Re: [mailop] Force double opt in for marketing list companies per email address

[Atro Tossavainen via mailop]

> I recommend you try working with them vs calling them out as being
> bad actors - These teams (especially the Mailchimp team) works very
> hard, harder than most hosting companies i would imagine, to stop
> abusive behaviour from their networks sending billions of emails
> around the world. From stopping fraudulent sign-ups to, stopping the
> use of purchased lists, to shutting down accounts that get
> complaints - mind you much faster than many other companies that
> might be part of the same abusive message on the content hosting or
> domain hosting side of the house.

Don't get me wrong, Matt.

I do keep reporting the obviously bad stuff such as B2B spammers openly
using purchased lists to many ESPs. The one you mentioned is my personal
favourite too. I'm quite sure if you ask the average ESP abuse desk
person about their opinion on me they are damn sure going to have one.
Not saying what it's going to be like, but indifferent or "who's that?"
it won't be.

I am only saying that if bounce processing worked anywhere near as well
as anybody would have the audience believe, we would not have a business.
Spamtraps would not get any mail, or too little to matter. The business
case would quite simply not exist.

I'm not calling ESPs bad actors. I am thanking them for continuing to
give me something to work with. I believe I did already in my first
message in this thread. I am genuinely thankful for being able to sell
the information that they should not even be generating back to them.

Cheers,
-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Michael Rathbun via mailop]

On Fri, 5 Jun 2020 11:30:23 -0700, David Carriger via mailop
 wrote:

>I'm not saying this as an attempt to call anyone out, or start a fight, but
>my point is that those of us who are active in these industry mailing lists
>and conferences are the ones who care. We want to do better. We're up
>against forces internal and external.

Some of the most complex, convoluted and difficult-to-maintain code I have
seen in mail systems involves interpreting responses.  One of my favorites,
over time, has been the family of Yahoo "4xx deferred but don't bother trying
again, because you will never succeed" permanent temporary failures.

I have interpreted this as a "let's see if we can run the spammers out of disk
space due to queue bloat from retries that haven't timed out yet" device.  It
has been gratifying to see exactly this effect on some senders.

mdr
-- 
   If Jurassic Park had been about email, Jeff Goldblum would be known 
   for saying "Spammers, uh, find a way".

  -- David Carriger, after noting that some spammers
 they hosed off the deck had found a new home elsewhere.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[David Carriger via mailop]

Thanks for being a voice of reason, Matt.

ESPs don't always get things right, but the ESPs who are participating in
M3AAWG or joining forums like this one are trying to do the right thing.
Bounce handling is difficult because bounce messages are like an episode of
Whose Line Is It Anyway? -  the status codes are made up and the text
doesn't matter. Sure, there's RFCs, but once you've spent a few days going
through your logs to try to improve your bounce handling and see some mail
operators using 4XX bounces for what should really be a 5.1.1 invalid
recipient, you lose hope in the system.

If I knew what every ISP wanted me to do after a given bounce, I'd do my
best to respect that, within the boundaries of the service that I am also
obligated to provide my clients. This is what we're working with, though:

451 Invalid Recipient - https://community.mimecast.com/docs/DOC-1369#451
[Lzabfop9Nva0NP5E_GxwYg.uk119]
553 sorry, no mailbox here by that name. ulc: 65216002578, rcp: 0001.
(#5.7.1)
554 5.7.1 : Recipient address rejected: user
redac...@lycos.com does not exist
550 5.4.1 Recipient address rejected: Access denied. AS(201806281) [
SN1NAM01FT027.eop-nam01.prod.protection.outlook.com]
554 delivery error: dd Not a valid recipient -
atlas215.aol.mail.bf1.yahoo.com

We can all agree that a bad address should be a 550 5.1.1 error, yes?
Surely we can agree on that much, since it's in the RFCs?

https://www.greenend.org.uk/rjk/tech/smtpreplies.html
https://tools.ietf.org/html/rfc3463#section-3.2

Mimecast, Microsoft and Verizon Media Group are not small companies. The
only reason I even know the Microsoft bounce should be codified as a hard
bounce is thanks to the kind folks at SparkPost for posting publicly about
it:

https://www.sparkpost.com/blog/bounce-classification-code-change/

I mean, if I was trying to figure out what to do with that bounce on my
own, what would I do? Well, let's start with the RFC...

  X.4.1   No answer from host

 The outbound connection attempt was not answered, because
 either the remote system was busy, or was unable to take a
 call.  This is useful only as a persistent transient error.


Only useful as a persistent transient error? That's odd, because it was a
5xx error, not a 4xx error. Access denied? Access denied *to whom*? My IP
address? My MAIL FROM domain? The sender in the friendly from? If I can't
definitively tell my customer that the address is undeliverable and will
never receive messages, then I have a duty to attempt subsequent deliveries
until we hit our own internal threshold for converting soft bounces to hard
bounces. The business logic for that determination is going to differ from
ESP to ESP.

I'm not saying this as an attempt to call anyone out, or start a fight, but
my point is that those of us who are active in these industry mailing lists
and conferences are the ones who care. We want to do better. We're up
against forces internal and external. If we got it wrong, help us make it
right. Maybe a C-level told us we had to do something a certain way and
having an email from the ISP themselves saying "That's bad and wrong, don't
do that" would tip the scales. Maybe things have changed since that legacy
code was written 5 years ago and we need a nudge to refactor it. Maybe
someone recently introduced a bug with the last deploy that our testing
didn't catch. We're all up against the same challenges here, these are
things that occur at ISPs as well. How many threads have we seen for "Is
anyone else's GPT data missing/wrong" or "What the heck happened with valid
emails bouncing at Yahoo yesterday"? These things happen, they happen
despite our best intentions, and the sooner we learn to work together to
fix them and move on instead of worrying about where to assign blame, the
better the ecosystem will be for everyone.

