EP #20 Discussing Spam Emails and Blocklists in 2021

EP #20 Discussing Spam Emails and Blocklists in 2021

About this Podcast

If you have been an email marketer, you’ve used Spamhaus to check your sending domains and IPs. That is what we are talking about in the first podcast of 2021, we are hosting a special guest, Matthew Stith from Spamhaus, to know how blocklists work and what goes into building such lists.

Matthew Vernhout and Matthew Stith discuss varied perspectives on spam traps, sender evaluation, best practices to avoid a spam trap, and much more in this highly insightful session. Listen to the podcast now and learn what the leading email industry experts say.

They discuss

  • What are the important lists that people use to evaluate senders from the mailbox service provider perspective?
  • Definition of what’s consent-based and illegal emails.
  • Can you follow best practices and still be listed in a blocklist?
  • You got listed on Spamhaus. How do you fix that?
  • What’s your opinion on validation services?
  • Is spam trap classification useful?
  • Can you reach out to Spamhaus and ask for assistance for basic health checks on their domains?
  • What is Spamhaus predicting about email and blocklisting in 2021?
  • A message for marketers in 2021
Episode Transcripts

[00:00:37] Matthew Vernhout: Hello, and welcome to another edition of, ForTheLoveOfEmails podcast. This will be an action-packed series coming to you monthly, starting with our first episode of 2021 and our special guest this month is Matt Stith of the Spamhaus. Matt, welcome to the show.

[00:00:59] Matthew Stith: Thank you for having me, man. I appreciate it.

[00:01:01] Matthew Vernhout: As always, I will be your host Matthew Vernhout, the vice-president of deliverability with Netcore solutions. Today’s episode is brought to you by grademyemail.co Netcore’s newest community-based email offering toolset for marketers. We offer tools to help you get your authentication set up, get your BIMI records set up.

[00:01:22] Check your domain for block listing and make sure that you have a good chance of getting your messages to the inbox. Head on over to grademyemail.co to check it out. Now I’m going to jump right in and ask you the same question I start all my podcasts with. Give me a bit of background on who you are and what the Spamhaus does.

[00:01:41] Matthew Stith: All right. Well, so, Matt I’ve been doing anti-abuse work with email and all sorts of other things be it malware, web servers, your old dedicated servers, and whatnot for, 15 years or so. And most of that time has been, what was it – Rackspace hosting. And when I started there, I was just a low-level support person bringing new customers on.

[00:02:03] And then I became one of the postmasters for Rackspace’s email. And was learning so much about abuse and spam and what people were doing on the internet to take advantage of systems or take advantage of individuals. I then moved on to Rackspace’s overall acceptable use policy team, or some people call them the trust and safety or anti-abuse team.

[00:02:26] And with those teams, more or less, I learned how the hosting world worked and how there was so much abuse all over the place that it is difficult to be able to track and be able to figure out all sorts of things about, and, I did that for 11 years. No, well, no 10 years at Rackspace and just four years ago I came to be at Spamhaus and I have picked up this role as industry liaison, which more or less is a fancy European way of just saying industry relations. But that’s who I am. That’s what I do. And what Spamhaus does is of course we publish reputational data for IPs.

[00:03:14] We’ve been Oh, Brown Ford. Oh. While this thing is cut out, that’s gone. You still can’t. Can you hear me? I got you. Okay, that’s weird. So Spamhaus we, they have these reputational lists and it’s more or less how we’re seeing the IPs and domains on the internet and being able to run through many heuristics about these and many rules and just patterns that we’re seeing with these IPs and domains.

[00:03:44] And based off on that, assigning some type of score or some type of weight to them. So we can assign them if they’re going to be listed on one of our lists, we’re not listed on one of our lists. So, that’s the ins and outs of where kind of Spamhaus, Is and what it does. So, we’ve been around for, for two decades, a little bit over two decades now.

[00:04:06] And we like to think of ourselves as one of the leaders in the industry. And we also have a big focus on making sure that we are effective parts of the community as well. And that’s one thing that you, you see that a lot of people don’t get when they think about Spamhaus, they’re just like, well, they just block email.

