[mailop] Which ESP forces double opt in?

[Laurent S. via mailop]

Hi,

Related to the thread of a few days ago "Force double opt in for 
marketing list companies per email address":

Which ESP does 100% (double/confirmed) opt in?

I am looking for an ESP that will, in every case, send a confirmation 
link without ever trusting their clients about the consent status of 
lists they import?

I am aware this means some recipients might never click the link and get 
another 2nd mail. I am also aware this doesn't block every abuse, as 
Laura mentioned (I've seen those too):

On 6/4/20 9:10 AM, Laura Atkins via mailop wrote:

> I will also say there is such a thing as spam to a COI address. Like, 
> I confirmed my subscription to one retailers list and they start 
> mailing me advertising for a different brand of theirs (has happened). 
> Or I confirm my subscription to one company and they go out of 
> business and sell off their COI list to the highest bidder (has 
> happened). Or I confirm my address for one type of email and the brand 
> decides to expand their marketing and send me mail for a completely 
> different thing (has happened). Or I confirm my address and then 
> unsubscribe but the company changes ESPs and forgets to take their 
> unsub list with them. 
My goal with this mail is not to debate the pros and cons of COI. I am 
only looking for an ESP that enforces it strictly.

Cheers,

Laurent S.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Which ESP forces double opt in?

[Jakub Olexa via mailop]

Hi Laurent,

we force DOI for subscribe forms and treat everything else as recipients
without explicity consent. This means that the customer must have a
different legal basis to use the address (usually legitimate interest
based on prior business relationship). Some features of our platform are
limited and won't work with recipients that have no recorded consent.

Jakub Olexa
Founder & CEO
E-mail: ja...@mailkit.com 
Tel: +420 777 744 440 

Mailkit - Closing the circle between Deliverability and Engagement


On 8.6.2020 11:28, Laurent S. via mailop wrote:
> Hi,
>
> Related to the thread of a few days ago "Force double opt in for 
> marketing list companies per email address":
>
> Which ESP does 100% (double/confirmed) opt in?
>
> I am looking for an ESP that will, in every case, send a confirmation 
> link without ever trusting their clients about the consent status of 
> lists they import?
>
> I am aware this means some recipients might never click the link and get 
> another 2nd mail. I am also aware this doesn't block every abuse, as 
> Laura mentioned (I've seen those too):
>
> On 6/4/20 9:10 AM, Laura Atkins via mailop wrote:
>
>> I will also say there is such a thing as spam to a COI address. Like, 
>> I confirmed my subscription to one retailers list and they start 
>> mailing me advertising for a different brand of theirs (has happened). 
>> Or I confirm my subscription to one company and they go out of 
>> business and sell off their COI list to the highest bidder (has 
>> happened). Or I confirm my address for one type of email and the brand 
>> decides to expand their marketing and send me mail for a completely 
>> different thing (has happened). Or I confirm my address and then 
>> unsubscribe but the company changes ESPs and forgets to take their 
>> unsub list with them. 
> My goal with this mail is not to debate the pros and cons of COI. I am 
> only looking for an ESP that enforces it strictly.
>
> Cheers,
>
> Laurent S.
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Which ESP forces double opt in?

[Laura Atkins via mailop]

> On 8 Jun 2020, at 10:28, Laurent S. via mailop  wrote:

> My goal with this mail is not to debate the pros and cons of COI. I am 
> only looking for an ESP that enforces it strictly.