Best regards,
David Carriger

On Fri, Jun 5, 2020 at 8:52 AM Matt V via mailop  wrote:

> On 2020-06-05 10:09 a.m., Atro Tossavainen via mailop wrote:
>
> Furthermore, I explicitly indicated that it was the consensus that the
> GDPR makes it effectively impossible for them to do what you believe I
> said, which I did not. It has been discussed in so many M3AAWG meetings
> and between meetings, and Simon McGarr's talk "So you want to be a data
> controller" was more or less on this subject.
>
> I don't know how you have managed to read exactly the opposite of my
> intentions into my words, I can only conclude that it must have to do
> with my awkward non-native use of the language because all other
> explanations seem so futile. Here is what I said, for a recap.
>
> Most ESPs want to remain as data processors under GDPR and do not want to
> be put in a position of being a data controller. Utilizing data across
> multiple accounts has some very interesting impacts in regards to the
> responsibility of the controller/processor or controller/controller
> relationships of data.
>
> As for ESPs and the emails that they process on 

Re: [mailop] Force double opt in for marketing list companies per email address

[Matt V via mailop]

On 2020-06-05 10:09 a.m., Atro Tossavainen via mailop wrote:

Furthermore, I explicitly indicated that it was the consensus that the
GDPR makes it effectively impossible for them to do what you believe I
said, which I did not. It has been discussed in so many M3AAWG meetings
and between meetings, and Simon McGarr's talk "So you want to be a data
controller" was more or less on this subject.

I don't know how you have managed to read exactly the opposite of my
intentions into my words, I can only conclude that it must have to do
with my awkward non-native use of the language because all other
explanations seem so futile. Here is what I said, for a recap.


Most ESPs want to remain as data processors under GDPR and do not want 
to be put in a position of being a data controller. Utilizing data 
across multiple accounts has some very interesting impacts in regards to 
the responsibility of the controller/processor or controller/controller 
relationships of data.


As for ESPs and the emails that they process on behalf of their clients, 
bounces are processed and removed but each ESPs has different thresholds 
for how this should be done - business logic and all.


 * ESP1 - might remove from an individual list, but nothing stops a
   client from uploading a new list every time they mail. Thus giving
   the appearance of neglecting bounces.
 * ESP2 - might remove only after a third consecutive 5.x.x where it is
   clear the user is unknown - This addresses Luke's comments on
   bounces for things like account disablement/re-activation for
   billing issues
 * ESP3 - Might bounce an address at the client level, but allow a
   brand to over write that flag with a new upload
 * ESP 4 - might not allow people to re-enable bounces ever...
 * ESP5 - might suppress multiple bounces from multiple clients across
   the board for all accounts <<< This has significant GDPR
   implications that the individual client suppression doens't.
 * ESP x - might do some or all of the above...

I've seen all of these scenarios over the years, each has a different 
benefit/risk - but what I can say is that every ESP I've ever worked 
for/with had a different way of doing this. But they all processed 
bounces as best they could and updated their rules on regular timelines. 
Why? Because the standards for bounces get applied in wonky ways at each 
ISP - so really the standard is non-standard.


This is as much a client education piece as it is an industry 
implementation piece. If every ESP knew that 5.5.1 meant the exact same 
thing then they could treat them all the same, but having seen '4.5.1 
Unknown user', and '5.5.0 - Try again later' errors over the years ESPs 
work with the data they are given to the best of their abilities and 
within the laws that are applicable to them and their clients.


I recommend you try working with them vs calling them out as being bad 
actors - These teams (especially the Mailchimp team) works very hard, 
harder than most hosting companies i would imagine, to stop abusive 
behaviour from their networks sending billions of emails around the 
world. From stopping fraudulent sign-ups to, stopping the use of 
purchased lists, to shutting down accounts that get complaints - mind 
you much faster than many other companies that might be part of the same 
abusive message on the content hosting or domain hosting side of the house.


--
~
MATT

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Matthew Grove via mailop]

Tim, I believe *X-MC-User* and *List-ID* should help you identify those
issues.

Matt, if you think we're not handling a hard bounce properly, I'd like to
get that worked out. Do please reach out off-list so we can troubleshoot
the issue.


Cool,
Matthew
delivery.mailchimp.com


On Fri, Jun 5, 2020 at 10:04 AM Luke via mailop  wrote:

> Atro,
>
> I did not forget that we know each other. I remember meeting you and Pekka
> for the first time in Dublin back in 2015.
>
> I appreciate the added perspective here. It sounded like you were
> suggesting that ESPs do not suppress invalid email addresses. But it sounds
> like you are aware that ESPs do suppress invalid email addresses, but you
> believe they should suppress them across their entire user base. That is a
> different discussion. Unfortunately, this is fraught with all sorts of
> issues. The primary one being the unreliable nature of SMTP responses. Just
> one example that is top of mind is Telstra/Bigpond. They will return "5xx
> No such user" when one of their users has a lapse in payment. The mailbox
> becomes valid again when the user pays their bill. Another example: when I
> was at SendGrid, we did some analysis on bad addresses. We took every
> address that returned some flavor of "no such user" in a 6 month period. We
> then looked at how many of those addresses came back and engaged with mail
> at a later date (the following 6 month period). It turned out that
> something like 1% of invalid addresses would come back to life and become
> engaged with email again. Also, we were careful to not take a single pixel
> load or a single URL firing as "proof" the mailbox was back to life. Now,
> 1% is a small number, but it was 10s of millions of addresses. It would
> simply not be appropriate to permanently suppress these addresses on behalf
> of 80,000-100,000 distinct senders and organizations using SendGrid to send
> their email.
>
> Its hard for me to hear things like "ESPs don't suppress addresses" when I
> worked at an ESP where we had discussions about whether it was ethical to
> charge people for trying to send to addresses that we were suppressing on
> their behalf. ESPs suppress bad addresses, just not the way you would like
> them to. That is a discussion worth having, we just need to be clear on the
> terms of the discussion.
>
> Luke
>
> On Fri, Jun 5, 2020 at 1:21 AM Atro Tossavainen via mailop <
> mailop@mailop.org> wrote:
>
>> On Thu, Jun 04, 2020 at 07:48:45AM -0700, Luke wrote:
>> > I cant tell if this the thing about ESPs not removing bounces is a joke
>> or
>> > not. All of the major ESPs have logic for adding bad addresses to
>> > suppression lists. Of course their users can choose to unsuppress, but
>> ESPs
>> > certainly remove bounces. Seems like most people here should know this.
>> > Maybe I'm missing something about your comment?
>>
>> Luke, you're sounding like you've forgotten we know each other IRL,
>> and the same goes for you and my biz partners Pekka and Catherine.
>>
>> We timeout new domains for a year or more, in accordance with
>>
>> https://www.m3aawg.org/documents/en/m3aawg-best-current-practices-for-building-and-operating-a-spamtrap-ver-120
>>
>> We started out doing this in such a way that the domains didn't have
>> a way of receiving any email at all (no A and no MX, resulting in the
>> sending mail server having to tell itself NXDOMAIN), but already for
>> a long time this is done so that they do have a mail server that is
>> responding
>>
>> 550 5.1.1 No such user
>>
>> to every attempt to deliver any email.
>>
>> I agree that that should result in very little to no ESP mail when such
>> a domain eventually comes out of timeout, which would result in our not
>> having a business at all. Not the case.
>>
>>
>> >
>> > On Wed, Jun 3, 2020, 11:30 PM Atro Tossavainen via mailop <
>> mailop@mailop.org>
>> > wrote:
>> >
>> > > > For me, it was noticing how, despite getting 550'd for an extended
>> > > period of
>> > > > time, Mailchimp just keeps hammering away at the address, never
>> dropping
>> > > it
>> > > > from the list.  That, too, is not the behaviour of a responsible
>> ESP.
>> > >
>> > > As I keep saying, we would not have a business at all if any ESPs
>> actually
>> > > removed bounces. So thank you to everyone who doesn't. If there are
>> > > entities that do, I don't know which ones they are. :-D
>> > >
>> > > Way back when, some people who are also on this list kept complaining
>> > > that simply keeping domains registered without an A and MX (causing
>> > > NXDOMAIN for mail delivery) is not a proper bounce, because you (as
>> the
>> > > sending entity) are somehow not able to trust the results your own
>> > > servers produce, but have to get third party validation for the fact
>> > > that an address doesn't exist (which I think is totally
>> bass-ackwards),
>> > > but anyway, we started 550 5.1.1'ing addresses during the timeout
>> period
>> > > of new domains we acquire, and still, no change.
>> > 

