Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
1
© 2007 Microsoft Corporation.
Insights For Marketers
April 17, Boston Sheraton
© 2007 Microsoft Corporation.
Welcome And Goals
Craig SpiezleDirector, Safety Technologies and StrategyMicrosoft Corporation
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
2
© 2007 Microsoft Corporation.
Agenda
Introduction and Changing Rules of Deliverability
Craig Spiezle, Director of Safety Technologies and Strategy
Introduction to Windows Live Hotmail
Steve Bassler, Product Planner, Windows Live Hotmail
Optimizing e-mail deliverability into Windows Live Hotmail: Part I
Brian Holdsworth, Senior Product Planner, Safety Technologies
Break
Optimizing e-mail deliverability into Windows Live Hotmail: Part II
Kelly Sieben, Windows Live Escalation and Policy Manager
Evaluations, Drawings and Networking Access
© 2007 Microsoft Corporation.
General Housekeeping
Please turn off cell phones
Complete Evaluations forms – located in folder – place name on form to stand chance to win Zune!
Athletic bags for all attendees
Questions – 3x5 cards – will be answered after break
AOTA Summit - Single day registrations are available!
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
3
© 2007 Microsoft Corporation.
Changing Rules Of DeliverabilityVectors, Volumes & Velocity
Receiving networks and ISPs are under attack
Message content is no longer king
Impact to infrastructure
Impact to user trust and confidence – our #1 priority
Chaf
BotnetsCompromised
PC’s
Phishing Brand Fraud
Image spam
IP Reputation
Domain Authentication
User Feedback
ISP Policies Graymail
Unsubscribe
Mailing Lists
Can SPAM
© 2007 Microsoft Corporation.
Trends
Growing level of sophisticationAnti-virus to remove “competing” malware
Pump and dump schemes
Increased precision, profiling, testing and targetingThey are become great direct marketers!
The weakest link is the end user, falling prey to social engineering
Consumer and business data at risk
Impacting interactive marketing ROI
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
4
© 2007 Microsoft Corporation.
Lowlights
Spam – a plague of biblical proportionsVolumes from bots increasing
Image spam defeating traditional filters
Phishing – increased precision
Redefined from unsolicited email marketing to malicious and deceptive email and web sites
Thriving black market for dataSelf-Policing – denial of service attacks against rivals
Criminal underworld – competition driving down pricing
Consolidation – increased intensively and severity
© 2007 Microsoft Corporation.
Highlights
Sender ID adoption has skyrocketed to 43% of legitimate email
Supported by over 8 million domains
Vibrant growth of the internet economyOnline Holiday sales up 21%
Online banking up 27%
Business continue to realize productivity increases from the internet
Phishing exploits seem to have leveled off
Internet fraud to FBI down 10.4%
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
5
© 2007 Microsoft Corporation.
Introduction To Windows Live HotmailSteve BasslerProduct PlannerMicrosoft Corporation
© 2007 Microsoft Corporation.
Overview Of Microsoft’s Email Ecosystem
Corporate Servers and Services
Enterprise-class availability and protection (with Forefront)
Exchange Server 2003 and Exchange Server 2007
Exchange Hosted Services
Email Clients
Providing access from anywhere
Microsoft Office Outlook, Windows Mail and Entourage
Outlook experience from desktop to web to mobile devices
Consumer and Small Business
Windows Live Hotmail is the next generation of MSN Hotmail
Office Live offering solutions to small business
World-class protection and ease-of-use features
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
6
© 2007 Microsoft Corporation.
Corporate Clients Consumer Clients
Corporate And Consumer Email Clients
© 2007 Microsoft Corporation.
Online Persona
Family/Intimates
Friends
Classmates
Affinity Groups
Casual Games
Action Games
Fantasy Games
Multiplayer Games
Virtual Worlds
Word Processing
Spreadsheets
Presentations
Documents
News & Research
Instant Messaging
Internet Calling
Blogs
Discussion Forums
Photos & Video
Music & Movies
Shopping
Personal Interests
News & Research
Work Communicate Connect Live Play
Services Transformation
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
7
© 2007 Microsoft Corporation.
