Episode 14:
The Year of Deliverability With LB Blair

Scott Cohen: Hello, and welcome to that inbox army podcast. I’m your host, Scott Cohen. And with me today, the statler to my Waldorf is my cohost, Garin Hobbs. Garin, how are you doing today? Not too bad, baby.

Today, we come back to our very first topic and our first guest, our first repeat guest on the show for a review of what I’ve been calling the year of deliverability. And while deliverability has always been a crucial part of email marketing, this year has really come to the forefront. So in this year of deliverability, let’s bring back our 1st return guest, our go to expert on all things deliverability, now chief strategy officer at Email Industries, LB Blair. Welcome back, LB.

LB Blair: Thank you so much, Scott and Garin, and please don’t, heckle me off the stage over there with Statler and Waldorf. I I appreciate not that. Yeah.

Scott Cohen: I I make favorites.

LB Blair: Those are

Scott Cohen: my favorite

LB Blair: 2 Muppets.

Scott Cohen: Oh, yeah. Oh, yeah. Alright. Well, when we had you on the show originally, the Yahoo goal changes were, I mean, literally just rolling out. We’re at this the time of this recording, we’re solid, what, 6, 8 months into this whole thing.

What are the biggest changes you’re seeing?

LB Blair: Yeah. It’s yeah. Honestly, lots of changes. Lots of changes kind of flying around across all vectors, and that, you know, as far I think the biggest thing comes from the fact they decomplicated the spam filter logic around authentication. So it’s now it’s a lot more, like, pass fail.

Whereas in the past, I wanna say back in, like, 2018, 2019, even on up through 2020 and 2021, I saw Google inboxing emails that were failing every single authentication parameter, like, sometimes because they would rely on their intelligence. They would rely on their, like, superior intelligence there. And I’m not saying they’re not still doing that, but I think they’ve essentially refocused a lot of that onto, I I think they’ve refocused a lot of that onto probably content filtering. Because, you know, at first, all the other mailbox providers that came out back in the day, they were a lot more IP focused. Then it got way too easy to get new IPs.

So Google comes along and they start a domain based filtering model. Well, now I think we’re having to see an evolution because people have gotten really good at swapping around domains and warming them up. And now they’re but they’re still sending the same or essentially similar to the same content for the same purpose. So I think we’re seeing a much greater focus on that, as well as just security in general, I think is is another big one. I I’ve seen Google really clamp down there.

I think the other massive, change that we’ve seen is more transparency from Google, actually. A lot more transparency around the spam complaint rate. Because basically what they said, early on in one of the first webinars where, you know, Google and Yahoo, product managers were present, they said that around the spam filtering, it’s really not a change in the filtering logic. It’s just them, like, actually letting us know what the limits are. Like, it’s it’s really they haven’t changed Google at least said that they have not changed the logic around there.

It’s really just being more transparent about that. And I you know, here’s something. If you’re you know, I I will die on this hill. If you send email commercially to consumer recipients, Google is probably 70, 60, 70, 80 percent of your list. Maybe maybe only 45, 50, depends on what verticals you’re in.

But, absolutely go sign up for Google Postmaster Tools because now they’ve added a new dashboard. They’ve added a compliance dashboard that actually gives you a super convenient readout directly from Google telling you whether or not you’re compliant and where you’re failing compliance. And they’ve rolled out a new spam, dashboard, a spam rate dashboard that is much more granular. It honestly, I’m way too excited about this, but they added another decimal point, to the data. So now I can see if somebody has like a 0.12 or a 0.17 complaint rate.

I mean, because that’s you know, you need that kind of granularity because most of the top brands out there, they honestly have much lower complaint rates than 1 at 1 person in a 1000 complaining. Like, it’s often really low, like more in 10,000. And I think just having that little, especially for our super senders, I think this new dashboard is much more usable and they they’ve actually put like, hey, here’s like the threshold. Here’s the first threshold, the 0.1%, and here’s where you are. Here’s the 0.3, you know, percent threshold and where you are.

And then it’s got it, you know, kind of graphed out and shows where you’re falling out of compliance.

Scott Cohen: So they’re still not giving you those whole feedback loops. But No.

LB Blair: And

Scott Cohen: They they probably never will. But No.

LB Blair: They absolutely not. Yeah.

Scott Cohen: They they absolutely

Garin Hobbs: give away the secret sauce.

Scott Cohen: No. No. But it’s kinda like I mean, Costco just started scanning memberships at the front door now.

LB Blair: Yeah. No. I heard about that.

Scott Cohen: I went in yeah. I went in 2 weeks ago. I’m like, woah. They’re really clamping down, and it’s like Gmail is doing the same thing. They’re the American Airlines.

Yeah. Yeah. What I’ll say is Google heard about that one too.

LB Blair: Them cracking down on people boarding early or whatever. Is that why I was reading You nailed it. About okay.

Scott Cohen: You nailed it.

LB Blair: Yeah. I keep up with

Scott Cohen: the news. They’ve

Garin Hobbs: now added they’ve now added humili public humiliation to, their in flight benefits. Yeah. So

LB Blair: Yay. Fantastic. If someone is with an invisible injury, I absolutely hate that. So thank you. No.

I it’s okay. I fly Delta. I’ll go on record with that. I’m in Atlanta. I fly Delta.

Delta, I love you. Please

Garin Hobbs: never mind.

Scott Cohen: Salt Lake. Salt Lake, Delta. I mean, come on. Yeah.

LB Blair: Yeah. Yeah. And, you know, the big thing I’ll see is Google. It’s a matter of policy and privacy as far as revealing, the individual complaints. And I think alluding to what Yaron said, it’s not as much about not giving up the secret sauce or it is a bit a bit about that in that they don’t they have the data.