Re: [mailop] Force double opt in for marketing list companies per email address

[Atro Tossavainen via mailop]

Luke, thanks for the reply,

> I appreciate the added perspective here. It sounded like you were
> suggesting that ESPs do not suppress invalid email addresses.

The evidence suggests this is the case.

> But it sounds like you are aware that ESPs do suppress invalid email
> addresses, but you believe they should suppress them across their
> entire user base.

It sounds like I am aware that they claim they are doing so, but that
the evidence in spamtraps contradicts the claim.

Furthermore, I explicitly indicated that it was the consensus that the
GDPR makes it effectively impossible for them to do what you believe I
said, which I did not. It has been discussed in so many M3AAWG meetings
and between meetings, and Simon McGarr's talk "So you want to be a data
controller" was more or less on this subject.

I don't know how you have managed to read exactly the opposite of my
intentions into my words, I can only conclude that it must have to do
with my awkward non-native use of the language because all other
explanations seem so futile. Here is what I said, for a recap.

> > > > There is also the issue that anything that Operator X finds out while
> > > > processing data for Customer X1 cannot apply to Customer X2 because
> > > > anything to the contrary makes Operator X a DATA CONTROLLER in their
> > > > own right from the perspective of the GDPR and what did I say about
> > > > that just a few messages ago?

("Just a few messages ago" being

https://chilli.nosignal.org/cgi-bin/mailman/private/mailop/2020-June/016675.html
)

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Luke via mailop]

Atro,

I did not forget that we know each other. I remember meeting you and Pekka
for the first time in Dublin back in 2015.

I appreciate the added perspective here. It sounded like you were
suggesting that ESPs do not suppress invalid email addresses. But it sounds
like you are aware that ESPs do suppress invalid email addresses, but you
believe they should suppress them across their entire user base. That is a
different discussion. Unfortunately, this is fraught with all sorts of
issues. The primary one being the unreliable nature of SMTP responses. Just
one example that is top of mind is Telstra/Bigpond. They will return "5xx
No such user" when one of their users has a lapse in payment. The mailbox
becomes valid again when the user pays their bill. Another example: when I
was at SendGrid, we did some analysis on bad addresses. We took every
address that returned some flavor of "no such user" in a 6 month period. We
then looked at how many of those addresses came back and engaged with mail
at a later date (the following 6 month period). It turned out that
something like 1% of invalid addresses would come back to life and become
engaged with email again. Also, we were careful to not take a single pixel
load or a single URL firing as "proof" the mailbox was back to life. Now,
1% is a small number, but it was 10s of millions of addresses. It would
simply not be appropriate to permanently suppress these addresses on behalf
of 80,000-100,000 distinct senders and organizations using SendGrid to send
their email.

Its hard for me to hear things like "ESPs don't suppress addresses" when I
worked at an ESP where we had discussions about whether it was ethical to
charge people for trying to send to addresses that we were suppressing on
their behalf. ESPs suppress bad addresses, just not the way you would like
them to. That is a discussion worth having, we just need to be clear on the
terms of the discussion.

Luke

On Fri, Jun 5, 2020 at 1:21 AM Atro Tossavainen via mailop <
mailop@mailop.org> wrote:

> On Thu, Jun 04, 2020 at 07:48:45AM -0700, Luke wrote:
> > I cant tell if this the thing about ESPs not removing bounces is a joke
> or
> > not. All of the major ESPs have logic for adding bad addresses to
> > suppression lists. Of course their users can choose to unsuppress, but
> ESPs
> > certainly remove bounces. Seems like most people here should know this.
> > Maybe I'm missing something about your comment?
>
> Luke, you're sounding like you've forgotten we know each other IRL,
> and the same goes for you and my biz partners Pekka and Catherine.
>
> We timeout new domains for a year or more, in accordance with
>
> https://www.m3aawg.org/documents/en/m3aawg-best-current-practices-for-building-and-operating-a-spamtrap-ver-120
>
> We started out doing this in such a way that the domains didn't have
> a way of receiving any email at all (no A and no MX, resulting in the
> sending mail server having to tell itself NXDOMAIN), but already for
> a long time this is done so that they do have a mail server that is
> responding
>
> 550 5.1.1 No such user
>
> to every attempt to deliver any email.
>
> I agree that that should result in very little to no ESP mail when such
> a domain eventually comes out of timeout, which would result in our not
> having a business at all. Not the case.
>
>
> >
> > On Wed, Jun 3, 2020, 11:30 PM Atro Tossavainen via mailop <
> mailop@mailop.org>
> > wrote:
> >
> > > > For me, it was noticing how, despite getting 550'd for an extended
> > > period of
> > > > time, Mailchimp just keeps hammering away at the address, never
> dropping
> > > it
> > > > from the list.  That, too, is not the behaviour of a responsible ESP.
> > >
> > > As I keep saying, we would not have a business at all if any ESPs
> actually
> > > removed bounces. So thank you to everyone who doesn't. If there are
> > > entities that do, I don't know which ones they are. :-D
> > >
> > > Way back when, some people who are also on this list kept complaining
> > > that simply keeping domains registered without an A and MX (causing
> > > NXDOMAIN for mail delivery) is not a proper bounce, because you (as the
> > > sending entity) are somehow not able to trust the results your own
> > > servers produce, but have to get third party validation for the fact
> > > that an address doesn't exist (which I think is totally bass-ackwards),
> > > but anyway, we started 550 5.1.1'ing addresses during the timeout
> period
> > > of new domains we acquire, and still, no change.
> > >
> > > There is also the issue that anything that Operator X finds out while
> > > processing data for Customer X1 cannot apply to Customer X2 because
> > > anything to the contrary makes Operator X a DATA CONTROLLER in their
> > > own right from the perspective of the GDPR and what did I say about
> > > that just a few messages ago?
>
> --
> Atro Tossavainen, Founder, Partner
> Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
> Tallinn, Estonia
> tel. 