[00:04:24] We don’t block email. We just provide this reputation, but we also want to help people fix their problems.

[00:04:31] Matthew Vernhout: I would second that I’ve known the Spamhaus team for a long time, various members over the years, having myself been an email North of two decades now. So, I would say, yeah, the team’s been great to work with over the years.

[00:04:42] What’s, especially once they get to know you, they’re a little more interested in helping you. And I would say they’ve, they’ve evolved over the last few decades. Whereas, 20 years ago it was, who are you? Why are you contacting me to begin now being more? Here are the things that you should change to get better behavior and perform better if you will.

[00:05:00] So that’s a great evolution. Now you mentioned that there are several different lists. And I think, you and I were chatting and, and preparing for this and we’ll probably cross the almost a dozen different lists, but there’s, there’s a few really important ones, I think, as opposed to some of the more obscure can you just give us a little bit of background on maybe those in important lists that maybe people use on a day-to-day basis for evaluation of senders and the evaluation of, should they deliver this message at all or put it in the spam folder or whatever evaluation criteria they end up with?

[00:05:34] Matthew Stith: Sure. Absolutely. So, the big thing, the big one that we want to talk about first is the one that made us who we are today, which is the Spamhaus block list. That’s the one where you have your, we send notifications to all of the networks out there. They get listed on there and we published the dirty laundry out there to say that this was the problem that they were having and just be able to give them all of that information.

[00:06:00] So. it’s that’s the list that when you’re on it you want to get off it immediately right away. Because it’s public, all sorts of stuff are out there. That’s, more or less saying, these are the problems that you’re having. And then we have other lists out there the exploits block list, which is compromised machines that are, running into problems that have maybe malware on it or sending as, as part of a botnet or distributing botnet software and then lastly, we’re talking about right now, IP data sets in the last one with the IP datasets is our PBL, which is the policy block list.

[00:06:37] And this is something where we partnered with a bunch of networks out there and we allowed them to manage their own IP space to be able to list it, to say that these IPs should never be sending mail. Think about it in terms of things like a Comcast or Cox, for example, where you have a bunch of residential IPS, and those are technically not supposed to be connecting directly to port 25 and sending out mail.

[00:07:02] So we have a bunch of ISP or hosting providers that can publish their things on that list. Of course, we publish our stuff as well, but that’s a unique thing about that list. And one way that, we’re trying to help the community be able to manage their stuff.

[00:07:21]And also it helps them distribute places where they should not be sending mail. So they’re able to get all of this stuff listed out there. So that’s kind of, what, what we would be talking about in terms of our IP data sets, then you would look into our domain stuff. So we have the DBL, which is the domain block list, which has all sorts of little categories within it.

[00:07:40] But essentially what it’s looking at are things that have a bad reputation. Things that we’ve identified as phishing malware or, or something that’s associated with a botnet. And we, we categorized, based on how we’re able to assign it. Sometimes something could be both phishing and malware, but usually whatever we see first is the one that wins.

[00:08:00]And that’s kind of how that looks. Talking about here is the zero reputation domain. And these are known domains that we haven’t seen before. And so it doesn’t mean that it’s just something that wasn’t registered. It may be something that didn’t have any air records.

[00:08:19] It was just sitting there dormant. Parked. And then all of a sudden had records, had Amex records and we listed on there and that’s something that we list for 24 hours. And then that’s, that’s in essence, those two domain datasets. And last but not least is one that we came out with last year and it’s what we call a hash block list.

[00:08:41] So essentially we’re able to use elements within emails. Be it a Bitcoin wallet, be it a return address maybe even somebody’s sender ID. Now, these are, we have multiple ideas on multiple things that we can do with this hash stuff. But at the end of the day, it’s more or less so people can apply our threat intelligence.

[00:09:02] To the content of their messages and it will help things, especially senders to say, what, if you had somebody that was on your network, sending out a bunch of sextortion emails with this specific Bitcoin wallet, if you’re able to check against our threat intelligence against that, you’d be able to see that it’s something bad.