Hotmail History
© 2007 Microsoft Corporation.
Windows Live Hotmail
Powerful free e-mail, with security by Microsoft
Protected Productive Unified
Windows Live Hotmail now gives
you the control you need to keep
your e-mail private, safe, and
secure
Windows Live Hotmail is Familiar,
Fast and Powerful helping you get
more done anywhere on the web
Windows Live Hotmail brings the
power of desktop software to
your personal webmail
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
8
© 2007 Microsoft Corporation.
Windows Live Hotmail – Ad UXDisplay E-Mail
© 2007 Microsoft Corporation.
Optimizing E-Mail Deliverability Into Windows Live Hotmail: Part I
Brian HoldsworthSr. Product PlannerMicrosoft Corporation
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
9
© 2007 Microsoft Corporation.
Spam Trends And Tactics
Main defense is content filtering and Block lists2005 Authentication without
Reputation2006Authentication +reputation greatly
improves catch rate2007
Spam Tactics
And Volume
Spam In
The Inbox
Volume manageable
Increases slowly over next 2 years
Users become aware of identity theft
Phishing and false positives biggest complaint
Senders with mixed or no reputation begin having delivery problems
Users become aware of Image spam and botnets
Amidst new threats and volumes, spam in the inbox continues to decrease
To combat reputation systems, spammers increase distributed attacks
2-3X increase of spam past 12 monthsWorking around Content Filters
Spoofing and identity theft (phishing) grows rapidly
Shifting to illegal, illicit and high margin products
Large increases of spam
Wide range of products
Malicious payloads
First There Was Content Filtering, then Authentication
© 2007 Microsoft Corporation.
Windows Live Hotmail TrendsDistributed or Short Lived Attacks
Spam volume up 40% since June 2006, 80% of increase from Botnet’s
Bots send a lot of spam over a very short time period
Botnet attacks involve a group of computers launching distributed attacks at the same time, not confined to a single IP range
A single attack can be from 100k machines in over 100 different countries
Examples of short lived spam attacks
Total EmailVolume
% Spam Length
(min)
1 2,800,000 98.5% 15
2 2,990,000 99.7% 22
3 4,800,000 99.0% 45
4 5,280,000 98.2% 47
5 1,950,000 98.5% 18
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
10
© 2007 Microsoft Corporation.
Windows Live Hotmail TrendsImage-based Spam
33% of spam that Hotmail deletes has images
74% of images are one single image
17% at Exchange Hosted Filtering
19
Examples of Image Spam
© 2007 Microsoft Corporation.
Windows Live Hotmail Trends Spam Business Has Changed Over Time
Example of selling trends over time
Percent of email reported as spam by Windows Live Hotmail Users
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
11
© 2007 Microsoft Corporation.
Microsoft’s Anti-Spam StrategyProtect users from unwanted and fraudulent communications
21
Education and Prescriptive Guidance Industry and Business Collaboration
Industry Business and government partnerships
Legislation and enforcement376 enforcement actions since inception of Internet Safety Enforcement team
Best practices, standards and policies
Online and offline resources
Whitepapers and case studies
Microsoft.com/security
Microsoft.com/safety
Postmaster.live.com
Sender Reputation
Servers, services and clients sharing reputation data
IP + URL + domain + user reputation
Attack detection systems
Authentication + Identity
Sender ID Framework
Outlook Email Postmark
Content Filtering
Low cost machine learning algorithm (user driven)
User Personalization
Learn from user behavior and direct feedback
Graymail, email that is wanted by some, not others
Innovative Technologies Investments Protecting 600M today - 1B by 2009
Product Logos go here!
CorporateServices
Enterprise Servers
Desk topClients
Consumer Services
Windows Live Hotmail Anti-Spam Technology
Delete
Attack Detection and
Connection Filtering
SmartScreen™Spam / Phishing / Signatures
Symantec Brightmail
Computational Proof (Outlook Postmark) Check
Sender Score Certified (Safelist provided by Return Path)
Sender ID Check
Reject Connections
User Based Filters and Lists
Updates
IP Block Lists
Inbox
Junk
SmartScreen ™ Patented Machine Learning System
User Feedback
Junk Mail Reports
Rapid Response Analysis and Metrics
Trap Accounts
Average of 4.5+ Billion emails per day90% classified as spam
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
12
© 2007 Microsoft Corporation.
Windows Live Hotmail Anti-Spam Technology
What we’ve done to protect users and reduce spam in the inbox
New simplified UI to add users to safelist, report junk, or warn about dangerous emails
IP Throttling and block lists (reduce overall volume)
Signatures, most content based spam
What we’ve done to improve deliverability for Legitimate Senders
Volume based reputation data, IP safelist improvements
Combine Sender ID and previous reputation
Computation Proofs (Outlook Postmark)
Unsubscribe option reduces user complaints
e-mail user
Reputation andAuthentication
Attack Detection, Rules and Polices
Content Filter and Personalization
© 2007 Microsoft Corporation.
Remember, The Rules For Deliverability Have Changed
Past mailing behavior or patterns
Reputation and authentication
User feedback and unsubscribe opt-out
Clean mailing lists - know who wants your mail and who doesn't
Message header and content
Chaf
BotnetsCompromised
PC’s
Phishing Brand Fraud
Image spam
IP Reputation
Domain Authentication
User Feedback
ISP Policies Graymail
Unsubscribe
Mailing Lists
Can SPAM
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
13
© 2007 Microsoft Corporation.
Why Reputation Matters?
Impact to legitimate e-mail senders
Content filtering alone causes unpredictable delivery behavior
Not all content filters are created equal, without reputation content rules
Reputation drives a large portion of e-mail delivery decisions
End user experience
Content Filters can be fooled, takes time to learn
Authentication and Content Filtering feed into reputation systems
User Complaints
Spam Traps
Unknown Users
Bad Mailing Lists
Sending Infrastructure
Patterns and Consistency
© 2007 Microsoft Corporation.
Why User Reputation Matters – Junk Mail ReportsEmail Classified as “Junk” by Windows Live Hotmail Users
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
14
© 2007 Microsoft Corporation.
Why User Reputation MattersWindows Live Hotmail Feedback Loop
Feedback Loop, what is it?
Non-biased, opt-in user feedback
Data used with JMR and other sources, input into SmartScreen technology
How does it work?
Email randomly selected and sent to user
Previously deleted or delivered email
User classifies as “junk” or “not junk” e-mail
How are users selected?
Random
Multiple Languages
Why is FBL important?
Users active for 6 months
Additional input into both reputation systems and SmartScreen filtering
Good trending indication of both legitimate email or spam
10M participants
Users in 233 countries
12 langs, 60% non-U.S
© 2007 Microsoft Corporation.
Winning Back Inactive Subscribers
Ebay Transaction
Amazon Order Confirmation
HTML + Newsletter Promotion
Why User Reputation Matters – FBL ReportsEmail Classified as “Not-Junk” by Feedback Loop Users
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
15
© 2007 Microsoft Corporation.
Why User Reputation MattersJunk Email Options for Windows Live Hotmail Users
Known Sender
User added sender to personal “safelist” or “contacts:
Images and links enabled
Allows unsubscribe option
Unknown Sender
Sender not in user safelist or contacts
User chooses
“junk”, “delete”
“mark as safe” or “unsafe”
Potentially Dangerous
Could be phishing or sender ID failure (spoofed)
User options same as unknown sender
© 2007 Microsoft Corporation.
Why User Reputation Matters Unsubscribe from Unwanted Mailing Lists
Helps users and legitimate email marketers
Best practice developed with input from users and marketers
Works for Windows Live Hotmail, not MSN Hotmail
How does it work?
Sender adds List Unsubscribe header (as specified in RFC 2369)
Users adds sender to personal “safellist”, “contact list”, or be member of Sender Score Certified global safelist
Allows user to tell senders “please remove me” from unwanted mailing lists
Does this apply to all mail sent?
Applies to email previously identified by users as wanted or legitimate
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
16
© 2007 Microsoft Corporation.
Why Authentication Matters - Sender ID FrameworkAuthentication + Reputation = Identity
Most anti-spam solutions use reputation and authentication to aid spam filters
Authentication provides a “driver's license” for the sending domaina basis for reputation - SPF Text Record (DNS Zone file)
Provides a way to tell if the “from line” in the email was spoofed
Prevalent in phishing - PRA/Mail From Lookup
Significantly improves deliverability of legitimate email
Along with past sender reputation and user feedback
31
Sender Reputation User Feedback
© 2007 Microsoft Corporation.
Personal Reputation - IdentityOutlook 2007 Email Postmark
Problem
Individual users mail may appear like spam to filters but are legitimate
Improving deliverability & legitimacy, reducing the risk of being junked
Solution – Outlook Email Postmark
Microsoft SmartScreen analyzes the mail for content that might trigger heuristics on receiving networks
Outlook attaches a Postmark or computational puzzle on the mail before being sent, (takes 8-10 seconds of computing time), transparent to the user.
Receiving networks validate the token and apply a score to the Spam Confidence Level (SCL)
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
17
© 2007 Microsoft Corporation.
Sender Best PracticesIncrease your chances for successful deliverability
Format a reply header to ensure subscribers see your "friendly" email address
Use a consistent "from address" and your company's name in the subject line
Add text to the top of emails asking subscribers to add you to their address book or specifically "mark as safe"
By doing so future emails will have images and links will be enabled by default
Keep mailing lists clean!
Purge old, bad, or inactive addresses from your mailing lists
Acquire names responsibly and send mail only to users that "opt-in” to receiving your email
Add text reminding subscribers where they opted-in to receive your email
Add "list unsubscribe" header offering subscribers a clean way to opt-out
Honor unsubscribe requests! Opting out should be just as simple as opting-in
Remove names responsibly without follow-up emails or extra steps.
Choose content wisely
Don’t look like a spammer
Verify URLs are look normal and point to valid domains
© 2007 Microsoft Corporation.
Sender Best Practices Increase your chances for successful deliverability
Use a reputable email service provider who has relationships with ISP's such as AOL, Yahoo and Hotmail
Be consistent – Send mail from same IP’s
Use domain authentication – Sender ID
Helps protect from spoofing and ensure your MTA is authorized to send mail
Separate traffic by brand or type of mail
Customer acquisition, customer retention and transactional should be separated
Less is more!
Send less mail more often vs. lots of mail for short periods of time
Setup, monitor and proactively manage your user feedback data
Feedback loops contain valuable spam complaint information
Monitor and manage both hard and soft bounces.
Bounce notices provide invaluable information regarding the ISP’s treatment of your mail
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
18
© 2007 Microsoft Corporation.
Sources Of Feedback
The short list
Hotmail Postmaster Services
Microsoft JMR Program
Microsoft SNDS
Blacklist reports
Spamcop, Spamhaus
AOL and other ISP’s
AOL scomp
AOL report card
Deliverability Consultants
Habeas
Return Path
Senderbase
For ISPs
Monitor effectiveness of spam filtering
Feed internal reputation systems
Monitor outbound spam
For Senders
Monitor brand and IP reputation
Stay below complaint thresholds for good deliverability
Adjust frequency and relevance of messaging
Identify problem
For Deliverability Consultants
Feed independent reputation aggregators
Help senders fix deliverability problems
© 2007 Microsoft Corporation.
Postmaster Serviceshttp://www.microsoft.com/postmaster or http://postmaster.live.com
Services and self-help documentation to help improve email deliverability and reduce outbound spam
Junk Email Reporting Program (JMR) - Info [email protected]
Instant feedback on user complaints for list maintenance & daily reporting
Tailored to large senders remove recipients from their lists.
Senders receive any mail that is reported as junk mail.
Smart Network Data Services
At a glance deliverability reports
Measures of outbound traffic and complaints from your IP space
Isolate compromised hosts/servers
Sender ID information
Support Information including
FAQ’s and escalation options
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
19
© 2007 Microsoft Corporation.
Smart Network Data ServicesWhat is Smart Network Data Services?
Provides data that empowers service providers to track spam originating from within their IP space
Provides data to empower senders to track reputation
Expected Use
Detect unexpected or suspicious mail activity – spammers, botnets, malware
Improve reputation of your sending domains
What will you get?
Mail traffic data
Data representing factual information about email sent from your IP space to Hotmail
Activity over SMTP, verb and message recipient counts, and sample commands
Junk mail data
Filter results, complaint reports, spam trap hits, virus reports, open proxy status
Who’s using it?10k+ unique users with over 150M authorized IPs
Represents 48% of mail sent to Hotmail
Access
http://postmaster.live.com/snds
© 2007 Microsoft Corporation.
Smart Network Data ServicesExample
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
20
© 2007 Microsoft Corporation.
Future: Anti-Spam RoadmapContinued Investments In The Following Areas:
Content Filtering
Continued orthogonal protection
Improve with more reputation sources
Centralized and distributed reputation
Servers, services and clients sharing central reputation data
Broad data sources and detection: IP + URL + domain + user reputation
Low latency
Authentication
Sender ID Framework
Continues to supplement reputation and content filtering
Personalization
Learn from user behavior
Direct and indirect feedback
Key to opt-in email (graymail) wanted by some and spam to others
39
Product Logos go here!
CorporateServices
Enterprise Servers
Desk topClients
Consumer Services
Shared Central
Reputation System
© 2007 Microsoft Corporation.
SendersAuthentication ALL outbound email
Manage your reputation – on your own or with help from others
Follow sender best practices – good clean mailing lists, unsubscribe, quality content
IT Infrastructure and ISP’sAuthentication both inbound and outbound email
Aggregate IP reputation to authenticated domain
Use authentication + reputation in your filtering decisions
Use SNDS, find out who is sending email from your IP space
Things to Remember
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
21
© 2007 Microsoft Corporation.
Optimizing E-Mail Deliverability Into Windows Live Hotmail: Part II
Kelly Sieben Escalation Policy ManagerMicrosoft Corporation
© 2007 Microsoft Corporation.
Complaint Prevention Privacy And Reputation Are Tied At The HIP
Notice – Manage registration process to
meet future expectations
Give subscribers a positive choice
Give them a good idea of what they will receive
Give instructions on address book inclusion
Consent – Use the highest permission
standard you can support
Best: Double opt-in; Low bar: Confirmed opt-in
Advantages: Fewer unsubscribes, Fewer complaints, Better Reputation, Better Deliverability
Choice – Give them options Make opt-in choices granular
Newsletters, Brands, Frequency, Partner Offers
Show them examples
Frequency and Relevancy – Message
content and program relevancy impacts
behavior
Send a welcome message
Ensure appropriate mail frequency /avoid subscriber fatigue
Stay consistent
Use customization and personalization
Target messaging
Opt-Out – always respect unsub requests Make it easy to unsubscribe
Make sure it works
Global and granular choices
Ensure CAN-SPAM and EU/AU compliance
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
22
© 2007 Microsoft Corporation.
Complaint Prevention Notice: Show New Subscribers What To Expect
Manage your customers Expectation versus Experience
What will they get?
How often will they get it?
Who will it come from?
What will it look like? Provide an example.
© 2007 Microsoft Corporation.
Complaint Prevention Choices: Give Users Options
Messages (Newsletters, Featured Offers,
Promotional, etc..)
Brands
Addresses (Which one/ones)?
Formats
Timing
Prospects/Third Party Lists
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
23
© 2007 Microsoft Corporation.
Complaint Prevention Set Boundaries For Transactional Email
Up sell footer
Privacy Implications:Transactional Emails are “NOT” covered but…dual purpose e-mail MAY be covered under proposed FTC rules if:
Subject line focused on commercial/promotion messages
Content can be “reasonably interpreted” as being “primarily” advertising
Factors to watch:Placement of the commercial message at the
top of the message
Advertisement is clearly in higher proportion to other types of content (information or transactional information) Graphical weight (type size, font, colors, etc)
Recommendation:Consider use dedicated IP(s)
Target and Test
Monitor Complaints
© 2007 Microsoft Corporation.
Complaint Prevention Set Boundaries for Peer-To-Peer/Viral MarketingPrivacy Implications: CAN SPAM “may” apply depending on who the sender is
and is the service is being promoted.
“E-mail to a friend” - the web site operator is not the “sender” of the forwarded message.
“Tell-A-Friend…Help spread the word by forwarding this message to friends!” - the web site operator becomes the sender of the forwarded message, and assumes all the corresponding obligations.
Reputation Impacts:
User account abuse and phishing concerns
Negative PR
“The social networking site … is requesting their users' AOL, Gmail, Yahoo and Hotmail passwords, and then using them to access users' address books and send 'invitations' to join …. making them appear to come from the user. The password prompt screen includes the ISP's logo right next to the password prompt. Rather than hiding this little 'feature,' … “ / “…. does they same. They ask for your e-mail address and e-mail address password, then spam your contact list. I can't believe people will give them their password, but some actually do. Preposterous!”
“One new social networking site is a poster child for the abuse of social networking...when a user signs up…they're practically forced to put in their Webmail credentials. ….then logs into your Webmail account as you, accesses your address book and prompts you to e-mail your contacts using your Webmail address as the reply-to."
Sources: Slashdot “Deceptive Viral Practices? “ Monday March 26 and eWeek.com “Harvesting Teenagers: “ By Larry Seltzer April 10, 2007
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
24
© 2007 Microsoft Corporation.
Complaint Prevention Set Boundaries for Peer-To-Peer/Viral Marketing
Recommendations:
Get Permission
Provide users with communication choices
Provide Clear Notice
Don’t ask for users passwords
Use Windows Live Contacts ControlClient Side tool that enables users to share their Windows Live Contacts with your site in a safe and secure way.
http://dev.live.com/contactscontrol/v0.2/default.aspx
© 2007 Microsoft Corporation.
Windows Live Hotmail Optimizing the Inbox
Known Sender
User added sender to personal “safelist” or “contacts:
Images & links enabled
Allows unsubscribe option
Unknown Sender
Sender not in user safelist or contacts
User chooses
“junk”, “delete”
“mark as safe” or “unsafe”
Potentially Dangerous
Could be phishing or sender ID failure (spoofed)
User options same as unknown sender
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
25
© 2007 Microsoft Corporation.
Windows Live Hotmail Optimizing the Inbox
Ideal ScenarioPublishing Sender ID
Known Sender (Marked as Safe/In Contact List)
Images and Links enabled for all messages
Publishing UnsubscribeHelps reduce complaints
© 2007 Microsoft Corporation.
Outlook 2007Optimizing the InboxBest Practices:
Do not use background images
Do not use CSS (cascading style sheets)
Inline style attributes are your only option
Use only basic HTML tags (For instance, to underline text, use the <u> tag, for bold use the <b> tag.)