They’re the only ones that have the data. It you know, so on on what who the actual complainants are. But I will say, you know, if folks need help, if you’re a super sender, if you need help with feedback ID strategy for Google, or if you’re an ESP and you need help with that, I’ve helped numerous, numerous ESPs implement that so that their feedback ID header actually does get them more granular information. And that’s something I think a lot of people are not taking not taking advantage of.

Garin Hobbs: Abhi, I wanna take a step back here and kind of unpack something, dive a little bit deeper on on a statement you made earlier. You know, Gmail, Google specifically, Gmail, about 70 to 80% of the market, in terms of, you know, privately owned inboxes. So that totally makes sense. With them being the largest inbox provider by representation, at least here in the states, right, which of all of these policies have you seen have the biggest impact? Because we certainly have seen echoes beyond just Gmail themselves.

They tend to sort of lead the pack, sort of be the standard bearer, so to speak, or the the torch bearers. And we’re seeing a lot of other folks follow suit. We’ve seen a lot of changes. Out of all of the changes we’ve seen this year, which of these do you think have had the biggest impact with regards to, right, intent of the policy to begin with?

LB Blair: I I think it’s definitely the move towards no auth, no entry as, like, Laura Atkins called it, back at the deliverability summit. So I I think that’s a big one. The move toward no auth, no entry. I mean, really just you need to assert who you are as a sender. You need to firmly identify and claim your traffic.

And I think that has allowed the Google to focus more on content filtering. So I have seen content filtering at Google get really tight. If you’re still sending I have plenty of folks that were sending emails that were majority image. I know we’ve been saying for years not to do this. But I mean, I always would rely on the inbox placement results and go, hey.

As long as inbox placement and open rates say it’s fine, it’s fine. It’s not fine anymore. I can definitely tell you that unless your reputation is just sterling a plus plus credit at, like, Google. You’re gonna have a hard time with that because I have plenty of folks that were bopping along. No problems.

And then we started seeing emails with really large images, start going to spam. Like, you know, I would I definitely think that some of the recommendations as far as image to text ratio, image or HTML to image ratio, I think some of those are kind of out of date that we’ve been passing around for a while. Because I I’ve seen you can get away with a much crazier ratio than, like, I’ve heard, like, 30, 70 or something like that. It’s not that narrow, but I will say I’ve seen an increased focus on image weight to HTML file weight. I’ve seen that.

I’ve seen absolutely don’t have any insecure elements. I’ll get into that more. I know we’re gonna dabble into cyber a little bit because I’ve seen some weird stuff, honestly. Some counterintuitive things, but I I would say the content filtering, losslessly compress your images, people, please. Like, just get get a tool out there and compress it.

And if you compress a file twice, it doesn’t matter. It just won’t compress again or it won’t compress very much. You’re not gonna hurt it. If you use lossless image compression, it’s gonna make them nice and lightweight. And I think we can borrow from how Google looks at SEO.

If you look at their they have, like, a site evaluation tool. I think it’s a page speed dot dev or something like that. But they look at how fast things load. They do that for email too. Absolutely.

They do I absolutely I think they do that for email. So if your images are loading really slowly, a, you’re probably gonna have engagement problems because I think we all know that in the age of TikTok, and who here remembers Vine, That that was a thing for 6 seconds like, you know, several years ago.

Scott Cohen: Yeah. That’s a nice, you know, callback 6 seconds.

LB Blair: Yeah. Yeah. Yeah. But you know, as short as attention spans are, if your hero image doesn’t load, how long do you think somebody’s gonna sit there waiting for it to load? And you gotta realize most people are gonna be mobile first.

So it needs to load on all kinds of image, all kinds of connections. So one thing I would say that one one new thing, that I’ve seen Google doing is not loading images for emails they put in the inbox like the first time a new sender reaches out to a recipient. They’ve been putting this banner across the top that’s like, we didn’t load images, because you know, I’m trying to remember if they say there’s we’re suspicious this could be spam, but they put it in your inbox anyway. But there’s and there’s 2 button options to click. There’s a big one that says load images or report as spam.

And they’re kind of calling out for users when, like, the first time they see from a recipient or a new sender. Sorry. Not recipient. The first time a new recipient sees a send from a new sender, especially, like, newer domains, this is with or newer content profiles. This is what we’re starting to see, is that banner.

So, you know, you you might expect your spam complaint rate to go up if you’re launching any new domains or initiatives or anything like that.

Scott Cohen: It seems like all of the best practices kinda fit together. Right? We’ve been yelling about don’t do all image emails for years for because alt text has limitations, so you can’t deliver a whole

LB Blair: Yeah.

Scott Cohen: A whole email in that or you have to slice and dice an email. Call back to our accessibility episode with Sarah Gallardo. And the accessibility piece, obviously, dark mode scaling down for mobile. Right? And if you have a lot of content, it just gets really, really small when it scales down.

So there’s there’s a lot of pieces there, but then we have the content filtering side as well. And, I mean, let me ask, on content filtering, do spam words still exist?

LB Blair: Honestly, I will go against the grain and say yes. I will say yes. They do. However, not Is it

Garin Hobbs: a weight of consideration given to them as lessons?

LB Blair: It it it depends. I I think they’re far and few between. It’s much more about content fingerprinting, but I actually don’t think spammy keywords are dead. Especially, I would say more at Hotmail. That’s where I see that mattering.

They really, really don’t like all caps. And I will say, Scott, I wanna touch back on something you just said. I need everybody to take a second and put your tinfoil hat on. For you mentioned alt text, which I meant to say that is another big thing I’m seeing in content filtering, Not having alt text on everything but the tracking pixel is a killer. And also, it’s a missed opportunity.

Because even if you have to do say let’s say you’re under production deadlines. This is your process. You can’t change things overnight with email production. Totally understand that. Add very verbose alt text because think about it.

