Can Anyone from Yahoo Help?

I have a client with a problem getting email to his customers on Yahoo. The users want the email, but it keeps turning up in their Bulk folders, not the Inbox. Most frustrating.

I've walked him through making everything squeaky-clean, but no luck.

Yahoo's "Postmaster" contacts just seem to be a huge black hole. Is there anybody reading this who can offer a clueful contact at Yahoo?

Anyone?
Beuller?

Email Sender Reputation at all, David?

David Berlind sounds like he's sick of talking to hyperbole-fuelled anti-spam vendors. Can't say I blame him.

It is probably true that if everyone in the world ran just one solution, we’d be able to tweak that solution in such a way that we’d finally get a handle on the inbound and outbound problems associated with spam. When everyone has access to the same technology, there’s a name for that. It’s called a standard. There is zero chance of some proprietary solution becoming the defacto antispam solution for the world. But, if only AOL, Google, Microsoft, and Yahoo (the world’s leading e-mail solution/service providers) would get together and decide on what the non-proprietary standards should be and implement them in their systems, it wouldn’t be long before every other e-mail solution provider would have to follow suit (in order for their e-mails to interoperate).

Well, the thing is, in many ways, AOL, Google and Yahoo are doing what he asks (and even Microsoft is making encouraging noises).

The "standard" the industry's heading towards is "true" sender reputation (i.e., not the DNS-IP-blacklists-on-drugs that we have today). Being able to store and share opinions about the "goodness" of an individual sender and/or sender domain would be incredibly useful, but we're not there yet -- mainly because email is to easy to forge. This is where sender authentication comes in.

So the necessary precursor to sender reputaion is to get everyone using DKIM, so we have a strong method of sender authentication (not just the relatively weak-but-easy SPF/SenderID) -- this is where the big three mentioned above is right now (and as I said, Microsoft is making encouraging noises, despite its wedded bliss with SenderID).

For more, see:

• CNET's Error Explaining DKIM
• Locally-Maintained Reputation

Naive Bulk Emailers Howl in Protest

This is Andy Oram: pianist, CPSR member, and O'Reilly book editor. Andy's latest weblog post is a quiet rant about how difficult it is for new bulk email senders to navigate around a twisty maze of spam filters.

For example, he writes:

Just this morning, board members of a non-profit I volunteer for were complaining to me that email to board members gets trapped as spam
...
Ryan Bagueros ... told me lots of promising social networking companies are stymied because the emails they send members and prospective members get trapped by spam filters–especially at the major email hosting sites.

My sympathies. But there are two sides to every story.

On the other hand, some social networks behave idiotically and totally deserve to have their mail eaten.

Case in point: tagged.com, which -- let's be charitable -- was less than transparent in its description of what happens when new users signup.

Actually, no. Let's not be charitable. Let's tell it how it is. Email from Tagged.com is spam. It asks new users for the password to their [Hotmail|Yahoo|AOL|Gmail] account. Then, without warning, it spams all the addresses in their address book.

I carefully went through the signup process, using a test Gmail account. This is not a case of clueless users blindly clicking OK.

While I'm on the subject, a general point about email n00bs.

There's a pervasive naivety about what it takes to successfully send legitimate bulk email. It's not as simple as popping a default install of Sendmail onto a DSL connection someplace and expecting the whole world to be overjoyed that you're sending them mail.

Often, people don't know they need help, blindly assuming it's their "right" to have their email delivered to anyone they choose, regardless of how poorly they send it.

Two examples; there are plenty more:

1. Get your FCrDNS right. Don't know what that is? Look it up in Wikipedia. Still don't understand? You probably need help.
2. Behave correctly when presented with a greylisting tempfail. Don't know what that is? Look it up in Wikipedia. Still don't understand? You probably need help.

As I say, plenty more where those came from...