The Web For Business.com Blog

Internet marketing observations, perspectives, tips and tricks for your education and enlightenment.


Looking for Gold in the Junk Folder

Mark Kawabe - Monday, April 23, 2018

Junk email coming in.Technology's supposed to make our lives easier. I think by now, most people will have noticed that while tech is good, it's not flawless. A case in point: the junk mail folder.

As spam detection technology has improved over the years, most people have seen a noticeable decline in the amount of junk mail that hits their inbox. Spammers know this and they do their best to get around spam filters. It's a bit of an arms race, and it's not victimless. Myriad legitimate emails still get filtered every day because the technology in use varies from recipient to recipient. Between mail server filters and then one's own computer's email filters, there are myriad ways for messages to get sucked into the vortex of the junk email folder.

I bet most people don't check their junk message folders often. Certainly not daily. I currently have 322 messages in my junk mail folder. While most of them are definitely junk, there were 30+ messages that were legitimate, including one with an invoice attached. (Sorry Jennifer - payment is forthcoming!) Some messages were from a regional Chamber of Commerce and a software company I'm a customer of. Others were from community organizations and some administrative type emails auto-generated by WordPress websites I manage. All legitimate, yet all filtered by my local email software (Microsoft Outlook).

As a sender of email, you probably have a reasonable expectation that your email will make it to your intended recipient. After all, you're a legitimate business person with a perfectly valid reason to be contacting someone. Yet Gmail doesn't know that. Neither does Yahoo, Microsoft, or the thousands of other email providers out there. What they see is only on a technical level, and sometimes those systems flag legitimate messages. These are referred to as "false positives".

Mail server filtering can mean your message never even makes it to the desktop of your intended recipient. They'll never know they missed something from you, unless you get in touch with them in some other way to ask. It seems silly to have to do that, but if you don't hear back from someone regarding an email you sent, it's a reasonable thing to do. Don't assume they're just ignoring you. They might not even know you're trying to reach them.

Of course, it's possible for messages to be diverted to a person's junk folder as well, which means they'll probably not see it for days at best unless they're one of those rare people who checks regularly. Unfortunately, I think it will always be necessary to have a look in the junk mail folder on a daily basis to make sure our technology didn't flag something as a false positive. Here's a positive thought though. When you find a false positive, you can train your email software to not treat future mailings from that sender as junk. You can create a rule to filter the message into a specific folder, or if your email software has a junk mail setting, you can tell it to always trust messages from that sender.

When you do this, you're essentially creating a "whitelist" of trusted email addresses or domains that you want to receive email messages from. If junk messages make it to your inbox, you can also flag them as spam, creating a "blacklist" of email addresses and domains to filter out or delete. You can also talk to your IT department to do the same with the mail server filters so legitimate messages from customers don't get blocked. 

In short, I don't think technology is yet at the point where we can completely trust it to never filter a legitimate email message into the junk folder. As my supplier will note, her email and invoice to me hasn't yet been paid, so being blocked can be costly. There's also a potential cost to customer relationships when email transmissions aren't flowing smoothly. Most of the spam is spam, but there could be gold in your junk folder so it pays to check it regularly.

High Flying Spammers

Mark Kawabe - Tuesday, June 30, 2015

It's been nearly a year since the full implementation of CASL. Canadian companies have had a long time to get used to the new rules, and while they seem simple to follow, apparently they're not.

Porter Airlines is the latest company to face a hefty fine under CASL for violations of the Canadian Anti Spam Legislation. $150,000 is not a small amount of money. What were their transgressions?

  • Sending emails with no unsubscribe mechanism.
  • Sending emails with obscure unsubscribe mechanisms.
  • Not providing complete contact information in their emails.
  • Taking longer than 10 days to process unsubscribe requests.
  • Not being able to prove consent had been granted for each electronic address they sent email to.

Compliance with CASL is relatively easy, but also challenging. Entrepreneurs are especially vulnerable to falling afoul of CASL because they will not necessarily be able to prove consent was granted for every email address on their list. When you meet someone at a networking function and exchange business cards, if you want to add them to your CASL-compliant mailing list you are supposed to have some form of consent on record. Asking for consent is allowed, but technically, the response needs to be recorded. Ouch.

It is my opinion that larger companies will continue to be nailed for CASL violations while small businesses and entrepreneurs will likely continue to operate under the CASL radar for the forseeable future. That being said, CASL is the law of the land, so ensuring you've done what you can to be compliant is in your best interest.

Photo Credit: Porter Airlines.Dash-8.YUL.2009" by abdallahh - originally posted to Flickr as YUL - Montréal-P-E-Trudeau. Licensed under CC BY 2.0 via Wikimedia Commons.

Spam, Spam, Spam, Spam

Mark Kawabe - Friday, May 15, 2015

The Canadian Anti-Spam Law (CASL) was implemented on July 1, 2014. CASL is designed to reduce spam messages received by Canadians. It has been effective - in a surprising way.

Cloudmark is a San Franciso-based email security company. They released a Security Threat Report for the first quarter of 2015 and their numbers demonstrate that CASL's been effective. Canadian spam that was directed toward American recipients dropped by 37 percent post-CASL. Email to Canadians dropped by 29 percent overall. What was surprising though was that the change in the amount of spam email received by Canadians was not significant.

