North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Major E-mail Delivery for FTC DNCR Launch

  • From: Sean Donelan
  • Date: Thu Jun 26 03:01:56 2003

On Wed, 25 Jun 2003, Callahan, Richard M, SOLGV wrote:
> Good Afternoon
>      and forgive the new guy if I break any rules or conventions.

The old rule used to be: Thou shalt not be excessively annoying.

Billions of solicited and confirmed mail messages are sent everyday
with few problems.


1. Follow the old conventions.  No HTML, wordwrap at 72 characters,
Mixed Capitalization, clear explanation why this address (some
personalization) received the message. Don't write a novel, don't
fill it with lots of URLs. You should have a random nonce authenticator
for the confirmation.

2. Run it through SpamAssassion.  If SpamAssassion thinks its Spam, it'll
will end up in the junk folder (or trash folder).

3. Make sure everything is reasonable and makes sense to an outsider such
as From addresses (envelope and header), received from headers, in-addr.arpa,
etc.  Cleanup your ARIN and Domain registry records to accurately identify
you.

4. Handle bounces.  If you are sending out millions of messages, expect
some percentage to bounce.  Not handling bounces fills up ISP spools,
annoying ISPs.

5. Remember bounces, failed attempts and non-responses.  Set a reasonable
limit and then require intervention before sending more mail to the same
address (user, and domain to prevent dictionary attacks).  One confirmation
message to an address is good manners, thousands of confirmation messages
is annoying.

6. Working abuse and postmaster adddresses.  Someone will complain.  If
a person asks you to stop sending mail to their address/domain/etc, stop.
You should maintain your own internal list of "do-not-mail" addresses you
never send e-mail too.

7. Make sure your systems don't have any open relays, open proxies,
mailfrom.cgi problems.

8. Consider using "human detection" on the web form to prevent robots from
generating lots of confirmations.  For example, a picture containing a few
random numbers the human must read and type in.  Unfortunately, this
probably violates the Federal ADA rules for web sites.


Expect some joker to try to seed some spamtrap addresses through your
web page.  It will result in some of the more extreme spam blacklisters
listing you as a spammer.  There is probably nothing you can do or say
to change the minds of the most extreme folks.  But most of the others
are reasonable if you can show basic due dilgence.