[00:09:20] Now, there are a bunch of them, there are a few, blocklists out there that are doing this today. And, it’s very effective and also helps against the. Let’s say unlockables of the world, like your Gmail and yahoos that you can’t outright block them because there’s a bunch of legitimate traffic that you don’t want to end up blocking.

[00:09:38] So, that’s kind of the big 500,000-foot overview of a, of our block list.

[00:09:46] Matthew Vernhout: No, that’s great. I think you know because there’s such a wide variety of the blocklists that you offer, right it’s hard to say there’s one best practice that people should do to avoid anything any individual one of those things.

[00:09:59]But from like an overall sort of the point of view, I know that the Spamhaus has published several sorts of like what we define this spam type activity, but, can you just for the audience give a quick rundown of like the definition that you would say, because I think a lot of people have different opinions and, and having worked with a wide variety of blocklists over the years, those definitions vary from you didn’t send COI, even if it was consent-based.

[00:10:25] So you’re sending straight-up stuff that is illegal, right? So there’s a huge variation of its consent-based, but it didn’t meet my requirements for consent-based too. It’s straight-up evil. Right? Where does the Spamhaus sort of fall on that spectrum?

[00:10:41] Matthew Stith: We probably fall somewhere in that gray area.

[00:10:44] So, the main thing is that it’s a little bit difficult to ascertain, but sometimes you have to think about intent and what is the message? What is the content of the message and who are they sending it to? And since we have a large array of.

[00:11:05] Of spam trap networks and domains out there that are just accepting certain, certain types of mail. There are certain circumstances where there’s mail, that’s getting sent by people that, yeah, it could have been unintentional, but see you look for a couple of things.

[00:11:20] So, kind of what the intent of the messages are, they try to get something out of you. Oh, are they trying to sell you something? And is there any possible way that there could have been any type of opt-in there? So you have to answer those questions kind of for yourself.

[00:11:37] So if I were to give just a blanket response on what we deem as spam, it will be an unsolicited email with the intent of doing maliciousness with information that they’re trying to get from you. So, it doesn’t necessarily have to be phishing. It could be just getting your money and I’m not even saying, like trying to steal your bank account, I’m trying to just say, get a hundred dollars from you.

[00:12:03]And that’s the type of thing, and of course some people do run into issues with their lists or with their sending in that they are compromised in some way that they didn’t seem imaginable. But you can usually separate the people that are having a problem.

[00:12:21] People that have been compromised from the people that are malicious in intent. And I know, I didn’t answer, answer the question because that’s a very, it’s a very complex question.

[00:12:33] Matthew Vernhout: Absolutely, I’m considering the number of things that you’re looking for and then the various lists. what you put on the DBL is different than what makes it onto the PBL, which makes it onto the.

[00:12:43] Zero-day lists, which makes it onto the XBL like each list has its criteria. So I wasn’t expecting sort of one answer in regards to, if you did this one thing, you’ll appear everywhere sort of thing. So I get the intention that there is no sort of one answer. I think that’s part of the problem that a lot of people also have is it’s like, well, I didn’t change anything.

[00:13:02] And now all of a sudden I’ve listed or I’ve been doing the same thing for so long. Does that factor in, even to some of the discussions. So like, you know maybe like it’s I’m a retailer and I’m not doing anything malicious. I’m not phishing. I’m sending consent-based messages, but for some reason, an address is on my list.

[00:13:22] It’s wrong. And it sent you 300 messages over the last year, just as an example. Cause we tell her to send every day, right? The chances I’m getting listed day one versus day 300, I’m assuming are significantly different.

[00:13:34] Matthew Stith: Yes. So, it’s more or less like. One of those, one of those things about, the beautiful things that marketers have today is, you have things like click tracking and, and all sorts of authentication stuff.

[00:13:49]And of course I know that click tracking and whatnot, isn’t like 100% the gospel truth every single time. But there is a thing in understanding you’re, your user’s engagement into, into emails, like, have you sent somebody 300 emails and they’ve never even opened one or never even clicked on one?

[00:14:10] Granted it’s possible to block all of that stuff, but more or less, it does help in some circumstances to regularly run audits on your system. Also, there there’s a lot of times where I’ve seen that some centers are like, okay, I’ve adopted best practices up to 2015.

[00:14:31] A lot has happened in the last five years. You need to constantly be updating the way that you’re doing things and the things that you’re offering to your customers as well. So it’s being obviously, up to date on that type of stuff and there are resources out there. There’s this podcast that I’m sure people are discussing all sorts of things in all sorts of best common practices that people could do.

[00:14:58] There’s also MOG as an organization that’s published a bunch of documents. And then, of course, you know companies like Spamhaus, like Pharsight security. And I know that Matt, you also publish your stuff. There’s a bunch of resources out there, but you need to make sure that you keep yourself on that curve.

[00:15:16] You don’t need to try and get yourself as far ahead of the curve as possible, but make sure that it’s things that are widely adopted that are for the betterment of not just your platform, but for the rest of the internet.

[00:15:29] Matthew Vernhout: Absolutely. I think this, I had this discussion just recently with someone as well.

[00:15:33] It was like, how do you expect marketers to keep up? Well, it’s part of their job to keep up. Right. I expect them at a minimum to comply with industry-standard best practices that are not that hard to achieve right. Working on subscribing. Functional postal address consent-based messaging, right?

[00:15:49] Those types of things are not that high of a bar. We’re not surely asking you to, well, technically you should comply with GDPR, but from an email perspective, it’s not like the bar is so high that if you don’t have a signature in blood, you can’t send the personal mail. Right. Those types of things, the bar is relatively easy to achieve and achieve by the vast majority of marketers, I would say.

[00:16:12] Right. Occasionally they run into, some practices that maybe would counter those, and that’s where you end up in trouble. Right. And I think that’s sort of the next question I would have. So you’re a marketer, you mean, and doing things, maybe you reach that 2015 level of excellence and now we’re 2021 and things have evolved and, and you’re not following all those best practices and now you’re in trouble.

[00:16:37] So then what you get listed on Spamhaus then what.

[00:16:41] Matthew Stith: Well, I mean more or less it’s time to do an audit of what you do of your practices. And you know the worst thing that in this, this was when I was quote-unquote, on the other side at Rackspace. One of the worst things that would happen in many circumstances when people were interacting with people like Spamhaus or, or your IBL or any of those block list providers out there the worst thing that you could do is just write in and say, please remove me.

[00:17:10] That’s telling me nothing about any of the effort, any of the things that you’re trying to do to change yourself for the better. Now you may deem that this is a false positive, but do some of the leg work don’t just come to me and say, this is a false positive, remove it. You need to tell me why. And that’s a big piece that I think needs to be instilled in people that reach out to us is that not just requesting removal I told, I told people that I was working with Rackspace, never requesting removal from spam outs, right.

[00:17:42] In say, this is the problem. This is how I fix it. This is how I’m going to make sure it doesn’t happen again. And, I know that sounds easy and straightforward and. It’s not some people are gonna have, some people are gonna have 10 minutes. For some people, it’s going to take them a couple of days.

[00:17:59]But the most important thing is letting people know that you’re working on these problems. And also it doesn’t hurt to ask us for advice. We can always provide advice to you. If you have a question about something, if you’re like, I don’t know how I got on this list, I’m doing this, this and this, but it’s important to say that I’m doing this, this and this, and not just say, I don’t know how he got on the list.

[00:18:21]Because, just do a little bit of due diligence and provide a little bit more information because it helps us understand your level of expertise and how much we need to help you resolve the problems. Yeah.

[00:18:36] Matthew Vernhout: I see a lot too of Marketers, relying on services, like list validation to help them when they think they have a block listing issue.

[00:18:46]And I have, there’s at least one validation service that claims to fix spam trap issues. And I was just going to ask your opinion on that. And I think it’s, it’s pretty clear. And I think you and I are pretty much aligned on that, validation services help, maybe a little bit, you don’t fix all the problems.

