Don’t Be Mistaken for a Spammer: An Internet and Messaging Abuse Primer Len Shneyder April 17, 2017 Best Practices // SUMMARIES ?> Sun Tzu, the brilliant 6th century general and strategist, wrote, “Know your enemy and know yourself and you will always be victorious.” In the spirit of his sage words, we created a handbook to help legitimate marketers understand the Internet and messaging abuse landscape. Email spammers send their poison cargo in varied methods from the slow loris approach to that of a snowshoe attack. Ironically, variations of both of these attacks are common practices by legitimate marketers–but the devil is always in the details. We dive into those details in this guide. Understanding the various forms of abuse and how they’re perpetrated and perceived by an ISP help legitimate senders in differentiating their messaging streams from that of spammers. Fighting an uphill battle Businesses on the Internet face an uphill battle—the vast majority of the email traffic received by mailbox providers and ISPs is abhorrently bad. Virus-laden emails, phishing attacks, and other abusive communications represent over 90% of the email traffic. The metric was derived by M3AAWG (The Messaging, Malware, Mobile Anti-Abuse Working Group) who surveyed their member ISPs and saw that over several years, the aggregate volume of spam remained nearly constant. Preventing mimicking suspicious behavior In our handbook, we look at a number of documented attack vectors and how they resemble, at times, the approach that big brands or high volume senders may take. Tactics like sending too slowly, or from too many IPs, can look like malicious sending patterns. Understanding the fine line between what is legitimate and what will compromise your sending reputation is a fine balance that requires industry standard email authentication technologies and a marketing strategy that seeks to comply with published best practices. The sending community has their work cut out for them. Not only is the inbox a challenging market with short attention spans and limited dollars, the inbox is constantly under fire. In the summer of 2016 a new kind of attack vector emerged that has changed how legitimate senders construct and protect their sign up forms. ESPs sending on behalf of big and small brands alike can be weaponized under the right circumstances and turned into denial of service engines. We urge all email marketers to take stock of how spammers operate—spam is not a shrinking violet, or a new normal, it’s a constant battle that we all have to pitch in and fight. Check out our guide to learn more about phishing, doxxing, botnets, and more. By learning about their behaviors, you can ensure you’re not mimicking them.