Site logo
Video

Speaker/s name

Tobias Knecht & Matthew Stith

Description

Managing a SaaS platform or Enterprise operations online reputation is vital, the mitigation of abuse of infrastructure is vital.

Speakers
Matthew Stith, Industry Liaison, Spamhaus

Tobias Knecht, CEO, Abusix, Inc

Skip Fidura, MC

Video URL

https://vimeo.com/536521915

Transcript

Skip Fidura 11:09
Good afternoon and welcome back everyone for a one o'clock session. We have got with us a great, a great duo here. We've got with us, Tobias Knecht, founder and CEO of abusix. And we've got with us, Matthew Stith as well. So a little bit about the two gentlemen, we have joining us. Tobias has over 20 years in the security industry. And as I said, He's founder of abusix is a thought leader and the main driver of several issues that help the industry to keep the internet safe. Frankly, Tobias is co chair of the anti abuse Working Group at ripe and shares several initiatives in various organisations. The company founded abusix is a network a network security company that offers email and network security or network abuse handling solutions to ISP, telcos, cloud hosting providers and enterprises. The rapidly growing problem of email, email borne threats, and other kinds of network abuse and also joining us really excited I just learned a fellow Virginian Matthew Smith is in Indiana now we won't hold that against him. But you know, a fellow Virginian anyway, from spam now Spamhaus, as we all know is currently protect over 3 billion mailboxes globally. Matt is joining us from spam house, and his passion is focused on anti abuse. Having worked as part of an anti abuse team for many years, Matt now works as spam houses industry liaison with he's got to be a very fascinating job. I think we'll get into later, working together with the broader community to make the internet a safer place and email a better medium. Gentlemen, over to you.

Tobias Knecht 13:07
Matt, I love you, or

Matthew Stith 13:09
All right, welcome. Well, just making sure that everything has been moved over. Yeah. How are you doing today, Tobias? Good. How

Tobias Knecht 13:15
are you? Good. Good. And perfect. So let's get us going.

Matthew Stith 13:20
All right, so Well, today we're going to be talking about mitigating abuse. And of course, you know, it's such a wide subject that, you know, we decided to have a few things well, here's here's our pictures. And of course, you can see it's on camera anyways. But we wanted to see if, if the audience would want to make a choice on what type of way of protecting your reputation Do you want to you want to talk about, and I'm not sure if we can see all of the comments coming in from the, from the group. But I just wanted to see if that's something that we could do, and have the have the audience make a decision. We'll just wait, wait a second here. But more or less, we're just looking at these three topics here, looking at proactive measures, mitigating the damage to your reputation, or maintaining your reputation. So I'm looking for where comments would be Tobias, can you see comments on the screen?

Tobias Knecht 14:15
I don't know. I don't see comments so far.

Matthew Stith 14:20
Okay, well, we'll just wait a second here. So all right, I guess that we're not able to really see anything right now. And I just want to be able to push forward so not sitting here just waiting for things to happen. So we're actually already looking at the possibility of just doing mitigating abuse. So that's what we're going to talk about here is mitigating damage to your reputation, what what you can do to, to put in place to mitigate that reputation. And with that, we're gonna go and go ahead and shoot over to Toby. And you know, how about how about you just think the first thing off mind when talking about mitigating damage, what would be the first thing that you would really look at?

Tobias Knecht 15:06
That's a very good, very good point. Thank you. So looking at looking at abuse, it always depends a little bit about what type of company you are. Every company has their own priorities about abuse, if you're an email sender, and you're mainly only sending email, of course, you don't want to, you know, you don't want to send to addresses that you shouldn't send to, you want to make sure that your lists are clean. If your hosting company, you want to make sure that you have that you, you know, keep your web space clean that nobody is more or less misusing your servers. If you're an ISP, or broadband provider, or mobile, or in any of the other categories, you want to make sure that your customers are in a secure space. So depending on what you as a company are, and maybe you have a mixture of different products, maybe you your hosting company, and you're operating a big male platform, or you're operating a big male platform, when you have mobile on top, the first thing that you need to do is to figure out what are your priorities, where's the point that you have pains that you want to start that you want to start looking at, to make sure, first of all, because you need also buy in from your management. And if you can, if you can fix those things that are proposing the biggest pains for you, and the biggest problems for you, that is usually a good way to start thinking about this whole topic from an abuse perspective. And then from that point of perspective, once you have been, once you have found the right, the right priorities, and you are you know what you're looking for, then the first thing absolutely is, have a look at your abuse at mailbox, if you don't have one, of course on the view, do not have all those things published or published in the right in the right places like the Whois database, if you own IPS, and so on, and so forth, this is the basics that you need to get up and running. But then the first thing is really to look at external, external reports that you're receiving, that you're receiving and look at those reports, including and putting the priority that you came up with first, and then started working them at the very beginning, if you're really, really starting from scratch, this is really something that you can start doing manually to a certain extent, depending on the volume that you're receiving.