This is incredibly well structured data for Google to consume for their AI models. And, like, if I feel like senders are getting punished for not feeding the AI algorithm. I feel like they’re getting punished now for not feeding the training dataset. And it’s an opportunity if you put a nice verbose alt text there. It also bumps your code to image ratio.

But, yeah, I’ve seen a massively increased focus on, alt text as well. Yeah. And it it should be descriptive. Don’t it shouldn’t just be logo dot PNG. If it’s the logo for inbox army, it should be, you know, inbox army logo, you know, and then maybe even describe a little bit.

You know, it’s a green email envelope that says inbox army and white text. Like, get get a little verbose and honestly use AI. Use AI. AI. How would you describe this image?

Okay. Boom. That looks good. That’s my alt text. Keep it moving.

But feed feed yeah. You you’ve definitely got

Scott Cohen: to feed the beast.

LB Blair: Yeah. You gotta feed the the AI has an all consuming, desire for data and processing power. And I think we’re seeing the impacts of that. I think that might be part of why we’re seeing some of the squeeze because Google historically has not bounced a lot of mail. And there are also 2 other key policy changes that I wanted that are not related to the authentication and sender requirements.

There are 2 other policy changes they made that we’ve seen really affecting senders. One of them was at the beginning of the year, a policy Google had had on the books for a long time was, bouncing emails from senders whose Google Workspace Google, like, workspace account or was full. Like and not just I mean, all free mail or paid mail. Like, they had a policy of bouncing it, but they weren’t actually enforcing it until they started, I think, in, like, January or maybe February of this year. So we saw an elevation in we’ve seen an elevation in bounce rates from Google when historically they bounced very, very little, like, 0.1%, maybe 0.01%.

And then also, another policy change that they just made is, oh, actually, I got that backwards. But if your storage is full, that’s the one they just rolled out. So a lot of people right now, a few months I mean, just rolled out in the last 2 or 3 months since since the last time we talked. They rolled out the change where if your storage is full I forgot. The one that they rolled out earlier this year is if you have not logged in to the Google ecosystem on a particular account in 2 years, they actually started enforcing, okay, we’re gonna reject that mail too and say this account is inactive.

Garin Hobbs: We’ve seen

LB Blair: That would

Scott Cohen: make sense.

LB Blair: Yeah. So we’ve we’ve and both of those were policies they had on the books, but they just weren’t actually enforcing them. And now they’ve gone, okay, we’re actually going to enforce this. So I think, yeah, it’s the year of, like, enforcing enforcing policies you have on the books.

Scott Cohen: Are they doing I was gonna say on the Google side, I know Yahoo is doing that with, like, if they hadn’t logged logged in 6 months, they make it inactive for the user, but keep it around for traps. Are we seeing Google doing something similar? I mean, it’s I have to say it’s really hard to not log in to the Google ecosystem at all on an account. So, I mean, it’s not that hard to enforce because it’s in 2 years, even accidentally logging into something, like, it’s it’s pretty hard to do. But I I’m curious if we’re seeing an uptick if you’re seeing an uptick on the trap network because of that enforcement.

LB Blair: So Google’s as far I I do not I’m

Scott Cohen: sure they’re super mum about it. But yeah.

LB Blair: Yeah. I I will say I I have never, like yeah. As far as Google’s own trap network, I would say it’s way too good at hiding itself. I can’t say I’ve I can’t I can’t even say that it exists for sure. I’m going to assume that it probably does.

I’m going to assume it probably does. But I’m just saying, like, Google Google’s own traps. I would man, I’ll give anybody a crispy, Benjamin that can prove to me definitively they found a Google trap. But what first first one offer only. One offer Oh.

Here folks, folks.

Scott Cohen: First folks. This is gonna be how we promote this episode. Chris Chris be Benjamin for the someone who can prove they found a Gmail trap.

LB Blair: Yeah. Yeah. One of Gmail’s own traps. Not like it can’t be on somebody else’s trap network. It’s gotta be a Gmail.

And that that’s probably impossible to prove. I don’t know. But I think it’s gonna be. Yeah. I think certainly.

Probably. Yes. We’re gonna see some of those reclaimed as traps. So it this is why email hygiene is more important than ever. With Google enforcing these two key policies and there being more invalid mailboxes at Google, I think that email hygiene has become more important than ever.

Because I I have a client recently that they’re like, yo, we just found this list that was just collecting, and we were never emailing them. Like, can we email them? I’m like, well, yes. You can technically do whatever you want with email. The technology will allow you.

The question is, is it a good idea? And the answer is maybe. It it depends. That’s what every good deliverability consultant worth their salt will tell you. It depends.

And it’s but I would say, you know, in that instance, if you haven’t emailed somebody for, you know, 30, 60, 90 days or more, you definitely need to run that address through hygiene if you want to try to email it. Because Google is bouncing and locking down a lot more accounts these days.

Garin Hobbs: And, you know, I we’re talking about a lot of complex and sort of heady topics, throughout this discussion. So just to take a quick step back for those folks who may have only begun dabbling in deliverability, Could you mind taking a moment just explaining the difference between a pristine and a recycled spam trap and how folks might unwittingly find, the latter on their list? The first one, I have no forgiveness for for pristine. But for recycled, yeah, let’s let’s I’d love to

LB Blair: I’ll say that I actually have a little forgiveness for the pristine because, so, because of what what I what I will I will get to later. But, yes, spam traps are just email inboxes that sit out there and report back to a service. So we know, you know, most of the mailbox providers have their own traps, and there’s not really a way for you to know which addresses are traps. Then you’ve got the various block lists out there and spam trap aggregators. And these are just mailboxes that sit there and receive mail and snitch on you, is the way a lot of people look at it.