Re: [mailop] Force double opt in for marketing list companies per email address

[Tim Bray via mailop]

On 04/06/2020 20:08, Matthew Grove via mailop wrote:


Of course, there is always a remote possibility that some 
misconfiguration on our side is causing us to reclassify your specific 
bounce message. You can compare our /X-MC-User/ header to verify that 
we are not suppressing the address at the user level. If you think 
this might be the case, feel free to reach out to me off-list, and 
we'll troubleshoot the issue.



Can I compare /X-MC-User /to work out if one mailchimp customer (member 
?) has me on loads of lists?  Or if I subscribe from one, whether they 
put me back on another?


Tim
//


--
Tim Bray
Huddersfield, GB
t...@kooky.org

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Atro Tossavainen via mailop]

On Thu, Jun 04, 2020 at 07:48:45AM -0700, Luke wrote:
> I cant tell if this the thing about ESPs not removing bounces is a joke or
> not. All of the major ESPs have logic for adding bad addresses to
> suppression lists. Of course their users can choose to unsuppress, but ESPs
> certainly remove bounces. Seems like most people here should know this.
> Maybe I'm missing something about your comment?

Luke, you're sounding like you've forgotten we know each other IRL,
and the same goes for you and my biz partners Pekka and Catherine.

We timeout new domains for a year or more, in accordance with
https://www.m3aawg.org/documents/en/m3aawg-best-current-practices-for-building-and-operating-a-spamtrap-ver-120

We started out doing this in such a way that the domains didn't have
a way of receiving any email at all (no A and no MX, resulting in the
sending mail server having to tell itself NXDOMAIN), but already for
a long time this is done so that they do have a mail server that is
responding

550 5.1.1 No such user

to every attempt to deliver any email.

I agree that that should result in very little to no ESP mail when such
a domain eventually comes out of timeout, which would result in our not
having a business at all. Not the case.


> 
> On Wed, Jun 3, 2020, 11:30 PM Atro Tossavainen via mailop 
> wrote:
> 
> > > For me, it was noticing how, despite getting 550'd for an extended
> > period of
> > > time, Mailchimp just keeps hammering away at the address, never dropping
> > it
> > > from the list.  That, too, is not the behaviour of a responsible ESP.
> >
> > As I keep saying, we would not have a business at all if any ESPs actually
> > removed bounces. So thank you to everyone who doesn't. If there are
> > entities that do, I don't know which ones they are. :-D
> >
> > Way back when, some people who are also on this list kept complaining
> > that simply keeping domains registered without an A and MX (causing
> > NXDOMAIN for mail delivery) is not a proper bounce, because you (as the
> > sending entity) are somehow not able to trust the results your own
> > servers produce, but have to get third party validation for the fact
> > that an address doesn't exist (which I think is totally bass-ackwards),
> > but anyway, we started 550 5.1.1'ing addresses during the timeout period
> > of new domains we acquire, and still, no change.
> >
> > There is also the issue that anything that Operator X finds out while
> > processing data for Customer X1 cannot apply to Customer X2 because
> > anything to the contrary makes Operator X a DATA CONTROLLER in their
> > own right from the perspective of the GDPR and what did I say about
> > that just a few messages ago?

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Luke via mailop]

This is wonderful. Thanks for the reply.


On Thu, Jun 4, 2020, 6:55 PM Matt Palmer via mailop 
wrote:

> On Thu, Jun 04, 2020 at 06:06:25PM -0700, Luke wrote:
> > > On Thu, Jun 04, 2020 at 07:48:45AM -0700, Luke via mailop wrote:
> > > > I cant tell if this the thing about ESPs not removing bounces is a
> joke
> > > or
> > > > not. All of the major ESPs have logic for adding bad addresses to
> > > > suppression lists.
> > >
> > > [Citation needed]
> > >
> > > Your assertion does not match my data.
>
> [snip URLs]
>
> OK, I walked into that one.
>
> > To be honest, I'm not proud of myself for dignifying this nonsense with a
> > response. I think you should be ashamed of yourself for *pretending* you
> > don't know that ESPs suppress invalid email addresses.
>
> I'm not pretending anything.  I'm extrapolating from data.  You're... I
> don't even know.
>
> > You need to take a deep breath, chill, and reevaluate your approach to
> > defending the world from spam. This is not productive. In fact, it's
> almost
> > like you're gaslighting ESPs and the people who work for them.
>
> There's definitely some gaslighting going on here, but it's not what you
> seem to think it is.  When I see a never-ending stream of 554 responses in
> my logs to delivery attempts from Mailchimp IP addresses, to an e-mail
> address that was only provided to one organisation (and that organisation
> was not, I might add, Mailchimp), and then get told "Mailchimp suppresses
> invalid email addresses"... that's gaslighting right there.  You are
> denying the existence of the evidence sitting right in front of me.
>
> > Pretty remarkable stuff actually.  I hope you come around.
>
> Right back atcha, champ.
>
> - Matt
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Matt Palmer via mailop]

On Thu, Jun 04, 2020 at 06:06:25PM -0700, Luke wrote:
> > On Thu, Jun 04, 2020 at 07:48:45AM -0700, Luke via mailop wrote:
> > > I cant tell if this the thing about ESPs not removing bounces is a joke
> > or
> > > not. All of the major ESPs have logic for adding bad addresses to
> > > suppression lists.
> >
> > [Citation needed]
> >
> > Your assertion does not match my data.