Matthew Stith 17:31
So yeah, excellent. So So, you know, I did see that some of the, some of the things that were coming in was more around proactive measures. And, of course, you know, what Tobias was talking about is about laying that groundwork, you know, what, what I could talk about here around those proactive measures would be, you know, protecting that gate coming into your, into your network. So this is looking at things like making sure that you put in place a proper proper training regimen. And what I mean by that is not just training your abuse desk, when you're, when you're part of an abuse desk, you're actually responsible for, in some ways, training the entire organisation. So you know, you're going to be you should be making the time and making the effort to be able to put together things for training for your sales people. So they're not selling just to just to gain a gain a commission on something, they're actually trying to bring a useful user onto your network. So they're not only going to be better at what they do, but they're also going to make your network better as well, by bringing more you know, more vetted better, better vetted people on same thing would go with with, like, your support, you know, one thing that you have to worry about with support is a lot of the times they're just gonna say yes to everything. You have to let them understand that sometimes it's okay to say no. And really, that's arming them with things like, like understanding the nuances of your acceptable use policy, and making sure that they're not just saying yes to certain things that are absolutely a No, no. And it also goes into your marketing teams, make sure that your marketing marketing teams understand that, you know, they can't just send to everybody on the internet or send to every single contact that they've ever created. They need to understand that they need to be targeted, and they need to understand that the messages that they're sending to people are things that they want. And that's really, you know, one thing that I really learned about about working with a marketing department was they they didn't realise some of the damage that could be done by certain things. There was one point where I had a marketing department that that sent to a extremely old list more or less. It was everything. Contact that we had had in the past like seven years, including people that had opted out, for some reason they had the entire list, I'm not going to go into how they had the entire list. But you know, they somebody who was very low level, ended up sending this campaign. And it's because they didn't have anything in place around around permissions around who can send around what, you know what people could send. So we decided to scale that back and let people understand that, you know, you need to go through some type of approval process, make sure people understand your what, what's what, and it's that that's like a proactive way of not making yourself seem as as abusive. And then, you know, another thing after we're done talking about training and everything, as I said, it's from your sea levels all the way down to your your tier one support, you need to train all of those people. And of course, you set up advocates and each of those organisations that will be able to carry on some of the training that you do. So you're not sitting there training the entire organisation every single day, because you couldn't stop much abuse that way. But, you know, another piece that you're talking about training would be something like anti fraud. In Tobias, could you talk a little bit about like some anti fraud things that people could put onto their networks?

Tobias Knecht 21:21
Yes, of course. So the one of the first things when we're talking about anti fraud, always protect the gate, I think that is very, very protecting the gate is very, very important. You have to make sure that you're not getting customers in, especially in in specific hosting environments, that you make sure that customers only come in that are real customers that want to use the service that want to use your service, on the acceptable use policy that you have put out. And they're not trying to kind of, you know, login with or sign up with stolen credit card credentials and trying to fool you and use your infrastructure for maybe a day or two, or maybe in the worst case, even a week or two a month. Depending on how fast you can mitigate those things. So finding those fraud pieces is very ordered those fraudulent users is very, very important than the same as the same is true for email senders, you know, what Matt said, especially with sales, you don't want to have sales, just close the deal for the commission sake, you want to have, you want to make sure that the customer that you onboard, with a good onboarding process, you want to make sure that everything is is in line, and you want to see where red flags are showing up, and you want to make sure that that you are taking care about those. But on the other side when we're talking about fraud. So you know, of course, if a credit card balances, that is usually a sign that something is a little bit weird, at least if it's if it bounces a few few times after another, or maybe certain people in certain regions that are known

