Feedback Loops (FBLs) are not only important for email recipients hoping to decrease their spam but are also important for email senders. Understanding and implementing FBLs is not just a technical necessity but a strategic advantage in the ever-evolving landscape of digital communication. This guide will take you through the what, why, and how of FBLs, explaining their pivotal role in maintaining a healthy email ecosystem.
What?
Complaint Feedback Loops (or FBLs) allow recipients to send spam complaints back to you as the originator of the message for you to take further action.
Why?
You’ll be quickly alerted to Spam outbreaks from your network and this will allow you to spot compromised, infected or malicious accounts quickly or to identify accounts with poor address collection and sending practices. This ensures that you maintain your sending reputation, avoid blocklists and keep your users happy.
If you Send mail, then you typically receive it too, so you can benefit from sending FBL reports too. Doing so will help you to reduce the overall amount of spam you receive and reduce the amount of spam complaints from your users.
How?
Abusix provides a free FBL reporting service that takes feedback reports from the Receivers, does the necessary encapsulation, checks the trustworthiness of the sender and then generates and sends the report to the Sender.
You, as the sender, would then remediate the issue to prevent your reputation from decreasing and causing a blocklisting event.
All you need to do is set-up your mail system to send messages with an additional header, or to set-up some additional DNS TXT records.
Details
Complaint Feedback Loops have been in-use by many mailbox providers since the mid to late 2000s and were driven by Return-Path who provided a “Universal Feedback Loop” service.
This required senders to opt-in, register their sending IP ranges and go through a vetting process. Whilst for the receivers, they simply sign-up and forward their reports for processing and onward reporting.
It was provided for free to both receivers and senders, but had some limitations; not everyone could use the service, you had to be sufficiently “large” enough to warrant the time to set-up.
Last year, with Return-Path having been acquired by Validity, announced they were going to charge the senders based on their sending volume to continue receiving these reports.
This was obviously bad for the email community at large and thereby started the process of creating a standard way for Feedback Loops to operate, without having a centralized entity in control of the process.
This led to the publication and approval of RFC 9477 along with another Internet Draft which allows senders to specify to receivers where feedback loop reports should be sent, linked to a DKIM signature applied to the message which provides security and reputation via authentication. This allows any receiver to implement a feedback loop without any intermediary if desired.
The drawback is that this whole process will take time for both parties to implement.
This is where Abusix comes in. Our ethos is to report, prevent and handle internet abuse at scale. We already have an infrastructure for reporting abuse and we already have an email blocklist and reputation product.
We have modified our reporting platform to also be able to handle Complaint Feedback Loops and integrate our Mail Intelligence reputation data to determine automatically if a sender is trustworthy enough to receive a feedback loop report.
All a receiver needs to do is to send us their complaint reports and we will report them back to any senders that have implemented either RFC 9477 or the Internet Draft.
You can help adoption of this by asking as many mailbox providers as you can to send a Feedback Loop, either to us, or directly using the new reporting standards.
Setup
As a sender, you need to follow either RFC 9477 and add a DKIM-aligned CFBL-Address: header to all mails that you send or implement the Internet Draft which requires additional DNS TXT records to be configured. You can do both, for maximum compatibility, this will not cause any issues.
Once this is done, we’ll start reporting any feedback loop traffic that we receive that was sent by you.