[snip URLs]

OK, I walked into that one.

> To be honest, I'm not proud of myself for dignifying this nonsense with a
> response. I think you should be ashamed of yourself for *pretending* you
> don't know that ESPs suppress invalid email addresses.

I'm not pretending anything.  I'm extrapolating from data.  You're... I
don't even know.

> You need to take a deep breath, chill, and reevaluate your approach to
> defending the world from spam. This is not productive. In fact, it's almost
> like you're gaslighting ESPs and the people who work for them.

There's definitely some gaslighting going on here, but it's not what you
seem to think it is.  When I see a never-ending stream of 554 responses in
my logs to delivery attempts from Mailchimp IP addresses, to an e-mail
address that was only provided to one organisation (and that organisation
was not, I might add, Mailchimp), and then get told "Mailchimp suppresses
invalid email addresses"... that's gaslighting right there.  You are
denying the existence of the evidence sitting right in front of me.

> Pretty remarkable stuff actually.  I hope you come around.

Right back atcha, champ.

- Matt


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Luke via mailop]

SendGrid 

SparkPost


MailChimp 

MailGun


Salesforce


DotDigital



Please name an ESP and I'll add to the list.

To be honest, I'm not proud of myself for dignifying this nonsense with a
response. I think you should be ashamed of yourself for *pretending* you
don't know that ESPs suppress invalid email addresses. This is a mailing
list with people of all kinds of experience levels in this industry. When
lurkers see someone bold enough to post something here, they assume some
level of authority and respect. When someone says something like "ESPs
don't suppress invalid addressed" many people will just assume it is true.
"Who would say something like this on a mailing list if it wasn't true?"
You need to take a deep breath, chill, and reevaluate your approach to
defending the world from spam. This is not productive. In fact, it's almost
like you're gaslighting ESPs and the people who work for them. Pretty
remarkable stuff actually. I hope you come around.

Cheers,
Luke


On Thu, Jun 4, 2020 at 5:30 PM Matt Palmer via mailop 
wrote:

> On Thu, Jun 04, 2020 at 07:48:45AM -0700, Luke via mailop wrote:
> > I cant tell if this the thing about ESPs not removing bounces is a joke
> or
> > not. All of the major ESPs have logic for adding bad addresses to
> > suppression lists.
>
> [Citation needed]
>
> Your assertion does not match my data.
>
> - Matt
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Matt Palmer via mailop]

On Thu, Jun 04, 2020 at 07:48:45AM -0700, Luke via mailop wrote:
> I cant tell if this the thing about ESPs not removing bounces is a joke or
> not. All of the major ESPs have logic for adding bad addresses to
> suppression lists.

[Citation needed]

Your assertion does not match my data.

- Matt


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Matt Palmer via mailop]

On Thu, Jun 04, 2020 at 03:08:47PM -0400, Matthew Grove via mailop wrote:
> Just to clarify, Mailchimp does remove addresses from specific lists when
> we receive a hard bounce. Atro is correct; we do not suppress hard bounced
> addresses globally across all of our users for a number of reasons. Each
> user's list is self contained in that respect.

And yet, I 554'd all of Mailchimp's address space for, oh, probably the
better part of a year, at least, yet when I pulled it out of the swamp
because of one e-mail I wanted to receive, all the same "newsletters" I'd
been receiving before, which I'd never signed up for in the first place,
started flooding in again.

- Matt


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Matthew Grove via mailop]

Hi,

Just to clarify, Mailchimp does remove addresses from specific lists when
we receive a hard bounce. Atro is correct; we do not suppress hard bounced
addresses globally across all of our users for a number of reasons. Each
user's list is self contained in that respect.

In the past, allowing each user to bounce an address independently has
caused some receivers to believe that we are not responding to hard bounces
at all. That's not true, but I definitely understand where the perception
is coming from.

Of course, there is always a remote possibility that some misconfiguration
on our side is causing us to reclassify your specific bounce message. You
can compare our *X-MC-User* header to verify that we are not suppressing
the address at the user level. If you think this might be the case, feel
free to reach out to me off-list, and we'll troubleshoot the issue.

Then again, if you are looking for global suppression, you can reach out to
our abuse team to see if that can be arranged.


Cool,
Matthew
delivery.mailchimp.com


On Thu, Jun 4, 2020 at 11:13 AM Luke via mailop  wrote:

> I cant tell if this the thing about ESPs not removing bounces is a joke or
> not. All of the major ESPs have logic for adding bad addresses to
> suppression lists. Of course their users can choose to unsuppress, but ESPs
> certainly remove bounces. Seems like most people here should know this.
> Maybe I'm missing something about your comment?
>
> On Wed, Jun 3, 2020, 11:30 PM Atro Tossavainen via mailop <
> mailop@mailop.org> wrote:
>
>> > For me, it was noticing how, despite getting 550'd for an extended
>> period of
>> > time, Mailchimp just keeps hammering away at the address, never
>> dropping it
>> > from the list.  That, too, is not the behaviour of a responsible ESP.
>>
>> As I keep saying, we would not have a business at all if any ESPs actually
>> removed bounces. So thank you to everyone who doesn't. If there are
>> entities that do, I don't know which ones they are. :-D
>>
>> Way back when, some people who are also on this list kept complaining
>> that simply keeping domains registered without an A and MX (causing
>> NXDOMAIN for mail delivery) is not a proper bounce, because you (as the
>> sending entity) are somehow not able to trust the results your own
>> servers produce, but have to get third party validation for the fact
>> that an address doesn't exist (which I think is totally bass-ackwards),
>> but anyway, we started 550 5.1.1'ing addresses during the timeout period
>> of new domains we acquire, and still, no change.
>>
>> There is also the issue that anything that Operator X finds out while
>> processing data for Customer X1 cannot apply to Customer X2 because
>> anything to the contrary makes Operator X a DATA CONTROLLER in their
>> own right from the perspective of the GDPR and what did I say about
>> that just a few messages ago?
>>
>> --
>> Atro Tossavainen, Founder, Partner
>> Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
>> Tallinn, Estonia
>> tel. +372-5883-4269, http://www.koliloks.eu/
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Andrew Wingle via mailop]

https://en.wikipedia.org/wiki/Evil_bit

Also
>In general, it's in the interest of Spammers to provide *any* clues they can 
>that certain messages they send are more likely to be legitimate

FTFY

-Andrew 

-Original Message-
From: mailop  On Behalf Of Robert L Mathews via 
mailop
Sent: Thursday, June 04, 2020 1:44 PM
To: mailop@mailop.org
Subject: Re: [mailop] Force double opt in for marketing list companies per 
email address

On 6/4/20 9:10 AM, Laura Atkins via mailop wrote:
> What is your mechanism for that trust? If the answer is “someone will 
> figure it out” then there’s no point in even suggesting such a header.