for for, you know those type of signups or services or VPN, and so on and so forth. But even more important, as well. And this is exactly where abuse, and abuse mitigation and abuse automation comes in place, the more and the better you do your job and abuse. And the more you and the faster you get, the more you'll learn. So as an example, if somebody slips through to your system, and gets an account and starts misusing your infrastructure, and you're receiving complaints about those accounts, and you're making sure that those accounts can be taken offline, at a very, very fast pace that does two things. First of all, it will tell you, and we'll show you what mechanisms the bad people use to get into your system. And so you can adjust and get better at the fraudulent from a fraudulent security perspective, letting people into your environment. But then the second point is, the faster you're being able to handle abuse, the more unlikely it is for the bad guys to come back. If you can, if you can shut down abusive behaviour within your network in a very, very short time period, the efforts to get into your system, if it's high enough, is not worth to, you know, be able to use a machine for half an hour or maybe for 10 minutes or maybe for an hour or even maybe for half a day. So there's there's resources that the bad guys have to bring up. They have to get into your system, they have to use fake credit cards, they have to do all and go through all those loops. And if you're done being able to shut them down really, really fast, the effort just is not worth and we have seen that in the past and in a lot of companies that when they started really working with abuse mitigation and also using that learnings from the abuse automation processes and putting them into into the fraud part and making sure that they have control over who's signing up for their service that that really reduced the amount of abuse. And it also extremely reduced the amount of fraudulent signups within within the company. And so I think those are those are really two things that go hand in hand apart from, you know, spending, spending huge amounts of money for anti fraud systems. There's enough out there at the moment that if you're going to start up, and you want to start doing a better job, just to test to make sure that those type of things are usually are usually not happening. So yeah, I think I think fraud and abuse go hand in hand and maybe adding one one point on what, what Matt said before, this is not a trend. So we're seeing this, you know, this is known for a very long time. And we have seen fraudulent account creations we have seen people misusing and abusing infrastructure. And so this whole thing is the learnings of those things need to go through the whole of the company. So security is not a hype, or it's not something that you know, only the security dudes sitting in the basement are taking care about security and abuse, handling and fraud is something that needs to go through the whole that whole company and everybody needs to sign on for those type of things. And I think Matt Mehta in his past had had or has experience, and does the jobs before for expats up before Spamhaus ad rec space that way around, so do you have a little bit insights on how you were able to get that buy in from other people within the company for those abuse and fraud mitigation techniques, and how you can get people on board

Matthew Stith 26:46
with great difficulty. So I mean, you know, more or less it was, you have to, you have to make the case over and over again, constantly. Because, you know, first of all leadership and managers and whatnot, they don't stay in place. And really a lot of things that it had to boil down to where things like when you're talking about fraud, so we had an anti fraud team in place, that, you know, they weren't properly equipped. And more or less, the one thing that I started working on the width was what I like to call unrealized revenue. And whenever, whenever you're able to bring money in the equation, everybody's, you know, pops up hope, look money, we're talking about money. Now, in this thing, what I was calling was was unrealized revenue. So essentially, we would have these accounts that they would spin up hundreds of servers. And then what you ended up doing is you terminate the server, but what you would see from that is you would see the amount of uses that they made, the amount of servers that they had, the amount of time that they use, the bandwidth that they use. So I mean, all of this, in the grand scheme of things wasn't very significant. But you did have some of these accounts, that would have been, you know, $100,000 of, of payment that wasn't being put into place, that somebody else could have been using your network to be able to use those network resources. And we were at one point with, with the fraud problem that we were having, in this, this was probably about six, seven years ago, that, that it got to the point where it was somewhere around almost a million dollars a month of this, what I was calling unrealized revenue. And when you were able to show this to people, it really turned on the light bulb for them. And oh, hey, you know, while you're while we're not worrying about you know, certain things, I was trying to let them understand that there is a cost behind this stuff. Because you know, you in some cases, you had a fraud account that they signed up with a good credit card at the time. But then, immediately after they come on, they change the credit card to another credit card, because the credit card that they used was was shut down because it was detected as fraud. So they moved to another credit card, and then they moved to another one and another one, another one. And that was one thing that you can track in your system, how often somebody changes the information on their account. So it was able to point out certain things like this. And, you know, one thing that I tried to emphasise with people was, you need to understand, this is what normal looks like anything that's outside of that normal. Of course, you can use a couple standard deviations or whatever, because everybody does everything different. But you can all you can really figure out where normal is. And that's how I was kind of able to get more buy in for people because you're able to say, well, we're talking about like, you know, maybe a couple percentage points of problem people that that you need to address and it's really just helping people understand that then you get advocates throughout your support teams throughout your accounts receivable. And people will start sending you things saying, Hey, I think this account looks shady. And you know, that's that's a perfect thing for, for an anti abuse team to be able to have people bring things to you to say, Hey, could you take a look at this, there may be something a little wrong here. And you know, we were able to get this, this buy in from everything from accounts receivable to sales, sales, bringing you on to sales calls, is both frightening. And also very gratifying because you're able to actually communicate with people before they come on the network and setting those expectations. And it only strengthens who your team is going to be and the buy in that you're going to get. Because you know, once once you start letting people understand that you're not really that cost centre that everybody thinks that abuse desk is, it makes it that much more gratifying and more helpful to the entire team of everybody from sales to support to marketing, etc. And, you know, once you get those stories in place, you really get the C level buy in as well, because they see all of the positive changes that are happening, because of the things that you're doing. It's not necessarily costing them, you know, hundreds of 1000s of dollars. But it's you know, it's helping them understand that you're here, you're helping draw all pieces of the organisation, not just stopping abuse, you're actually trying to help customers come along, but you're trying to set up the right expectations for them. And, you know, that's, you know, it's it's something that you can do, but only as an individual, as individuals or as a team, there's only so much you can do. And you know, there's something that that that needs to be said a little bit more about automation. And, you know, since Toby has done a lot with automation, you know, that's something that I wanted to see if you could provide a little bit more detail on, Toby.