I don’t think there is one. Rodney Joffe had one for a while, but it’s been so 
long I don’t remember the name and I don’t think they’re still around as an ESP.

~~~ off to the google cave ~~~

… it was whitehat.com  but the website isn’t loading for 
me. 
https://web.archive.org/web/20010609000944/http://www.whitehat.com/interactive/bestpractices.cfm
 

 is a copy of content from back in 2001. The current text on their website 
(viewed through archive.org ) doesn’t mention email 
marketing at all.

laura 



-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: https://wordtothewise.com/blog 







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Which ESP forces double opt in?

[Laurent S. via mailop]

On 08.06.20 11:54, Jakub Olexa via mailop wrote:
 >
 > Hi Laurent,
 >
 > we force DOI for subscribe forms and treat everything else as recipients
 > without explicity consent. This means that the customer must have a
 > different legal basis to use the address (usually legitimate interest
 > based on prior business relationship). Some features of our platform are
 > limited and won't work with recipients that have no recorded consent.

Thanks Jakub for your answer. Is there a way for the ISP to identify 
what has gone through proper consent?

It is great that you verify subscribe forms. It's a good beginning. But 
if you still allow your clients to add other addresses and to say yeah 
yeah, I've got them through "legal" ways, then I am not interested. I am 
looking for an ESP that will still verify those.

On 08.06.20 12:02, Laura Atkins via mailop wrote:
> 
> I don’t think there is one. Rodney Joffe had one for a while, but it’s been so
> long I don’t remember the name and I don’t think they’re still around as an 
> ESP.

That was my fear :-s

> 
> … it was whitehat.com  but the website isn’t loading for
> me.
> https://web.archive.org/web/20010609000944/http://www.whitehat.com/interactive/bestpractices.cfm
>  is
> a copy of content from back in 2001. The current text on their website (viewed
> through archive.org ) doesn’t mention email marketing at 
> all.
> 
> laura
> 

Thanks Laura, I'll have a deeper look. But I have low hopes.

Laurent


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Which ESP forces double opt in?

[Stefano Bagnara via mailop]

On Mon, 8 Jun 2020 at 11:33, Laurent S. via mailop  wrote:
> Which ESP does 100% (double/confirmed) opt in?
>
> I am looking for an ESP that will, in every case, send a confirmation
> link without ever trusting their clients about the consent status of
> lists they import?

AFAIK no one.
You can find ESPs that are forcing confirmed opt-in for emails
collected using their forms (instead of allowing or defaulting to
single opt-in).
Some of them don't even require "consensus based mailings": many of
them require consent in their ToS but they trust the customer unless
they have something to not believe him.

> I am aware this means some recipients might never click the link and get
> another 2nd mail. I am also aware this doesn't block every abuse, as
> Laura mentioned (I've seen those too):

I'm not sure this would be a great idea as sending a "massive
single-opt in request" is anyway a massive email.
An opt-in request email should be sent only when the user just
compiled the form.

So, you have 3 kinds of lists:
1) spam lists: the ESP would send the opt-in email to all of them and
this would be spam anyway.
2) single-opt-in-lists: the ESP would send a massive email (the
confirmation request) and for some of them this will be spam for some
other ignoring the message this will mean stopping receiving something
they asked to receive)
3) confirmed opt-in lists: like #2 but only the bad parts.

IMHO
- if an ESP has a way to understand the customer will do spam then
they should not send anything, not even a reconfirm email.
- otherwise once they send their first email the ESP will collect some
data and usually detect a spammer sender better than sending a
reconfirm email.

If every ESP requested a reconfirmation email customers would be stuck
in their ESP and every ESP could increase prices 10x as customers will
never accept to reconfirm their whole already confirmed lists just
because they don't want to accept their new ESP prices. Spammers,
instead, would happily load their scraped/purchased lists to every
ESP, running a subscription bombing to their lists and using each ESP
against the parts that confirmed the opt-in on that specific sender.

Furthermore forcing COI is not enough for a real consent-based
mailing: the ESP should also require reconfirmations for every email
that has not been mailed for more than 6-12 months and maybe they