[00:19:10]Matthew Stith: Yeah. In terms of, when you talk about things like validation services, you know It’s theirs. They are a gray, dark gray area in some circumstance stances, more or less the main thing that I would say about something like a validation service is not saying that don’t use them.

[00:19:28] But what I am saying is understand what their practices are, understand how are you guys checking you against this? How are you determining if something like, do they have an algorithm in there that looks through these mailboxes and finds if they’re sealed like a common misspelling of something like, people spell stuff wrong all the time.

[00:19:48]And that’s something that is a challenge every once in a while. So, is it something like that where it’s looking for misspellings or, something that’s out of what, did they put a dot where a dot wasn’t supposed to be? Did they put that seal instead of.com those, those types of things?

[00:20:08]But there are certain, certain times where you have some of these validation services that are sitting there, just Hammond people SMTPs. hammering at these gates and trying to figure out, what users or not users and whatnot, and, that’s, those are services that I would say kind of stay away from the thing that you want to do is you want to get rid of the chaff, the bad stuff that you shouldn’t be having in your list.

[00:20:33]You don’t want to, try to identify spam traps, why. Because spam trips are out there to end up protecting you at the end of the day. I know that it sounds counterintuitive, but it is, it is there to protect you because it’s able to help us get intelligence and understand where somebody is having a problem.

[00:20:54] Now, this isn’t the only thing that we use to understand these problems, but, that’s kind of, you want to be able to use those services to just get rid of that, that stuff that you should just be shaving off and you don’t need that list of a hundred thousand. Yeah, exactly.

[00:21:09] Matthew Vernhout: You know disposable domains, maybe those types of things you want to catch, but actively hoping that these services clean spam traps is probably a bit misleading. That’s probably a good way to explain it. Now. In my past life I worked with a vendor that did some spam trap monitoring as well.

[00:21:27]And they sort of had this idea of, sort of three different classifications of spam trap, like a pristine spam trap, meaning it’s never been used a typo spam trap, meaning it’s just a common spelling and what they deem to be like a recycled spam trap. So something that may have existed in the past, what are your thoughts on those types of classifications?

[00:21:48] Do they make sense or are they all

[00:21:49] Matthew Stith: just as bad? They, they, they all make sense. The thing is, do you want to consider treating them a little bit differently. Something like the pristine spam trap, which is a domain that has never, ever, ever, ever been responsible for sending a receiving email.

[00:22:06]Basically somebody registered it through an MX op on it and is not doing anything else with it. They probably don’t even have any mailboxes set up with it. They’re just accepting all traffic. And then, that would be like your highest category of. You’re not doing something right. If somebody is somebody in or something in now typos or where you get a little bit, a little bit weird, but you have, you also have to consider that many of these many of the malcontents out there these lists that they get, they’re just scraping the internet.

[00:22:36]And also sometimes they’re not very good at coding. So what the, instead of putting in Gmail, they might just put in some misspelling of Gmail or they may forget the. dot com. They just may put. co. So, there’s, there are certain, certain circumstances where you can look at some of these domains and be like, well that’s, a misspelled domain, and yeah.

[00:23:01]It’s not like the weightiest of weighty things, but if you receive dozens, hundreds of messages to this to this certain address, not just the domain to a certain address. There’s something weird going on. And then lastly, when we look at the recycled domains, that’s a lie it depends on what somebody’s policy is around that.

[00:23:21] So, in terms of saying the domain expired and then somebody picked it up and turned it into a spam trap, like right after it expired. I don’t think that that’s a great practice. You need to have a time of not being able to get in more or less, take the MX way from that domain.

[00:23:38] So anybody who is sending that, let’s say, let’s give them 48, 72 months, whatever. I’m just making up numbers, but give a significant amount of time to have messages bounce because anybody who’s anybody in marketing. That is using marketing software. If the message bounces, it gets removed from the list.

[00:24:01] So, that gets removed. So it shouldn’t be getting added back in. And that will help people a little bit in terms of that. But that, that, that last one with the recycled ones is, it can be useful and can be not useful. So it’s a little bit of, you need to, you need to see what kind of traffic’s come into it.

