Site logo
Video

Speaker/s name

Raymond Dijkxhoorn

Description

Speaker
Raymond Dijkxhoorn, Co-founder, SURBL

This session is about reputation, how it affects deliverability and how to maintain a good reputation. I'll be talking about the different types of reputation providers and their roles in the email ecosystem, how they work and how to work with them to ensure good reputation. I'll also go over some tips and tricks to maintain a good reputation, as well as discuss the importance of authentication and why it's essential for good deliverability.

Video URL

https://vimeo.com/536572946

Transcript

Andrew Bonar 0:00
credibility. There's also the red set validity and the other certifications, check out the welcome room for that. I'm going to bring Raymond right up on stage with us now live. And have a quick Hello before he starts his actual intro.

Hi, Raymond, I just want to

say thank you for everything that you do for inbox Expo. We always wanted it to be much more than marketing. It's definitely everything email this year. And a huge part of that has to be to do with the support that you gave us from the very start the introductions that you gave me last year, or about 18 months ago, and we'll continue to work on those. And you know, the the Expo is shaping up to be everything that we wanted it to be. And a big, big part of that has to do with your support. And I just want to give you my big, big thanks for everything you've done. And everyone that's listening. Thank you for everything. It's been an amazing Expo so far. It's a fantastic ruber geeky day for the last day. Lots of stuff on demark binny BMC authentication, protecting himself. postmasters and others today. So today is a fantastic day. And I'm really looking forward to this keynote from you stuff. Raymond, I'm going to get off your stage in a second. I will bring up your slide. And I'm really looking forward to hearing about reputational work.

Raymond Dijkxhoorn 1:24
Yeah, thank you. So thanks, Matt, also for the intro. And you, Andrew, I think you and Ellie did a great job. Especially when I see like the changes after the last online conferences and what we do now I think it's not going to be forgotten soon now how this conference is going. And the the whole lineup of speakers is I think, very worthy to spend your days with. So that's a great alternative for the the real life events that we plan to have in. Yeah, very soon. Okay, I'll let you go. Yeah, thank you. So um, thank you all for joining. I'm going to try to do a keynote for you guys. I was really hoping to do this in in Spain. Eventually, the emo expert conference was supposed to be physical events, but I think we're not there yet. But we're trying. So I'm basically I was giving a freebie for any talk I will do which is a great honour and also appreciation of trust. Because Well, I did not even have to share the slides before. So might be funny. What you're going to see now. Um, so basically, if we start up, who am I? And I'm a mum bank, Sean met, you almost got it. Right. I think we have to practice a little bit more. With some beers or something. We'll get it right, Matt, don't worry. I'm very much. I'm living in the Netherlands. So actually, this conference has the perfect timezone for me usually in the middle of the night somewhere in the US or in Canada or in this is actually quite, quite nice for me. I have about 2030 years email experience, email admin experience, so not like sending an email, but maintaining systems makes it also quite different. If you maintain reputation lists, and you actually have been running large scale mail systems for ispf and esbs, then you also understand their pain and needs a little bit better, I think. Um, we started with servo, almost 20 years ago. This year, we basically have our 20 year anniversary. Yeah, for that. So we have quite some experience. There's not a lot that you could tell us what we not have heard before. And we'll get to that later in the slides. Some people think that we started to do this yesterday and come up with the same lame excuses, but well, they tried to get their email delivered. It's all about deliverability I guess. So. cerebral also was the first domain block list. And we now call it a block list. When we started it was called something different that will we'll get to that. Um, so this is basically telling it all right. It's the deliverability summit. It's it's The inbox Expo. This is what you guys send, you send email. So you just click the button that you send and you're done. But then the whole party around it starts like, should I really have send this? Or is it the right audience? Is it the right content. And then we have heard it the last few days is the click through is the open rate fine, is that's basically what you find out after sampling. So it is about deliverability. I agree with that. But it's also about the customer. And sometimes, people forget about that.