One explanation is that most spam that originates in Canada is sent to American recipients while most spam Canadians receive originates in the United States. While email Canadians receive has dropped by 29 percent, that seems to be due to a decline in legitimate email messages being sent. As an overall percentage, spam has increased for Canadians from 16.5 to 16.6 percent.

As expected, spammers from outside Canada are ignoring CASL. However, email senders who are within CASL's jurisdiction are paying attention. The first major fine against a Canadian company was against Compu-Finder, a Quebec company that received a $1.1 million penalty in March of 2015 for four violations of the act. The second fine was levied against the company that runs the Plenty Of Fish dating site. Their penalty was $48,000, largely surmised to be because they took immediate action to comply with CASL while Compu-Finder did not.

So for Canadians, we're still getting spammed under CASL. That's no surprise. At The Web For Business.com, we are constantly looking at ways to reduce the spam that reaches our servers. Our spam filtering services are updated daily with new filters but stuff still makes it though. Ensuring your own email software's spam filtering is turned on is still a good idea to reduce spam even further.

Hopefully the war on spam will eventually be won. In the meantime, please be vigilant. Here are a few tips on how to avoid getting "phished".

  • Avoid clicking on suspicious links in email messages.
  • It's generally safe to ignore email messages purportedly sent by your bank, PayPal or Apple.
  • Resist opening attachments you weren't expecting unless you know and trust the source - and even then, it's safer to ask.
  • Watch our video on how to avoid phishing scams

As always, if you have any questions on spam or suspicious emails, please contact me and I can help you spot the frauds that arrive in your inbox.

5 Ways to Identify a Phishing Attempt

Mark Kawabe - Thursday, October 02, 2014

Wondering whether that email's legitimate?Have you heard of phishing?

You've probably received an email purporting to be from your bank, or PayPal, or some other institution asking you to verify your personal information. How can you tell whether this is a legitimate email or not?

Here are a few simple tests.

1. The "Really?" Factor

Do you honestly believe your bank, or American Express, or PayPal or any other reputable institution use email as the sole method of contacting you about a security breach?

They don't, so right away, you can pretty much discount anything you receive of this nature. But if you're not sure, keep going. There's more!

2. The "Hover" Test

Often there will be links to a website for you to click on. Hover your mouse cursor over each link. Look for ones that do not go to the website of the institution you're dealing with. If the email is from PayPal, EVERY link should point to Paypal.com in some form or other.

Don't be fooled by an address that says https://paypal.com.securessl-server.ru

A proper URL to PayPal will have a / after the paypal.com part of the address. Most of the time, some links will be legitimate but there will always be at least one link (the one they want you to click on) that will take you somewhere you don't want to go.

3. Check Spelling and Grammar

I recently saw an email that had a subject line as follows:

"Re; Payp[al: Your account has been limited until we hear from you"

The rest of the message had spelling and grammar errors as well. Large companies like PayPal wouldn't send out an email with egregious spelling and grammatical errors. They just don't, so if you see even ONE error, assume it's a phishing attempt.

4. The Correlation Test

If you receive an email from a bank or credit card company talking about online fraud, check out that company's website. The fraud message you received by email should also be on their site. If it's not, the message on your screen is probably phony.

5. The Common Sense Test

If you received an email from a bank you don't even deal with, it's probably a phishing attempt. Banks you don't deal with don't randomly contact you asking you to verify your contact information. My bank hardly contacts me at all. Why would one I don't even deal with start sending me messages now? It doesn't make sense.

Phishing attempts are geared to play upon your fears and ignorance. By reading this, I hope you will be more able to easily spot phishing attempts. Don't click a link in an email unless you're sure it's a legitimate message from a company you currently deal with.

 

When Will the Spammers Stop?

Mark Kawabe - Wednesday, February 09, 2011

I know I shouldn't, but I hope for a day when reputable businesses don't spam prospective customers. Now that Bill C-28 is a law, there is a glimmer of light at the end of the shaft. It seems though that most businesses are still in the dark.

Today I'll pick on the Buffalo Sabres who on Feb. 8 sent me an "insider" email promoting their game against the Thrashers on Feb. 23. The email address they used was only ever used once for one purpose - to register a domain for a client. It's never been used otherwise, so how did it wind up on a mailing list for the Buffalo Sabres?

Simple: the Sabres organization probably bought a list with email addresses and other contact information "scraped" from online domain registry databases. Oh sure, they were probably told that everyone on the list had "opted in", but the reality is there are precious few lists like that and the list owners, if they're smart, wouldn't dream of corrupting their brand by sharing their carefully-built list.

So, what can you do about spam now that there's a law about it? Until enforcement comes into effect in the next 6~8 months, you can expect things will stay much the same. However, you CAN help educate other business owners about the new laws so they will reconsider their actions. And of course, don't buy anything that is promoted through spam. If there's no money to be made doing it, eventually people will stop using it. Then again, with 200 BILLION spam messages being sent per day (as of August 2010), someone's making money, somewhere.

Please don't let it be you.