[00:24:22] Matthew Vernhout: Yeah, there’s a, it’s either an RFC or a best buy practice around ageing out domains as well. I believe MOG may be published one around a spam trap management or maybe it was at an RFC around spam trap management that discusses the idea of, if you are going to recycle a domain for spam trap purposes to sit on it for a period of say, 12 months before Before, enabling it again, except mail and then see what’s still being sent there.

[00:24:48]So I get this question a lot and because I’ve worked at several different email platforms in the past I know a bit of the answer, but I guess the idea is for our listeners out there, how, how does someone who’s maybe not having problems with the Spamhaus, reach out and say, I wanna, I want to make sure I’m doing things the right way.

[00:25:12] Do you have any problems with my network? if you see anything, can you reach out to us? Like how do people get connected that way to say, you said you reach out to people to get listed on the SBL, right? How do you, how do I? How do I, as the network owner, make sure that I get that message in the right spot.

[00:25:28] Is there, is there a way that I should reach out and say, send it to me here? Or just fingers crossed that you’re going to send it to the right address. It’ll get to somebody that, what is the process for that?

[00:25:39] Matthew Stith: So it’s a little column A, column B thereof, Wish hope, pray that it comes to the right thing.

[00:25:45] A lot of what we look at is in terms of things like the IP stuff with the SBL. It’s more or less we look at who’s the owner of the IP space. And the fortunate thing is GDPR has not been taken away. The ability to know who owns the IP space. Now, when you talk about things like domains, well, you’re kind of SOL there because we just don’t have that ability now gone.

[00:26:09]So, in terms of that make sure your sweat information is correct on your IP. And if you, if you happen to be a provider within a provider we’re talking about provider reception now, but you’re going to be at a hosting company in your ESP. It’s at that host’s competition.

[00:26:27] Let’s just say Amazon and you, you end up getting all of these SBL notifications, but they’re going to abuse Amazon, not abuse that. Myesp.com. And you, you need to work on a relationship with your provider there because there’s sometimes where hosting providers aren’t going to say, yeah, sure.

[00:26:47] We’ll slip all this information. We’ll go into Aaron and change everything because that’s so time-consuming for certain individuals.

[00:26:58]So more or less know where you are on the internet and know who you should be. who you should be reaching out with. If you do think you’re going to be running into some challenges with something. So, if you’re at, let’s say an Amazon already has a process in place where you get SBL notification, they get an SBL notification, they’ll send it right over to you.

[00:27:17]And that’s usually how it should work with the hosting providers out there. So really it’s, you have to have a network. For us to ensure to know how to get something to you, that somebody who’s on a smaller scale of things. We don’t have open support channels for these types of things because they’re already, our researchers already dealing with so much during the day with removing listings, responding to listings with creating new listings.

[00:27:41]Working on algorithms and all sorts of things. So, they can’t handle how I do all of this? However, I think that that’s something that, maybe we can work on as an organization to publish more out there and provide the community with more answers. We are working on a little bit of revamping of some of our free internal tools.

[00:28:03] So we have come out with something that right now we’re calling it a network security portal where people can put in their IP space to be able to manage it. And some certain waveform or fashion. So you’d be able to say, here’s my IP space. I’m able to verify it by whatever method. And you’ll be able to see things like how many SBL listings you have, how many PBL listings you have, how many XPL lists that you have.

[00:28:27] So you can be able to see all of that stuff and be able to make informed decisions. And also if there needs to be a change in how you get contacted, It’ll be right in there and you’ll be able to change it. So, it’s a great question. And for the most part, it’s a little bit nebulous and too, if we can give you all of the stuff that we need you if we can get to the right person at the right time.

[00:28:49] Matthew Vernhout: That makes sense. So just a couple more questions before we wrap up one, I want to just sort of your opinion on 2020, we saw a lot of people having to go back to their roots and email. They dug deep into their files because they’re trying to message people about COVID that caused a lot of problems.

[00:29:09]What are you seeing or what are you predicting in regards to the world of email and block listing in 2021?