Tobias Knecht 31:59
Sure, absolutely. So automation and abuse handling is in our opinion, very, very important. Because at the end of the day, this is the same on we're comparing this really with security. And I always use that, that idea of if you're working in a big bank, as a security analyst, and you see a big breach going on, you're not going to go for lunch or for dinner first and then you know, go into a meeting and then you have another meeting and then you maybe take a look at that. So security always is a topic that needs to be taken care of about as fast as possible, you always need to be upfront on it, you can let stuff sit around. And so as a as a funny story from a long, long time ago, when I was working at United internet or one on one in Germany as an abuse manager, we always joked that the the bad guys knew better when we were going for, or when we left the office on a Friday afternoon than we ourselves. So we could take care about everything from you know, Monday to Friday, eight o'clock in the morning to five or six or 7pm in the afternoon. And at 730 or 830, the bad guys started pulling the triggers and starting to, you know, to start spamming, and in the worst case, you came back to the office at eight o'clock in the morning next day, and you know, you were sitting in front of the mess, and you had to fix it. But then it always was too late, because that's almost more or less, more than 12 hours that the bad guys had to take care about it. So the idea of automation is not necessarily only born from the perspective of Yeah, we'd have to handle it fast, but we'd have to do it continuously. And we have to be able to have abuse, abuse mitigation, up and running also on the weekends. And in a lot of companies depending on how big these companies are, you just cannot afford a 20 473 65 coverage of an abuse desk because that means you need to have a tonne of people. And so comparing that with the type of work that you have to do when we're talking about spam, and just to put that in relation Spam is one of the of the least. And don't get me wrong, but it's one of the least important mitigation pieces. If we're comparing it to really real attacks, or if we're even going into the dark and very, very dark areas of terrorist content or child exploitation or those type of things. So Spam is rot or, you know, it's it's Roger, annoyance, more than a really huge, huge, huge problem. So looking at those things that the that you have an overwhelming amount of spam reports and an overwhelming amount of those type of reports that are not really