should also require reconfirmation when the sender email changes or
the contents for the messages are changed or the mailing frequence
changes (as consent is not just a "yeah, drop whatever you like in my
mailbox"). One of the worst customers we kicked for spam was in fact
using confirmed opt in but the users were not really asking him to
receive the emails he finally sent them. He did a lot of "win an ipad"
forms and then redirected the users to our COI forms: then he was
sending them car insurance or easy credit access or anything else.
Technically this may be COI, but without a real consent. So COI would
not solve ESP issues anyway. So if you think that enforcing COI will
give you a better reputation ESP then I'd reconsider this.

So, I'm a great COI fan (IMHO "single/unconfirmed opt-in" is almost
equal to "no opt-in"), but I'm not sure that expecting ESP to force
reconfirmation so to only send COI emails would really fix any issue.
I know you asked for a list and not a COI discussion, but I think/hope
the above explains why you probably won't find such a list.

Stefano

-- 
Stefano Bagnara
Apache James/jDKIM/jSPF
VOXmail/Mosaico.io/VoidLabs

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Which ESP forces double opt in?

[Simplelists - Andrew Beverley via mailop]

On Mon, 08 Jun 2020 09:28:27 + mailop@mailop.org wrote:
> Which ESP does 100% (double/confirmed) opt in?

We do by default. We then allow a customer to request that the opt-in
requirement be relaxed. Of course, we can't guarantee that what a
customer tells us is true when we process this request.

We do send on different IP addresses though per email address,
depending on whether the recipient has opted in via us (and then we mark
that as such in the SuretyMail IADB entry).

Andy

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Which ESP forces double opt in?

[Jakub Olexa via mailop]

Hi Laurent,

we can enforce consent for an individual customer but for 99% of
customers this is not practical.

Our T&C require the customer to have a legal basis and all our customers
are aware that we can request them to prove the date (and often do). On
top of that all customer data goes through manual vetting process at the
time of onboarding and we have automated processes to check for changes
that would indicate they are trying to load in lists that would be
questionable.

Many of our customers use their own consent processing end do not rely
on ours just pass the data via API - again in such case we have to trust
the customer to follow the law and our contract and there is hardly a
way for us to identify whether it is valid or not (we do check for
obvious stuff like if the API requests claiming similar IPs as source of
the consent, etc).

In the end I don't believe any ESP could sustain their business if they
enforced consent 100% as for most common campaigns consent is not
required and legitimate interest or other legal basis is sufficient.
That includes order confirmation messages, invoices, bank monthly
statements, etc. If we enforced consent then banks would definitelly
wave good bye to us in a heartbeat as there is no consent needed for
monthly bank statement and that falls under a different legal basis
(legal obligation).

Jakub Olexa
Founder & CEO
E-mail: ja...@mailkit.com 
Tel: +420 777 744 440 

Mailkit - Closing the circle between Deliverability and Engagement


On 8.6.2020 13:50, Laurent S. via mailop wrote:
> On 08.06.20 11:54, Jakub Olexa via mailop wrote:
>  >
>  > Hi Laurent,
>  >
>  > we force DOI for subscribe forms and treat everything else as recipients
>  > without explicity consent. This means that the customer must have a
>  > different legal basis to use the address (usually legitimate interest
>  > based on prior business relationship). Some features of our platform are
>  > limited and won't work with recipients that have no recorded consent.
>
> Thanks Jakub for your answer. Is there a way for the ISP to identify 
> what has gone through proper consent?
>
> It is great that you verify subscribe forms. It's a good beginning. But 
> if you still allow your clients to add other addresses and to say yeah 
> yeah, I've got them through "legal" ways, then I am not interested. I am 
> looking for an ESP that will still verify those.
>
> On 08.06.20 12:02, Laura Atkins via mailop wrote:
>> I don’t think there is one. Rodney Joffe had one for a while, but it’s been 
>> so
>> long I don’t remember the name and I don’t think they’re still around as an 
>> ESP.
> That was my fear :-s
>
>> … it was whitehat.com  but the website isn’t loading for
>> me.
>> https://web.archive.org/web/20010609000944/http://www.whitehat.com/interactive/bestpractices.cfm
>>  is
