The Email Wars

We are all aware how our President has used email marketing in a way that none have done before. We all know that it made a big impact on the campaign results and many of us were excited to see how he would continue to use it as a messaging/connection platform moving forward once he was in office.

So you can imagine how impressed I was to get an email from him on this past 4th of July. It was a nice touch as I am not sure that I have ever/nor expected an email on our nations birthday, but it got me thinking a little about it and was it truly a message from him OR a marketing campaign moving the ball forward on his agenda.

Being an email marketer at heart I had to jump in a little deeper, not to analyze the messaging but the the technical aspects of the message itself. So being a slight email geek I cracked open the headers of the email to see deeper behind the curtain of this campaign. And what did I find, well you can see some of the things I highlighted in the image in this post, it was actually not what I expected but it validated my thoughts that made me curious. It seems that this email is truly not from the White House at all, but from the marketing arm that the campaign used called Blue State Digital. I can tell you that this was not truly a surprise when I found this but for some reason I expected a White House with all of the marketing power, a CIO, CTO and an army of technical elite to actually be in control of this platform.

WHAT? A PHP Mailer? Is that the most secure?

They use a PHP mailer was the first thing that struck me. I would have assumed that maybe they had taken the route to use one of the larger ESPs out there to help them with delivery and campaign management. Open Source at its best it seems mirrors the ideas behind this Presidency. Finding the tools that are open, flexible and allow the least cost to do the job. Not a horrible choice but an odd one I thought.

Would the President use my name IF he knows it?

They know my name, but continue to address me as “Friend”. Is personalization something that is beyond the data abilities of this effort, or is it much more Presidential to not call you by name but unify you as a collective of people moving towards the goal. Now the term friend is in line with how he addresses people in his speeches, but it seems in one to one email he might look to use some of the efforts that we all try. I state this as to me it leaves this communication impersonal. Not a big deal, but something to think about.

Leading by example? What about Domain Keys or other authentication?

No DomainKeys set up? Really? The President of the US does not have authentication set up in emails? I noticed a lack of that in the headers, but then went to some testing servers to make sure. Yep none to be found. Odd that they would not have that set up for messages as important as these from the man in charge.

I went to an outside 3rd party to check deeper, here is what they found:

“I searched through the auth results from a pretty large subset of our complaint and spamtrap data and could not find a single message from those IPs that got an actual pass on any form of email authentication. The most common domain was barackobama.com which appears to have an SPF record as does bluestatedigital.com but the most common result we saw was a neutral. There were also a bunch of temperror results which either means there was a parsing error or a dns problem when we checked. Since this sending IP

No message from any domain seemed to be signed with DKIM or DK.

The second most common domain was imahealthcarevoter.org which has no SPF record and for which I could not find a DKIM record.

The DKIM results are nonexistent but there is some oddity with the SPF/sender id results. The envelope domain is bounce.bluestatedigital.com which has no spf record. Looking back through historical data barackobama.com seems to have passed Sender ID in the past, and these IPs currently pass but would nto be flagged as passing my MS. They only pass due to the PTR entry in bluestatedigital.com’s SPF record which Microsoft ignores.

Looking back historically it doesn’t look like the record has changed in the last 90 days.

So my overall assessment would be, for barackobama.com specifically, they have a functional though not ideal SPF/ SID set up. Their Sender ID record is technically accurate but would not pass Hotmail’s stricter requirements. The envelope domain has no SPF record so that would also not pass.

No mail sent from these IPs appears to be signed with DKIM.

Overall, clearly attempting to do authentication but could use some help.”

In Closing:

Now I appreciate that they are continuing to use email to communicate with everyone that has opted in, but I am surprised that it is being run by a political marketing company and they are not taking the high route. On a good note, at least many of us out there are doing so. Maybe we can lead by example and they might follow.