that are not really super important compared to others, and then you can start automating those. So an automation means I give a very simple answer. Usually is, if you see that a customer has a problem, and you can automatically send him an email. So let's say you get 10 spam reports from five different sources about a certain IP that is owned by a certain customer. And you send this customer an email, and you say, Hey, we don't know exactly what's going wrong. But something is weird, we received spam complaints, you might want to start doing this. And you might want to look at that. And you might want to do this. And then, depending on how fast you can get that to the customer, or on how what type of customers you have, what we've seen is that over 40 to 50% of customers at that point in time will be able to fix their problem themselves. And they can fix their problem themselves. For two reasons. The first one is, you'll give them immediate information about something that that has maybe started but is not really has not really imploded. And the second one is, if you give that information really fast, the person might know that they installed a weird plugin early morning on their WordPress website, or they might still know that they did something, you know, downloaded an email or clicked on something on an email and something went wrong. You don't know that if you receive notification 10 days after. So if the faster you can get that information out to your customers, the better it is. And on top of all that it's also just good service. Don't wait until you know everything has blown up and then lock the customer down. Because the problem is already really really harming your infrastructure or harming your reputation. Be also a little bit proactive with that, talk to your customers. And also not only try to get your C levels and your whole company, buy in for this type of topic. also put your customers into that into that area and say, Look, we're trying to help you we're trying to keep you safe. And so being able to automate those, being able to automate, automate, these may be sometimes mundane tasks, you know, looking at 150,000 spam reports a day, you don't want to do this manually. There's tools that can automate this cluster aggregate find out which is the customer automatically send the customer an email, create a ticket in your ticketing system. So maybe you even want to call the customer up depending on what type of customer it is. And this is something that can happen 20 473 65 and that will enable you and your abuse team also to then start taking care about the real important things. And those type of things are, you know, child exploitation, terrorist content, the really nasty stuff that's out there, or maybe also put a little bit time and effort into research, and maybe figuring out how something is wrong with our product, maybe, you know, how often have we seen that, that hosting companies gave you default images for Linux images for their VPS is one quarter root servers and the newest version had a flaw and somebody was able to very simply to break in and take over the machine and once the bad guys noticed they will go in your network and they will do everything to get all the machines that they can. So being also proactive in that perspective to take care about all the mundane tasks and then and then make sure that you can be a partner within the company for other departments like product and like security and like support to help mitigate those things is really really important. So not only automating is not only for the automation sake because we're lazy tech people and we can automate so we will it has also deeper impact on what you can do and how you can establish your use desk within the company.

Matthew Stith 38:51
Yeah, absolutely and you know I can I can speak to a lot of those points that are made and you know, a lot of it goes towards when you're talking about the automation there there were some times where people just didn't think that I slept because I was responding to people you know that 11 to eight times because you know more or less it was before we had as more as much automation as I wanted in place. And you know you're that's a that's the thing that you know, you do have to end up fighting for it. Because you know, most of the time abuse test folks are not developers. So we're not going to be developing all sorts of fancy things the best that you know the best thing that I could do is write some simple Python and some bash scripts but you know that's that's really it. You know when it when it comes down to the you know, the full automation stuff, you really sell it as a you know, this makes sure that we're going to be able to stop things when you know I kind of like to sleep at night type of stuff. And it just it helps you out that way in that you're able to wake up in the morning see Ah, we stopped this. This this In this, and now Now we can go and work with the customer to remediate. In your, that's, that's also a very important part is when you're doing this remediation with the customer is talking with them about what the problem was, and trying to give them as much information as you possibly can so they can solve the problem and also stop it from happening again. And if you're lucky enough to have a, you know, a dedicated security team that can help them mitigate things and put things in place. You know, that's, that's also another, you know, another decent thing to do. And you know, when when you're talking with customers, one thing that you want one theme that happens quite often over and over and over and over again, is, well, I got compromised, because I didn't update my stuff. And you know, that leads to this, the next point in the way that you can be more proactive, is just updating everything all the time, as much as you can. And, you know, this, this also goes into research, which you're using as well. And when we're talking about things, of course, I'm going to talk about something like WordPress, and WordPress, in and of itself is, you know, it's a great product, it's great tool, but, you know, the fact that it's so easy to use, it's also so easy to exploit. And you know, the the things that you can do here to make yourself better protected, make your customers and your employees better protected, is looking at things like where am I downloading this plugin from? Where am I downloading this theme from, when was the last time that it was updated? Is it actively in development, you know, these are questions that people should understand think about when they're, they're putting things onto their systems. Because it makes sure that you're able to track you know, and make sure that you're as as secure as you are, it can be, you know, it doesn't make doesn't make everything 100% foolproof, but we're talking about being proactive here. So you know, just be cognizant of that type of stuff, you'll update everything all the time. And, you know, the the other piece here is to look inward when you can, you know, we've talked about protecting the gate, and we've talked about doing certain things to to mitigate the problems. There are some times where and this is where automation does come in. And I know that we've talked about it automation a lot today. Because it's important, it's it's the only way that you're able to scale things because people don't scale. You know, unless you're able to hire hundreds of abuse desk people. But I don't think that there's anybody out there that's willing to do that. But you know, looking inward, seeing the threats that are potential to happen. And this is looking at, you know, customer control panels, that you're able to monitor authentication for email addresses for your corporate stuff, monitoring that, making sure that it's not logging, you know, you everybody lives in, in, in the UK for your company, and suddenly they're logging in from Australia, then they're logging in from New York, and then they're logging in from somewhere in China.

