Spam Filters Gone Wild

Photo courtesy AJ Cann

We all hate spam–it’s annoying, time-wasting, and sometimes downright offensive. But I’m here to tell you today that the anti-spam software out there often goes overboard, throwing the proverbial baby out with the bath water.

When a spam-prevention system inadvertently flags as spam a legitimate email between you and a potential customer, and silently deletes or archives the message, it can do real damage to your business: losing a potential customer, or hurting your existing relationship between you and a customer or vendor. The worst part of this is, you probably don’t even know it’s happening.

As a travel business owner, there’s two main areas you need to worry about:

  1. Is email I’m sending getting marked as spam, and not making it to my customers and vendors?
  2. Is email my customers and my vendors send to me not getting seen by my staff, because it’s getting marked as spam?

First thing you need to be aware of is a sort-of-new protocol called “SPF”, or Sender Policy Framework. Essentially it’s a way for you to declare, using your DNS records, where your real email servers are. Spammers will sometimes configure their mail server to look like a legitimate domain. The thing to recognize is that YOUR mail server, when it receives mail from somewhere else, can tell what IP address that mail server is. So let’s say a spammer tries to send you an email pretending they’re audits@irs.gov. Your email server can look up the SPF records for irs.gov, which will tell it the IP addresses of the email servers that domain actually uses–and if the sender isn’t in that list, then it’s probably fake.

I say this is a “sort-of-new” protocol because it’s not really all THAT new, it’s just that IT departments seem to be turning on the feature on email servers that check the SPF rules more recently.

And some IT administrators are configuring their email servers in such a way that if your domain doesn’t have SPF records set up at all, then all emails from your domain will be blocked or marked as spam.

Your mission, should you choose to accept it (and you ought to!): add the appropriate SPF records to your DNS. And, if they’re already there…

…with the following testers. In my recent experience, VERY FEW hosting companies know how to set these records up properly.

Resources:

The other thing you need to be aware of is that some of the spam filtering algorithms are pretty aggressive and/or have bugs that cause false positives. As an example, I’ve seen a number of problems with McAfee blacklisting domains, or blocking email from small domains that they don’t recognize. It’s unclear to me what the actual cause is–but the end result is, sometimes your mail won’t go through, and you don’t get a bounceback or other indication that there’s a problem.

Also, it’s important to be aware that oftentimes anti-spam systems will block some emails from a given address but not others. So, you might find that 9 out of 10 emails you send to a specific customer get through, but the 10th does not. You can send it again and again, and still…nothing.

The solution? Well, you’re not going to like this much, but here it is: if an email is important, follow up with a phone call if you don’t hear back. And if you don’t have a phone number for that customer, create a company GMail account and resend from that account with an explanation–in my experience, very little sent from GMail gets blocked.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>