A. Context

In an ever-changing email landscape, the fight against unsolicited messages is at the forefront, and anti-spam efforts are primarily focused on combating malicious activity. Senders of legitimate marketing emails must navigate these waters carefully. They need to think about getting a positive reaction from the recipient (or, failing that, no negative reaction at all), but must also ensure their messages do not look like malicious emails.

An email marketing campaign that correctly differs from a malicious mailing is supposed to be subject only to reputation mechanisms, essentially based on the recipient’s vision. This is why it’s crucial to distinguish your mailings from spammy looking content such as over-aggressive subject lines. But that’s not all. For example, we’ve recently seen two different cases involving online payment tools: One sends out confirmations with “.link” URLs from a domain we didn’t know about before, and with a PDF attached. The other is a bank with its own official domain (e.g. brand.com) in the content but sent from a geographically dedicated domain (e.g. city-brand.com) and with a URL from an external website.

In both cases, this is typical behavior for a malicious sender, and the kind of thing against which an anti-spam filter will be used to protect the recipient as well as the brand itself. If you don’t behave in this way on legitimate e-mails, you’ll not only prevent your messages from being blocked, but you’ll also help filters block those who are trying to imitate you!

=> Each sender has must play their part to fight phishing

It is also really important as a filtering company, to be able to easily distinguish marketing emails from imitation. For example, you’ve probably already heard about “Replay Campaigns”: this is a malicious campaign that, visually, has exactly the same content of an already sent legit email; it also has the same headers in order to maximize imitation. That makes malicious emails like this harder to spot.

With the most well-made replay campaigns, there are only two differences as compared to the legit email: The sending IP and just one link in the content. This means there are only two ways to fight against such threats: authentication standards to detect the wrong IP (sometimes the “From” domain is not the legit one but instead one belonging to the spammer). And, as for the content, the other way to protect recipients and also brands, is to be suspicious about new domains and domains not normally associated with a given brand.

=> That’s why it is really important to know you as a sender and what your sending habits are.

B. Trust fuels the future

This aspect was the motto of the last CSA summit, and there are 3 different facets behind it.

1. The senders must be trusted by its recipients

   The first and most obvious one: The sender is transparent about its identity, that they are comfortable with sharing opt-in information, that it respects recipient’s choices and its intelligence.
   In terms of practices, this could be summed up by these examples:

• • The display name must reflect who is the sender and only that
  • Always use the same From address to help the recipient to add personal rules on it
  • Host a webpage on the From domain to explain who you are and help the recipient to validate the fact that, indeed, s/he has accepted to receive your emails
  • I think I’ve never seen it but why not give the recipient detailed opt-in information such as the actual opt-in date: this is something that the sender must have and provide to recipient if this is requested. So why not show your good faith by taking the initiative to provide this information without even having to send a laborious email? We can also use a link at the bottom of the email…
  • Differentiate between an attractive and aggressive subject: For sure, it is important that the subject leads to the email being opened but if the recipient doesn’t find the expected content in the message, this results in the risk of a spam report.
  • An easy to use and quick unsubscribe option.

2. Filters and Mailbox Providers must know and trust the sender

   Therefore, the sender has some tasks to take care of:

• • A stable Display name and From address & just the needed volume of IPs
  • A stable sending envelope (IP/domain combo)
  • Take responsibility for external ads added in its content (with their own reputation)
  • Limit the number of used domains (from, url, img, …)
  • Limit the risk of spam reports: List-unsubscribe, respect recipient choice, …
  • Maintain good database governance: Collection methods, inactive recipients management, secured forms, etc.
  • Do not use a « declare as spam » link

3. The Email Service Provider, the platform used by the sender, must also be trusted by Filters and Mailbox Providers

   If you as a brand have good practices in place, it is important to work with an Email Service Provider (ESP) whose other clients also apply good practices: otherwise you as the good sender will end up being used by an ESP to request unblocking for all its other clients the bad ones included.
   As we’ve seen, because of the importance of being suspicious of new things, it is important to have a good warmup for your IPs, domains, and addresses.

