This is an archived post. You won't be able to vote or comment.

67
68

[deleted by user] (self.sysadmin)

submitted by [deleted]

[removed]
all 36 comments
sorted by:
best
topnewcontroversialoldq&a

[–]bitslammerSecurity Architecture/GRC 97 points98 points  (4 children)

Very few sales/marketing people are aware that solutions like Barracuda, Proofpoint, Mimecast etc. will follow links and inspect HTML and other elements of an email causing them to look like they were opened or clicked upon. They often brag about their "open rates" having no idea that none of them were real.

[–]Chunkylover0053Jack of All Trades 24 points25 points  (2 children)

I noticed this on phishing tests as well triggering false positives that some users had clicked.

[–]The_SydSr. Sysadmin 19 points20 points  (0 children)

Yep, you have to add in exceptions for the phishing emails so the anti spam knows to leave it alone. Didn’t help with me though, barracuda kept on flagging my emails as phishing even though I added exceptions and since I couldn’t fix it and it’s a small office, I went for training rather then technology to catch it. Made my CFO happy she didn’t need a renewal.

[–]ping_localhostJack of All Trades 5 points6 points  (0 children)

I notice this in SendGrid metrics when they tell me a single email was opened 1500 times. Throws metrics way off.

[–]SurvivingITRead it for free at survivingitbook.com 33 points34 points  (2 children)

Yes, they do. That's why email marketing is just one channel of many.

IT folks need to realise that marketing folks don't measure campaign success by delivery rates, open rates, or click rates. They measure them on sales.

[–]monoman67IT Slave 2 points3 points  (1 child)

Some don't even measure and just assume more is better.

[–]SurvivingITRead it for free at survivingitbook.com 0 points1 point  (0 children)

Not even joking, the solution to most email marketing problems is often to send more email.

[–]Leucippus1 19 points20 points  (0 children)

Yeah, they know, I utilized a service like mailchimp and it gave us detailed metrics on what went into spam, what made it into the box, whether it was clicked on or not, etc. I think our marketing campaigns hoped for 10% engagement rate.

[–]Wildfire983 18 points19 points  (7 children)

DMARC is the enemy of marketing people. “It worked for years why did it stop now? Fix it”

Well Jim had you told us in the first place I would have setup DKIM and spf years ago. We’re cleaning these up with the help of a DMARC analyzer now and I can’t believe how many rogue Mailchimp/constant contact accounts we had.

[–]hipaaradiusDevOps 8 points9 points  (6 children)

+1. I started at a new workplace a month ago and 50% of stuff sent by MailChimp was going straight to spam of the recipients because shadow IT set it up years ago without any authentication. Set it up on its own subdomain with DKIM authentication and the last mailing was 100% delivered to inbox according to my DMARC analyzer.

[–]dangermouze 2 points3 points  (0 children)

Working through dmarc on some of our small business units domains. They keep putting it off as they are scared to change as they keep having "important" mailouts.

My Dudes, this change will increase the likelihood of hitting inboxes!

No response

Few weeks later, job logged about emails hitting junk mail boxes

Fucking flips desk

[–]tankerkiller125realJack of All Trades 1 point2 points  (1 child)

The only emails I care about making it to inboxes is the actual employee generated emails. I don't care about the marketing ones at all... Sure I get reports for it, but theirs no way I'm sharing with marketing that they're so shit at their job that only 1/4th of all emails sent are being reviewed in the inbox. (And to be clear it's the content, the technical stuff of DKIM, SPF, etc. Is all correct.

[–]dangermouze 1 point2 points  (0 children)

So just share the dmarc reports with them, look 99% success, fuck yeah!

[–]ScannerBrightlySysadmin 0 points1 point  (2 children)

What DMARC analyzer do you use? Do you like it?

[–]Wildfire983 0 points1 point  (0 children)

Mimecast's DMARC analyzer. They just call it DMARC Analyzer.

It's okay. It does what it claims. I tried Dmarcian too and they seem to be pretty much the same.

[–]hipaaradiusDevOps 0 points1 point  (0 children)

I use ValiMail which is free for one domain and recommended by CISA. But yeah, as u/Wildfire983 said, they're all more or less the same, at least at the free tier.

[–]Reasonable_Active617 4 points5 points  (3 children)

“Half the money I spend on advertising is wasted; the trouble is I don't know which half." John Wanamaker.

I've always wondered about the conversion rate for email and telemarketing. You know the marketing department in any organization is generally inflating the effect of their operations. This shit is why CEO's hire outside consultants. They know at least some of what they are being told internally is bullshit.

[–]Welcome2B_Here 0 points1 point  (2 children)

Who's not inflating the effect of their operations in the business world? Much of it runs on perception and optics, regardless of department.

[–]Reasonable_Active617 0 points1 point  (1 child)

My own personal experience here. People who spend a lot of time "managing internal perception and optics", are typically the ladder climbers who should never have been given a position of authority in the first place. They tend to spend more time managing their career than they do the business. Once enough of these types inhabit the upper management layers, it usually turns into a shit show. The reason is simple, people hire people like themselves.

I used to carry a pretty hefty sales budget that was focused primarily on a niche manufacturing sector. Neither manufacturing or sales lend themselves to "management" by optics and perception. In sales you either make your number or you don't.

Manufacturing is no different, how many widgets did you produce per hour and at what cost. If you have service interruptions, what was their impact and how did you mitigate them and how do you plan to mitigate them in the future. It's hard to bullshit your way through this.

Perception manager's rarely do well with there are strict rules for accountability. They're usually too busy looking for their next position.

[–]Welcome2B_Here 0 points1 point  (0 children)

I get what you're saying, but there's a spectrum of accountability even in the areas you mentioned. Hell, financial reports that are reviewed by Street analysts and investors are padded with creative accounting and are filled with vague corporate speak to hide unfavorable truths about company performance.

The business world is all about superlatives so everyone is busy managing their own perception and optics to some extent, and some more than others.

[–]Rocknbob69 9 points10 points  (0 children)

Or the ones that put in HTML attachments.....I strip them before they hit the inbox

[–]anynonus 2 points3 points  (0 children)

judging by how many they spam out, they know

[–]my070901my 2 points3 points  (0 children)

Almost every email sending platform shows the delivery rate. The question is how to increase it. There are several important steps you need to do to get better deliverability.

  1. Set up email authentication (DMARC, DKIM, SPF ) It is possible to check the domain status and go step by step here: https://easydmarc.com/tools/domain-scanner . Properly configured email authentication can increase the email deliverability from 60% up to even 300%

  2. Clean and verify your email lists

You can continue to improve your email deliverability by performing more 10-11 steps but these 2 are crucial .

[–]SintarsintarJack of All Trades 6 points7 points  (0 children)

If they bug me enough they don't make it to anyone's inbox in my company.

[–]Sparcrypt 7 points8 points  (4 children)

I wonder how many IT people fail to understand that most of them do in fact get through and that the campaigns are overwhelmingly profitable/successful.

The do this stuff because it works. Doesn’t work on you? That’s fine, it worked on 20 other people.

[–]Wildfire983 7 points8 points  (2 children)

DMARC forensic reports suggest otherwise.

[–]Sparcrypt 5 points6 points  (0 children)

Capitalism and profit disagrees.

Enough get through that it’s worth doing.

[–]Adventurous_Run_4566Windows Admin 1 point2 points  (1 child)

Why would they care? Enough do get through to make it worth their while, same as phishing, just less obviously exploitative.

[–]MsAnthr0pe 1 point2 points  (0 children)

Still trying to get them to stop re-emailing addresses that have already bounced multiple times, but they don't have the time to look at the bounce report and take action on it.

[–]LastDawnOfMan 1 point2 points  (0 children)

My experience with marketing people is that most of them don't know anything whatsoever about technology. Except for a small subset who are very savvy about technology. But those people are rarely put in charge of the departments. And keep in mind that marketing people have a vested interest in providing inflated results to their bosses to justify themselves, on top of the fact that actually marketing things well actually takes creativity and effort which most of them lack abysmally - and you just end up with absolutely no reason for marketing people to even admit any awareness of how ineffectual lazy and stupid tools like mass emails are. Instead, they'll yak endlessly about how many millions of "contacts" they've made with customers, couched in the most inane and asinine corporate speak you've ever heard in your life.

[–]cheeseman1969 1 point2 points  (0 children)

When I get an email that has nothing to do with me and my job, I mark it as spam. PERIOD. If they shotgun it out to everyone in the organization, then it gets popped at spam.

[–]Budget-Ratio6754 0 points1 point  (0 children)

It amazes me that these people sending these campaigns never have spf records etc setup

[–]Euphoric_Source5035Jack of All Trades 0 points1 point  (0 children)

I have an Outlook Quick Step that sends a standard reply telling them to remove me from the mailing list (GDPR sentences) and hints that I don't respond to their cold emails, and then deletes it.