Spamhaus Provides Answers: Part 5
This is part of an ongoing series in which Steve Linford, chief executive of anti-spam organization Spamhaus, agreed to field questions from Magill Report readers, who submitted more than 60.
39. Typos & errors happen. What thresholds is Spamhaus using to avoid accidental listings and/or what can marketers do to avoid?
The acceptable level of spam is zero. To avoid typos, use confirmed opt in. Other errors require other tools: bounce processing, aging out stale data, engagement and other deliverability tools and strategies keep most bulk mailers off our spam radar. Good intentions are nice but bad practices are the reason for SBL listings.
40. Could they imagine cooperating with the DMA and if so, what would that look like?
The DMA (the one in the USA) has advocated the sending of unsolicited bulk email (aka "spam"), a practice which is contrary not only to Spamhaus' task and the wishes of our many users but is contrary to the MAAWG Sender Best Current Practices for the email marketing industry and is against the terms and conditions of nearly all Internet providers on the planet. Spamhaus wants users of email to receive the messages they have requested, and to not have to have them lost in their inboxes amongst thousands of other messages that they haven't requested. Savvy marketers see us as allies, keeping inboxes clean so their solicited messages don't get lost in the deluge of spam. When the DMA accepts that unsolicited bulk email is a plague and stands solidly behind anti-spam best practices, then we'll be in cooperation.
41. What can hosting networks do to get off Spamhaus? I run abuse for a hosting provider in the US. We've had our share of SBL and XBL listings, and have responded by tuning in to feedback loops and aggressively removing customers who trigger listings and complaints. We also thoroughly vet new customers using a credit card fraud service as well as telephone verification, captchas, and other techniques. With all this being said, the problem is that mail still flows out of our customers' servers (which we don't control, because they are dedicated and VPS servers). How can we block the spam proactively? Is there a way that Spamhaus could send us feedback data other than a blacklisting? Can anyone else help with this?
Those all sound like appropriate steps for the hosting ISP environment, and they're among the suggestions in our ISP Spam Issues FAQ. We understand that spammers can be sneaky and hard to prevent. SBL listings are narrow in well-run hosting ISPs, where troubles are minimized with practices as mentioned and problems fixed promptly once identified. Once spam starts flowing, though, it's too late for warnings. We need to protect our users. Work with the SBL Team to get SBLs resolved as soon as possible. Thanks for your diligence to prevent spam to the best of your ability, we know Abuse@ can be a tough job.
42. What is the risk of a single “typo” email record? If the record is mailed once, but not ever again, is that enough to get listed? Is it true that a sender will get a warning first, and then if non active records are mailed again, that is when the block is placed? (If a person submits their email address, how can a marketer know if it’s good if we don’t mail it at least once?)
SBL listings are not made for truly transactional messages (even misdirected ones) or confirmations, so no, a single typoed message won't result in an SBL. On the other hand, a big enough stream of such messages directed at an appropriate receiving detector could appear to be a dictionary attack or similar, and it might well be such. An SBL listing would be appropriate in that case.
A single message from a "spam-bot" (an infected computer or device sending botnet spam) can result in an XBL listing. It is unlikely but not impossible that an ESP or other dedicated mail IP could become infected with a spam-bot. If that happens follow the instructions linked from our Blocklist Removal Center (including subsequent pages), fix the problem, then remove the XBL via the web.
Spamhaus sends notifications at the time of an SBL, but not warnings before it. No one warns us before they start spamming.
[Editor’s note: Next week will mark the final installment of the questions Linford has answered so far. I believe there are about 15 questions readers submitted that have not been addressed. If/when I get answers to them, I will run them. Again, I want to thank Steve for his time. He obviously put a lot of thought and effort into his replies. Reader feedback on this series has been phenomenal.]