That's, you know, that that's an indicator that you can look at to be like, there's something possibly going wrong with this account. It's something that at Rackspace, we call the Santa Claus rule. And it's something that we put in place to mitigate accounts that had gotten that have gotten compromised. And more or less say, okay, there's no reason that anybody should be jumping all over creation, like they are. Usually, you know, for the most part, we're logging in for one point, most of the time, you know, yes, there are certain people that travel but, you know, nobody's gonna do it in such a quick manner, unless there's actually something that is an issue. So you know, that that is another thing to consider, you know, looking work. Also keep your stuff up to date, I can't I every single time I'm doing a presentation talking about proactive or mitigating or maintaining reputation, it's always talking about updating stuff. Because it's such a it's a simple task, but it's not an easy task at the same time. So you know, it's, it's just a thing to be aware of that, you know, make sure that you're paying attention to that type of stuff. So and one thing that I did want to note here is we are going to do a little bit of a q&a, probably right after two vices next thought here. So please, please prepare up your questions while while we get get going with this last topic. So Tobias, what's one last thing you want to wrap up with before we start talking with people?

Tobias Knecht 44:43
I think one one of the major things is that when we're looking at we know that ourselves because we have been working in abuse desks, and we have been in exactly those shoes and I remember when I was working in an abuse desk a long, long time ago, and we were looking for tooling and what can be done There was not a lot out there. So, you know, there was not a lot of tools, there was not a lot of help. There's not a lot of documentation in these type of things. There's still a lack of documentation today. But there's two things that I think that are really, really important is the first one is if you're if you're into shoes, and build an abuse desk, or to run an abuse desk, or maybe you already running them use this for the last six 710 years, I think it's time for you guys to get a little bit bold about what you can, what you can ask your company on in providing to you. Although, you know, you're maybe a cost centre on one hand. But we see that a lot of times that people are trying to build their own abuse tooling, their own abuse mitigation software internally, and your C level would not accept that for CRM solution, they would not accept that for a bookkeeping solution, they would also not accept that usually for ticketing system for customers, customer care. So usually those companies go with, with existing solutions, because some people have may have had a thought about those type of things. And depending on how big you are, how small you are, there's different solutions out there in the market, that can be a fit for you. And I think, becoming a little bit emboldened in that regard. Because you can usually show that this is something that will save the save money for the company, and will make the company put the company in a better situation a bit better posture, and will not impact reputation. And because there is not enough out there. That's why Matt and I were doing talks like this so we can talk about and so we can help you to be part of the community. In here. There's other organisations like Mark or like the rape, anti abuse Working Group, which runs a mailing list. So I think one of the steps that is really, really important is to also be active in the community and talk to people and reach out to people like Matt or like me, or other people that run abuses, and learn from what they have done so far. And just use their experience, because there's a lot of stones and a lot of stumbled stones in the way that you can, that you can or that can make your life hard. And, you know, we all like not having the hardest life. So learning is a good thing. But you don't have to learn by pain, sometimes learning by somebody else that has had pain in the past, this may be a good thing. So become active, come to talks like this, right? mogh other organisations out there, that's really, really, really super important.

Matthew Stith 47:36
Yeah, it always helps when you're able to learn as much as you possibly can, and then bring that back to your company. You know, you have some managers out there that they love statistics, they love graphs. And if you could be like, well, I went to this, this presentation. And they talked about this, this, this and this. And you know, of course, we don't have any graphs or pretty things today, it's just us ugly mugs sitting here talking at you. But you know, for the most part, you're when you when you attend things like this, you're able to get that additional information, you're able to share, and you know that that will give you the best ammo that you can, because then you can say, well, blah, blah, blah, companies doing this and their abuse dropped like just it helps you move forward. So you know, with all that I would like to invite skip back to the stage, because we're going to do a little bit of q&a, and you can fire some questions over. So skip over to you,