>> a copy of content from back in 2001. The current text on their website 
>> (viewed
>> through archive.org ) doesn’t mention email marketing at 
>> all.
>>
>> laura
>>
> Thanks Laura, I'll have a deeper look. But I have low hopes.
>
> Laurent
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] UCEPROTECT-Level1 listing

[Ewald Kessler | Webpower via mailop]

Hello,

One of our IP addresses (91.197.72.142) got blacklisted at
UCEPROTECT-Level1 with a "Last Impact" timestamp of 06.06.2020 16:57 CEST
+/- 1min.

But the peculiar thing is, no mail was sent from that IP in at least the 48
hours prior to their timestamp. Does this sound familiar? Am I missing
something? And if this is a false positive, does anyone know how to get
that info through to the people of UCEPROTECT? Since we don't really
qualify for any of the options given on their contact form... (
http://www.uceprotect.net/en/contact.php)

Thanks in advance!

Regards,
Ewald Kessler
-- 
Deliverability & Abuse Management, www.webpower-group.com
ewald.kess...@webpower.nl
t: +31 342 423 262
li: www.linkedin.com/in/ewaldkessler
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] UCEPROTECT-Level1 listing

[Paul Smith via mailop]

On 08/06/2020 16:26, Ewald Kessler | Webpower via mailop wrote:

Hello,

One of our IP addresses (91.197.72.142) got blacklisted at 
UCEPROTECT-Level1 with a "Last Impact" timestamp of 06.06.2020 16:57 
CEST +/- 1min.


But the peculiar thing is, no mail was sent from that IP in at least 
the 48 hours prior to their timestamp.


How do you know no mail was sent from that IP address?

Was the IP address blocked at your firewall, or could a different PC or 
some software have sent that mail without you being aware of it?




--
Paul



--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] UCEPROTECT-Level1 listing

[Chris Woods via mailop]

On Mon, 8 Jun 2020 at 16:37, Ewald Kessler | Webpower via mailop <
mailop@mailop.org> wrote:

> Hello,
>
> One of our IP addresses (91.197.72.142) got blacklisted at
> UCEPROTECT-Level1 with a "Last Impact" timestamp of 06.06.2020 16:57 CEST
> +/- 1min.
>
> But the peculiar thing is, no mail was sent from that IP in at least the
> 48 hours prior to their timestamp. Does this sound familiar? Am I missing
> something? And if this is a false positive, does anyone know how to get
> that info through to the people of UCEPROTECT? Since we don't really
> qualify for any of the options given on their contact form... (
> http://www.uceprotect.net/en/contact.php)
>
>
tl;dr: don't worry about UCEProtect, they won't help you and your energy is
better spent elsewhere.


Perhaps the listing was due to retry 421/45x NDR to a honeypot, backscatter
or spoofed sender reply-to? Did it perhaps align with an expired 48/72 hour
retry period?

UCEProtect are alleged in the past to use their own systems to email
addresses then list based on bounces/scatter (see /. article)

I suspect people come across UCEPROTECT, quickly start using it (sometimes
as their sole determining RBL) but gradually realise they cause as many
problems as they solve. You're a large ESP so I'd expect more than one
UCEProtect listing... If you're policing your customer base, and customer
campaigns aren't using junk lists, there's not much else you can do.

What's up with UCEP? In my personal opinion:
- Opaque listing methodologies (perhaps acceptable in isolation).
- Bizarre and unhelpful practices around delisting.
- A history of fairly militant and scornful replies from the operators (see
also their "cart00neys"). Not very professional.
- Unhelpfully strict, narrow interpretations of their own rules around
listing & classification irrespective of circumstance

Of course they can run their private system as they wish, but I can't trust
them as a judicious altruistic operator. Their hardline, broad-scope
listings for some networks can be problematic. I don't like how they pitch
paid expedited delisting amongst other things. I get everyone needs to make
money, but that doesn't sit well with me.

I don't think I'd bother worrying about UCEPROTECT - either using them or
worrying about listings. I only occasionally check incoming emails against
UCEP for information-only scoring comparisons with 'good' RBLs. I stopped
wasting my time with UCEP in production long ago.

https://tech.slashdot.org/story/12/12/25/0236223/ask-slashdot-dealing-with-anti-spam-service-extortion

https://wordtothewise.com/2018/05/uceprotect-gdpr-fallout/
https://groups.google.com/forum/#!topic/news.admin.net-abuse.blocklisting/Tc6bSDj9ebo


If an RBL is willing to block swathes of public provider ranges, ISP /24s
and even half of Sendgrid with no nuance or moderation, it's worthless. I'm