   There is also something that I don’t understand: why have lots of ESP stopped adding a X-Mailer in their headers to help identify emails sent from their platform? It is fakeable, yes — a spammer can easily add the same one to imitate the ESP. So, naturally, we do not have identification rules based only on that; but the fact is that, for emails sent by the ESP, there is no real impact: with or without the X-Mailer, we can identify the sender. But when it comes from an unknown IP, if there is no X-Mailer, it can be just a new sender, from an unidentified platform. Yet, if it comes from an unknown IP with your X-Mailer, that is suspicious and if it is not the right ESP, we can protect this from imitation!

C. Snowshoe Marketing

This is a subject we’ve worked on for several years with Axelle Allouch from Orange. It was the main cause of spam reports, all kinds of combined emails. What we call a Snowshoe Campaign is an affiliation campaign commissioned by a brand to different players, ending with a large volume of variations and of spam reports.

Concretely, we see the same campaign, sent with different display names, from, subject, contents, etc. and sometimes spread over time. This isn’t necessarily intentional, but it could lead an anti-spam filter to think that they’re different campaigns: It is not the case, because the links, although different, lead to the same page, with the same goal.

=> Same target means same campaign.

Over the past one or two years, we’ve seen 5 or 6 campaigns a week exceeding our client’s threshold with hundreds of variations and more than 10,000 spam reports in just one week.

It is interesting, before taking action, to understand how we ended up with this result.
The fact is that the sender is not necessarily aware that they are contributing to a snowshoe campaign: A brand asks for 1 or more agencies to organize the promotion of something. These agencies work with different database owners who will send the campaign with a different “From”. And at each level, there are some variations in content.

On the filter side as well as on the Mailbox Provider (MBP) level, the only thing we see is the senders.
So, to help senders not to be impacted by other decisions and sendings, we became involved in lots of discussions with different players with two ideas:

• Reduce the number of variations at each level
• And more transparency with the recipient: the display name is only “who sends the email” (the opt-in owner) and the beneficiary brand must be introduced between two brackets at the beginning of the subject.

Thanks to these practices, we have reduced marketing spam reports by 1/3 at Orange!

D. SenderTool

In relation to Vade, now part of the Hornetsecurity Group, the only one way to contact us, as a sender, is via an online tool called SenderTool: https://sendertool.vadesecure.com

Thanks to this tool, your account is connected with some of your IPs and it helps us to confirm who we are exchanging with, an identified requester, in link with the mentioned IPs. This helps ensure we are not sharing information about an IP with the wrong person.

Using this tool, you can also access a page with best practices. Respecting these is a requirement to contact us as the solution to many cases depends on compliance with these practices. Consequently, we don’t analyze a situation if an effort hasn’t been made on the sender’s side to respect these practices.

We also calculate a score on requesters depending on its previous requests, and whether they had been judged as a false positive or not; and, thanks to this score, we prioritize the request treatment. So, it is advisable not to require delisting of things that obviously have to stay blocked.

Also, it’s helpful to give us the maximum amount of detail in your ticket from the outset; for example, don’t say just ‘this is not a spam’, explain the kind of email sent ; don’t say “an account was compromised but we handle it”: provide more details like the address of the account, the period of the compromission, what has been sent… essentially, anything that shows you’ve done the job and the situation is secure.

To conclude, 3 things to keep in mind

• Recipient’s power
  The recipient is the one who will decide to report your email as spam or not.
  Regardless of the laws, it’s the perception each of your recipients has from your messages that builds your reputation.
  Be transparent about who you are, why you’re contacting them, what right you have to do so, and how they can stop it, if desired.

• Help the recipient agree that your mailings are interesting.
  Respect the recipient’s intelligence, avoid misleading content, adapt your marketing pressure, manage your inactive and offer a preference center.

• Help MBP/filters distinguish your mailings from malicious ones.

By following these good practices and avoiding the bad ones, you can improve your email marketing efforts and ensure that your emails reach the intended recipients. Building trust, maintaining transparency, and respecting recipients are key to successful email marketing in today’s digital landscape.