But but that’s basically they monitor. So a a pristine trap is one that was only ever created as a spam trap. I will say you can get into some gray areas about what’s a pristine trap and what’s a typo trap because it’s like, alright. How many characters do I have to typo before it’s a pristine? I will say one that cracked us up the other day as we saw someone representing a gmail.coma address, and I was like, oh, yeah.

Yeah. That’s awesome. So Love it. And, you know, honestly, the part about that that breaks my heart is every time I see one of those, I look at it and go, that could have been a valid submit. But now you don’t actually have permission to send to that address because you didn’t have point of collection validation on your web form to, like, give the user an opportunity to correct it.

So they’re just sitting there going, I never got the email that I asked brand a for. I guess they just don’t have it together. And they move on or if they even think about it that long. Right? So the other thing I’ll say is Pristine Trap is 1 yeah.

That was only ever created though. I have seen some evidence of possibly some red teaming going on, which red teaming in cybersecurity is offensive cyber. As far as web forms being compromised. At least I I seen a couple instances where I’m pretty sure traps got in that way. I don’t know who might have been doing the red teaming.

But, yeah. Which is another thing. I think that’s, you know, basically, as a sender, it is on you to secure your email intake infrastructure. That is how the mailbox providers look at it. They look at it as, yo, this is our sandbox.

We let you play here if we decide if when we want to. And if we don’t like what you’re doing, we’re gonna say you can’t play here no more. And that’s, you know, I think that’s a lot of what we’re seeing, with the changes with authentication, getting the content together, all that good stuff.

Garin Hobbs: I actually appreciate that. You know, Scott kind of touched on the topic earlier. What we’ve really seen, I think, is the shift from what historically had been recommended best practices into now becoming sort of codified requirements. Right? It’s one of those things where very few of us actually switch altruistically.

Many of us sort of change our behaviors only at that point in space and time where we’re absolutely compelled or required to. Right? So whether they got there on their own, whether they got there by being sort of gently nudged by the rules, I’m really happy to see this shift that’s really forcing people to adopt more of these best practices and really elevate, the purpose of their email programs. Right? The reason I chose that word elevate is I feel like a lot of these policy changes have really forced a lot of brands or senders to become more customer centric rather than brand centric, in the in the, sort of philosophy of approach that they’re taking with their email, if that makes sense.

LB Blair: Oh, yeah. Yeah. That 1000%. I mean, you have to really think about like, does the customer want to receive this? And I think that, you know, does the customer want to receive this?

It does the mailbox provider want to receive it? One thing that I kind of hadn’t talked about as far as, like, content filtering yet and security is, make sure every single link in your email, whether it’s an image hosting link, whether it’s a click tracking link, whether it’s it doesn’t matter what it is, make sure that it’s HTTPS. I actually saw, an example recently where images were actually being hosted HTTPS, But in the inbox test, because the HTML code still had them as HTTP, even though when you click them, it would actually load with TLS encryption. So the connection was encrypted. But, basically, Google was doing the simple logic, it seemed, of just looking for, do I see HTTP colon?

And they saw that and they spammed it. And then we fixed it. It was fine. And it was like, so even though technologically, the images, the links, everything was compliant, on the surface, it didn’t look like it was. And then that caused that caused the deliverability issue.

So, you know, definitely scan through your HTML and make sure everything I mean, honestly, if somebody’s going to spam atgmail, that’s absolutely the first thing I’m checking these days because it’s so easy. I just pull up the code from the inbox test, control f, HTTP colon, boom. I think that’s another really important point is, would it maybe verging more into the cybersecurity side of things? I have a background in computer forensics. I’ve worked with the police software before.

And you have to when you understand how you parse forensically through very large datasets and pull out the meaningful patterns and things, that’s why URLs are so important in email because as far as your hosting and everything, your image links and your your click link, your clickables, your CTAs, all of that is, you know, a, if if a cybersecurity, threat actor is trying to, you know, do anything to you, either it’s a slow sophistication, just social engineering attack. There’s nothing to click in the link. They’re just trying to get you to talk to them and give out details. They might even just be trying to get a sign of life. But if you know one thing, they’re gonna try to get you to click on something that’s malicious.

So, you know, that’s why links get extra scrutiny, but also they’re easy to pattern match with regex, which I think regex is probably I don’t know. I would assume Google’s probably doing some crazy machine learning thing these days, but I don’t know. There’s probably a bit of regex still tangled up in it. And, you know, having that regular pattern of it’s always gotta be HTTP colon, and I know what comes before it after it. I know it’s a single unbroken string.

That makes it a lot easier to pattern match.

Scott Cohen: Sorry to be the acronym, cop. Regex. Please explain.

LB Blair: Oh, gosh. I I promise nobody wants me to. No.

Garin Hobbs: I’m just

LB Blair: kidding. Not even me. Regex is regular expressions. It it’s basically I hesitate to call it a coding language. It’s not really So a lot of time I’ll say this.

If you’ve ever been on somebody’s corporate web form, like b to b web form, and you try to sign up with a Gmail address and it says, uh-uh, you can’t do that. That’s regex because they’re looking for that pattern of atgmail.com. And so we

Garin Hobbs: call that. Yeah. Guess guess we’ll call that syntax protocol, syntax requirement.

LB Blair: Yeah. It’s actually but you can use it

Scott Cohen: Pattern recognition language. Sure. Yeah.

LB Blair: It it’s it honestly, it’s awful to work in. It’s really well, because you have to do it as all one big string. You don’t it’s not like other code where you separate it out into functions to be performant. You have to do it all in one long string. And it’s just this progressive series of adjusting it and testing against all the it’s hideous.

Like, don’t if you don’t have to regex, don’t. But, yeah. It’s but, yeah, if you understand how the technology works and how spam filters are parsing through these incredibly large datasets, you can start to see where some of this logic comes from.

Scott Cohen: But, I’m I’m interpreting this as it’s almost like the the thing where it’s, like, comma save lives. You know? Let’s eat grandma. Let’s eat comma grandma. Get.

Right? Like, you you literally your entire email can be broken by the lack of an s Yeah. In a stream.

LB Blair: Secure. And that what’s an important s that stands for secure.

Scott Cohen: Well, right. But I’m just saying, like, it’s those little things that QA that becomes so important that a lot of people just wanna blast through that you just can’t blast through. Well, let’s dive into the s here. Let’s talk about cybersecurity. You’ve touched on it a bit, but walk us through more of these changes you’re seeing on the cybersecurity front that we as email senders and also recipients should be aware of.

LB Blair: Yeah. Yeah. For sure. I will say the number one as recipients right now, if you have a Gmail address like the vast majority of us do, there is currently an active threat actor that is impersonating Google employees. And this attack is kind of insidious because they’re using it to try to get your but they’re leveraging it across weeks.

It’s not just like they’re trying to talk to you. It’s like, first, they’ll send you an email, then they’ll call you and be like, hey. Just calling about that email I sent you a week ago. And, like, they’re they I mean, incredibly kind of sophisticated between the email and almost like the customer service operations of, you know, their them calling out, reaching people. And a lot of it is due to the data breaches.

I mean, because especially I mean, we’re I feel like we’re hearing about another 100,000,000 record data breach every other day. And you need to understand is a lot of cases, the hackers don’t have all of that. They don’t have that information decrypted or whatever. Like, they have it and it’ll be months later. So, like, UnitedHealthcare finally is just announcing they had, like, I think was about 100,000,000 records breached, you know, and it was like 8 months ago.

And now but we’re only now starting to see threat activity on that dataset. So because it takes a little while sometimes for the hackers to decrypt it, work their way through it, all that good kind of stuff. So I would say that’s a big one for recipients ever more vigilant. But I think the changes we’ve seen in policy as far as going to no auth, no entry, I think that really makes I think that makes the whole ecosystem more secure. And I think that’s why we’re seeing it.

It’s really the point is to squeeze out these malicious actors to basically just not make room for them. Kind of like everybody’s going to shutter and remember the pandemic when I say herd immunity. But, you know, her it’s it’s like herd immunity. The ecosystem is only as safe as its its weakest link because a lot of I mean, 90% you got I I keep citing this statistic, but it’s because it’s just crazy to me, but 90% of all hacking attempts begin with an email. Whether it’s just social engineering, like, hey, I’m a Nigerian prince.

I need help, you know, getting my money or whatever.

Scott Cohen: There’s poor legitimate Nigerian princess out there.

LB Blair: Yeah. So, you know, whether whether it’s that or I I’ve been helping somebody, you know, I helped somebody with a pro bono case recently where cybersecurity where, they they’ve been sent a malicious document. They run an agency. They were sent, hey, look at my creative. It was an effective PDF, that then started wrapping all the links and emails they sent, in an abused redirector URL trying to compromise.

So the thing is you can get you might think I’m not big. I’m not a target. Who are you working with? Because you can become you can end up on a target list just because of a customer that you have that they want to try to crack. And it’s yeah.

It’s honestly, it’s, you know, incredibly complex, but I think this is squeeze I think the cyber the changes for authentication, the changes on, you know, really narrowing down content and everything. Because one thing, honestly, a lot of you know, I think we should you know, I think typos, excessive typos should probably be considered spam words because scammers actually put typos in on purpose because they found there’s a high degree of correlation between people that don’t notice or don’t care about the typos and are and fall for the scams and actually, like, do the ultimate thing that the scammer wants them to do, which is either give them the money, give them the

Scott Cohen: They think the typos make them look real. Right? It’s oh, there’s a human behind it.

Garin Hobbs: It seems to what it seems to me that may be part of it, but it seems what I’m hearing from LB is it’s more of a it’s a way to filter out those folks who are maybe not paying so much cognitive attention. Right? So those folks who don’t notice the typos are likely to not sit there and scrutinize the sender name and

LB Blair: Yeah.

Garin Hobbs: The links and things of that nature as well. Was it was it more in that direction?

LB Blair: Yeah. That’s why I was gonna they they basically found that the type of person that’s cool with the typos or just doesn’t notice them is also more likely to go do the thing. Either click the link, give them the give them the info is mostly like yeah. Is the main thing. And I would say it probably does make it look a little more real.

And honestly, I think at first it wasn’t intentional. I think it was like, this is not my native language, and I’m typing in it. And I’m probably gonna make some typos. But then it became an intentional strategy because they found, ah, well, this seems to work out for us.

Scott Cohen: Yeah.

LB Blair: But yeah, I think as I think senders, you know, one of the things and this is something most of you folks out there, your ESP is handling this for you. But, you know, Google is, you know, requiring TLS encryption. That’s another big one. They’re requiring authenticated received chain mail for forwards to authenticate the forwards. I think I don’t think we see any big changes on that front yet as far as folks that aren’t supporting ARC.

But I would say every ESP I touch, they support it. So it’s not been it’s not been an issue.

Garin Hobbs: You you said a word there that has piqued my curiosity, and that word was yet. Right? So none of us have a crystal ball. If any was any of if any of us were to, it would likely be ULB. So look into whatever whatever your surrogate for crystal ball is.

What would you predict would be the next change in the next potential change in requirement with regard to security, with regard to authentication, with regard to ensuring a customer first, you know, high value engagement type of, restriction or rule? What what what what comes to mind for you?

LB Blair: So this one I heard it hinted at during Mailcamp from one of the postmasters. Basically, I think at some point, there’s gonna be a move toward requiring DMARC policy enforcement. So right now, you just need to have a DMARC record, but it’s fine for the policy to be none. When your policy is set to none, that’s basically you as the brand, the domain owner saying, hey, Google. I’m gonna put this policy on here.