If your customer feels, he's not waiting for your new message, then you're targeting the wrong audience. And that that all has to do with the quality of the list, the type of customer that you're serving. Sometimes as an ESP, it might be that you think the customer needs this, when in fact, he's not waiting for it. But that's life, I guess. And it's hard. I mean, I also understand that everybody is trying to make a living one way or the other. And when when we started seeing countries on lockdown, we also knew that changes would would appear in what people were selling, the way they were selling it. And I think after a year, things are a bit more stabilised than it was before. But still, if you're sending an email, you need to think you need to rethink, rethink, again, rethink again, and the time bomb that is in this picture is there for a reason. You can basically build your whole online reputation. And you have been building that for years. But you can basically destroyed with with just one wrong email company. And it goes pretty fast. And it's not only the email campaigns that you should be worried about, like, does this campaign benefit my brand or does it do other things. But there's also an issue that if you are let's say you're using an ESB and there there are plenty of ESB s that are attending this conference. So we all know who the big players are. There's also a possibility that your account, which is with that ESB will be compromised, has been over the years. And if your user base will be targeted with malware, then basically your brand is being destroyed. So be very careful. If you sign up somewhere and you have esbs check if they have two factor authentication sign sounds rather logical. But if if we see the SPS that have been breached, most of them, most of their clients, I must say, did not think about their account ever being breached. But still it happens. It happens more, it happens more than once. And you could also prevent things like that. I think if you take some pre precautions there we have some tips also. So reputation providers. We when we started way back, it was more like an India show. Nobody knew who blacklist providers block list providers nobody know who was behind something. Many, many still use different names than they have in real life. That's not the case with shareable we always have been open. If If you write to servo and you get an email from Raymond's It's me. But there's various reasons that the names are changed in some organisations. So we are not only trying to combat spam from legitimate USPS, or brands or we also have battle against botnets. We battle against cyber criminals. And those guys are not the most friendly. So many of the guys in our scene basically try to just protect ourselves with that. So if you get an email from our friends at spam house, likely Their names are not the guys who are writing to you. But that's, that's good reasons. So it is unfortunately, the world that we're living in and therefore Many of the list providers who also attend sessions here, which I'm really grateful for, it's, it's really good that that you basically understand that all the names that I'm pointing out here and it's this is just a few of them are actually real people, they do real work, they do an amazing job to, to keep your inbox clean, sometimes business wise, as a sender as an ESB, you might not be happy with us. But we don't do random stuff. So there's always a reason, if you have the need to contact us, something happens. And usually it's it's not something that we initiated,

it's, it's something that we encounter we meet, something happens could be a compromised customer, it could be a customer that is basically feeding in the list that should not be fed in can be anything and Nice to meet you. But in a perfect world, you would not need us, right. So there's also and this one I added specifically, a lot of the lists are quite open in in usage and in explanation. You can check the spam the spam cop side and you basically see when, when the listing happens. Same applies for your IBO you can see some things online, Spamhaus has a nice reporting site that you could use. There's also others where it's a little bit harder. Um, for example, if you try to deliver your email stream to Microsoft, and you get like funny messages, you there is ways to find out but for the majority, it will be basically be a black box like something happened, I don't know, I cannot deliver anymore. There's the both master programmes and some other some other programmes to help you out there. But still, it's it's a pain in the ass. And don't be confused that Microsoft is not doing for example, I mean, Microsoft is not the only one. Just as an example. Don't be confused that they are only sourcing data from their own machines. I am pretty sure that's basically all of the big inbox providers also use third party data, including ours, including spam data, including spam cop data. So you will eventually if you get a listing, run into troubles from out, some people don't don't really want to know, like, Okay, I see that I have a listing out, I'll take care of it. And sometimes that process gets speeded up. And I'll get to that later in the presentation because basically, if you get listed it's it's it's the start of your reputation that's going down. And it can go down pretty fast. It's not something that we are proud of, but it's something that we together, ESP senders and operators of the blockless. That's something they can do together. So it's it's a matter of talking to us, I think. Find out what's going on. So it is about reputation management. And it's about your brand. So what is your brand about? Is it about trust? What's your marketing doing to the brand name to the credibility to the popularity? What impression Do you give with your email. So there's, there's much more than just having a writer making an email template, fill it with your latest marketing, blah, and just beam it up. It has to match your brand. People has to be basically excited to open your email. And I know it's hard. Your email, your email, especially the last year, everybody has basically one way to do it. Email has been surging in traffic volumes because it was a great way to basically reach people. But now you have to be the one that stands out. How can you basically make your email different than any other and that's something if you really think about the email, really think about how to build that brand. That basically also tells you that if somebody unsubscribes Soviet, then that's that's basically what that's not your customer, right? It is something that like, if you start to send a lot of email, this thing on the left, at least it's on my left, you have to use a lot. Look into the mirror. What would you think if you would get that email? And, and also, for the blacklist providers, or blacklist providers caught nowadays? So basically, how do they see my company? How do they see my brand? How should my marketing going? And that's something that you basically have to stand still for more than once and not like, Oh, Okay, next Tuesday, my next email run is going so I don't really care what's inside. You should you should really care what's inside.