Well, I would disagree with that, actually. Much of this is automated on the 
recipient end at large receivers, and if it so happens that messages from a 
certain large ESP that contain a certain header are only half as likely to be 
manually flagged as spam as other messages from that ESP, that would be likely 
to show up in a bayesian/AI classification system.

In general, it's in the interest of senders to provide *any* clues they can 
that certain messages they send are more likely to be legitimate. It doesn't 
need to be a header; a large ESP signing COI messages with a different DKIM 
selector would be a similar clue that could be used.
Differentiation of mail stream types helps everyone.

Even on the human side, it seems people spend vast amounts of time looking for 
clues about mail they can use to filter it -- I've seen people trying to guess 
whether certain ESP mail is COI or not based on the sending IP address ranges. 
If people are willing to do things like that, I think they'd be willing to use 
any other clues reputable senders provide.

But I may be wrong.


>I will also say there is such a thing as spam to a COI address.

Yes, definitely. Doing such a thing would be unhelpful to the sender, because 
it would make systems trust the "clue" from that sender less than they 
otherwise would.

--
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Robert L Mathews via mailop]

On 6/4/20 9:10 AM, Laura Atkins via mailop wrote:
> What is your mechanism for that trust? If the answer is “someone will
> figure it out” then there’s no point in even suggesting such a header.

Well, I would disagree with that, actually. Much of this is automated on
the recipient end at large receivers, and if it so happens that messages
from a certain large ESP that contain a certain header are only half as
likely to be manually flagged as spam as other messages from that ESP,
that would be likely to show up in a bayesian/AI classification system.

In general, it's in the interest of senders to provide *any* clues they
can that certain messages they send are more likely to be legitimate. It
doesn't need to be a header; a large ESP signing COI messages with a
different DKIM selector would be a similar clue that could be used.
Differentiation of mail stream types helps everyone.

Even on the human side, it seems people spend vast amounts of time
looking for clues about mail they can use to filter it -- I've seen
people trying to guess whether certain ESP mail is COI or not based on
the sending IP address ranges. If people are willing to do things like
that, I think they'd be willing to use any other clues reputable senders
provide.

But I may be wrong.


>I will also say there is such a thing as spam to a COI address.

Yes, definitely. Doing such a thing would be unhelpful to the sender,
because it would make systems trust the "clue" from that sender less
than they otherwise would.

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Laura Atkins via mailop]

> On 4 Jun 2020, at 16:55, Robert L Mathews via mailop  
> wrote:
> 
> On 6/4/20 2:50 AM, Laura Atkins via mailop wrote:
>> You do know that spammers run ESPs and consider themselves reputable,
>> yes? How useful will the header be when they start putting it in even
>> when the mail isn’t confirmed? 
> 
> My point was that if a large ESP started doing this, *and* the ESP did
> it reliably and honestly, *and* receiving entities noticed and believed
> that the ESP did it reliably and honestly, then a receiving entity could
> decide to start weighting that header positively for mail from that ESP.
> 
> I wasn't suggesting that anyone would trust such a header without strong
> evidence that a particular ESP was doing it reliably and honestly.

What is your mechanism for that trust? If the answer is “someone will figure it 
out” then there’s no point in even suggesting such a header. No one will bother 
implementing such a header until there’s a mechanism and no one is going to 
spend their time figuring out how to make your suggestion work. 

I will also say there is such a thing as spam to a COI address. Like, I 
confirmed my subscription to one retailers list and they start mailing me 
advertising for a different brand of theirs (has happened). Or I confirm my 
subscription to one company and they go out of business and sell off their COI 
list to the highest bidder (has happened). Or I confirm my address for one type 
of email and the brand decides to expand their marketing and send me mail for a 
completely different thing (has happened). Or I confirm my address and then 
unsubscribe but the company changes ESPs and forgets to take their unsub list 
with them. 

The underlying issue is unless what you’re proposing can address those very 
normal and common cases, there’s no point in the header itself.

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: https://wordtothewise.com/blog 







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Robert L Mathews via mailop]

On 6/4/20 2:50 AM, Laura Atkins via mailop wrote:
> You do know that spammers run ESPs and consider themselves reputable,
> yes? How useful will the header be when they start putting it in even
> when the mail isn’t confirmed? 

My point was that if a large ESP started doing this, *and* the ESP did
it reliably and honestly, *and* receiving entities noticed and believed
that the ESP did it reliably and honestly, then a receiving entity could
decide to start weighting that header positively for mail from that ESP.

I wasn't suggesting that anyone would trust such a header without strong
evidence that a particular ESP was doing it reliably and honestly.

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Luke via mailop]

I cant tell if this the thing about ESPs not removing bounces is a joke or
not. All of the major ESPs have logic for adding bad addresses to
suppression lists. Of course their users can choose to unsuppress, but ESPs
certainly remove bounces. Seems like most people here should know this.
Maybe I'm missing something about your comment?

