to catch anything actual spammer today. 

> A double-optin only confirms there was a relationship with some sender at 
> some point in time. It avoids typo's. However, it does not state with who the 
> opt-in was, when it was provided, for what content, for what frequency, under 
> what circumstances and for how long that is valid. It is not watertight at 
> all.

Exactly. Which is why there are other / better ways to manage a subscription 
process and address collection process. Mapping out the "attack tree” (it’s not 
really attack, but more vulnerability tree) lets the address collector manage 
the threats to their list in a way that limits the friction for recipients that 
want to receive their mail while providing the right friction to ward off fake 
addresses in their mailing lists. 

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: https://wordtothewise.com/blog 







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Preserving signing domain reputation

2018-08-29 Thread Luke 
Only speaking from my own experience here, but changing the d= value (and
nothing else) usually causes catastrophic inboxing issues at gmail. None of
the other major providers seem to care. But a new d=, even just adding or
removing a subdomain, causes immediate bulking at gmail. If the mail is
good, it seems to recover within a few days even without taking any action.

Double-signing, and/or rolling out the new domain slowly is definitely the
way to go.

Luke

On Tue, Aug 28, 2018 at 3:11 PM Steve Atkins  wrote:

>
> > On Aug 28, 2018, at 2:46 PM, Jonathan Leist  wrote:
> >
> > Hello,
> >
> > We're currently exploring the possibility of migrating from signing as
> the individual hostnames of our sending IPs to signing as the org domain
> aligned with those hostnames (e.g. signing as example.com instead of
> mail1.example.com). Our main concern is in regards to deliverability, as
> we'd presumably lose years of sending history that we've accumulated with
> those signing domains.
>
> Relevant sending history when it comes to delivery decisions is typically
> measured in weeks so I wouldn't worry about anyone tracking your reputation
> from June, let alone 2017.
>
> > To potentially mitigate impact from the change, I'm considering having
> the d= be the org domain, while i= could remain the actual hostname we've
> historically signed with. So with the example above, they'd be d=
> example.com and i=@mail1.example.com. Would anyone know off hand whether
> we could expect that to help preserve the reputation we've built as a
> sender, given that the i= also carries reputation (from what I've read)?
>
> That wouldn't hurt anything. But I doubt it'd have much effect, as
> recipients are going to use either the d= or the domain part of the i=, not
> both. I'd expect them to just use the d=, mostly.
>
> The "DKIM Way" would be to sign twice, with the old domain and the new
> one, for a while.
>
> But if you're not seeing delivery issues today and you're not changing IP
> addresses, just the d= signing domain, I wouldn't expect much impact from
> just changing the d=. Trying it with a single MTA would let you see any
> impact, and dribble the new d= value into your mail stream.
>
> Cheers,
>   Steve
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread David Hofstee 
> For companies that have a high risk of folks giving a fake address, like
quote sites or download sites or even whitepaper sites, the site owners
need to take steps to protect themselves.
No. Recipients are not stupid. They only give fake addresses if they see
that the company is asking their email address for the wrong reasons.
Unless that is fixed, you will keep trouble.

Companies should not ask for an email address unless they take good care of
it and convince the recipient of that. That is how they should protect
themselves.

Yours,


David

On Tue, 28 Aug 2018 at 23:14, Laura Atkins  wrote:

> The difference here is that people may want the quote but not want the
> associated email that comes from the company. So they will fill in a “fake”
> email address, and one that happens to deliver to some random person.
>
> Not all subscription forms are alike, and not all subscription forms have
> the same risk of wrong addresses. For companies that have a high risk of
> folks giving a fake address, like quote sites or download sites or even
> whitepaper sites, the site owners need to take steps to protect themselves.
>
> laura
>
>
> On Aug 28, 2018, at 6:27 AM, David Hofstee 
> wrote:
>
> Hi Otto,
>
> It is not my experience that many people will fill in other people's email
> address. I've seen 100's of millions of subscribers. Most did not have
> double opt-in. It mostly went very well. There are cases of form-spam (see
> e.g. Spamhaus a few years ago) and double opt-in prevents typo's. But there
> are other methods to deal with abuse (in all of its appearances).
>
> So I'm not sure that your opinion towards double opt-in (where customers
> not using it should be seen as spamming) is in line with the numbers I saw.
> I understand the push from the anti-spam community (who have issues in
> discriminating criminals and commercial senders having equally bad/good
> data quality). But this technical solution is, imho, the wrong tool for
> that. As Microsoft, Yahoo and Google have found out, feedback from users
> via alternate systems is much better. But that is not yet integrated into
> RFCs for the rest of us to use.
>
> I'll leave the "confirmed opt-in" vs "double opt-in" discussion as it is.
>
> Yours,
>
>
> David
>
>
> On Tue, 28 Aug 2018 at 09:02, Otto J. Makela  wrote:
>
>> On 2018-08-23 22:10, Jan Schapmans wrote:
>>
>> >   * customer doesn’t want to do double optin, we are pushing to only
>> implement
>> > it for gmail & googlemail addresses.
>>
>> This should definitely raise red flags at your end: customer doesn't
>> care about how good the "leads" are, as long as there are many.
>> This is "Millions CD" level thinking.
>>
>> BTW, a much better term is "confirmed opt-in", because that's what it is.
>> Most companies that want to contact you by email can get it right (send
>> single
>> email with confirmation link as part of registration etc.), why should
>> your
>> customer get a special pass not to do it?
>>
>> --
>>/* * * Otto J. Makela  * * * * * * * * * */
>>   /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
>>  /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
>> /* * * Computers Rule 0100 01001011 * * * * * * */
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>
>
> --
> --
> My opinion is mine.
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
> --
> Having an Email Crisis?  We can help! 800 823-9674
>
> Laura Atkins
> Word to the Wise
> la...@wordtothewise.com
> (650) 437-0741
>
> Email Delivery Blog: https://wordtothewise.com/blog
>
>
>
>
>
>
>
>

-- 
--
My opinion is mine.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread David Hofstee 
> Without confirmed opt-in, you're at the mercy of what random junk people
happen to stick in there
True, but then the real problem is that the opt-in is invalid. As an ESP
you should evaluate these lists beforehand *and* monitor for signs of a
lack of opt-in (e.g. high complaint rates by FBL or unsubscribes). Having
these typo's are often good indicators for me to start looking further
beforehand. E.g. a...@hotmail.com is the perfect example of people not
wanting to provide their real email address.

A double-optin only confirms there was a relationship with some sender at
some point in time. It avoids typo's. However, it does not state with who
the opt-in was, when it was provided, for what content, for what frequency,
under what circumstances and for how long that is valid. It is not
watertight at all.

Yours,


David

On Wed, 29 Aug 2018 at 00:24, Brandon Long  wrote:

