Don’t be a spammer

Credit to Author: Maria Vergelis| Date: Thu, 20 Dec 2018 20:08:53 +0000

Bulk e-mail doesn’t have to be evil. Sometimes, it’s even a business necessity. How else does one urgently notify all clients about a sudden problem? Or send a conference agenda to all participants? But ever-vigilant spam filters can’t always distinguish a bona fide bulk mailing from spam. Sometimes paranoid filter settings are to blame, but more often, the problem lies in the message itself. This post explains how to send messages that won’t get flagged as spam.

For a message to get through a spam filter, it must meet several criteria. First, it must be technically perfect. Second, its content must be clean. And third, it needs an unblemished reputation. Let’s examine in more detail what this means.

Technical headers

The Multipurpose Internet Mail Extensions (MIME) standard, specified in several linked RFC memoranda (request for comments, which ultimately turns into a de facto standard), describes how to send various types of data (text, executable, graphic, multimedia files) by e-mail. Messages must strictly comply, and in particular, they must include mandatory fields. Those fields being empty or incorrect is bound to trigger a filter.

Various header fields can be replaced — or filled in with random text. But if such fields are changed too frequently, or if their appearance is unusual, it can result in blocking. Other suspicious characteristics include repeatedly changed sender names, addresses such as abc12345@ (which look like they use randomly generated character strings), and discrepancies between the domains of the sender’s address and other headers in the message.

Messages must also contain correct SPF records and DKIM signatures. These technologies make it possible to verify that the sender’s domain is not fake and whether the message really came from it. This approach simplifies dealing with spoofed sender addresses — filters are especially sensitive to spoofing.

Moreover, bulk e-mails should indicate that they are such by using the Precedence:bulk header. Recipients also need to be offered an easy way to unsubscribe by means of the List-Unsubscribe header. The unsubscribe link should be easy to recognize and follow.

In reputable mailing tools, all control headers and technical data generally have default settings.

Formatting and content

Poor layout and lots of unclosed and suspicious HTML tags can also mark a message as spam.

Large blocks of hidden text, changes of font or color in a word or paragraph, and the use of different alphabets in a single word are typical spam indicators that should be avoided. Spammers love to litter their messages to conceal their true size and content, so filters are trained to pay attention to such signs.

No less suspicious are messages that contain many images and little text (or no text at all). If pictures are needed in your bulk e-mail, make sure they display correctly in the browser.

The message subject and body should not use typical phrases of promotional or coercive nature. But it’s a fuzzy area, and there are no specific bans on certain topics or words. It would be advisable, however, to avoid describing something as “very inexpensive” or “available only today exclusively from us.”

Links in messages require special attention. If they point to empty or recently created domains, or to suspicious resources listed in phishing or spam signature databases, the e-blast will be blocked — even if it contains no actual spam, rather the link to the bad domain got in there by accident (for example, when citing partner materials). Always keep a close eye on what resources crop up in your mailings and the reputation of their owners.

Popular URL shorteners and links to cloud storage services are also worth a mention. They can easily conceal a fraudulent or malicious link, so filters view them as suspicious, especially in large numbers.

The same can be said about attachments. If mass e-mails contain documents or archives, they are sure to be scrupulously scanned as possible malware.

Other external factors

The main rule of not spamming is to send messages only to recipients who have given their explicit consent. Subscriptions to newsletters should employ the double opt-in method, and each message must explicitly state when and how the recipient agreed to receive the information. Mailings that rely on databases bought or downloaded from open sources are immediately detected, because such databases usually contain trap addresses to identify unscrupulous mailers.

Make sure you keep your database of recipients up to date. Exclude hard bounces (where the recipient does not exist) and requests for deletion from future blasts. If mailing servers register recurring errors and requests of this type, the probability of blocking will increase.

It is just as important to monitor your own reputation as a sender, which is influenced by the reputation of the IP address and the domain from which mailings are sent. A huge number of IP and domain reputation services can check if a particular resource is blacklisted and supply real feedback from users who received such mailings. They include alexa.com, mywot.com, talosintelligence.com, spamhaus.org, and numerous WHOIS services.

If a mailing is sent through a specialized e-mail service provider (ESP), the ESP usually makes available its domain and IP address, the reputation of which it maintains at a high level. If you use such a service, you don’t need to think about such matters. But if you decide to buy and use an individual IP and domain, the responsibility for keeping their reputation and settings in order will fall to you. Remember that once a reputation is tainted, it is very difficult to regain trust and get removed from blacklists.

To sum up

Mailings tend to get marked as spam because of a combination of the above factors, but some are more critical than others. Small deviations from the standard or one strange address are unlikely to result in blocking. But add in an incorrect SPF record or missing DKIM signature, and the outcome will be a ban.

Always keep in mind that technology never stands still, and companies are constantly developing new methods for protecting e-mail from scammers and annoying spam. AI-driven solutions that deliver verdicts based on analysis of user behavior are now widespread. If a user doesn’t like your mailings and junks them several times in a row, the next time it will probably happen automatically. So when creating content, make it varied and interesting — and not too frequent.

https://blog.kaspersky.com/feed/