I really just want the reporting information. But I so even if this fails DMARC, I don’t want you to do anything about it. Now whether Google actually listens to that or if they put it in spam, that’s entirely kind of their decision. But at least you’re setting, like, the instruction versus the other two options are quarantine or reject. Quarantine says that, hey.

If it doesn’t pass, I want you to put it in in the spam or quarantine folder. In corporate mail environments, quarantine folders usually like your spam filter, your proof point, or your barracuda, or whatever. We have a folder that that’s even before the mailboxes. Like, that just goes to kind of the spam filter admin, and they’re the only ones that can see it. Versus or the, you know, the spam folder for consumer mailboxes.

But I would say, I think policy enforcement is gonna be the next big one, probably requiring which because there’s BIMI out there, which has really been, you know, not seeing the biggest adoption. I think Google’s also made another change on that front. They’re allowing, CMC certificates instead of VMC, instead of verified mark. I think, the c is certified mark, which basically it just means there’s a little more leeway as far as the exact logo that you have to have trademarked because the trademark is what’s been holding people up. Because I’ve I’ve heard it’s a 12 month or more wait at the US Patent Office, at least.

And that’s been really holding people up with because you got you need that to get the verified mark certificate and you need the verified mark certificate for it to work at Google. But now Google’s rolling out CMC, which is a bit more permissive. You can’t get the blue check mark that says you’re you know, it’s verified, but you do get the logo showing up with just the CMC. I think there’s more coming out on that because the the certificate issuers have to be ready to support that as well. And I know at least one of the 2 that was doing verified mark is I cannot remember which one it is at this point, though.

But, yeah, I think that’s I I think brand identity. Assert your brand identity. Rep your brand identity. Don’t send any emails that you would not be proud to see splashed all over the news or social media. You know, if they, you know, if that were to happen, because basically Google, Yahoo, Microsoft, even all of the mailbox providers are saying, if you’re gonna send mail into our network, you need to firmly identify and claim who you are so that we can filter the mail appropriately.

Scott Cohen: Yeah. Similar with Apple Business Connect. Right? I mean, that’s reasonably new, but now they’re, like I mean, some are calling I think Al Iverson called it. Is it the bit me of Apple?

And it kind of is, and it kind of isn’t. But, I mean I mean, the more you can prove it’s you and actually you, the better. Right?

LB Blair: 1000%. 1000%. And I mean, they we had this in the past, and it’s similar to, like, Google Business Pages, Yahoo Business Pages. BIMI, I think, is the ultimate answer just because it’s it’s port it’s portable. It works across the variety of mailbox providers.

Ideally, it can work across all of them versus, like, as a brand, it’s a real pain to have to go, okay. I gotta set up a Google business page, a Yahoo business page, Apple. You know, it it really Bimini already solves for this problem. I don’t really know why we reinvented the wheel there, but, I’m gonna guess, advertising dollars is the answer. Just just gonna go out on a limb here.

Scott Cohen: It’s always dollar bills.

LB Blair: Yeah. Yeah. But I I think it’s yeah. You you have to assert your identity, and I think Google has basically just tried to d Google and Yahoo tried to decomplexify that part of the filtering spam filtering algorithms. Decomplexify, the word of the day.

I don’t think it’s a real word, but I love making up words.

Garin Hobbs: It is now. It’s it’s a

Scott Cohen: it’s a complex word for

Garin Hobbs: It’s it’s out there.

Scott Cohen: Decomplexify simplify could’ve worked too. That’s okay.

LB Blair: That is probably the yeah. You know what? That’s that’s a good that’s a better word. That’s a gooder word.

Garin Hobbs: Gooder.

LB Blair: Yeah.

Garin Hobbs: We could probably stay on these topics forever. I I Yeah.

Scott Cohen: And I

Garin Hobbs: know we’re running out of time. So I I do wanna take a a small tangent here. I wanna kinda jerk the wheel a little bit to the left and head us down the dark and seedy alley of cold email. You know, Scott and I spent some time at a at a b to b marketing show. That’s a whole other podcast.

At a b to b marketing show a couple of weeks ago, and it was stunning. Disappointing, but stunning how many people not just want to, but insist on purchasing data and just start cold emailing people. Right? I want the sound bite here, LB, especially in the year of deliverability. Why is doing cold email, especially now, just a terrible, no good, very bad idea?

LB Blair: I mean, it’s it’s too easy to identify. I mean, it’s a bad idea and I can prove it mathematically. Because if you look at the interest, the people selling you the list, they always have the interest of bulking up the list as big as possible because they are, you know, nominally charging you for the volume of contacts you could potentially reach in one way or another. So that means they have the opposite of the incentive to hygiene the list. I literally had a customer back when I was working for a B2B ESP that the conference they had attended offered selling the list.

It looked like a great deal. It was tons of addresses, tons and tons. Turns out it was every address they’d ever collected from this 10 year running conference. 50% of them bounced on the 1st send because b to b email addresses age. That’s the other thing is b to b emails.

I mean, this was years ago, and I think people since the great resignation and, you know, millennials and and Gen z, we love the job hop. I, you know, I think the turnover rates probably gotten more, but I know even, you know, 6, 10 years ago, it was like 20% of your b to b list is gonna go bad just due to turnover people changing jobs. I think it’s probably more now. Why would you buy an asset 30% or more of it’s gonna rot away? And I mean, the other thing is you’ve got to understand the people who I talked earlier about spam trap aggregators.

These are people all they do is manage networks and spam traps. They know where you buy your lists. They know where the people that put your bot list together get their email addresses from. I once found a LinkedIn email would I found a LinkedIn page, and the email was, like, published on the page. Like, literally, I just took one of the addresses and searched it that that I thought was a probable trap on a block list and searched it.