So this topic this is basically and it's a wink to the ditch day. So today, inbox Expo also has a Dutch day and well, I am Dutch show. At the same time I as I am having this keynote, the judge day is also kicking off. So this is a wink to them. There will be a lot of Dutch sessions also with the Arish list washing machine. This is one of the first washing machines made in Holland ever. So it's it's a nightmare. So list washing this is this is a topic that I have been listening to a couple of the sessions list, washing comes back every now and then like, Yeah, but you should take care of your list, just wash it. And I'm like, if you need to wash your list, then you have some issues in the first place. It's like taking a spearmint. If you have a bad breath, you take a spearmint that lasts like 10 minutes, 30 minutes. If that meant his gum, your breath is not fixed, you have to fix the ventilating issue. And it's the same with list hygiene. If you have a bad list, and you need list washing to basically clean it up, then you have to rethink how did those people get on my list in the first place? And how is there like how do I reengage with them? I personally think list washing should not be needed, you should have something that basically gets your clients excited to get your email and if not, they should unsubscribe. There should not be any list washing involved there. It's it's if you ask me that's it's bad advice. But there's a lot of companies who offer list washing. So I guess there is a market for it. So you, you were basically and I cannot imagine that nobody if you if you are an ESB of if you're a sender that you never heard about blockless providers. So in case you heard about them, please be open to whatever comes next. Because sometimes we get in information requests, like we had some in the last few weeks. And I have to explain a little bit, there is a lot of correct sites going on. Specifically at GoDaddy. It's it is what it is. And basically a lot of sites are compromised being used in botnets those button that's sent out crazy loads of spam and you feed the heck accounts there. The redirect is usually go to Bitcoin sites. So that that's basically been going on for a few weeks already right now. So sometimes we get the listing request in from legitimate company that could be your grocery at at at the corner because while he was not really able to, to update the site properly and Well, we know how it goes he installed WordPress didn't look at it for five years, only pushes weekly ad there and that's it. Sometimes it's smaller sites. Sometimes it's also bigger sites. So to give you a funny example, we got a deletion request from a very, very big Japanese organisation. They were basically listed on the stock market. And they said well, and it was more like a lawyer thing like you have to deal with this. Because we don't spam. We're a fortune 500 company and you need to deal with this because it's damaging. So then we explained to them the damaging part. The damaging part was that their corporate website was hacked. And basically part of that Bitcoin scam. Once we explained it, they didn't even get back to us anymore, they resolved it, but likely they were so a shame that they did not even give feedback anymore. So unless you know that the reason the real reason and not the reason that you think it is just reach out to us and see if that reason you think it is actually is the reason that you're listed. So some of our data is categorised in in sources, we have phishing sites, correct sites, those are just spam. So if you are incorrect,

basically listed as a correct website. And you try to resolve it by Miss watching. But that's not helping, because that's not the real issue. So you are listed. Why should I care? Why should I care? I mean, that's what we hear a lot like, Oh, okay. until something happens. After that listing, they find out Wow, I ended up in Gmail spam box now. Or my domain register, switched off my domain, my complete businesses on offline. And then we basically, we can always resolve that. I mean, people make mistakes. We are not here to judge that we are just basically helping here, people to protect our inbox. That's it. So if that that is resolved, we can also resolve the listings. But people only really, really take care if they see consequences. If there's no consequences, they will still be doing what they will be doing all the time, because well, they do this to make money. So many registries and registers, also taking our data. So we're not only protecting inboxes we're basically also alerting all the registries and registrar's. In fact, I can was basically the overall register, let's go like that. And they operate. All of the TLS are that they do not operate that coordinate all activities. And they also have to have an abuse programme. So that abuse programme also produces a report every year and that report, roughly is based on the data of two providers. It's basically it's terrible and Spamhaus. So if you care about your brand's reputation, really check if you are being listed on one of the bigger workplace. Because if he if you are basically ignoring that, that's basically the start of what well, it's it's it's a tear down for your reputation, I cannot describe it differently. So many registrar's and registries take in the data. And they also do it to suspend domains. So let's say you register a dot info domain. And it's a look alike. You basically say, this is what I'm using for this campaign. And that's also something we'll we'll discuss that later. But that's something we are not really fond of. So if you have a big company, let's say Amazon, Coca Cola, Microsoft, you don't see them using throwaway domains to promote their brand or they work on their brand. That's what they that's what they are they they are the brand. So if you basically start to work on a new email campaign, set it up as your domain. Don't try to do sidesteps with that unless you are promoting to two companies or three companies or four companies. But if you're basically targeting and try to promote your domain, or your company, then that's what you're targeting and not not something else. And again, it's your reputation. So if there's something going on, fix it, and don't leave it around to your boss finds out and says well what the hell happened. It is something that you have to work on overtime. It's it's just it's it's your brand. So be really careful about what we also have seen over the last few years. There has been a lot of consolidation in the market. It's just how the market works. But it also means that if you consolidate tree for big players in the market, you also end up with legacy services, great name legacy services. For me, it's an alternative of we don't maintain this anymore, don't complain. And that's what we also see a lot. where

