Spamhaus warns marketers to keep email databases tidy

A failure to remove bad email addresses has resulted in unintended blocks by Spamhaus

Spamhaus is warning marketers to keep their databases cleansed of bad email addresses lest their messages be mistaken for spam and blocked.

The U.K.-based spam-fighting organization had taken some heat for blocking so-called "transactional" email messages, or messages a retailer sends after asking a consumer if they want to receive a purchase receipt by email. The practice allows retailers to grow their email marketing databases.

But the problem is the email address is often incorrectly typed in. And if a retailer begins to send other messages to the address -- especially if an address is invalid -- it can start to look like spam.

Spamhaus publishes data that is used by email service providers to block IP addresses that have been known to deliver malware or spam. In December, Spamhaus blocked some email from major retailers such as the Gap and Gilt, according to Ken Magill, who edits an industry marketing newsletter.

The issue isn't so much a one-off receipt that goes to an invalid email address or a typo that causes the email to go to an unintended recipient. What sets off red flags is when a marketer continues to send email, even when they receive a "bounce," or a notification that the email address didn't accept the message, wrote Denny Watson of Spamhaus.

"If the email stream is persistent over time, especially high volume, and drifts outside the relationship of individual transactions, we may find these messages a problem," Watson wrote.

Overall, those kind of messages waste mail server resources as well as annoying third-party recipients, he wrote.

"The ongoing flow of presumably unintended bulk email from unattended mail systems operated by well intentioned but careless senders is unsolicited bulk email (spam)," Watson wrote.

Being blacklisted by Spamhaus can negatively affect marketers, wrote Chris Kolbenschlag, the director of deliverability at Bronto, a company that develops software for email and social media campaigns. One way around the problem is to send recipients an email asking to validate their email address and grant permission for future messages.

Email addresses that do not return those messages should then be removed from databases, though Kolbenschlag acknowledged the practice isn't popular. But in the end, marketers can then remove potentially incorrect addresses and keep themselves off blacklists, he wrote.

"This method can be very controversial since it traditionally creates low opt-in rates, but I would argue it's actually more beneficial for several reasons," Kolbenschlag wrote.

Watson of Spamhaus wrote that the organization did tweak its systems around the holidays last year, which resulted in some of the blocking. But the adjustments only brought to light ongoing spam issues and "do not create those spam problems," he wrote.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags Spamhaussecurity

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place