Hi, I'm working on a bulk (opt in!) email delivery system at the moment, and over the years I've heard a number of possibly apocryphal stories about people requiring contracts with large email suppliers (Hotmail, AOL, Yahoo, MSN etc..) in order to be able to guarantee delivery and lower the risk of email that's been requested by an end user being mistakenly blackholed or treated as spam by their ISP (or webmail provider). Has anyone ever actually come across such a contract in real life or are they just urban myths? Cheers, J.
On Mon, 22 Apr 2002 11:53:58 +0100, James Cronin <james@unfortu.net> wrote: [opt-in bulk email]
Has anyone ever actually come across such a contract in real life or are they just urban myths?
Urban myth. If you make damn sure that you clearly mark your bulk mail with the website/organisation at which your user subscibed, & you record the *way* they subscribed[0], you should be fine. It's also vitally important that you respond promptly to email that arrives at your domain's 'abuse@' address. [0] Eg: IP address & time stamp from when they hit the 'subscribe me' button on a web form, copy of the signed paper form they sent in, etc. -- W . | ,. w , "Some people are alive only because \|/ \|/ it is illegal to kill them." Perna condita delenda est ---^----^---------------------------------------------------------------
Unnamed Administration sources reported that Lionel said:
[opt-in bulk email]
Has anyone ever actually come across such a contract in real life or are they just urban myths?
Urban myth. If you make damn sure that you clearly mark your bulk mail with the website/organisation at which your user subscibed, & you record the *way* they subscribed[0], you should be fine. It's also vitally important that you respond promptly to email that arrives at your domain's 'abuse@' address.
[0] Eg: IP address & time stamp from when they hit the 'subscribe me' button on a web form, copy of the signed paper form they sent in, etc.
Likely insufficient. Save your hide by getting verification on every entry; i.e: 1) Get request. 2) Send email to alleged requester. 3) Do nothing unless/until you get back a confirming "yes, I do want" reply. This is what spammers disparage as "double out-in"... -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Mon, 22 Apr 2002 09:32:04 -0400 (EDT), David Lesher <wb8foz@nrk.com> wrote:
Save your hide by getting verification on every entry; i.e: 1) Get request. 2) Send email to alleged requester. 3) Do nothing unless/until you get back a confirming "yes, I do want" reply.
Yes, very good point. I should have included that too. -- W . | ,. w , "Some people are alive only because \|/ \|/ it is illegal to kill them." Perna condita delenda est ---^----^---------------------------------------------------------------
Save your hide by getting verification on every entry; i.e: 1) Get request. 2) Send email to alleged requester. 3) Do nothing unless/until you get back a confirming "yes, I do want" reply.
Yes, very good point. I should have included that too.
That's exactly what we are doing. Which is good :) As it's still likely to end up with the most popular domains @hotmail.com, @yahoo.com, @aol.com having several thousand recipients though I'm still interested in whether anyone has more experience of ensuring that mail doesn't get blackholed. I'm thinking along the lines of whether and how it's necessary to rate limit sending to those domains, whether they don't like single messages having more than a certain number of RCPT TO lines, whether there are contracts that one can sign to get access to some sort of super special non-public MX for them, etc... or whether it's just all pot luck ;) J.
On 04/22/02, James Cronin <james@unfortu.net> wrote:
As it's still likely to end up with the most popular domains @hotmail.com, @yahoo.com, @aol.com having several thousand recipients though I'm still interested in whether anyone has more experience of ensuring that mail doesn't get blackholed.
Spam has reached such epic porportions that it is virtually guranteed that if you send mail out on a regular basis, you will eventually be blackholed somewhere. But if you follow the advice here (as it sounds like you are), most sane folks will still accept your mail.
I'm thinking along the lines of whether and how it's necessary to rate limit sending to those domains, whether they don't like single messages having more than a certain number of RCPT TO lines, whether there are contracts that one can sign to get access to some sort of super special non-public MX for them, etc...
or whether it's just all pot luck ;)
It varies a lot, depending on the provider. However, it'd probably help to remember that a load of mail which might DoS a small provider will almost certainly set off alarms at large providers...and that may get you blocked. -- J.D. Falk "say your peace" -- Scott Nelson <jdfalk@cybernothing.org> (probably a typo, but I like it)
On Mon, 22 Apr 2002, J.D. Falk wrote:
Spam has reached such epic porportions
Indeed. I recently plotted my entire spam collection from 1997-now, and it looks like an exponential problem :( See http://www.xtdnet.nl/paul/spam/ Paul -- "One liners are no liners." --- Fenrir
At 07:15 AM 4/22/2002, James Cronin wrote:
As it's still likely to end up with the most popular domains @hotmail.com, @yahoo.com, @aol.com having several thousand recipients though I'm still interested in whether anyone has more experience of ensuring that mail doesn't get blackholed.
At my last job, we successfully flew under the radar by sending individual messages to each recipient. We were sending info to around four hundred thousand registered users of our site and some tens of thousands were at yahoo, hotmail, aol &c. Our only problems were on our side ... we ran out of filehandles a couple times. If anyone wants to take a look at the quick and dirty perl script I wrote, you're welcome to it. -- Gabriel M. Schuyler, outlaw "And all I ask is a tall ship and a star to steer her by."
oops
This is what spammers disparage as "double out-in"... .............................................opt-in...
-- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Mon, 22 Apr 2002 09:32:04 -0400 (EDT) David Lesher <wb8foz@nrk.com> wrote:
Likely insufficient.
Save your hide by getting verification on every entry; i.e:
1) Get request.
2) Send email to alleged requester.
3) Do nothing unless/until you get back a confirming "yes, I do want" reply.
and log and save everything. if there's a web form, then log the ip address that the request came from. provide enough infrastructure that when you get a complaint, you can rapidly provide the records. and the "urban legend" thing is incorrect. AOL has in some cases had mailing list providers sign agreements governing their behavior. that's the only one i know of, but there could be others. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Lionel wrote:
On Mon, 22 Apr 2002 11:53:58 +0100, James Cronin <james@unfortu.net> wrote:
[opt-in bulk email]
Has anyone ever actually come across such a contract in real life or are they just urban myths?
Urban myth. If you make damn sure that you clearly mark your bulk mail with the website/organisation at which your user subscibed, & you record the *way* they subscribed[0], you should be fine. It's also vitally important that you respond promptly to email that arrives at your domain's 'abuse@' address.
[0] Eg: IP address & time stamp from when they hit the 'subscribe me' button on a web form, copy of the signed paper form they sent in, etc.
AND send a verification email with a clearly marked confirmation url that they must hit to actually be subscribed. Without successful confirmation, no further email should be sent. KL
Unless the network is lying to me again, James Cronin said:
I'm working on a bulk (opt in!) email delivery system at the moment, and over the years I've heard a number of possibly apocryphal stories about people requiring contracts with large email suppliers (Hotmail, AOL, Yahoo, MSN etc..) in order to be able to guarantee delivery and lower the risk of email that's been requested by an end user being mistakenly blackholed or treated as spam by their ISP (or webmail provider).
Has anyone ever actually come across such a contract in real life or are they just urban myths?
The one with AOL is real. http://www.mailinglists.org/aol AlanC
On Mon, Apr 22, 2002 at 11:53:58AM +0100, James Cronin wrote:
Hi,
I'm working on a bulk (opt in!) email delivery system at the moment, and over the years I've heard a number of possibly apocryphal stories about people requiring contracts with large email suppliers (Hotmail, AOL, Yahoo, MSN etc..) in order to be able to guarantee delivery and lower the risk of email that's been requested by an end user being mistakenly blackholed or treated as spam by their ISP (or webmail provider).
Has anyone ever actually come across such a contract in real life or are they just urban myths?
The contracts... for most of them are urban myth. Perhaps not for all, and since my NDA has now expired, I can say publically that I was involved with Earthlink (just after the Mindspring merger) considering whether they would need this sort of contract in some circumstances (and, more directly what I was involved with, the inverse - contracts for bulk suppliers who were not spammers, laying out what they needed to do to not get smacked with the AUP). I have also, recently, had problems with BellSouth's servers rejecting legitimate mailing list emails to at least one user; it is not clear whether the volume is the cause, but since the server in question isn't on any of the open-relay lists, and is getting a 550 "anti-spam"ish error message, while other servers can reach the same user perfectly well... (Note: the lists in question follow all of the relevant RFCs, including those for List-Id headers, Precedence headers, etc.) -- *************************************************************************** Joel Baker System Administrator - lightbearer.com lucifer@lightbearer.com http://users.lightbearer.com/lucifer/
I have also, recently, had problems with BellSouth's servers rejecting legitimate mailing list emails to at least one user; it is not clear whether the volume is the cause, but since the server in question isn't on any of the open-relay lists, and is getting a 550 "anti-spam"ish error message, while other servers can reach the same user perfectly well...
(Note: the lists in question follow all of the relevant RFCs, including those for List-Id headers, Precedence headers, etc.)
fwiw, i already asked joel in private email to provide me with more details so that somebody can begin trying to figure out what happened. seems something's obviously wrong here. if anyone else has add'l info or similiar experiences, please shoot an email off list to me. thanks, chris
James Cronin wrote:
Hi,
I'm working on a bulk (opt in!) email delivery system at the moment, and over the years I've heard a number of possibly apocryphal stories about people requiring contracts with large email suppliers (Hotmail, AOL, Yahoo, MSN etc..) in order to be able to guarantee delivery and lower the risk of email that's been requested by an end user being mistakenly blackholed or treated as spam by their ISP (or webmail provider).
http://help.yahoo.com/help/us/mail/spam/spam-17.html -- Doug Barton, Yahoo! DNS Administration and Development If you're never wrong, you're not trying hard enough. Do YOU Yahoo!?
participants (12)
-
Alan Clegg -
Christian Kuhtz -
David Lesher -
Doug Barton -
gabriel m schuyler -
J.D. Falk -
James Cronin -
Joel Baker -
Kevin Loch -
Lionel -
Paul Wouters -
Richard Welty