basically could be anything. So our advice is don't act like a spammer. You are basically protecting your brand, you're building your brand. And then if you ask me, you don't need to throw away domains and we still see that We still see a lot of campaigns going on. They register a bunch and that's not not show snowshoe. It's really like normal campaigns that basically use a few throwaway domains. built your brand, don't don't do that with with throwaway lines.

And again, it's about the brand. It's not about ESB, so customise, if your ESB offers one generate open link tracker, customise that to your own domain. It's about your brand. It's not about ESB, right? So basically, you use the ESB as the platform. But what you do with it, and how people receive your email, it's up to you. And it's also a misunderstanding that, if you change ESB, your deliverability will be quite different. I think it's, it's, it can vary a little bit. But it basically has to do with the content. It has to do with what you are bringing the message. That's the more important part. The ESB is basically the vehicle that delivers it. That's it. And very important, be transparent. If you have some open issues with with a blacklist provider, just tell what happened. We all make mistakes, no problem at all. So a little bit back to serval. What do we do? Where do we get our data from? So you have a little bit of an idea what's inside the mix. So we get our data from registries, law enforcement, in house fam trips, independent security researchers, governmental agencies, we have a lot in the mix. So why do we do this? And why don't we like source it at one place? We have a very big view of what's going on in the world. So we have been part of the spamassassin. community for years, basically, well, 20 years ago, we started. Also with supremacists in project where Dec, we run a lot of public mirrors. So we see if it's Asia, if it's Europe, if it's huge, a Canada, we see all of those traffic's flows, we see them on our name servers. So we already have a good view on what surging and what's not. But you still want to have all of the data. So sometimes they target something in se says you can stop. And well, if we have an ISP there that's helping us that that's helping. So it is about getting the more complete picture there. Data Storage wise, we categorise in fishing Creek sites, malware sites, abuse sites, but we also have a service that's called fresh, and that's something that USPS might be interested in. So basically, if you have a new customer sign up, and that customer says I have no idea this, this domain is three days old, should I take on that customer, and then you might need to rethink either you want to take the money, or you care about your ESP brand and do the oral onboarding a little bit more careful. So that's that's up to you. But it's again, it's your bread. So sharing, sharing is caring. A lot of the list information that basically goes on is also acquired by sharing. And it could even be whitelist data. So for example, with the banking industry, we have agreements that some of the overall banking agencies deliver is a list Windex. And that might sound silly, but I live in the Netherlands. We have a handful of banks here. But if I if I walk, if I'm going to some conference in Southeast Asia and I walk across the street, then sometimes I see the bank that I thought was fishing actually that for the first time because we don't have that bank. So if that bank merges, I have no idea and I love to know from the branch organisations and it's the same with companies that you are serving. If you know about a big merger, let us know so we can whitelist some of the domains. It's not the absolute guarantee. But if you're not informing us, we cannot take action either. And the same for cloud providers, if somebody decides to rebrand or cloud services, it might be useful to basically let us know. The whitelist is not a guarantee again, but a lot of them will be.

