Saturday, January 16, 2010

Helping Haiti - The Email Community Response















It is inconceivable that anyone within viewing distance of a television or computer screen this week doesn't know about the disaster in Haiti. As of this writing, 50,000 bodies have been collected from the streets of Port-au-Prince. Millions of people, a number our brains simply aren't equipped to deal with, are now homeless.

Help is needed now, and will be, for a very long time

In response, the immediate and continuing outpouring of generosity from individuals, companies and organizations, and governments has been astounding.

The outpouring has relied on the Internet and mobile phones to facilitate donations.

And, along with it, came scum attempting to defraud people with fake charities, posting links to Twitter and the inevitable spammed campaigns.

Another matter that may be interfering with charities and relief organizations to do their work are spam filters and blacklists. Unfortunately, the reality is that some charities are better at fund-raising and helping people than following email best practices, and despite the fundamental nature of their work, their IPs have ended up blocked, or they are not getting the delivery they need, particularly at this time of crisis.

So, what can we do as a community to assist them?

RECEIVERS, FILTERING SERVICES & DNSBLs
Please, Whitelist the IPs (and domains) of any charity known to be assisting in the Haitian relief effort.

Yes, I know, they might be sending lousy mail streams, lots of bounces, trap hits, etcetera. I suggest that for the next while, for whatever period of time you are comfortable, you turn a blind eye to that, instead, please cast wide-open eyes to the big picture. People, human beings like you and me need, the world's help and you can play an integral part in that effort.

SENDERS
If you are an ESP or ASP that is handling traffic for charities or other agencies involved in the relief effort, drop me an email to spamfighter@gmail.com and I will list them here, so others can use that information.

RESEARCHERS
I have a long list of charities, gleaned from a few trusted sources. If you can spend a little time digging around to find outbound IPs to add to the list, that would be great. Again, spamfighter@gmail.com

ANYONE & EVERYONE
If you can think of anything beyond these measures I've suggested, I'm all ears and would happily post it here. And, of course, please donate money. I know times are tough, many of our colleagues are hard-pressed, laid-off or even fired, so those of us who can afford it, please be extra-generous in your cash donations.

Thanks for considering being a part of this. The Haitian motto, on their flag is "L'union fait la force" : Unity is strength. Let's pull together to make this happen.

UPDATE: Steve Atkins from Word to the Wise has some great points of clarification to make. Bottom line, receivers should be checking authentication of sending domains and IPs in some fashion, be it a dns-based whitelist, or IP-or-domain level authentication. Senders should be wary of any new Haitian aid entities that suddenly spring up.

Here's what he said, in full:

But don't misread Neil's suggestions as a request to give spam that claims Haiti as an excuse, or claims to be from a legitimate charity a free pass.

Legitimate charities are having their web presence advertised heavily on television and online, they're not relying critically on email spam to get donations right now. And mail to their long term subscribers is probably going to be delivered just as well, or poorly, as it was last month.

On the other hand, there's a lot of scams out there claiming to be Haiti charity related. And viruses. And probably phishing, though I've not seen that myself yet.

If anything, I'd expect the legitimate charities to not want ISPs and filtering companies to give Haiti-related spam a pass, as it's less likely that their legitimate communication will be buried under the scams, viruses and junk. Someone who has sent $50 to a scam is unlikely to send another $50 to the legitimate charity. Especially do not whitelist or exempt from filtering their domains unless you're actually validating that the mail is really from them in some way, as some of the bad mail is claiming to be from legitimate domains too.

And if you're an ESP, don't believe any new client that's claiming to be a Haiti relief charity, unless you check them out more deeply than your normal due diligence.


Cheers,
Steve

No comments: