Constant Contact keeps outbound email safe with Spamhaus’ domain data

Some background on Constant Contact

Constant Contact has created a digital marketing platform to meet the needs of small businesses and non-profits worldwide. These are the kind of businesses who typically do not have a marketing or IT department to advise them. Businesses who are likely unfamiliar with constantly changing best practices and legislation changes.

Constant Contact is their go-to marketing buddy. The do-it-yourself platform helps them keep track of their customers, manage social channels and send relevant emails that land in their recipient’s mailbox.

The importance of maintaining the reputation of a shared IP space

Constant Contact operates using a shared IP environment, meaning all customers share the same sending servers. This is the most affordable and logical solution for low volume marketers.

While shared IP space keeps costs to a minimum, it takes some careful management; if one customer makes some poor sending decisions, they could damage this shared IP reputation for all. And if IP reputation is damaged, it can affect not only how a message lands in the recipient’s inbox but also if it lands at all. Additionally, bad sending practices can result in an IP listing from a reputation provider, like Spamhaus, which can ultimately lead to all email being blocked for all customers on that IP space.

Needless to say, it is mandatory that Constant Contact’s IP space maintains the highest standards. Keeping the amount of “bad” email sent from their IPs to a minimum is critical.

Would anti-virus be the right solution?

One technique Constant Contact explored was URL scanning via an anti-virus solution. By putting this solution in front of their outbound email product, they could prevent bad URLs from being sent via email and minimize the risk of emails getting blocked – thus preventing their joint IP space becoming tarnished.

The theory makes sense, but upon implementation, the team found this solution to be both resource intensive  and costly, so turned to an alternative approach.

Domain reputation data – simple and effective 

Before using Spamhaus’ Domain Blocklist (DBL), Constant Contact would find in their email logs something to the effect of “this message was blocked because it contained a URL that was listed on DBL”.

Logically, the team thought: “Why would we even send this message in the first place? If the email contains a domain that’s listed, it should be blocked before it’s sent.” With that, Constant Contact began using Spamhaus’ data to check for listings before emails had a chance to get blocked externally.

Initially, they used other data providers too, but again, this was an expensive solution and exceeded their budget, particularly when the team were getting more and more accurate hits with the DBL than from any other provider. This quality meant the team could drop the additional data with negligible impact. Constant Contact now only uses Spamhaus for their domain lookups.

“The fact Spamhaus can find a malicious domain before it hurts our customer’s reputation, or even our own reputation, is invaluable”, shared Jon Marburger, Director of Email Deliverability, Constant Contact.

How is the domain data used in practice?

Quite simply really. When one of Constant Contact’s customers attempts to send a campaign containing a URL listed on the Spamhaus DBL, the system is configured to block the email while their Compliance team investigates. Often, the sender (their customer) isn’t being intentionally malicious, simply naive, and this amounts to a positive experience for them. For a little more detail…

The opportunity to better support customers

Typically, Constant Contact encounters 3 ‘types’ of customers being flagged by DBL:

1) Those unknowingly sending bad external links;

2) Those whose own sites are unknowingly listed;

3) Bad actors and scammers.

The first two cases enable Constant Contact to add a lot of value to the service they’re providing; from advising on how to spot malicious sites to making customers aware their site is hacked and how to avoid this in future. Meanwhile, the latter group can rapidly be shut down.

Without the DBL, these opportunities wouldn’t exist. “There are a lot of blocklists out there but the only one that’s ever been super trustworthy, in terms of only listing the real bad guys, has been Spamhaus. So it’s been nice to know that when we get something, we can trust that it’s more than likely bad”, explained Tara Natanson, Manager of ISP Relations, Constant Contact.

What’s next for Constant Contact?

Constant Contact takes their role in the digital space seriously. Now that they’ve started exploring the reputation data pool, they’re looking into how they can further enhance their solution with other datasets.

Jon explained, “It’s both facets of being a good platform and being a good steward in the email space – making sure we’re protecting the recipients whose details are housed in our platform from not only spam but malicious content.” Constant Contact is next looking to make use of the Hash Blocklist data, so watch this space for an update.