Suppression list

Last updated

A suppression list is a list of suppressed e-mail addresses used by e-mail senders to comply with the CAN-SPAM Act of 2003 (United States of America). [1] CAN-SPAM requires that senders of commercial emails provide a functioning opt-out mechanism by which email recipients can unsubscribe their email address from future email messages. [1] The unsubscribed email addresses are placed into a "suppression list" which is used to "suppress" future email messages to that email address.

Contents

Abuse

A suppression list contains valid email addresses. Suppression list abuse occurs when a third party takes a suppression list and emails messages to the email addresses in the list. The original sender of the email messages who provided the opt-out mechanism may be liable for suppression list abuse.

Additionally: Suppression files are to be used when you are emailing a particular campaign. Email addresses in suppression lists are NOT to be included while emailing; those people have chosen not to receive emails for that product. Alternately, in terms of email marketing, Suppression lists contain email ID's that have already chosen to OPT-OUT from getting email updates of that particular product.

Protection and tracking

A variety of technological means are used to protect suppression lists and track suppression list abuse. These include neutral third party scrubbing of email lists, distribution of MD5 hash suppression lists and distribution of "seeded" email lists.

The best practice in distributing these lists is to avoid sending the email addresses themselves as plaintext, but instead send a list with one "hash" per line, each hash generated from an email address using a one-way cryptographic hash function.

Internal mailing lists can be scrubbed by using the same hash function to generate one "hash" for each email address on internal mailing lists, and if the internally generated hash matches any of the hashes on the suppression list, then the corresponding email address on the internal mailing list *should* be removed.

Because the hash is one-way, it's not possible for a person to recover the original email address if that person only has the code, making it impossible for that email address to accidentally or deliberately be *added* (rather than removed) from internal mailing lists. [2] [3]

Related Research Articles

Email Method of exchanging digital messages between people over a network

Electronic mail is a method of exchanging messages ("mail") between people using electronic devices. Email entered limited use in the 1960s, but users could only send to users of the same computer, and some early email systems required the author and the recipient to both be online simultaneously, similar to instant messaging. Ray Tomlinson is credited as the inventor of email; in 1971, he developed the first system able to send mail between users on different hosts across the ARPANET, using the @ sign to link the user name with a destination server. By the mid-1970s, this was the form recognized as email.

Various anti-spam techniques are used to prevent email spam.

CAN-SPAM Act of 2003 American law to regulate bulk e-mail

The Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act of 2003, signed into law by President George W. Bush on December 16, 2003, established the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions.

Email spam Unsolicited electronic advertising by e-mail

Email spam, also referred to as junk email, is unsolicited messages sent in bulk by email (spamming).

Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails, a technique often used in phishing and email spam.

Hashcash is a proof-of-work system used to limit email spam and denial-of-service attacks, and more recently has become known for its use in bitcoin as part of the mining algorithm. Hashcash was proposed in 1997 by Adam Back and described more formally in Back's 2002 paper "Hashcash - A Denial of Service Counter-Measure".

Email marketing is the act of sending a commercial message, typically to a group of people, using email. In its broadest sense, every email sent to a potential or current customer could be considered email marketing. It involves using email to send advertisements, request business, or solicit sales or donations. Email marketing strategies commonly seek to achieve one or more of three primary objectives, to build loyalty, trust, or brand awareness. The term usually refers to sending email messages with the purpose of enhancing a merchant's relationship with current or previous customers, encouraging customer loyalty and repeat business, acquiring new customers or convincing current customers to purchase something immediately, and sharing third-party ads.

Message submission agent

A message submission agent (MSA), or mail submission agent, is a computer program or software agent that receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent (MTA) for delivery of the mail. It uses ESMTP, a variant of the Simple Mail Transfer Protocol (SMTP), as specified in RFC 6409.

For a RFC 5321mail transfer agent (MTA), the Sender Rewriting Scheme (SRS) is a scheme for rewriting the envelope sender address of an email message, in view of remailing it. In this context, remailing is a kind of email forwarding. SRS was devised in order to forward email without breaking the Sender Policy Framework (SPF), in 2003.

Opt-in email is a term used when someone is not initially added to an emailing list and is instead given the option to join the emailing list. Typically, this is some sort of mailing list, newsletter, or advertising. Opt-out emails do not ask for permission to send emails, these emails are typically criticized as unsolicited bulk emails, better known as spam.

In computing, Bounce Address Tag Validation (BATV) is a method, defined in an Internet Draft, for determining whether the bounce address specified in an E-mail message is valid. It is designed to reject backscatter, that is, bounce messages to forged return addresses.

A spamtrap is a honeypot used to collect spam.

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam.

DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, email scams and other cyber threat activities.

An email alias is simply a forwarding email address. The term alias expansion is sometimes used to indicate a specific mode of email forwarding, thereby implying a more generic meaning of the term email alias as an address that is forwarded in a simplistic fashion.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

Feedback loop (email)

A feedback loop (FBL), sometimes called a complaint feedback loop, is an inter-organizational form of feedback by which a mailbox provider (MP) forwards the complaints originating from their users to the sender's organizations. MPs can receive users' complaints by placing report spam buttons on their webmail pages, or in their email client, or via help desks. The message sender's organization, often an email service provider, has to come to an agreement with each MP from which they want to collect users' complaints.

Spam reporting, more properly called fake reporting, is the activity of pinning abusive messages and report them to some kind of authority so that they can be dealt with. Reported messages can be email messages, blog comments, or any kind of spam.

People tend to be much less bothered by spam slipping through filters into their mail box, than having desired e-mail ("ham") blocked. Trying to balance false negatives vs false positives is critical for a successful anti-spam system. As servers are not able to block all spam there are some tools for individual users to help control over this balance.

A cold email is an unsolicited e-mail that is sent to a receiver without prior contact. It could also be defined as the email equivalent of cold calling. Cold emailing is a subset of email marketing and differs from transactional and warm emailing.

References

  1. 1 2 "What is a Suppression List?". SendGrid. 2019-12-06. Retrieved 2021-03-20.
  2. Cari Birkner. "ESPC Sets Deadline to Require MD5 Hash Encryption". 2009.
  3. Bellezza, Antonio. "Gravatars: why publishing your email's hash is not a good idea". www.developer.it.