And it was like, the email address is publicly available. That’s a bad sign. Most people don’t put their email address out there. Like, if it’s if it sounds too good to be true, it probably is. And that’s, you know, really, I would say here’s the bigger sound bite.

Cold email is not a substitute for building a brand. And if you want to build a brand, that’s a long term activity. That’s a long term business investment. Cold email is always and only inherently ever going to be a short game activity. There’s no way you’re gonna build a sustainable business.

If you’re always, always, always playing the short game, like you’re never gonna build something lasting. So, you know, it really comes down to, okay, you’re only playing the short game. And if, you know, if your business is only ever playing the short game, you’re not building a brand identity, you’re not building loyalty and following among folks, like, how are at what point are you where are you fundamentally indistinguishable from a scam? Yeah.

Garin Hobbs: It’s it’s Groundhog’s Day. It puts you in that infinity loop. Right? You always end up right back where you started, having to do the same thing over again, over again, over again. And, yeah, you’re better off, what, to your point, playing the long game.

Right? It’s it’s it’s one of those things where it it’s it’s the tortoise and the hare. Right? And we all remember who won that race. Right?

It’s Yeah. You’re either yeah. You’re building for the long term.

LB Blair: Exactly. Exactly. And it’s like, that’s I think the big thing I think the big, big thing that ties this in with, you know, the Yahoo changes and everything is folks, the anybody who’s and the reason I can prove this mathematically, Google, Yahoo, Hotmail, Microsoft, the spam filters, Barracuda Proofpoint, Mimecast to the world. They don’t have to make it impossible for you to ever get past their system. They just have to make it enough friction to be unprofitable.

That’s all they’ve gotta do. They just gotta make it more trouble than it’s worth. And I swear, cold email must be like heroin. I mean, honestly, because people are always like and, you know, because the results they I’ve had numerous and this is for years ever since I’ve been a little baby consultant out on Upwork back in, like, 2018, 2019. And, like, people, you know, would come to me and they’d be like, oh, but it was working so great.

6 months ago, 9 months ago, 12, 18 months ago. And I’m like, how many more months worth of data points of it not working do you need before you’re going to accept it’s not working?

Scott Cohen: Well and what’s the definition of working too? Right? I mean, it’s always it’s a percentage game. Right? So it’s like, oh, it was working 1% of the time last time.

LB Blair: Yeah.

Scott Cohen: And you go, okay. But now it’s working half a percent, but it was still only working 1% at a time. And and and cold cold cold email to me is a retail game. Right? You have to go 1 to 1.

You have to like, it can’t be done at scale.

LB Blair: It no. It can’t. And that’s that’s entirely that’s entirely I think we are seeing that because I wanna say probably close to 20 or 24 months ago now, I started getting hit up a lot on my Upwork from folks that do, like, affiliate marketing, which I don’t really work with. Not super I don’t know a lot about it, like, to be really honest. And I don’t think I’ve ever seen it work well.

Now that’s probably because I am like the, you know, the plumber of the inner tubes, of email deliverability. So people only call me when their toilet’s clogged. But but it’s it’s really like I’ve never seen it. I’ve never seen it work well. And it’s like once it goes off the cliff, it’s not coming back.

That’s the thing I think people don’t get is with this forced identity resolution through authentication, through publishing DNS records on your domain, and that that the authentication passing, it means if email’s on your domain, it came from you and they’re gonna hold you responsible for it. I think that’s probably the big change Is if it comes from your domain and it’s fully authenticated, they’re gonna hold you responsible for it. And, yeah, it’s just that’s the that’s the biggest thing is, like, the economics of cold email are never gonna be viable long term. They’re never gonna scale you beyond certain point. And I think that’s it.

It might work in the really early days of a business, but you’ve also I mean, to me, the thing I look at is, like, investing. Right? It’s like you’re spending some amount to acquire these contacts. So if email if cold email is far and away cheaper than everything else, you have to ask yourself, why is that? Like, why is this why is this so much cheaper?

It’s either you’re not investing enough in your marketing budget period. Or if you’re investing it all in cold email and you’re investing what you would invest across all these other marketing products, you’re you’re not diversifying your investments, and that’s a horrible investment strategy. That’s just just basic advice.

Scott Cohen: And you get what you pay for. Right? I mean, the the I always see the things of the the value of an average email address is, like, a $165 or something like that. It it varies, but it’s always a 3 digit number. And then I go so when somebody comes to me and says, here’s a a list of 500,000 people for $500.

Just do the math, guys. Just do the math. It doesn’t it doesn’t add up. So if if there’s a reason it’s cheap, there’s a reason it’s cheap, and you’re not gonna get the ROI. And the damage downstream, we didn’t even talk about that.

LB Blair: Yeah.

Scott Cohen: But the damage downstream to the people that do sign up through ads, that do sign up through purchases, things like that, is so They don’t get it. Correct. So that’s the piece that is under like, not fully understood. It’s like, well, I’ll just do this over here. No.

It follows you. We’ll just do 50 domains. Oh, you’re a spammer. Got it. Okay.

It’ll follow you.

LB Blair: Yeah. And Google I mean, that’s the Google can identify that. They can do that pattern matching. I I yeah. I had somebody that came to me years ago.

They were it was kind of crazy to me because, like, they had a huge support contract with a multinational company, like big premier. And they were doing any advertising around that. And it’s a they were just sending cold emails, and they wrecked their dotcom. They wrecked their dot net. They wrecked their dotio, their dotco.

And it was like every time it happened faster. They’re like, well, we went along. We were fine with this domain for a long and it’s yeah. That’s it. That’s what we’re seeing.

Google is requiring Yahoo. Every the ecosystem is requiring folks to authenticate their mail and claim it so that they can say, okay. Yeah. I can identify you and I don’t like this. Down vote.