sure their own inboxes are blissfully free of emails. ("hooray, no spam
here!")

Worry about an SBL or SmartScreen listing :-) and encourage other admins to
reconsider their reliance on UCEProtect, it's not cut out for serious use.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] UCEPROTECT-Level1 listing

[Atro Tossavainen via mailop]

> problems as they solve. You're a large ESP so I'd expect more than one
> UCEProtect listing... If you're policing your customer base, and customer
> campaigns aren't using junk lists, there's not much else you can do.

I only have limited visibility to *everything* that Webpower sends, of
course, but one thing I can state with certainty is that Webpower provide
access to Adamello, an unrepentant Swedish B2B spammer using purchased/
harvested lists.

This statement has nothing to do with UCEPROTECT. I fully concur with
the opinions posted previously about them. Completely separately from
that, I'm also saying that because of this, I would go so far as to
claim that Webpower are not policing their customer base and that their
customer campaigns are using junk lists.

I will also say that this is not news to Webpower.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] G Suite Support - Deliverability Issues

[Kotlikov, Anna via mailop]

Hello,

Is there anyone here I can speak to from G Suite support?

AK


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Which ESP forces double opt in?

[Chris via mailop]

On 2020-06-08 06:02, Laura Atkins via mailop wrote:

… it was whitehat.com  but the website isn’t 
loading for me. 
https://web.archive.org/web/20010609000944/http://www.whitehat.com/interactive/bestpractices.cfm is 
a copy of content from back in 2001. The current text on their website 
(viewed through archive.org ) doesn’t mention email 
marketing at all.


It was supposed to do ESP stuff, and I got dragooned onto its advisory 
board (along with others including even Vixie IIRC), but I've not seen 
any signs of activity from that direction for at least a decade.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] t-online.de outage?

[Jon Morby via mailop]

We’re currently experiencing problems connecting to any / all of t-online.de’s 
MXs

We just get a 554 after connect and before any handshake. I’ve tried this from 
various IPs, not just our mail server IPs in AS8282

Anyone aware of an outage or have a contact there that can shed some light?

– 
Jon Morby



– 
Jon Morby
where those in the know go
Tel: 0345 004 3050
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] t-online.de outage?

[Michael Rathbun via mailop]

On Mon, 8 Jun 2020 21:53:06 + (UTC), Jon Morby via mailop
 wrote:

>We just get a 554 after connect and before any handshake. I’ve tried this from 
>various IPs, not just our mail server IPs in AS8282

It's not just you.  After a telnet to an MX there, I see

>554 IP=47.190.44.19 - A problem occurred. (Ask your postmaster for help or to 
>contact t...@rx.t-online.de to clarify.) (BL)
>Connection closed by foreign host.

mdr
-- 
 "There are no laws here, only agreements."  
-- Masahiko


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] t-online.de outage?

[Ralph Seichter via mailop]

* Michael Rathbun via mailop:

> After a telnet to an MX there, I see
>
>> 554 IP=47.190.44.19 - A problem occurred. (Ask your postmaster for
>> help or to contact t...@rx.t-online.de to clarify.) (BL) Connection
>> closed by foreign host.

I remember seeing this particular error code when setting up new mail
servers with IPs that have not previously sent mail to T-Online MXs. In
these cases I e-mailed the listed address and T-Online staff manually
cleared the addresses. Thus, my guess is that some T-Online blocking
mechanism is currently out of whack.

-Ralph

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] t-online.de outage?

[Michael Rathbun via mailop]

On Tue, 09 Jun 2020 04:35:40 +0200, Ralph Seichter via mailop
 wrote:

>>> 554 IP=47.190.44.19 - A problem occurred. (Ask your postmaster for
>>> help or to contact t...@rx.t-online.de to clarify.) (BL) Connection
>>> closed by foreign host.
>
>I remember seeing this particular error code when setting up new mail
>servers with IPs that have not previously sent mail to T-Online MXs. In
>these cases I e-mailed the listed address and T-Online staff manually
>cleared the addresses. Thus, my guess is that some T-Online blocking
>mechanism is currently out of whack.

The address quoted, and the string "(BL)" does suggest that a blocking
mechanism has wandered off into the weeds.

mdr
-- 
   Sometimes half-ass is exactly the right amount of ass.
   -- Wonderella


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop