AOL : Email account stealing and spoofing for dummies

AOL just made a few weeks a go a post on their official mail blog to explain to their users why and how they could be receiving SPAM from their own email address.
The post briefly explains how an email address can be stolen or what is spoofing and gives a couple of tips to avoid compromising his email address.
The readers of this blog won't probably learn anything new here, but I thought it was good pointing out this article as I am always happy to see an ISP evangelize its users.
After all, fighting Spam is a common responsibility between legitimate advertisers, ESPs, ISPs, Spam filtering tools, Blacklists and end users.

What is email deliverability?

After a couple of years writing on this blog, I realize that there's still quite a few myths and weird questions wandering around the web and in direct marketing trade shows or seminars about deliverability.

I've decided to do a quick powerpoint presentation on the subject, some kind of really short "Deliverability for dummies" thing for people around the planet for whom IP reputation, feedback loops, disposable emails, spam traps and SMTP error logs are curse words.

You can read the presentation here after, please feel free to comment.
You can share the presentation if you want but please do not edit it (or ask me first)

Enjoy!

Email deliverability

View more presentations from Anton Panaitesco.

Tips for a successful subscribe form

The best way to collect email inside your database is to have a subscription form on your website.

To maximize the number of emails subscribing to your newsletter there are a couple of things you should do:

First : Make your subscribe form stand out.

When I visit a website and decide it's worth keeping in touch with the shop/brand I try to subscribe to their newsletter. Unfortunately, too many times still, I start looking around for a subscribe form and it takes me ages (and sometimes I even give up) before finding it lost in the footer or having to search for it in the sitemap or the through the webiste's search box.

I really have to insist: these leads you get directly on your website are probably the best you can get and THEY ARE FREE.

To have this newsletter subscription as visible as possible the best thing is either to place a box with a submit button at the top of your website pages or a button "NEWSLETTER" at the exact same spot.

Be careful: you need to place this on each and every page of your website, not only your home page, people might enter your site from an external link (or a search engine) on some other page and never get to see your home.

Second: Get to the point.

Too often I see newsletter forms where I'm asked a stupidly high number of questions, most of which turn out to be compulsory... If it takes too long to fill out the form and I get stupid questions like "Did Han shoot first?" I'll leave without going through the entire optin process.

Be careful, don't get me wrong here: I'm not saying that having extra information about the people that subscribe is not useful, I'm just saying you have to keep it as short and concise as possible.

If you really want to hammer through a long list of question, either make it plain clear that they are not compulsory (by marking the compulsory one with a star or a different colour) or even better: use a form in several steps, the first one subscribing the user then the next being use for these extra questions.

In any case, once the leads are inside the DB you will have plenty of time to gather extra information (that can be either declarative or even behavioural).

Third: Protect your DB.

Even though your newsletter subscription form can be a great source of high quality leads for your marketing or sales departments, it can also be a threat to your DB.

Robots are constantly crawling the Internet, looking for unprotected forms to post random data there. They are usually robots run by high score spammers who try to make good will marketers be identified as spam sources, because the more legitimate companies get blocked the more likely spammers are to go through (if only spam was identified and blocked then the spam issue would be over wouldn't it?).

By posting automatically random emails inside your DB it will increase the your number of hardbounces in your broadcasts and from the unfortunate valid emails owners, it will trigger complaints.

There are two easy ways to prevent such a thing from happening (and you can use both at the same time), the first is to protect your form using a CAPTCHA, the second is to use a double optin process.

The first method will prevent Robots from posting random emails in your form, the second will make sure the email posted is valid and is the user's own email.

One last thing:

If you plan to use this optin form as an account creation form (or vice versa) and in any case, when you create an account creation form or a login, please make sure your email field is set as an email field (input type=email), I had a really bad surprise earlier today browsing the web with my iPad:

Safari in both the iPad and the iPhone uses the type=text and type=email distinction to change the keyboard layout (quite handy I must say) but also, it automatically sets as a capital letter the first character typed in a text box, when it leaves it normal in an email box. The result was this afternoon that I was getting blocked on a signup page that had the email field set as a text one and it tool me a few tries before noticing that my login was spelled Antonp***@****.com instead of antonp***@****.com.

Email rendering: Displaying Background images in both Gmail and Outlook 2007

Most email marketers around the world are aware of one thing: it's quite impossible to have your email render properly and identically in all email readers, browsers and webmails...
Among the tricky rendering issues Outlook 2007 and Gmail stand out with their inability to display properly background images.
This triggered the following best practice: if you are ever to use white or some other light coloured text over a dark background image, always double this with a dark background colour so your text can be seen regardless the image shows up or not.

The guys at CampaignMonitor came up a couple of days ago with a solution to make sure background images are displayed properly in both Gmail and Outlook.

To make a long story short, they advise that you use two different ways of displaying the background image (each being one of the readers friendly) at the same time.
Please note this will not solve ALL the background image display errors (Lotus for example will still refuse to display them) so I advise you to continue to set a background colour but it's a nice trick you might want to try out.

I haven't tested it myself yet and don't know if it might have any side effects on other browsers/readers or if it can trigger any risk on a deliverability level, best thing is that you try for yourself.

Hacking through to hotmail's inbox

As all readers of this blog must know by now, @hotmail, @msn and @live email addresses (as well as a number of other Microsoft mail operated domains) use a reputation based SPAM filter.

This reputation is a savvy calculation based on the percentage of hardbounces, spam trap hits, complaints and positive reactions out of the overall volume of emails sent.

To be really efficient, this user oriented system keeps track of the statistics over a certain number of months.

Two weeks ago, "the Microsoft Digital Crimes Unit filed a lawsuit in U.S. District Court under the federal CAN-SPAM Act against the perpetrators of what we believe to be one of the largest-ever spam attacks on Windows Live Hotmail."

What Microsoft claims is that Boris Mizhen tried to hack the defence system by creating millions of email addresses and systematically marking hundreds of thousands of his own Spam as legitimate then contacting Microsoft to authorize their email to go through to the users inbox due to the fake legitimacy cquired in the process.

You can read the original statement on microsoftontheissues.com

Regarding the amount of work this must have represented for Mizhen and his associates and the poor result obtained, I reckon this type of  hacking attempt will not generalize itself, especially knowing how efficient the regular, known, spamming methods are.

How Cabestan-Canada can help you perform

As I said a few weeks ago I just left Cabestan Europe to join the Cabestan-Canada team.
I guess that's the opportunity to get working with you Canadian and American people out there.

Here's the latest powerpoint presentation we made, please feel free to comment or contact me.

Email-Ethics in Canada

Hello reader,

This is just a short post to apologize first for the lack of recent posts, the reason is my second point: I just moved in to Montréal to become the CEO of Cabestan-Canada.
I'm head high with paper work and currently looking for an apartment.

I will resume posting here as soon as all is sorted out :)