Quantcast
Channel: Terry Zink: Security Talk
Viewing all articles
Browse latest Browse all 243

How we use the Certified Senders Alliance IP reputation list

$
0
0

If you are a subscriber to the good folks at Eco over in Germany, you might have noticed in their regular newsletter that Outlook.com and Office 365 is now a new ISP partner.

What does that mean?

Over here at Outlook.com and Office 365, we have a complicated relationships with good IP reputation lists. Outlook.com currently uses the ReturnPath IP reputation list to reduce filtering, while Office 365 does not yet do it. Office 365 uses the DKIM-domain reputation list to make filtering decisions, yet Outlook.com does not. The reasons for the discrepancy has to do with infrastructure differences between the two services, as the backends are not yet aligned.

Then there’s also the IP reputation lists that are manually maintained when senders escalate to support.

Then there’s also some legacy reputation lists (not necessarily IP-based) that have done more harm than good in Outlook.com. We have IP+domain reputation lists in Office 365 that work pretty well, except when we get a bunch of spam complaints from one or two particular senders on the list out of a total of several hundred or a few thousand good entries.

In my experience, a good sender reputation list usually contains 80% good senders, 19% mostly okay senders, and 1% sketchy senders (that is, generate more than their fair share of spam complaints despite doing the proper opt-in procedures). And that 1% affects the other 99% because that 1% makes us skeptical of the other 99%.

So, in terms of the CSA reputation list, the way we use it (or at least the way I use it) is in response to escalations:

a) I regularly see spam complaints from bulk senders that are on the CSA list, and so I contact the folks at Eco asking them to look into that particular sender. Visibility for reputation list providers is important.

b) I also take the CSA reputation list into consideration when a sender has delivery trouble at Outlook.com; if they are on the list, it means they’ve gone through the steps of trying to be a good sender.

c) And finally, I recommend that one path senders can take if they want to improve their deliverability in general is to join the CSA because it will help with sending email to various places around the Internet, not just Outlook.com, because if you follow those steps then it reduces the chances that you will display behavior that is considered abusive. I’ve referred to various whitelist providers here: A quick overview of Outlook.com (Hotmail) sender support, which include more than CSA.

This doesn’t mean you have pre-emptive accommodation.

But it does mean we understand the importance of good sending behavior; of working with partners to ensure good senders who are trying to do the right thing get a better experience than they otherwise might have had; and providing senders with a path to get into a good state.

That’s not the full scope of how we use good sender reputation lists, but hopefully it gives you a rough overview of our relationship with them.


Viewing all articles
Browse latest Browse all 243

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>