On Wed, Jun 3, 2020, 11:30 PM Atro Tossavainen via mailop 
wrote:

> > For me, it was noticing how, despite getting 550'd for an extended
> period of
> > time, Mailchimp just keeps hammering away at the address, never dropping
> it
> > from the list.  That, too, is not the behaviour of a responsible ESP.
>
> As I keep saying, we would not have a business at all if any ESPs actually
> removed bounces. So thank you to everyone who doesn't. If there are
> entities that do, I don't know which ones they are. :-D
>
> Way back when, some people who are also on this list kept complaining
> that simply keeping domains registered without an A and MX (causing
> NXDOMAIN for mail delivery) is not a proper bounce, because you (as the
> sending entity) are somehow not able to trust the results your own
> servers produce, but have to get third party validation for the fact
> that an address doesn't exist (which I think is totally bass-ackwards),
> but anyway, we started 550 5.1.1'ing addresses during the timeout period
> of new domains we acquire, and still, no change.
>
> There is also the issue that anything that Operator X finds out while
> processing data for Customer X1 cannot apply to Customer X2 because
> anything to the contrary makes Operator X a DATA CONTROLLER in their
> own right from the perspective of the GDPR and what did I say about
> that just a few messages ago?
>
> --
> Atro Tossavainen, Founder, Partner
> Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
> Tallinn, Estonia
> tel. +372-5883-4269, http://www.koliloks.eu/
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Laura Atkins via mailop]

> On 3 Jun 2020, at 16:59, Robert L Mathews via mailop  
> wrote:
> 
> On 6/2/20 6:35 AM, Tim Bray via mailop wrote:
>> Is there way I could force my email address to be double opt in?
>> Like register with you, confirm my address, and then any of your
>> customers who try to add me, I get a `please confirm` email.
> 
> If large ESPs who consider themselves reputable added a consistent
> header saying whether the subscription had been confirmed ("double opt
> in"), that could be used in combination with DKIM source verification to
> provide positive and negative filtering.

You do know that spammers run ESPs and consider themselves reputable, yes? How 
useful will the header be when they start putting it in even when the mail 
isn’t confirmed? 

> Then Mailchimp and their customers could decide for themselves whether
> the improved inbox placement is worth the claimed hassle of double-opt-in.

Do you have evidence of the improved inbox placement? 

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: https://wordtothewise.com/blog 







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Atro Tossavainen via mailop]

> For me, it was noticing how, despite getting 550'd for an extended period of
> time, Mailchimp just keeps hammering away at the address, never dropping it
> from the list.  That, too, is not the behaviour of a responsible ESP.

As I keep saying, we would not have a business at all if any ESPs actually
removed bounces. So thank you to everyone who doesn't. If there are
entities that do, I don't know which ones they are. :-D

Way back when, some people who are also on this list kept complaining
that simply keeping domains registered without an A and MX (causing
NXDOMAIN for mail delivery) is not a proper bounce, because you (as the
sending entity) are somehow not able to trust the results your own
servers produce, but have to get third party validation for the fact
that an address doesn't exist (which I think is totally bass-ackwards),
but anyway, we started 550 5.1.1'ing addresses during the timeout period
of new domains we acquire, and still, no change.

There is also the issue that anything that Operator X finds out while
processing data for Customer X1 cannot apply to Customer X2 because
anything to the contrary makes Operator X a DATA CONTROLLER in their
own right from the perspective of the GDPR and what did I say about
that just a few messages ago?

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Matt Palmer via mailop]

On Wed, Jun 03, 2020 at 12:38:31PM -0400, Bill Cole via mailop wrote:
> On 2 Jun 2020, at 16:52, Oreva Akpolo via mailop wrote:
> > I'm Oreva, a Deliverability Engineer at Mailchimp. There currently isn't
> > a
> > system to force double opt-in on recipients per email address. What we
> > can
> > recommend is to set up filters or folders, so that you're only seeing
> > mail
> > from users you've actively subscribed to in your inbox.
> 
> It certainly helps bolster my existing practices of rejecting Mailchimp mail
> by default, accepting it only for addresses whose owners have chosen to
> whitelist that particular mail.

For me, it was noticing how, despite getting 550'd for an extended period of
time, Mailchimp just keeps hammering away at the address, never dropping it
from the list.  That, too, is not the behaviour of a responsible ESP.

- Matt


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Robert L Mathews via mailop]

On 6/3/20 10:46 AM, Jay Hennigan via mailop wrote:
> One problem is that spammers lie. If someone comes to an ESP and claims
> that their list is 100% COI, the ESP either has to trust them or the ESP
> needs to reconfirm.

Right; in such a case, I would expect the ESP to *not* mark it as
confirmed in such a case, because it's their reputation on the line.

The ESP's goal would be to get ISPs to trust their setting of the flag
enough to whitelist it, so it's in the ESP's interest to set it only if
they did the confirmation themselves or are otherwise somehow 100% sure.

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Jay Hennigan via mailop]

On 6/3/20 08:59, Robert L Mathews via mailop wrote:


If large ESPs who consider themselves reputable added a consistent
header saying whether the subscription had been confirmed ("double opt
in"), that could be used in combination with DKIM source verification to
provide positive and negative filtering.

For example, if Mailchimp added "Subscription-Confirmed: Yes" or
"Subscription-Confirmed: No" to each DKIM-signed message they sent, and
I as an ISP believed they were doing that accurately, I could reward
confirmed mail from Mailchimp by whitelisting it. (And penalize
unconfirmed mail if the user wished it.)


One problem is that spammers lie. If someone comes to an ESP and claims 
that their list is 100% COI, the ESP either has to trust them or the ESP 
needs to reconfirm. Nobody wants to reconfirm as it will reduce the size 
of the list. Same issue if moving from one ESP to another.


If the ESP chooses to trust the customer and the customer is lying (or 
clueless, "There are two boxes for email address on the sign-up form and 
they need to match just like a password, so it's confirmed!") then that 
ESP's mail including spam gets tagged incorrectly as COI.



Then Mailchimp and their customers could decide for themselves whether
the improved inbox placement is worth the claimed hassle of double-opt-in.


A compromise could be in the first few messages sent from a new ESP to 
have two links: "Click here if this is a list that you want to continue 
receiving" and "Click here if you never subscribed to this list and want 
to be removed."


Those clicking the first get moved to the COI category. Those clicking 
the second get unsubscribed and if there is a critical percentage a 
reputable ESP will fire the customer or require 100% reconfirmation. 
Those who do neither stay subscribed without the COI tag.


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Bill Cole via mailop]

On 2 Jun 2020, at 16:52, Oreva Akpolo via mailop wrote:


Hey Tom,

I'm Oreva, a Deliverability Engineer at Mailchimp. There currently 
isn't a
system to force double opt-in on recipients per email address. What we 
can
recommend is to set up filters or folders, so that you're only seeing 
mail

from users you've actively subscribed to in your inbox.

I hope that helps.