Tobias Knecht 48:33
I'm really not sure I want to be back on the stage. He gets scared to death. Also, I clearly need to up my beard game. So yeah, we do have a question in from one of the audience members. I do this kind of hosting thing a lot. And sometimes I really don't know anything about the topic. And I thought oh, this today will be pretty straightforward. I know lots about email. And and this question will show just how little I do know. So I'm just gonna read it verbatim instead of trying to translate it. But it's about domain reputation demark with SPF and Deacon full alignment, the return path becomes the customer's domain and not you're already an estimate. How do you keep that domain reputation intact? Or is IP reputation good enough for this? Our good domain says no the question and then a comment are a good domain reputation has helped our customers quite a bit. So sounds like it's coming from a service provider.

Matthew Stith 49:34
Okay, I'll start off and alert device finish off so both domain and IP and IP reputation are important. And when you think about things like like authentication so when you're talking about your your de marcha de Cannes, your babies your SPF so we can keep on going down the rabbit hole of acronyms that we're trying to add on to the mailstream but you know more or less when it comes down to is, when you're thinking about authentication and stuff and things aligning. When it comes to, you know, people that are monitoring things like abuse, that is a, those types of things are a signal of positive reputation. It's not necessarily going to make make you impervious to getting blocked anywhere. But it is something that's good to have in place. And you know, when you're talking about alignment, you know, when you have a different return on things, it's making sure that, that when, when you're, when you're putting it, putting your stuff in place, making sure that like your SPF aligns up with that domain. So if you have like you're using a subdomain, and then in your return path, it's the root domain, making sure that all of the SPF is in there to align up will help with that, with that alignment issue. And it will let somebody kind of understand that, okay, this is all put together and glued together to the width that needs to be same goes with different domains, as long as you're able to try and make everything look as good as as aligned as it can down the line. Especially at the bottom there when you're talking about SPF, because I'd say that's probably your your entry level type of authentication. It's not widely, really enforced by anybody, but it's just one of those things where up, you've got an SPF record, it's just one of those checkboxes. So you know, yes, they're both very important. And, you know, just make sure that, you know, that's that's another thing that we didn't really get to talk about is monitoring that reputation. And there's a bunch of things out there, you can use block lists, you can use Telos validity has centre score, which is, you know, the thing that you can use. So there's a bunch of sources out there to be able to monitor that reputation as well. Toby, you got a couple thoughts on that? Yeah, I

Tobias Knecht 51:48
think one of the things that are the things that you said were in line, the, one of the other things is maybe IP reputation and domain reputation, you have to look at them both, you can combine them, but you also in certain cases have to look at them from a separate perspective. Depending on where you're sending email from when we're talking about email in this regard, you know, you might not have control over the IP addresses that you get, if you you know, host your stuff at AWS or Google and you spin up machines and get new machines up, then sometimes you just do not have control of what had happened with these IPS before, then I then of course, in this regard, domain reputation becomes more important, I think, for hosting company, IP reputation is king, we don't, you know, it really depends, as I said at the very beginning on what type of company and what type of organisation you are. But generally, both both are really, really important to look at separately. And also, as Matt said, check, check for your reputation, do it constantly, not once a quarter better once a day, or maybe once a week, but you know, keep keep looking. So you learn as soon as possible that something is going wrong, because that's the time when you can fix it usually simply other than, you know, wait a week or two and then it gets some big mess. And you know, that's that's usually Yeah, be fast in this regard as well.

Skip Fidura 53:13
Great, great tips there, fellas, we've got just a few minutes left couple minutes. At this point. I want to take a step back. Actually, we just got a question in which is kind of where I was heading. So I'll go with that question. This one comes from Brad we we've got a small business SAS email platform with a very manual process today for employees, screening clients signing up, looking at email creative taking, taking the businesses word on lists, collection, etc. Where should they start? For better managing anti abuse automatically and this was gonna be my you know, I've got a small business what what do I do first? Because everything you guys talked about coming at it from a marketers perspective or a senior leaders perspective sounded very complicated.

Matthew Stith 54:03
Well, obviously you do everything.

Skip Fidura 54:05
Okay. That's useful thanks.