[00:29:18] Matthew Stith: Well in 2021, I think we’re still going to be looking at some of the same things that we had to deal with in 2020. I, I see that. They’re probably going to be some people who are just like you and I are right now sitting at our desks at home.

[00:29:31] And we’re still going to be doing that in 2021. And in 2022 because I think that we have learned that we can work remotely in certain circumstances. So, people are going to be relying on email a little bit more. And you know the challenge that I saw with what was happening last year in terms of –

[00:29:51] The “we care emails” that we’re receiving from all sorts of places. Like there, there, there were times where I was receiving emails from companies that, yeah, I think I bought something from you in 2009. And I’d never gone back to your website and that, that type of thing.

[00:30:12] So, don’t use things like pandemics or elections or whatever, whatever big event to make a purpose, to just be like, all right it’s time to email every single person that I’ve ever emailed before, stick to best practices. Don’t, don’t think about things, and yeah, in a way, I need to take advantage of this right now while, while it may be tempting, you do want to look at the people that are engaged with you right now, or recently.

[00:30:42]And that’s where you’re going to get the most bang for your buck anyway. Anybody else that you may be sending emails to, like, for example, the one that I had communicated with for 11 years, what I ended up doing with that email? Unsubscribing and reporting it as spam. So, because why did that need to come there?

[00:31:05] Matthew Stith: and made them call them because, it was just, it was just me and, the, and one thing that I need to make, make sure everybody knows this. I do not create any listings whatsoever, and I cannot remove any listings whatsoever. That’s up to those researchers who are often making all sorts of things.

[00:31:25]But, I always need to talk about it every time because some people come to me and they’re like, Hey, can you list this? Hey, can you remove this? Unfortunately, I cannot, but I can try and talk to somebody and see if we can get something,

[00:31:38] Matthew Vernhout: Oh, I have a few of those. Then just point me in the right direction.

[00:31:40]Matthew Stith: That’s my job is to go out there and interact with the industry. And if somebody wants to ask me something about something, sure. I’ll respond to you. I may get the answer. I may not get the answer. But more or less, sometimes you have to throw the coin into the fountain to be able to get that answer.

[00:31:57]But if you don’t, you’re never going to get the answer. So, in terms of what people should be doing this year, just stick to your best practices and, and, fall, fall along with that type of stuff. But also, be, be aware that yes, you’re going to be sending more emails and be aware of all of the things that you could do to monitor yours.

[00:32:17] You, your reputation, you can check yourself against our blocklists. You can use the stuff that Netcore provides. There are companies out there that assign a reputation to things telos, which used to be sender rates, has stuff where you can check IPS, you can check domains.

[00:32:33]You can also use a return path as an element for their, their sender score. but don’t look at every single one of those is one of these is the gospel because none of them are, everybody has a certain view of you on the internet. So constantly be monitoring your reputation, your domain, your IPS, what are you getting rate limited somewhere?

[00:32:54] W what could it be due to, am I sending too much mail to Yahoo and, be able to figure all of that type of stuff out.

[00:33:02] Matthew Vernhout: So you’re saying typically look around and see what other people’s opinions are collectively assumed that no individual is right. But overall, when you look and say these six sources, think I’m kind of average, maybe that means you’re kind of average.

[00:33:19] Matthew Stith: Yeah. Yeah. Because we could say you’re bad and someone else may say that you’re good. That’s there another blocklist provider. And it’s, it’s all you’re getting that.. Wide range and wide frame of understanding, who I am and what I do. So, get as there is no such thing when you’re working in email as too little feedback on the reputation of your network goes to as many places as you can sign up for every single feedback loop on the planet.

[00:33:50]Sign up for SNDS and that’s Microsoft’s spam thing I can’t remember what else would be the estimated service. Smart Network Data Services – There you go. Yes. And, get, get all of that stuff into place. So you understand all of that and anything that’s out there that can, that can help you monitor and make yourself better will be beneficial to you.

[00:34:11] And since we’re in a much, much more focused email environment now because we’re not able to say, Hey, everybody let’s get into a meeting. Cause sometimes people are just like, I don’t want to get on to zoom and stare at people on the camera as we watch things that are happening in the background.

