email - always under REconstruction

Yahoo pregateste in curand cateva schimabri legate de serviciul de email care vor influneta senderii, in sensul ca ii vor ajuta sa-si gestioneze reputatia, in plus zilele acestea au aparut zvonuri cum, ca, unii senderi au fost eliminati/exclusi/stersi din whiteliste-ul yahoo, fara nici o notificare prealabila. Se pare ca este un proces de curatara a whitelist-ului pe baza reputatiei anterioare a senderilor.

Toti cei exclusi din whitelist primesc mesaje de eroare de genul temporary fail.

Dupa fraudele prin SMS, operatorii de telefonie mobila trebuie sa faca fata si atacurilor de phisihing…insa in cazul lor prinderea infractorilor, teoretic este usoara.

A mai scris despre asta zoso

Zilele trecute un client imi spune ca nu gaseste in cotract garantii ca emailurile ajung in Inbox, fara sa se preocupe absolut deloc de practicile de colectare a adreselor de email, principalul factor care influenteaza modul in care sunt livrate emailurile…impreuna cu, contentul folosit in email.

Pe de alta parte altcineva punea o intrebare foarte buna: “are un sender dreptul sa ceara explicatii companiei care i-a blocat emailurile?”…Teoretic nu ar exista un raspuns ferm la aceasta intrebare…totusi prima data m-as gandi ca nu, pentru ca nici un filtru anti-spam nu este dator nimanui, cu nici o explicatie legata de metodele folosite. Totusi toti producatorii de filtre anti-spam au datoria de a-si proteja clientii, in ideea de a nu bloca emailuri pe care acestia si le doresc.

Astfel teoretic orice solicitare de a lasa sa treaca emalurile unui sender este facuta pe responsabilitatea senderului fara ca producatorul acelei tehnologii de filtrare sa-i datoreze un raspuns. Totusi, producatorul, teoretic, are obligatia de a evalua aceste “reclamatii” si de a lua masurile necesare pentru a evita in viitor blocarea unor emailuri “valide”. Marile ISP-uri detin astfel de mecanisme….totusi exista si producatori mai indiferenti.

Cred ca acum 3 ani am incercat prima data sa-i contactam pe cei de la Postini, fara succes. De atunci pana in prezent pe toti cei din industrie pe care i-am intrebat despre Postini am primit cam acelasi raspuns “Unfortunately, Postini (now part of Google Messaging Security) has always had a policy of not providing any transparency into its product. That hasn’t improved with their acquisition by Google. They don’t participate in any email industry forums etc.”

Ei sunt cam tipul de producator carora nu le pasa ce se intampla cu emailurile clientilor, ii privesc pe toti de sus, ceva de genul “noi stim cel mai bine”. Aceasta politica s-a cam soldat acum cu o mica discutie la adresa lor, bineinteles se face referire si la Google, pentru ca totusi, politica Postini nu prea mai corespunde cu politica transparenta practicata de Google.

In plus revenind la intrebarea clientului nostru…chiar daca toate practicile, si comunicarea cu producatorii de anti-spam ar fi perfecta, nu exista tehnologie 100% perfecta in domeniul asta…si cel mai recent si concludent exemplu ca si impact este ceea ce s-a intamplat acum cateva luni la Yahoo…cand au inceput sa foloseasca personal blacklists. Au avut un bug de implementare si practic blocau orice email care era trimis de la senderi care nu se regaseau in acele personal blacklists…desi acelea erau emailuri bune . Insa pentru ca au un bun sistem de comunicare cu senderii, atat ei, cat si cateva blacklists cu, care colaboreaza au putut rezolva destul de repede acest bug.

Oricum mai e mult de lucru pana la un bun email eco-system… insa cele mai mari eforturi trebuie sa le faca senderii in acest moment, in special tehnologic, plus multa, multa educatie in domeniu, care lipseste cu desavarsire, nu doar in .ro cat si in Europa.

In partnership with the DMA and eec, AOTA is hosting the AOTA Inaugural Email Deliverability & Trust Academy,designed to educate marketing professionals charged with enhancing online trust & vitality of email Marketing. The Academy is the first program of its kind to promote best practices and standards for the email marketing profession and its impact on consumer trust and brand enhancement.
More > http://www.aotalliance.org/summit2008/academy.html

Why attend?

·Email and online marketing professionals who abide by best practices and respect users’ intent on privacy, frequency and relevance are key to the long term vitality of email marketing. This program represents significant collaboration with the leading organizations committed to email and user consent and control. Individuals and companies who participate will realize a competitive advantage, while reinforcing the value of their brand.” — Craig Spiezle, chairman of AOTA

·“Email best practices are no longer a ‘vitamin,’ or a nice-to-have for high volume senders. They have a direct correlation to response rates, deliverability and ROI from the email channel. This program will give participants actionable advice that will move the needle on their businesses.” — Matt Blumberg, CEO and chairman of Return Path, Inc.