Tobias Knecht 54:11
I think i think it's it's Yeah, I think that's exactly the complication. You have to be aware of so many different things. At the end of the day, let's be honest everybody leaks no matter how good your security is, no matter how good your abuse is, no matter how good your sales is educated no matter how great everything runs, everybody leaks, it's happening, you know, you can't avoid it. I think the point the real point is what are the learnings from those leaks? What are the learnings from those things that are really that really have gone wrong? And a little bit you know, common sense. I think a good portion of gut feeling when you onboard customers, you know, ask the right question, figure out are they answering you know, like this or are they you know, are already answering really, really fast or are they kind of trying to talk around if you Ask them as an example of you guys who stumbled upon it, you know, if they're then starting to talk around, yeah, you know, but maybe here and we can remember there was one campaign maybe you know, there's alarm science that you can do from a really a sales at a sales perspective. And then as a second step, I would usually what we usually tell accompanies this, if you have kind of a pool of IP addresses, or you have a set of IP addresses that you can use, put those customers in a separate set of IP addresses at the very beginning, before you were going to put them onto your, you know, onto your prime IP addresses and send from them. Because if they're really, really bad, then make sure that, you know, make sure that you're not destroying your reputation. And on top of that, what Matt said at the very beginning, if you really figure out that those guys are bad, then kick them out, you know, don't keep them and don't try to educate them, or, you know, depending on how bad they are. But if they're really, really bad, and they're really, really hurting you, then kick them out, because that's also something that other people will learn that, hey, this company has kicked out another guy that we know that has not behaved, we're not even trying it, they're you know, so make sure that you as a whole company have the right posture on the right reputation, not only from the IP addresses, but also from I would call it, you know, the bad aspects of your process, how to make sure that you're not gonna not gonna get in trouble. So, you know, put that out there, and make sure that, that you have that reputation and keep that reputation as well.

Matthew Stith 56:31
Yeah, I know that we're just over. But, you know, one one thing that I just wanted to share there was, you know, it's uh, it is definitely important to to educate the the sales team in that way. Or just, you know, anybody bring you on. One thing that I always said to people is if somebody comes on the first thing that say, when they talk about email, of course, this is in the US, oh, we're can spam compliant. Your spam. I'm sorry, if I said that out loud. But you know, it was it happens so many times where somebody would just came on, oh, I can spam compliant. And lo and behold, 24 hours later, we will be terminating them for an AEP violation. But think about those those types of things. Think about some questions that your salespeople can ask if you're doing that, that manual type of process. So think about think around those things. And you know, there's going to be there's going to be Additions on to that every time. And there's always going to be things that you're going to take away. But think about things in terms of what your acceptable use policy looks like, make questions around those that make it not saying exactly what the AP is. But if the answer in a certain way, it means that they're unlikely to be a good client. And you'll also need to convince your sales people that if somebody comes on and they say something that is not the answer that you want for one of these questions, they are not a fit for the company, it is okay to say no to perspectives, especially if they are going to do damage to your network. So it's something to think about. But you know, there's and also look at your low hanging fruit First, if you're overwhelmed by things, just knock out the things on the bottom, and then you can keep on moving up the stream as you need to. And with that, I'll go ahead and go back to skip so we can wrap this all

Skip Fidura 58:18
up. Thanks, Matt. Some great points there. On the on the sales person one commission callback is a beautiful tool to to get control that and then I think the the other point I want to pick up on from what you said is just because somebody is compliant with whatever compliance they're trying to live up to. Come on, folks, we should be better than that. You know, we shouldn't be just compliant. We should be you know, that's that's the minimum, you know, bar, right? We want to be in the VIP, we want to pay the extra bit to get in the club. Look at me, like I ever get into a VIP. Anyway, gentlemen, thank you very, very much, Matt Tobias, a great presentation. There were a couple of more questions that we didn't get to. Folks, if you pop over to the expo hall. Tobias has a stand there is his company as a stand there. And I'm sure he'll be in and out of that you can ask questions get or find out more about about what they do. Right. So we've got about 10 minutes now. So time for you to go again, stretch your legs, maybe grab a fresh drink, and then come back at two or we're gonna have to niche Sorry, can each teenager from netcore, our headline sponsor, our title, sponsor, whatever the big guys the big sponsor, and he is gonna be talking about turning your email programme into a growth machine. So we're taking a bit of a change in direction and his talk looks at how we rethink how your email programme can become the growth engine that you always wanted. So that's gonna be really exciting. Please join us back here in about 10 minutes at two o'clock until then enjoy. Enjoy your time off

You May Also Be Interested In

Our Business Membership Programs are available for 2024