[00:34:27]sometimes any email we’ll do it. And we’ve learned that you know when they’re there’s been many times where a lot of meetings that we had in the past could have just been an email. And I think that those are turning into emails these days. So definitely be focused on your reputation.

[00:34:42] Matthew Vernhout: My calendar doesn’t reflect that, but okay. So just sort of anyone final thought, like if you had a message to give to marketers beyond, like, we kind of did just the summary there, but if you had like a message for marketers to go and say, 2021, change this one behavior, or do this one thing when you audit your program and one thing may not be the right answer, but.

[00:35:08] these couple of things, if that’s what it boils down to, what would you recommend that they do to improve their email program? Okay.

[00:35:17] Matthew Stith: I’ll think of three things here. First, protect your users. Now, this is me talking to the ESP sorts but also to the people that are and it’s to let them know that, If you don’t protect your users, they’re going to get compromised. They’re going to start sending spam. They’re going to get you blacklisted.

[00:35:39] Matthew Vernhout: We’re rolling out two-factor authentication across the network right now, all of our accounts for that exact reason.

[00:35:45] Matthew Stith: Exactly. and do all of that.

[00:35:48]And next you, you want to look at things like what I already said, adopt best practices and stay up to date, stay up to date on everything. And, the last thing and I already mentioned it. It was the last thing I talked about. Manage your reputation effectively across diverse sources. To protect those customers, adopt your most current best common practices and check out your reputation.

[00:36:13]And maybe if I could say a bonus number four look at your content, look at what you’re sending to people. Make sure this is really what I want to send to people. And, just, be cognitive of things. Sometimes if it looks like a duck, it’s spam but you, you have to, you have to understand it also wouldn’t help try and figure out what spam looks like.

[00:36:39] And then when you see what spam looks like, it can be in your definition. But if you make a concerted effort to, you can go to Google right now, be like spam messages and you’ll see a bunch of them up there. Just people that have bunches of examples of these things. So it will help you in better understanding what is happening on your network.

[00:36:59] Matthew Vernhout: I would like that one too. Is this check out your spam folder and see what kind of stuff you’re getting and then try not to be that. Yeah. Right. That’s a pretty good indicator, for a baseline. If you will. Now, I want to thank you for joining us on the Netcore ForTheLoveOfEmails podcast.

[00:37:15]If our listeners want to get more information about Spamhaus or reach out to you, what’s the best way do you think they can reach you?

[00:37:21] Matthew Stith: Well, I typically don’t still accept direct email from the entire internet. So, I monitor the Spamhaus technology.

[00:37:33] Twitter feed and also the Spamhaus project put her fee too. I also monitor that and I can get people to connect me up via that, cause I know the people that manage it that they can connect me up. And there’s also a website, for the technology group, which is spamhaus.com.

[00:37:51]We’re where people can reach out to us if they have questions and you may get me, you may not get me. But I assure you that everybody is for the most part if you gotta catch them on good days, but they’re all friendly.

[00:38:05] Matthew Vernhout: I will attest to that I’ve had many great conversations both on a professional and personal level with staff. It’s fair.

[00:38:12] So a great group of people. Don’t be afraid of them. They do make the internet a better place. So thanks again, Matt, for joining us and to our listeners, we hope you had a great day. Time listening to us today, maybe you learned a few things about block list and you’re going to be a little less afraid of reaching out when there’s a problem we’re engaging with your vendor to help you resolve a problem who will then, in turn, engage with the respect of blocklists that may be impacting your ability to send mail.

[00:38:41]If you do have any email questions or you’re interested in learning more about an AI email program, please do check out Netcorecloud.com to learn about our campaigning and API email platforms. And don’t forget to subscribe to this podcast right here, anywhere that you listen to your podcast, whether it’s on Spotify, iTunes, Google Play, or Stitcher.

[00:39:02] And once again, please visit Netcorecloud.com to check out more and learn about our products and services. Thanks again, Matt. Great talking with you.

Unlock unmatched customer experiences,
get started now
Let us show you what's possible with Netcore.