This is basically mentioned a mantra for all list providers. Over the last few years, many of the list providers stopped their services. Many have been targeted to DDoS attacks, multiple times, both Spamhaus answer will have been under attack more than once. And if you're doing this on a voluntary base, and you run a service to basically help the community, and you have been DDoS of the net a few times, you just stop, you give up. So we lost already a lot of Lisp providers over the last five, six years. If you're using Lisp providers, most of them are not that expensive, but very useful for your brand. So I'm seeing that our nonprofit just like shareable was for a very long time. We can only do this with funding. That's that's basically how it works. So some some practical jokes that we and many people think that this is like made up, I could open the tickets. All of these lines have been said over the last month. So a lot like something that happened in the past. This is the last month we fixed it. It was an intern that added a bad list. And we fired him. Well, I don't know. Like, if you let your interns handle your most precious good inside your company? I don't know. I would not let the intern handle that. But yeah. And the other one is like, the problem is resolved, please the listeners, and they give no specific answer or pointer of what's being fixed. And they were like, you don't even know what the issue is why we listen to you. But you say it's resolved. And usually it's not, might be a correct side that it's still on the list. But yeah. This one, we heard a lot of people do want our emails, no, they did not opt in. But they can always unsubscribe, and we sell great products. So that's the reason that we spam or educational. Spam, I cannot call it differently if it's unsolicited. That basically says, Well, we have the right to educate people. So this is not you cannot treat this as spam. And then we're like, Sure, okay. Right. Um, think back about your ESB or your brand. And it's basically, for both of them. You have to think about onboarding. Sounds perhaps really silly. But if you care about your esbs reputation, then you should basically care about the customers that you're taking in. If you take in a customer that has been booted off several esbs, you have to wonder, why is my management willing to make money on this because it will damage your reputation. There is there is some things that you can do with the onboarding. And Andrew kindly mentioned EOC in the introduction, the OIC is basically a product that can help you with your onboarding process, it can vet your customer, if you have onboarding issues, or you think onboarding could be better for your company. Have a look at EOC. There's a lot of Intel in there. EOC was founded, and not many people know that. But it was founded by a few of the bigger esbs who said we will help each other. So they also felt bad actors going from one to the other. And so I'm not going to tell a lot more about it that I think it might be worth looking into that. So it is really about onboarding. I think that's where it starts. If you take on a bad customer, he will be bad along the way. It's also about rechecking and we have seen that also that If you have a pretty normal customer, nothing bad with if his account is compromised. Eventually somebody will send out malware phishing campaigns to the list that is a nice list. It was a good list, good customer.

But basically, it's an account takeover. So you should check and recheck and recheck. and recheck, I did I mentioned, recheck, you should reach it. So there should be processes basically, that, say, it's a customer, it's a good customer, but we still will check if not something changed, if he is now logging in from Asia, or China or Russia, and not to say if that's bad, but if he usually logs in from somewhere else, then that might be a pointer that something is going on. So have a close look on what your customers are doing is key here. And it's the same as assembler, take care of your plans, maintain, maintain, maintain, and maintaining again, it's not list washing, maintaining is something you do yourself. So this is basically what my keynote was about. I think timewise it went okay. We might still have some time to answer questions, anything you want to do ask about brockless, or something I said earlier during the slides. Go ahead.

Andrew Bonar 41:30
Raymond, I don't know if you're logged into hopping simultaneously to this, the chat rooms been going off. People were very upset when he lost Sam for a few seconds. Or maybe three, nothing was lost, because you were just talking about the same being lost. So that worked out quite well. There about a minute behind us. There's been a huge amount of feedback also quince waiting backstage to start his presentation. I think, on the most part, there was a lot of feedback from the ESP saying, look, we just want to say thank you, we know what you do. We know why you do it and how you do it. From the compliance department, because Andre zubik bought a whole bunch of them in the chat room, I'm sure a few joining there that they'd love to have a talk. But on the most. It's been Thank you. Thank you. Thank you. Amazon also uses eat Hawk. That's a product I introduced to a number of companies. I know before I left Campaign Monitor, they get on board and did a whole bunch of other parents that select MBA, but I know that they also took out my recommendation of ebook. It's a great product, it's fairly priced in terms of it's very easy to implement a number of stages. So you talked about account breaches, but there's so much more that a small department can do with it. So yeah, that's really, really useful product. And so yeah, I definitely recommend people take a look at that. Who's monitoring and mentoring the answer? Yeah, I think it was just on the most part, a whole bunch of agreement with your comments and stuff. I know it was, I can see just by the people that saying nice, thanks, right. There was a lot of DSPs presence. I'm sure the audience that you're looking to target was was there. I'm just gonna message quince quickly. I'm not keeping this. So I'm just gonna keep a live stream going and I'm going to run Quintin Quinn's actually here, so I want to thank you personally for everything that Savile Spamhaus Bancorp, your IBL, and many of the others that have unfortunately gone the past few years, as you mentioned, they all did stellar work. I know that all of your lists are available on the most part for free for lookups. But if you can be bothered, as a commercial organisation to take a look, there is somewhere the option to pay for a fee probably get for free. But the payment is very reasonable. And yeah, absolutely. I believe DSPs should all be subscribed. But until those lists and making the small payments that you ask for that kind of commercial usage, despite the fact that it is very easily available for free in any case. They need to be supported them without them. We don't have an industry so I'm thank you for you and went up next. So I will. Hey, Quint, you're actually live. Sorry for the delay. There is where I told you, Raymond. Thanks again. And please do join us in the chat room because I think there's lots of people Hello. Thank you, Raymond.

You May Also Be Interested In