We have started processing submissions to the Training folder, which we analyze individually. Dispositions can be:
- Allow. The complaint is rejected. One example has been an all-employees internal email.
- Unsubscribe: Sender is trusted for safe unsubscribe, and the complaint seems particular to one person.
- Block: Blocklist entry created because the sender seems unwanted by any user.
- Quarantine: This will prevent the message from going to the user who complained, while allowing time to collect more data about the sender.
The feedback is valuable feedback, but this way of processing it is time-consuming.
Recently we worked a complaint about a message from Constant Contact. (This was a bit of a surprise because I find that their messages are safe and relevant.) That task became more complex than expected, and I did a deep dive in my email history to understand their operating practices.
Unlike many other Email Service Providers, Constant Contact ensures that every message has a DKIM signature to authenticate the From address as well.
- If the client has provided them with a signing key, the message From address will be @clientdomain.
- If they do not have a client signing key, the message will be from @.ccsend.com"><clientuser>@<clientcode>.ccsend.com, where ccsend.com is a domain they control and that they can use for signing. When the message is from ccsend.com, the client identity is in the Reply-To address.
But it gets murky, because some Constant Contact clients are actually agencies working on behalf of other clients. In one case, the message From address was the agency while the Friendly Name indicated that agency's client. In another case, the Reply-To address indicated both the agency and its client because the Reply-To address was of the form
.">user@<agencyclient>.<agencydomain>.
Consequently, when it comes to blocking advertising down to the level of a single company, a more extensive set of filtering strategies seems necessary.