If you’re developing content in Dreamweaver, be sure to use the validation schema for Microsoft Word 2007
More Info:Outlook 2007’s HTML capabilities
http://msdn2.microsoft.com/en-us/library/aa338201.aspxOutlook 2007 Content Compatibility Tool
http://www.microsoft.com/downloads/details.aspx?familyid=0b764c08-0f86-431e-8bd5-ef0e9ce26a3a&displaylang=en
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
26
© 2007 Microsoft Corporation.
Microsoft Phishing Filter
51
Dynamic protection against fraudulent websites
Built-in Vista/IE7 and Windows Live Toolbar
3 “checks” to protect users from phishing
Compares web site with local list of known legitimate sites
Scans the site for characteristics common to phishing sites
Double checks site with online Microsoft service of reported phishing sites dynamically updated
Two Levels of Warning
and Protection in IE7
Security Status Bar
© 2007 Microsoft Corporation.
Microsoft Phishing Filter Prevention of “False Warnings” a Key Goal
Built-In Online Reporting for Individuals and Website owners Website owner submits a request
Microsoft will examine the request and have a human grader make a determination on the site
Aggressive turnaround time for each request
Website owner gets confirmation e-mail after request is examined
52
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
27
© 2007 Microsoft Corporation.
Outlook 2007Don't look like a Phisher
© 2007 Microsoft Corporation.
Windows Live HotmailDon't look like a Phisher
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
28
© 2007 Microsoft Corporation.
Phishing Do’s And Don’ts
Authenticate - SenderID
Domain - Use consistent naming conventions (it’s your Brand)
Avoid requests for personal information
Avoid live links in Billing Communications
Avoid alarmist messaging
Make it personal and professional
E-mail Content Web Content
Certify – SSL (Trusted Authority)
Protect - Prevent XXS Vulnerabilities
Domain - Use a fully-qualified domain name
Don’t use the @ symbol
Don't encode or tunnel your URLs
Phishing Filter FAQ:
https://phishingfilter.microsoft.com/faq.aspx
© 2007 Microsoft Corporation.
Deliverability - Top Support Drivers
Postmaster Tools
General Deliverability
Policy Based IP Blocks
Sender ID
Content Filtering
Brightmail
Other
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
29
© 2007 Microsoft Corporation.
Deliverability Troubleshooting “Whitepaper” Preview
Scenario 1: Your inbound e-mail to MSN Hotmail or Windows Live Mail users is not being delivered as expected.
Symptoms
1. Your e-mail appears to be getting blocked by MSN Hotmail or Windows Live Mail.
2. Your e-mail is being delivered to recipients’ Junk E-Mail Folders (JMF).
3. Your e-mail is bouncing or you can’t connect
Common Causes Recommended Actions
Server
Configuration
Properly configure anti-virus software on your firewall or your SMTP
Gateway
Configure your Domain Name Server (“DNS”) server correctly
Enable Reverse DNS Lookup
Be aware of MSN Hotmail and Windows Live Mail Volume Caps
Insure your outbound mail is Sender
MSN Hotmail and
Windows Live Mail
Complaint Rate
Sign-up for JMRP
Check the age of your user lists
Use Double Opt In when customers sign up to receive your e-mails
Make the Unsubscribe option easy to find and that you honor all requests
Monitor the frequency of your e-mail. Ask customers for feedback.
Are customers receiving what they originally signed up for?
Microsoft Block list If you believe your e-mail has been blocked by Microsoft check third party blacklists
Contact Support
© 2007 Microsoft Corporation.
Deliverability Issues?Windows Live Mail Support Options
Step 1 - Ensure Compliance - Make sure you are in compliance with Windows Live Policies and Technical Requirements
http://postmaster.live.com/Guidelines.aspx
Step 2 - Follow best practices and FAQ’s
http://postmaster.live.com/troubleshooting
http://www.microsoft.com/postmaster read FAQ’s and Improving Deliverability whitepaper*
Step 3 - Adopt SenderID and Keep Your Record Current
Microsoft.com/safety & Microsoft.com/SenderID
Step 4 – Join the Junk Mail Reporting Program
http://support.msn.com/default.aspx?productkey=edfsjmrpp&mkt=en-us
Step 5 – Leverage Smart Network Data Services (SNDS)
https://postmaster.live.com/snds/index.aspx
Step 6 – Contact Deliverability Support - If you’re doing all of the above.
http://support.msn.com/eform.aspx?productKey=edfsmsbl&mkt=en-us
Deliverability and Reputation Consulting Services:
Acxiom Media , Datran Media, Epsilon, Habeas, Return Path, TRUSTe, etc…
Members of www.espcoalition.org
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
30
© 2007 Microsoft Corporation.
Windows Live HotmailDeliverability Optimization Summary
Complaints Drive Reputation – prevent them!
Notice/Relevancy – Ensure you users know your mail and expect it
Optimize the UIUser Safelist – Get users to mark you mail as safe / add your address to their contact list
Publish Unsubscribe
Don’t look like a Phisher
Monitor via SNDS
Join the JMRP
Complaint Issues – Make sure you are doing all the above and do analysis
© 2007 Microsoft Corporation.
For more informaiton
Postmaster Services www.microsoft.com/postmaster
JMR & SNDS http://postmaster.live.com
Sender ID www.microsoft.com/senderid
AOTA www.aotalliance.org
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
31
© 2007 Microsoft Corporation.
How Sender ID Works
© 2007 Microsoft Corporation.
SPF ExamplesSPF Record Description
example.com TXT “v=spf1 -all” This domain never sends mail
Can also protect sub domains
example.com TXT “v=spf1 mx -all” Inbound email servers also send
outbound mail
example.com TXT “v=spf1
ip4:192.0.2.0/24 -all”
Mail originates from a specific IP
address range
example.com TXT “v=spf1 mx
include:myesp.com ~all”
Outbound email service provider is
included as an authorized sender
example.com TXT “spf2.0/pra
ip4:192.0.3.0/24 ?all”
Explicit SPF record for PRA check
• Refer to RFC4408 for complete details
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
32
© 2007 Microsoft Corporation.
SPF Record Syntax
SPF Mechanism Description
ip4 Explicitly specify a single IP v4 address or CIDR range
mx Refer to the MX records of the sending domain or any other domainRecommend including “mx” since most inbound servers also send DSNs
a Refer to the A records of the sending domain or any other
domain
include Refer to the SPF records of another domainFor outsourced email service providersFor referring to IP addresses shared by multiple divisionsFor splitting up large SPF records into smaller components
ptr Refer to PTR records (reverse DNS) of sending IP
Discouraged due to DNS overhead
all Default when all other mechanisms fail to match
© 2007 Microsoft Corporation.
Common SPF Problems
1. Wrong version string for spf2.0 records
Incorrect Correct
“v=spf2.0 ….” “spf2.0 …”
Incorrect Correct
“v=spf1 … mx:mail1.example.com …” “v=spf1 … a:mail1.example.com ….”
Incorrect Correct
“v=spf1 a mx ip4:10.1.2.3/24
mx:example.com …”
“v=spf1 a mx ip4:10.1.2.3/24 …”
2. Use of “mx” for a mail host
3. Redundant use of “mx” for same domain
4/27/2007
© 2007 Microsoft Corporation. All rights reserved. This presentation is for informational
purposes only. Microsoft makes no warranties, express or implied, in this summary.
33
© 2007 Microsoft Corporation.
Common SPF Problems
4. Including a non-existent SPF record
Incorrect Correct
“v=spf1 … include:nospf.com …” “v=spf1 … include:myesp.com …”
Incorrect Correct
“v=spf1 … redirect:contoso.com” “v=spf1 … redirect=contoso.com”
5. Incorrect redirect
Incorrect Correct
“v=spf1 … +all” “v=spf1 … -all” or “v=spf1 … ~all”
6. Use of “+all”