Jump to content
Sign in to follow this  
mabraham77

Email Verification Software and Blacklisting

Recommended Posts

Hello,

I've been asked by my company's management to find a way to verify that the e-mail addresses we have in our customer service database are valid. This is quite a high number of addresses that we've accumulated over the years. It would not make sense to send individual e-mails to such a high number (thousands) of recipients. As a result, I've been looking into e-mail verification software like the ones found here:

http://www.deskshare.com/sev.aspx

http://www.nehuenmultimedia.com.ar/html/evalidate.html

My fear in using something like this is my company being blacklisted as a spammer. Can anyone tell me conclusively if using software like this would/could result in blacklisting?

This software apparently does not send e-mails to the addresses, but queries the SMTP server instead to determine authenticity. On the surface, this seems unintrusive enough, but I am not knowledgeable enough to make that assumption.

Please help.

Thanks!

Share this post


Link to post
Share on other sites
My fear in using something like this is my company being blacklisted as a spammer. Can anyone tell me conclusively if using software like this would/could result in blacklisting?

This software apparently does not send e-mails to the addresses, but queries the SMTP server instead to determine authenticity. On the surface, this seems unintrusive enough, but I am not knowledgeable enough to make that assumption.

There is data here in the SpamCop FAQ, the Wiki, and even the Original/Official FAQ on how the SpamCopDNSBL works. Your suggested definition of how these tools work does not fit into that mode.

In the other hand, seeing a bunch of "probes" trying to 'discover' good/bad addreses could/would be seen as a probable hacking attempt by most servers these days.

Share this post


Link to post
Share on other sites

If these addresses have never been validated using a

"You have subscribed to our mailing list, however, you must validate your email address before you start to receive our emails. Click on this [unique link] to validate your address."

type of email, then I would strongly suggest doing so. It is unlikely that those types of emails will be reported as spam, and I believe if they ARE reported as spam to spamcop, you can report it to the deputies and have them take action against the reporting account, as validation emails are not reportable.

The problem with "probing" SMTP servers, is that it is not 100% accurate. While some will reject messages immediately following the "rcpt to:" command, others will not issue a reject until after the message has been sent. Some will even accept message to an invalid email address and then either discard it, or issue a post-facto NDR (considered very bad SMTP behavior, but still in common practice many places).

Remember, just because you HAVE the email addresses, that does not automatically give you the right to send them unwanted spam.

Share this post


Link to post
Share on other sites

Thanks for the suggestions/thoughts thus far. I just found something on one of the software companies' support forums to the same question I posed here. Here's what their response was:

If used appropriately, <software name>, will not put you in any spam list. I'll try to explain, how we are avoiding spam list.

First, we provide the HELO string. This provides the correct IP and e-mail, improving better lookup and accuracy.

By default, <software name> does a syntax and domain level verification. If you use the default, this will never generate any kind of black listing.

If you change the default to do SMTP verification then <software name> uses the VRFY (verify) SMTP command to lookup the mailbox. This command is the legal way of checking if a mailbox exists or not. Many SMTP servers, who do not want you to respond to a VRFY command, will simply state that the command is not implemented.

In this case, you can choose to use <software name>'s "Forced SMTP Verification" option. This type of forced verification option, which is used by other e-mail verifiers as the default, may be thought of as spam by some SMTP servers. <software name> gives you more options and lets you decide your own level of e-mail verification.

I replaced the application's name with "<software name>." What are your thoughts on their response?

Thanks.

Share this post


Link to post
Share on other sites
What are your thoughts on their response?

Saying the same thing that I and Telarin already suggested/stated.

Some places won't offer real results, others will see the probing as an "attack" ...

Share this post


Link to post
Share on other sites

Thanks for the suggestions/thoughts thus far. I just found something on one of the software companies' support forums to the same question I posed here. Here's what their response was:

I replaced the application's name with "<software name>." What are your thoughts on their response?

Thanks.

I have not looked at that specific software, but our management is doing something similiar right now on ~700 addresses just provided to us (on paper forms, so we are testing authenticity of the addresses provided). We have suggested the test be run from a seperate IP address from the server just to be safe as this software runs from a workstation.

Share this post


Link to post
Share on other sites
Hello,

I've been asked by my company's management to find a way to verify that the e-mail addresses we have in our customer service database are valid. This is quite a high number of addresses that we've accumulated over the years. It would not make sense to send individual e-mails to such a high number (thousands) of recipients.

<snip>

...First: I appreciate your coming here with this question -- thanks! :) <g>

...Next: IMHO, having accumulated thousands of suspect e-mail addresses is not a good excuse for failing to follow good practice. If you and your company's management wish to be good netizens, then (again, IMHO) they owe it to the rest of us to ensure that the owners of the e-mail addresses to which they are sending e-mails have supplied express consent (a process that should be done periodically, at least annually, in case any e-mail addresses change owners). The only way to do that, AFAIK, is to send probes with unique keys to which they must affirmatively reply in order to receive e-mails from your company. Since it is possible to automate the composing of e-mails, this may not be as infeasible as might appear at first glance ....

...Good luck!

Share this post


Link to post
Share on other sites

Thank you all for your help! You have given me plenty to consider and some good insights on how to go about resolving this problem.

:)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×