But, yeah, the downstream. Yeah. I mean, I I think that the downstream you’re you’re a 1000% right. It’s like if you’re only ever playing the short game, you’re you’re gonna end up damaging yourself damaging your sender reputation so that you you’re never gonna get to the long game. You’re never gonna get to lasting growth or sustainable growth.

Scott Cohen: Well, that’s about as good of a place as we can stop because we could go for another hour and yeah. It’s well, you know, as I mean, I I feel like this is not the end. Right? I feel like there Yeah. There’s a little bit of me that thinks BIMI may not be a requirement yet, but it’s gonna maybe there’s a fast lane component of, like, you have BIMI.

You’re gonna get easily more easily. Like, they’re just gonna add to your point.

LB Blair: Yeah.

Scott Cohen: They’re adding friction increasingly every year. Right? They’re adding friction, and it’s given I mean, didn’t you say the last time you hear that, like, 99% of email traffic gets blocked or something like that?

LB Blair: Yeah.

Scott Cohen: And you so you sit there and go, the amount of email you get in that 1%, just imagine that was a 100 times worse. Like, it’s just crazy. I think

LB Blair: I think you have an excellent honestly, like, this will tie it off with a holiday season theme. I think you have a really excellent point there about BIMI kind of it’s not gonna I don’t think it’ll ever be a hard requirement, but it could de facto become required in that it’s always a competition for attention. That’s all of marketing. And inbox is no different. So if you think about it, this holiday season, everybody’s getting just a deluge of email, a flurry of emails.

I gotta say deluge down here in Georgia. We don’t really get snow flurry. We don’t really know what snow is down here, except it means we need to go to the grocery store and buy all the milk and eggs and bread for some reason. Gotta make French toast. I don’t know.

But it’s really, but it’s really, you know nope. My brain lost his train

Garin Hobbs: of thought.

LB Blair: We’re gonna throw you all on.

Scott Cohen: We got lost in milk and eggs.

LB Blair: It definitely I was like, I should probably

Scott Cohen: French toast. French toast.

LB Blair: Wonder what Waffle House is doing right now.

Scott Cohen: The Waffle House index is real, people. The Waffle House index is real.

LB Blair: It’s so, so real. But, yeah, I mean, the big thing is, yeah, you’ve got to do it right. And they’re the walls are coming. But yeah, what I was gonna say is it’s de facto but going to come a requirement just because there’s so much competition for the inbox. And it’s like that’s that icon, the blue check mark that’s gonna stand out.

And you’ve just got to ask yourself, how much is my Gmail audience worth? Well, the answer is probably 50 to 70 percent of your email program. So whatever your email program is making the company, which generally for most of my ecoms was about a third of the revenue was attributable to email. I mean, you gotta you do that math. It’s a lot.

Scott Cohen: Yeah. Yeah. A lot of

Garin Hobbs: people selling blue check marks these days. I’m in the wrong way.

LB Blair: Yeah. Right. Right. I didn’t think Google sells it. They’re the Google’s not even selling it.

They you have to buy something

Scott Cohen: Elon does. Elon. I was I I I wasn’t gonna drop. Yeah, I wasn’t gonna drop the the the Elon. He doesn’t need pre advertisement

Garin Hobbs: in the last. Yes.

Scott Cohen: He doesn’t.

LB Blair: Tumblr will Tumblr will sell you as many check marks as you want in a variety of colors.

Scott Cohen: Yes. Love the Well, LB, this has this has been great. We’ll have you back in probably another 6 months or so as this keeps going because it’s gonna like I said, the they they keep moving the goalposts, so we’re gonna have to keep talking about it. And it’s Yeah. It is ultimately a good thing.

Right? It’s it’s a pain for the people who aren’t doing it right. But for the people that are, it’s a good thing.

LB Blair: Well, in all of us, I would say before we were email marketers, we were emailed users, email recipients. And the big thing that they’re trying to do, that 90% of all cyber attacks start with the email statistic, They’re

Garin Hobbs: trying

LB Blair: to squeeze that out. They’re trying to make the entire ecosystem safer for all of us. So I think that’s really, you know, that’s really what we have to look at. It is you know, it’s really trying to make the Internet as a whole safer. And how can we do that without putting undue burden on businesses, which is why I think they held off so long for this.

I think it’s kind of another one of those policies that they, you know, had for a while but didn’t start enforcing. And then they decided to be really transparent and explicit about it, and they’ve rolled out some new tools. And I think there are even more tools coming, more enhancements to Google postmaster tools. Shout out to that. Set it up now if you don’t already have it.

Scott Cohen: I just love just just more more data is always good. Alright. Elby, where can people find out more about you and Email Industries?

LB Blair: Yeah. You can check out our website, email industries.com. We have all kinds of adorable animals on there, including my favorite, the Quoca. We, we yeah. You can find me and Email Industries on LinkedIn.

Just either search for me. I’m there as Lori Beth Blair. I’m because LinkedIn requires my legal name, but only call me that if you’re my mama. And my mama ain’t on LinkedIn, so everybody else can call me Elvie. So, yeah, just find me there on LinkedIn.

And also we’ve got lots of great posts popping, lots of good pro tips, regarding the holiday season. Remember, it’s gonna be really compressed this year. As somebody pointed out to me, Cyber Monday is on the 1st Monday of December. So Yeah. The date between that and when it’s time the last available day to ship for ecommerce is for guaranteed Christmas delivery, they’re gonna be a really compressed window this year.

So

Scott Cohen: Real tight. Real tight. That’s that’s why we’re seeing ads in October.

LB Blair: Yeah. Yeah. Awesome.

Scott Cohen: Thank you. Yeah. Thank you so much for joining us again, LB. Thanks to you, our listeners and viewers, for tuning in. Check us out.

Inbox army.com, if you wanna learn more about us. Till next time. Be safe and be well. Cheers.