> I would also point out that seeing differences between mailbox providers
> in this instance is not really a surprise.  It may have more to do with
> which random address people use in these situations.  They may be choosing
> Gmail more than Yahoo for whatever reason, or the address they're choosing
> at Gmail may exist and be used, and hence getting spam markings.
>
> Without confirmed opt-in, you're at the mercy of what random junk people
> happen to stick in there, and there's no guarantee that that junk is
> equally distributed.
>
> And as Laura points out, it also depends on what they are getting from the
> form.  Some forms may get low to zero junk, others are probably mostly
> untrusted.
>
> Brandon
>
> On Tue, Aug 28, 2018 at 2:28 PM Laura Atkins 
> wrote:
>
>> The difference here is that people may want the quote but not want the
>> associated email that comes from the company. So they will fill in a “fake”
>> email address, and one that happens to deliver to some random person.
>>
>> Not all subscription forms are alike, and not all subscription forms have
>> the same risk of wrong addresses. For companies that have a high risk of
>> folks giving a fake address, like quote sites or download sites or even
>> whitepaper sites, the site owners need to take steps to protect themselves.
>>
>> laura
>>
>>
>> On Aug 28, 2018, at 6:27 AM, David Hofstee 
>> wrote:
>>
>> Hi Otto,
>>
>> It is not my experience that many people will fill in other people's
>> email address. I've seen 100's of millions of subscribers. Most did not
>> have double opt-in. It mostly went very well. There are cases of form-spam
>> (see e.g. Spamhaus a few years ago) and double opt-in prevents typo's. But
>> there are other methods to deal with abuse (in all of its appearances).
>>
>> So I'm not sure that your opinion towards double opt-in (where customers
>> not using it should be seen as spamming) is in line with the numbers I saw.
>> I understand the push from the anti-spam community (who have issues in
>> discriminating criminals and commercial senders having equally bad/good
>> data quality). But this technical solution is, imho, the wrong tool for
>> that. As Microsoft, Yahoo and Google have found out, feedback from users
>> via alternate systems is much better. But that is not yet integrated into
>> RFCs for the rest of us to use.
>>
>> I'll leave the "confirmed opt-in" vs "double opt-in" discussion as it is.
>>
>> Yours,
>>
>>
>> David
>>
>>
>> On Tue, 28 Aug 2018 at 09:02, Otto J. Makela  wrote:
>>
>>> On 2018-08-23 22:10, Jan Schapmans wrote:
>>>
>>> >   * customer doesn’t want to do double optin, we are pushing to only
>>> implement
>>> > it for gmail & googlemail addresses.
>>>
>>> This should definitely raise red flags at your end: customer doesn't
>>> care about how good the "leads" are, as long as there are many.
>>> This is "Millions CD" level thinking.
>>>
>>> BTW, a much better term is "confirmed opt-in", because that's what it is.
>>> Most companies that want to contact you by email can get it right (send
>>> single
>>> email with confirmation link as part of registration etc.), why should
>>> your
>>> customer get a special pass not to do it?
>>>
>>> --
>>>/* * * Otto J. Makela  * * * * * * * * * */
>>>   /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
>>>  /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
>>> /* * * Computers Rule 0100 01001011 * * * * * * */
>>>
>>> ___
>>> mailop mailing list
>>> mailop@mailop.org
>>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>>
>>
>>
>> --
>> --
>> My opinion is mine.
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>>
>> --
>> Having an Email Crisis?  We can help! 800 823-9674
>>
>> Laura Atkins
>> Word to the Wise
>> la...@wordtothewise.com
>> (650) 437-0741
>>
>> Email Delivery Blog: https://wordtothewise.com/blog
>>
>>
>>
>>
>>
>>
>>
>> ___
>> mailop mailing

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

2018-08-29 Thread Philip Paeps 

On 2018-08-29 05:41:33 (+0200), John Levine wrote:

In article <23nbod1hoj7v3puc1clpfrm4rtjuf6s...@honet.com> you write:
I would also point out that seeing differences between mailbox 
providers in this instance is not really a surprise.


You would be amazed, or maybe not, how many people with names similar 
to mine wrongly believe that my gmail account is their account.


I receive a lot of email for other people named Philip at philip@ 
addresses in several domains.


One particular philip@ address, at one of the largest ISPs in Belgium, 
is actually quite interesting.  The ISP has a fairly reasonable spam 
filter so most of the email it receives is not actually spam.  It mostly 
receives bills, legal advice and medical information for about a dozen 
other people named Philip.


I can't turn it into a spamtrap (because it's not spam).  I've been 
tempted to set up an auto-responder but I'm concerned about backscatter.


Apropos the original post: I get *a lot* of email to that address 
offering to buy my car.  I don't own a car.


It is definitely true that if your client demands an address as a 
condition of getting access to something, you should assume that the 
addresses are junk, because they will be.  That is the case even if 
the something is delivered to the address they provide.


Even if you're going to use the email for purposes other than marketing 
(say, sending bills, legal advice or medical information), you should 
still confirm the address.


I've certainly entered my share of example.com addresses on captive 
portals and quote sites and the like.


I like using guerillamail.com (and others) for this.

Especially since some captive portals have started only giving ten 
minutes of internet access until you click a link they send by email.


Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop