Read EC_New_EuropeanEmailDelivery_WP_3.pdf text version

European email delivery

An Experian CheetahMail white paper

European Email Delivery

European ISPs (Internet Service Providers) are uniquely different from their counterparts in the U.S. namely owing to regulations governing email communications. This paper will explain some of the types of email filtering used by EU ISPs and the latest trends in European deliverability.

Is spam filtering illegal in the EU? Some anti-spam filtering approaches are actually illegal in the EU. The topic was vetted in 2006 by the Article 29 Working Party, an advisory body made up of EU privacy commissioners; who concluded that while spam and virus filtering are necessary practices to secure ISP networks from abuse, some forms of spam filtering are in direct contrast to numerous provisions of EU law such as Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR)1. Perhaps more importantly the Article 29 Working Party concluded that with any spam filtering scenario, the user should receive prior notice2 and provide some form of consent to enable such services by their ISP. While there are many ways to filter email, each method is governed by one or more unique laws. Examples include: governing telecommunications interception, individual freedoms of expression and privacy rights. In October 2009, EU Commissioner Viviane Reding stated that since EU antispam enforcement has been limited, further legislation may be needed. She noted that this should include an enforcement right of action for ISPs.3 Content filtering The main regulated area for EU ISPs involves content filtering. Since this type of filtering requires ISPs to identify content within individual email messages, the practice has been identified as a potential violation of ECHR without the consent of the recipient. As a result fewer ISPs in the EU, as opposed to those in the U.S., identify keywords within individual messages or use content-based Bayesian filters.4 A couple of EU ISPs, namely SFR (Neuf, Club Internet) and Wanadoo are known to aggressively use content filters as it relates to phishing and known spam keywords to stop email at the gateway.

Source: Working Party 29 Opinion 2/2006 on privacy issues related to the provision of email screening services, February 21, 2006. 2 Notice and consent can be included within the ISP's terms of service. 3 Comments following the release of an EU Commission Spam Study: http://ec.europa. eu/information_society/policy/ecomm/doc/library/ext_studies/privacy_trust_policies/spam_ spyware_legal_study2009final.pdf 4 Unlike other filtering techniques that look for spam-identifying words in subject lines and headers, a Bayesian filter uses the entire context of an e-mail when it looks for words or character strings that will identify the e-mail as spam. Another difference between a Bayesian filter and other content filters is that a Bayesian filter learns to identify new spam the more it analyzes incoming e-mails. Source:


Experian CheetahMail - European email delivery - 3

However, there are a number of recognisable content filtering service providers and blocklists that are in use by EU ISPs. Since most of these providers use `fingerprints' to detect spam, which is pre-determined from abuse complaints or spamtraps, they do not need to evaluate the content of each message and block the message at the ISP gateway. This is more privacy-friendly to user-recipients.

· Cloudmark, who is apparently the largest EU ISP spam filter, receives





complaints from their 180 million worldwide users and takes a photographic snapshot, or `fingerprint' of the content of the message. A large number of EU ISPs are Cloudmark customers, including: Virgin, Sky, Vodafone and Swisscom; with Tiscali and others using Symantec Brightmail. Symantec Brightmail, the oldest enterprise spam filtering provider used by ISPs uses honeypots or other spamtraps to fingerprint the unsolicited email message. These fingerprints are then identified as spam by respective software programmes installed by their ISP clients. Vade Retro, a quickly growing filtering provider, especially used by French ISPs uses a heuristic prediction system based on receipt of suspected spam. This identifies `sequences' across various types of anti-spam methods (keywords, links, Bayesian filters etc) within messages, that in combination forms a high probability to re-appear in other emails. SURBL & URIBL are two content-based blocklists that employ various techniques such as spamtraps and complaints to identify domain names and URLs that are entered into a domain name system real-time blocklist (DNSBL). This is used by some ISPs to identify senders in the transmission header or message content that are suspected of sending or inducing spam to be sent. SpamAssassin, also still used by some ISPs, is an open source anti-spam filter (and is the basis for Experian CheetahMail and other deliverability services' content evaluation toolsets). SpamAssassin uses a scoring system that takes into account numerous parts of a message, including content and message headers, which is tied to a `signature' that ISPs use. As a result ISPs do not need to scan the whole content of every message, but rather identify a signature that enables filtering before reaching recipients.

While there are many ways to filter email, each method is governed by one or more unique laws, such as those governing telecommunications interception, individual freedoms of expression, and privacy rights.

4 - Experian CheetahMail - European email delivery

Complaint feedback loops While nearly every U.S. ISP with a webmail option has embraced use of a `spam' or `junk' button as a primary mechanism to identify spam, EU ISPs are restricted by law from sharing and using this data. Abuse complaints typically maintain the full transmission header, which includes the sender and recipient's email addresses. As a result ISPs who identify and use this data without permission may run afoul of the EU Data Protection Directive. This body requires informed consent prior to use of personal information for any other purpose than that which the user originally consented to. Therefore in order for EU ISPs to use complaint feedback loops like their U.S. counterparts, they need the prior informed consent of each of their subscribers either at the point of complaint submission or as an accepted enhanced anti-spam service offering.

While nearly every U.S. ISP with a webmail option has embraced use of a `spam' or `junk' button as a primary mechanism to identify spam, EU ISPs are restricted by law from sharing and using this data.

In partnership with the French Data Protection Authority (CNIL), French Signal Spam initiative users can download a special plug-in toolbar for their email software and provide complaint feedback directly to participant ISPs to help track down spammers. From 2008, in association with the French SNCD, accredited senders now receive information about these complaints to help mitigate future grievances. In recent months, there has been growing momentum for French ISPs to endorse and promote Signal Spam and potentially embed the application within webmail offerings. This would dramatically change its adoption. To date, other than British Telecom whose email filters through Yahoo!, the only other EU ISP that we are aware of who has plans to publicly implement their own abuse complaint feedback loop is (GMX) in Germany. It is still important to remember that every ISP uses spam complaints directly received from users through their own spam/junk buttons, or other abuse complaint mechanisms to determine sender reputation. In some cases, such as with it takes only a handful of spam complaints to result in an IP address block. Fortunately with those such as these IP blocks are dynamic and typically resolve themselves within 24-48 hours.

Experian CheetahMail - European email delivery - 5

Third party IP address blacklists Nearly every EU ISP has adopted one or more third party IP Address blacklists. The majority of these blacklists use expired or never used email addresses as `spamtraps' which help identify inaccurate or fraudulent emailers. The legality of this anti-spam method was tested in the EU in 2007 by a German court who ruled that use of IP blacklists are acceptable, just so long that it is used in `exceptional cases'5 and exclusively for spam filtering. In addition blacklists technically do not `filter', they simply reject emails before receipt. As a result, EU ISPs have concluded that use of blacklists does not violate either the ECHR or Data Protection Directive.

EU ISP blacklist marketshare (estimated)

Just as in the U.S., the most predominant blacklist used by many EU ISPs is the Spamhaus Block List (SBL). Other major EU ISPs, such as Tiscali and UPC have confirmed using the Composite Blocking List (CBL) and UCEProtect, while others such as Virgin are known to use the Spam and Open Relay Blocking System (SORBS). The Spam URL Block List (SURBL) and URIBL also is utilised by EU ISPs, although less so than their U.S. counterparts. It is important to note that every ISP also maintains its own internal blocklist, also primarily relying on spamtraps (typically recycled from previously active addresses) and complaint data from webmail spam/junk buttons or other mechanisms.


Decision of the District Court Lüneburg from 09/27/2007, Record #: 7 O 80/07

6 - Experian CheetahMail - European email delivery

Increased use of greylisting Today's spam is mostly sent through `botnets', which make many more connections than the historical `spam cannon' bulk email software programmes. As a result the best weapon most EU ISPs and many U.S. ISPs use is a process called `greylisting'. This is where they limit the number of messages or connections from a sending IP and require the sender to continually retry messages. Experian CheetahMail boasts sophisticated retry mechanisms which make this process easy. Botnets, on the other hand do not use this method. As a result, we see a number of EU ISPs, such as Neuf in France, Orange/ Wanadoo/Freeserve in the U.K. and France, and Virgilio/Tin in Italy who rely heavily on this type of filter and slow down even legitimate email for a short period of time in order to help validate its authenticity. Top EU ISP Deferrals: From Most to Least Aggressive GMX/ (Germany) Virgilio/Tin (Italy) Orange/Wanadoo (UK, France, Spain) Tiscali (UK) Neuf (France) Belgacom/Skynet (Belgium) (Norway) Virgin Media (UK) More to the inbox The majority of EU ISP email is still primarily delivered to user's desktop software applications, such as Microsoft Outlook and Outlook Express. However many of the larger ISPs also offer a complimentary webmail application or in some cases are exclusively web-based, such as in Germany or in France. Top EU ISP Bulk Foldering: From Most to Least Aggressive Neuf (France) Orange/Wanadoo (UK/France/Spain) (Germany/Austria/Switzerland) Mixmail (Spain) LaPoste (France) Freenet (Germany) (France) Telefonica (Spain) Alice (France) NTLWorld (UK) Demon (UK) Tiscali (UK/Italy)

Sourced using Return Path Mailbox Monitor (LINK)

Experian CheetahMail - European email delivery - 7

Postmaster websites Following many U.S. ISP efforts, E.U. ISPs have realised that they can limit their technology helpdesk request by offering users and senders more information about their acceptable use policies (AUP) and how to stop spam or resolve delivery issues. EU ISPs with Postmaster Web Pages (GET MORE!) UK British Telecom (through Yahoo!) Tiscali Tiscali Eircom

France Germany Italy Ireland

Collaborative efforts Many of the EU ISPs have been collaborating on anti-spam efforts through many different groups.

· Messaging Anti-Abuse Working Group (MAAWG)




As an active participant and chair of the MAAWG Senders Special Interest Group, Experian CheetahMail is pleased to note that we have worked closely with EU ISPs on many of the collaborative issues between senders and EU receivers. Active MAAWG participants from EU ISPs include Orange/Wanadoo; Tiscali, T-Mobile,, Telefonica; Telenet, and Swisscom.6 Organisation for Economic Cooperative Development (OECD) The OECD launched an anti-spam initiative in 2005 and the member countries signed a memorandum of understanding to collaborate on antispam.7 London Action Plan International anti-spam effort founded in 2004 with 27 represented country participants. This body has been named after the location of the first collaborative meeting.8 German ECO The German ISP Trade Association (ECO), in addition to numerous antispam efforts, has also launched an accreditation programme for senders called the `Certified Senders Alliance'. This is the only paid whitelist in Germany.9 8 9

6 7

8 - Experian CheetahMail - European email delivery

EU strategic email delivery conclusions 1. Be mindful of emailing at full speed as some ISPs may significantly delay messaging. If you are aware of very large volume campaigns being sent to Germany, France or Italy, consider flow-rating (aka: throttling) to optimise delivery across allocated IP addresses. 2. Take special note of any user complaints from global ISPs such as MSN/ Hotmail/Live, Yahoo! and AOL as these complaints always translate to those directed to ISP anti-spam operations or enterprise filters such as Cloudmark. In general a complaint above 5% to any ISP (that offers a webmail junk/spam button) is considered a high risk for negative filtering activity across ISPs. 3. Make sure your data hygiene is up-to-speed as legacy data or poorly acquired data will trigger blacklists or throttling. Some of these ISPs such as GMX/ look closely at hard bounces in a short period of time from specific IPs to trigger deferrals, so ensuring list cleanliness should also be correlated with delivery speed. 4. Use third party international seed-list services, such as Return Path Mailbox Monitor to identify bulk/junk/spam folder or missing delivery to EU domains.

For questions or comments about EU deliverability, please contact [email protected]

Experian CheetahMail - European email delivery - 9

Landmark House Experian Way NG2 Business Park Nottingham NG80 1ZZ United Kingdom

© Experian Limited 2009. The word "EXPERIAN" and the graphical device are trade marks of Experian and/or its associated companies and may be registered in the EU, USA and other countries. The graphical device is a registered Community design in the EU. All rights reserved.


9 pages

Find more like this

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate


You might also be interested in