·“Email and online marketing have undergone fundamental changes in an era of increased online threats and increased consumer empowerment. Online brands need to change their interactive programs to acknowledge these changes. AOTA’s Email and Online Trust Academy fills an important industry gap by educating online marketers in how to build a successful, trusted dialog with their customers in today’s complex online world.” — Des Cahill, CEO of Habeas

·“DMA’s mission is to keep open and economically viable all channels of communication for marketers and their customers, donors and prospects to use as they both choose with relevance and responsibility to produce results for both. Email is one of the most effective, efficient and fastest growing of these channels. If email is to remain the powerhouse it is today, we must all work cooperatively to bolster consumer trust, which is why DMA is so pleased to enhance our collaboration with this program.” — Ramesh Lakshmi-Ratan, Ph.D., EVP / COO of the DMA

Cei interesati, care doresc sa participe, sa-mi trimita un email la andrei at whiteimage . net pentru a putea beneficia de un discount oferit de White Image in calitate de membru AOTA

1. Sa stii ce IP iti este blocat

2. Sa stii ce domeniu iti este blocat, daca este vb de o blocare pe baza de domeniu

3. Atunci cand ii contactezi e bine sa fi politicos, de obicei ei primesc sute sau mii de emailuri zilnic si nu isi pierd vremea sa raspunda la injurii

4. Nu le vorbi de legislatie, este foarte putin probabil sa intelegi legislatia sub care isi desfasoara activitatea mai bine ca ei si avocatii lor.

5. Nu intra in polemici cu ei, respecta-le timpul

6. Cere informatii, nu incerca sa le povestesti despre cum iti administrezi tu afacerea.

7. Nu le cere sa te deblocheze…mai degraba intreaba-i ce ai facut gresit si ce poti face pe viitor pentru a evita astfel de situatii.

8. Foloseste canalul potrivit pentru a-i contacta.

Este foarte important sa ai instrumentele de monitorizare a momentului cand esti blocat, asta pentru a stii ce actiuni sa intreprinzi.

Nu este recomandat sa-i contactezi atata timp cat banui ca IP-ul/domeniul respectiv ar putea avea probleme. Pentru a exemplifica mai bine ceea ce vreau sa spun, in trecut am avut un client care isi trimitea emailurile prin propriul sistem, foarte suspect in ceea ce priveste eliminarea din lista a adreselor gresite, desi eram siguri ca aceasta este principala cauza a listarii in acel blocklist, am demarat actiunea de delistare abia dupa un an dupa ce am inceput colaboareara, pentru ca atunci am avut certitudinea ca procesul de eliminare din lista de trimitere a adreselor gresite functioneaza corect.

Nu intotdeauna blocarea emailurilor are legatura cu un blacklists…sunt filtre antispam care blocheaza emailuri chiar modul de formatare al headerului…totul tine de instrumentele pe care le ai la dispozitie pentru a identifica problema in timp cat mai scurt.

Who should attend…

Summit 08 is a must-attend event for every marketing professional, brand owner, IT decision-maker, privacy or security professional committed to implementing technologies, business practices and policies that will improve consumer trust and confidence in the security and reliability of e-commerce, online banking and electronic transactions in their organization

Register before April 15, 2008 and SAVE up to $600 Register here>>

Cultivate an atmosphere of online trust where profit opportunities abound. Join us again for the AOTA Summit 08!

If you’re ready to create a more secure experience for your customers and a more lucrative future for your online business, we’re ready to make it happen.

Join in a two-day in-depth exchange of ideas and information with marketing, IT, and operations experts from a range of industries who will be in Seattle to share best practices and critical advice to guide your email, Web, and domain authentication business strategies.

Meet with the experts!

AOTA Summit 2008 brings together the most dynamic line-up of subject matter experts to create a two-day program you can’t afford to miss!

With over 25 presentations, you’ll learn success stories, recommendations, and insights (and how to avoid the mistakes they’ve already paid for!) from over 50 government, technology, marketing and business luminaries including:

• David Baker, VP, Avenue A | Razorfish
• Michael Barrett, CSIO, PayPal
• Tim Callan, VP Product Marketing, VeriSign
• Dave Crocker
• Peter Cullen, CPO, Microsoft
• David Daniels, VP, JupiterResearch
• Tom Donlea, Exec Director, Merchant Risk Council
• Jim Fenton, Distinguished Engineer, Cisco
• Lucy Hoffa, VP, Washington Mutual
• Rajiv Jain, SVP & CTO, American Greetings
• David Jevans, Chair, Anti-Phishing Working Group
• Eric Johnson, VP Security, Bank of America
• Allyn Lynd, FBI Cybercrime Task Force
• Rob McKenna, Washington State Attorney General
• Craig Newmark, Craig’s List
• Ramesh Ratan, EVP & COO, Direct Marketing Association
• Ken Schneider, CTO, Symantec
• Howard Schmidt, Former White House Cyber Security Advisor
• Chris Siouris, U.S. Postal Inspector, USPO
• Melinda Smith - Expedia
• Sal Tripi, Director of Operations, Publishers Clearing House
• Scott Weiss, Co-Founder & VP, GM, IronPort Systems
• Austin Wilson, Director Security Microsoft Corp.
• Michael Zaneis, VP Public Policy, Interactive Advertising Bureau
• and many other visionaries!

Cei care doresc sa participe la AOTA Summit 08 si doresc sa beneficieze de un discount suplimentar sa-mi trimita un email la andrei at whiteimage . net

Da, in UE exista o Directiva care reglementeaza modul de protejare si colectare a datelor personale…am mentionat mai jos cativa termeni interesanti legati de aceasta directiva.

“Adequacy” - asa cum se mentioneaza in Directiva UE privind Protejarea Datelor, adequacy se refera la existenta unei legislatii in alte tari decat cele din UE, legislatie care sa ofere suficienta protectie pentru datele personale. In alta ordine de idei o tara va fi considerata “adequate”, daca legislatia acelei tari protejeaza drepturile individuale, in mod similar cu cele stipulate in E.U. Data Protection Directive.

“Adequate country” - tara care a fost astfel clasificata de autoritatile UE. Transferul de date intre tarile din UE si tarile considerate ca fiind corespunzatoare se poate realiza fara restrictii, daca acest transfer intruneste toate conditiile stipulate in directiva. Tarile considerate pana in prezent corespunzatoare sunt Argentina, Canada si Elvetia. Transferul de date catre Statele Unite se poate face sub mecanismele definite in “Safe Harbor” sau alt mecanism autorizat (acesta deoarece SUA nu are un regim de protectie a datelor unitar).

“Adequate notice” - Un document care notifica o persoana ca ii sunt colectate date personale care o pot idendifica, si descrie scopul acestei colectari precum si orice intentie de folosire ulterioara a acestor informatii, conditiile in care pot fi dezvaluite acele informatii unei terte parti, precum si modalitatea de stocare. Un astfel de document este considerat “adequate” daca informatiile sunt furnizate in circumstante adecvate si pot fi cu usurinta vizualizate de persoanele de la care se colecteaza informatii.

Investors Business Daily, publica un interviu cu David Crocker, (Principal BrandenBurg InternetWorking - autorul a numeroase RFC-uri, implicat in standardizarea emailului inca din anii ‘70), legat de noile standarde propuse spre adoptie:

IBD: Where does the war on spam stand right now?

Crocker: Spam is merely another example of social misbehavior. It’s not likely to go away, and all we can do is bring it down to tolerable levels.

IBD: What’s your solution?

Crocker: You have to create what I call a trust overlay to the existing e-mail system. Existing senders and receivers can continue to use e-mail as before. All we’re doing is adding a mechanism that lets them trust who mail is from and (determine) whether that sender is trustworthy.

IBD: How is trust defined?

Crocker: Trust is based on whether the identification (used in the e-mail) is accurate — if it’s from who it says it’s from. The other requirement is that the person or organization is trustworthy.

IBD: How does it work?

Crocker: It’s a mechanism that requires an organization to attach a domain name to the message in a way that lets the recipient verify it. Domain names are things we use to get to Web pages or receive an e-mail address. It’s a tried-and-true technology that doesn’t require changing the entire e-mail system.

IBD: Why is adding a special domain name important in identifying whether an e-mail message is wanted or not?

Crocker: Existing “reputation” based e-mail screening systems are based on very low-level addressing numbers that say where a server is attached to the Internet, rather than what organization is sending the message. DKIM will identify the sender.

Interviul complet il puteti gasi aici

David afirma ca in prezent reputatia se bazeaza doar pe IP-uri ceea ce este nu foarte adevarat, deoarece unul din serviciile de reputatie a lansat in urma cu ~3 luni primul sistem de monitorizare a reputatiei la nivel de domeniu…nu doar IP. Oricum DKIM nu este singurul mecanism de autentificare care identifica domeniul de trimitere…aceasta se intampla si cu SPF. Ceea ce face in plus DKIM, este faptul ca stabileste o legatura intre organizatia care trimite mesajul si contentul acestuia. Acesta ar face mecanismul mai flexibil decat SPF in cazul forwardarilor.

In plus mai este o idee legata de marcarea emailurilor de la first time sender care nu prea au cum sa fie livrate automat in inbox pentru ca daca nu am comunica niciodata cu cineva…chiar daca am emailurile semnate cu DKIM, nu am nici un fel de reputatie in fata celor carora le trimit emailuri…si atunci ei vor fi nevoiti sa ma verifice..sa-mi verifice reputatia.