Friday, May 27, 2011

Spam and Security: Changes to Pobox Outbound Mail

16 comments
You can use Pobox to send your mail, by setting up your email program to send messages through smtp.pobox.com. If you use smtp.pobox.com, I wanted to make you aware of a recent change.

When you run an email service, you are constantly doing battle against spam. There's the spam that people try to send to Pobox accounts. And then, there's the spam people try to send FROM Pobox accounts.

The Pobox SMTP server has always filtered mail from trial accounts, as spammers and phishers love to try to take advantage of the reputations of legitimate email providers. Of late, though, we've seen an increased number of active, paid Pobox accounts being abused by spammers. (So you don't worry, "increased" here means from a couple a year, to a handful a month. Hardly a rash.) Whether it's caused by a virus getting installed on their computer or a phisher stealing their password, a compromised account can quickly send enough spam to cause a problem.

As such, we have recently changed the policies for mail sent through smtp.pobox.com. All outbound messages are now being checked by Cloudmark, which looks for "signatures" (URLs, phone numbers, email addresses, domain names, unique phrases, etc.) found in messages that have already been reported to them as spam. Accounts that have several messages flagged by Cloudmark in a day have their SMTP privileges automatically suspended.

This change is for your protection, as well as the protection of all customers who send mail from the SMTP server. Even a small number of spam complaints can adversely affect our ability to get the messages you send delivered to your correspondents' Inbox. And the accounts actually compromised by spammers could see their email address's reputation severely maligned.

However, Cloudmark, like all spam filters, is never 100% accurate. If you send a couple of messages misidentified as spam, your account shouldn't be affected. But, if more than a handful of your messages are misidentified as spam, you may see your SMTP privileges temporarily suspended. You'll be notified via email, and copy of the message will be sent to Pobox Customer Service for their review, and we will reinstate accounts that have been incorrectly deactivated.  But, feel free to email us if you think the situation warrants an explanation.

Because this change can cause your SMTP privileges to get suspended, I will take this opportunity to remind you that the SMTP server is never to be used to send bulk messages. If you are CCing enough people, even a single message identified as spam is sufficient to get your SMTP privileges suspended.  If you have a CC list that you regularly send mail (and it's more than a few people), we strongly encourage you to set up a mailing list.

Friday, May 6, 2011

Email Etiquette: on the Subject: of (no subject)

0 comments
In November, Facebook announced Messages, their email-that's-not-email. They specifically touted how it didn't have subjects, CCs or any of the other overhead or required bits of email -- just you, the name of your correspondent, and what you want to say. Yet, when I was surveying the staff for new blog topics, Mark offered this idea:

How about this? The fastest way to get me to ignore your message is to send me an email with no subject... or even worse, Subject: (no subject)!

I can see both sides of the issue. On the one hand, I've sat there with a fully written message, agonizing over a subject line, or just wanted to send someone a link, and ended up with the "I thought you'd find this interesting" subject. On the other, I've gotten an email with no subject, and had a moment of worry about whether I was about to open a virus or spam message.

I also do customer support for our email marketing service, Listbox.com. In email marketing, you would never send a message without a subject. Your subject line is your tiny billboard, your hook, your teaser to get people to open your message. In the same vein, when following up with Mark, he clarified that what he really meant was he would never open a message from a stranger without a Subject. But those are precisely the Subjects that are most difficult to write! If I could convey my entire thought in a line, I would just tweet at you, not email.

I spend a lot of time writing for other people -- email, IM, texting, with customers, business associates, family and friends. You learn to read the cues that other people are sending, and adjust appropriately. But when you send messages out into the void, there's no history to draw on... hence the sweaty-palmed subject agonizing.

How do you feel about Subject: headers? Are you grateful to Facebook for freeing you from their tyranny? Are they a critical part of the email experience for you? Or are you perfectly ok with getting an occasional Subject: (no subject)?