Talking Email Podcast: Solving extreme email deliverability mysteries

Anna Ward, Postmark’s Head of Deliverability, discusses her path to becoming an email deliverability expert and explores a few of the most bizarre and extreme email deliverability edge-cases that she’s encountered throughout her career.

We cover a wide range of topics from list bombing to clandestine spamming. By exploring the factors that contributed to these catastrophic deliverability events we hope that you’ll come away with some ideas on how to protect and improve email deliverability for your business or side project.

Listen or read full transcript here:

That information combined with what other ESPs were seeing, it was pretty clear that there was a recent uptick or attack against, in this case, specific government officials, like dot gov addresses, and some security professionals too. The attack involved some robots, scripts or maybe some individuals and organizations, they were taking the addresses of these government officials and these security pros and putting them into subscription forms all over the internet, like every form they could find essentially.

Think tens of thousands, hundreds of thousands, who knows how many forms they hit with these addresses really, but that results in, when you fill out a form you expect to get email from that form. Who was sending those emails except for all of the ESPs? Unfortunately, MailChimp and other ESPs became an accomplice in this attack against these important people, effectively rendering their inboxes completely useless, just bombarded with messages from every sender ever.

Postmark’s customer really was just sending account confirmation messages. That was all they were sending. They really were confirmations when someone real had signed up to their account or signed up to their product.

That was totally, 100% legitimate, so to speak, but Postmark’s customer, which shall remain nameless, they had hired an outside firm to advertise their product. That person who was advertising for them used spam to do it. They essentially sent a bunch of spam with ads for this customer’s site, which is not okay, obviously. Spamhaus caught on to this pattern, that these spam messages with this advertisement were routing people to our customer’s site who was getting sign ups because of the spam message and now was sending out account confirmations. Spamhaus wanted that process to stop and the best way they knew how was to block all of this person’s messages, even those legitimate account creation ones coming from Postmark.

Obviously Gmail can’t share their secret algorithms or what they’re looking for or issues that they’re having that they’re trying to block, so the answers that I was getting back were vague and cryptic feeling. I just retained being polite and everything and waited for more information. Later that month, Gmail made a blog post announcement on their Google Cloud blog and it said from the product manager of Gmail security, it said that they had now started using a product called TensorFlow, which was like a machine learning framework that they had built…

I talked to our Gmail contact a little bit and I said, “Oh, I just saw this blog post. I’m thinking maybe that might be related to the issues that we’ve been seeing.” In general, after a while they had to continue working on it and it resolved itself. That’s a kind of happy ending to this, is that we had to wait it out and wait for Gmail to get their new machine learning technology to catch up with all of the false positives that we were able to contribute to to improve this technology and make it work better for their users.