It certainly helps bolster my existing practices of rejecting Mailchimp 
mail by default, accepting it only for addresses whose owners have 
chosen to whitelist that particular mail.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Robert L Mathews via mailop]

On 6/2/20 6:35 AM, Tim Bray via mailop wrote:
> Is there way I could force my email address to be double opt in?
> Like register with you, confirm my address, and then any of your
> customers who try to add me, I get a `please confirm` email.

If large ESPs who consider themselves reputable added a consistent
header saying whether the subscription had been confirmed ("double opt
in"), that could be used in combination with DKIM source verification to
provide positive and negative filtering.

For example, if Mailchimp added "Subscription-Confirmed: Yes" or
"Subscription-Confirmed: No" to each DKIM-signed message they sent, and
I as an ISP believed they were doing that accurately, I could reward
confirmed mail from Mailchimp by whitelisting it. (And penalize
unconfirmed mail if the user wished it.)

Then Mailchimp and their customers could decide for themselves whether
the improved inbox placement is worth the claimed hassle of double-opt-in.

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Ángel via mailop]

On 2020-06-02 at 22:58 +0100, Tim Bray via mailop wrote:
> 
> I don't really believe I've been sat in people's dormant lists  (at an
> email service provider) for years and years.   I think it is fresh
> lists extracted from CRMs and webstores, but maybe several years of
> old data.  And maybe people sharing lists with their mates or when
> sales people move companies.
> 
> (if you pay by paypal, then pretty much the merchant gets your email
> address whatever)

> I've put a subject access request into mailchimp, so I'll see what
> comes back.  I guess depends whether mailchimp think they are governed
> by GDPR or not.


I was going to suggest GDPR. IANAL, but I think they would need to have
proper evidence for processing of your data.*
Maybe one company has really been doing its homework for so long, and
can provide that you signed up on a web form at  on 15th February
1997 11:47 am, with name "Nadine" and checkbox "Feel free to spam me
whenever you want" checked.

Actually, I would doubt that the consent of (most) marketing lists
gathered prior of GDPR would pass (did they really inform you back them
of everything your are now entitled to?). In fact, even for later ones,
they are probably still not getting properly the consent for processing.

(user consent is not the only legal path for processing your
information, but it's certainly the easiest one. Sending an invoice
could easily fit as 'legitimate interest' but adding you to a marketing
list wouldn't)



* I'm not sure if mailchimp would qualify here as the processor or not.
Anyway, I think you should be able to reach them with your request, and
they should be liable to get that information from their customer.
Of course, should the customer not timely produce such information, they
should be booted from the platform with no further questions needed.


Best regards



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Tim Bray via mailop]

On 02/06/2020 21:52, Oreva Akpolo via mailop wrote:

Hey Tom,

I'm Oreva, a Deliverability Engineer at Mailchimp. There currently 
isn't a system to force double opt-in on recipients per email address. 
What we can recommend is to set up filters or folders, so that you're 
only seeing mail from users you've actively subscribed to in your inbox.




Maybe you could put the senders name in the Return-Path?

To make filtering easier? Where I want to block an account where I might 
be on multiple lists at the same account?


Suppose I could just extract from the first bit of the url in the 
List-Unsubscribe ??


List-Unsubscribe: 

Re: [mailop] Force double opt in for marketing list companies per email address

[Michael Peddemors via mailop]

HOLD THE PHONE!!

Do we hear a ESP actually recommending that all their email gets sent to 
a junk folder .. hehehe..


But again, the best way for an email to support what you are suggesting, 
is if you are transparent in the MAIL FROM, so that 'Allow Sender I am 
subscribed to' would actually work in all cases ..


On 2020-06-02 1:52 p.m., Oreva Akpolo via mailop wrote:

Hey Tom,

I'm Oreva, a Deliverability Engineer at Mailchimp. There currently isn't 
a system to force double opt-in on recipients per email address. What we 
can recommend is to set up filters or folders, so that you're only 
seeing mail from users you've actively subscribed to in your inbox.


I hope that helps.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Graeme Fowler via mailop]

On 2 Jun 2020, at 21:52, Oreva Akpolo via mailop  wrote:
> 
> I'm Oreva, a Deliverability Engineer at Mailchimp. There currently isn't a 
> system to force double opt-in on recipients per email address. What we can 
> recommend is to set up filters or folders, so that you're only seeing mail 
> from users you've actively subscribed to in your inbox. 

Is this where we say “Oh, mate”?

The average email recipient can’t spell scalability, and they sure as hell 
don’t understand it. What they sometimes understand is “why is all this crap I 
never subscribed to in my Inbox?”.

Are you really suggesting, as a representative of MailChimp, that you expect 
recipients to manage unwieldy and ever-growing allow- and deny-lists?

Graeme
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Force double opt in for marketing list companies per email address

[Oreva Akpolo via mailop]

Hey Tom,

I'm Oreva, a Deliverability Engineer at Mailchimp. There currently isn't a
system to force double opt-in on recipients per email address. What we can
recommend is to set up filters or folders, so that you're only seeing mail
from users you've actively subscribed to in your inbox.

I hope that helps.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Force double opt in for marketing list companies per email address

[Stuart Henderson via mailop]

On 2020/06/02 14:35, Tim Bray via mailop wrote:
> My question to mailchimp et al:
> 
> Is there way I could force my email address to be double opt in? Like
> register with you, confirm my address, and then any of your customers who
> try to add me, I get a `please confirm` email.

This, but without the "have to register" bit ...


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Force double opt in for marketing list companies per email address

[Tim Bray via mailop]

Hi,

So seems to be spam/ham day today.  I've just done 6 unsubscribes.  Orgs 
I have never heard of, or maybe an organization I once bought something 
from 10 years ago (or their sister company)


I think people are trying to kick start their businesses in the UK by 
digging out all their old email address lists from ancient CRM systems 
and webstores.  I'm pretty sure they aren't lists I've been on for years.


I think my email address also been passed around a bit.

And I've had the same corporate email address for 18 years now. :(


My question to mailchimp et al:

Is there way I could force my email address to be double opt in? 
Like register with you, confirm my address, and then any of your 
customers who try to add me, I get a `please confirm` email.


And then later, anybody who tries to add me to a list, then I can

I get loads of useful mail from mailchimp too, so I don't want to 
globally do a mass block.


(sorry mailchimp, you are like the best mailinglist people, so more 
comes from you)



--
Tim Bray
Huddersfield, GB
t...@kooky.org


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop