B2B & Corporate Email Filters ◦ Microsoft ◦ Cloudmark ◦ Postini ◦ SpamAssassin Measuring Reputation List Hygiene Bounce Management IP & Domain Authentication Whitelisting & Feedback Loops Key Points to Remember Helpful Links Data Metrics
Microsoft Forefront for Exchange Server9 levels of filtering (in order):1. Connection Filtering2. Sender Filtering3. Recipient Filtering4. Sender ID5. Content Filtering6. Sender Reputation7. Attachment Filtering8. Microsoft Forefront Protection (Antivirus package level)9. Outlook Junk Email Filtering
Cloudmark controls over 750,000 email boxes Some of the ISPs that rely on Cloudmark include: 163.com Cablevision Comcast Shaw.com Swisscom Millions of users all over the world feed Cloudmark’s fingerprinting engine by voting on an email “spamminess”. Once identified as spam a fingerprint is created and stored to match future emails Small changes to an email will NOT be enough to slip by filters According to Cloudmark, spammers are becoming crafty and are starting to model delivery after regular senders by sending smaller batches and modulating their connection rates and lengths.
Online based spam filtering application owned by Google with more than 26 million users. Global filter and User filter Has whitelist and blacklist Used by many B2B domains and corporations
Device used to detect and block spam Big on blocking due to spam traps, user complaints (from their network), and content. The Barracuda Networks spam firewall use a digital Finger Print, built from the messages received by their spam trap network to classify spam regardless of the contents. Messages with the same images become easy to detect as all of these will have the same finger print and thus be easy to detect and filter. This is especially common in legitimate email traffic as the sender is not modifying the content or appearance of the image for each message (or group of messages), this is a common tactic used by spammers.
Open source spam filter Right out of the box configuration for many domains. Can be customized with many different rule sets and “scores” Example: ◦ Word = Orange (5 points) ◦ Anything over 4 points, don’t allow into network
Return Path SenderScore ◦ Score from 0-100 that measures your overall reputation. This data is pulled from many different sources. ◦ https://senderscore.org/ Cisco SenderBase ◦ Online reputation by IP or domain. ◦ http://www.senderbase.org/senderbase_queries/rep_loo kup McAfee TrustedSource ◦ Reputation check for the McAfee network. Can check IP or domain. ◦ http://www.trustedsource.org/en/feedback/checking
List hygiene ◦ Immediately remove invalid mailboxes ◦ Set up a soft bounce plan that works for your brand. List scrubbing ◦ Services that check for valid domains, emails, and possible known spam traps. ◦ May help cut out many of the bad email addresses and spam traps you would send to. Spam traps ◦ Spam Traps are real email addresses. ◦ Often ISPs will take over abandoned email addresses and turn those into spam traps. Set up and monitored by blacklists.
A hard bounce is a permanent email delivery failure. Some reasons for a hard bounce would be sending to a mailbox that doesn’t exist (bad mailbox) or a domain that doesn’t exist (bad domain). A soft bounce is a temporary email delivery failure. Soft bounces can be caused by sending to a mailbox that’s full or having an ISP temporarily block emails being delivered from your IP due to reputation issues. Maintain a bounce rate of less than 10 percent, as recommended by most major ISPs.The lower the number of hard bounces you receive, the better your reputation. Don’t retry sending to “soft bounce” addresses too soon. Don’t retry sending to “soft bounce” addresses too often.
SPF Compliant SenderID Record ◦ IP based authentication ◦ Email authentication methods used to prevent spam and spoofing by validating that the sending IP address is authorized to send mail for the sending domain. SPF checks are performed on the (sub)domain found in the Return-Path (Envelope From) email header, while Sender ID checks are performed on the From, Sender, Resent-From, and Resent-Sender email headers. ◦ v=spf1 ip4:126.96.36.199 -all DKIM ◦ Builds your domain reputation. ◦ Creates a portable reputation ◦ Protects your brand against phishing and spoofing. ◦ DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=gamma; h=mime-version:x-notifications:date:message- id:subject:from:to :content-type; bh=kV8k7QXhM6nPbY7LCyVktE57+gZQVtUnDef2dnvDgmk=; b=NvEKD8r8DBlkdAJ0PTFK1wSzzANB3xCZfE7HMBMloJvbn2viM8VQ7OaG6 uRv5397Ti FMqlRut+qZrosjSgljl6eZU6oJj/HMqIuwlqP8RXzvZ6HDWfxx2ujRayJd/1q+xU 8S9P tSGjuCh1B8C3z31hpbvORNRUIsdYLBX7M8f6A=
Provider / ISP Name Offer Whitelisting Offer Feedback LoopAOL Yes YesBlueTie (Excite) No YesComcast No YesCox No YesEarthlink No YesFastmail No YesHotmail No YesOpenSRS No YesRackspace No YesRoadRunner No YesSynacor No YesUnited Yes YesUSA.net No YesVerizon Yes YesYahoo Yes Yes
Rate limits ◦ Many B2B domains have connection and rate limits to their network to slow down the amount of emails they receive. ◦ Key is to send as slow as possible as many of these domains do not publish rate limits. Content ◦ Even for B2B senders, content is key. ◦ Filters still look at content, including many B2B filters. Add To Address Book Statement Local whitelisting Monitor Mailboxes ◦ abuse@, privacy@ and postmaster@ email addresses and respond to serious inquiries. “The Insider” ◦ As I call them! Users who work at the domain you are contacting that can help get your sending information whitelisted.
User Engagement - Recipient behavior is what the recipient does with the mail once it is delivered. If the recipient clicks on the abuse button or deletes the message without ever reading the message this will negatively impact future mailings. Opens/clicks and moving mail from the bulk folder to the inbox provide the best impact towards improving IP reputation IP Reputation – Monitoring IP reputation from various sources will provide an overall view of how you look to the rest of the Internet. This includes SenderScore, TrustedSource, SenderBase and others. Ramp up – For large clients we recommend ramping up volume until the full list is reached. Because of mailbots (mail zombies ) the ISPs are looking at sudden spikes of volume from new or existing IP addresses. Data Protection – Always make sure that your subscriber’s data is kept safe and secure.
Corporate Blacklists and Spam Filters Fortiguard Antispam from Fortinet - http://www.fortiguard.com/antispam/antispam.html Sophoslabs - http://www.sophos.com/security/ip-lookup Symantec Brightmail - http://www.symantec.com/business/security_response/landing/spam/index.jsp Cisco IronPort SenderBase - http://www.senderbase.org/ Barracuda - http://www.barracudacentral.org/lookups/ip-reputation McAfee TrustedSource - http://www.trustedsource.org/ Proofpoint - https://support.proofpoint.com/rbl-lookup.cgiPostmaster Links: Yahoo - http://help.yahoo.com/l/us/yahoo/mail/postmaster Gmail - https://mail.google.com/support/bin/answer.py?answer=81126 Hotmail - https://postmaster.live.com/ AOL - http://postmaster.info.aol.com/Deliverability Links: Deliverability.com Blog – http://blog.deliverability.com Cloudmark Blog - http://blog.cloudmark.com/ Gmail Status Dashboard - http://www.google.com/appsstatus#hl=en Email Marketing Reports - http://www.email-marketing- reports.com/deliverability/ ReturnPath Deliverability Blog - http://www.returnpath.net/blog/emaildeliverability/ Real Magnet Blog - http://blog.realmagnet.com/ Authentication & Spam Check Test - http://www.port25.com/corporate/corp_news_authenticator.html
1 spam trap can cause your SenderScore to drop 20 points Yahoo accepts only 1 out of 8 emails 47% of subscribers use the "spam" button to unsubscribe 77% of marketers experience emails being diverted to the spam folder Many URL shorteners are on blacklists. Don’t use them!