Subscribe
Share
Share
Embed
Email feels free, but the economics are brutal: zero-cost sending makes abuse infinitely scalable.
In this episode, Jacqueline sits down with Mariska and Jakub to unpack the "bot layer" that's quietly wrecking modern email: security scanners, crawlers, and malicious automation that inflate clicks, poison dashboards, and trigger the wrong automations. They get specific about why bad actors iterate faster than platforms, why "heuristic guesswork" leads to painful false positives, and how beehiiv opted for radical transparency by showing verified clicks alongside raw data. The conversation also jumps channels: Jakub argues RCS could undercut SMS on price and become the next high-volume abuse playground.
This episode was recorded in October 2025. Any references to global events were included as illustrative context, not as commentary on current news.
Timestamps
01:20 – Worst unsubscribe nightmares, Roman aqueducts, and unexpected heroes
05:40 – Why "free" email creates systemic abuse (and why volume hides the bad actors)
08:06 – How threat actors bypass trust indicators
11:02 – The reality check: protection isn't getting easier, it's getting more complicated
19:02 – Defining non-human interactions (NHI) and bot detection
24:12 – Bot detection: definitive data vs heuristics, and why false positives hurt more
26:20 – Elevating verified human engagement at Beehiiv
33:13 – RCS vs SMS: the pricing lever that could supercharge abuse
46:14 - Global privacy legislation and the future of trust
Sponsor
Brought to you by Hightouch - the leading composable CDP and decisioning platform trusted by brands like Domino's, Chime, and Aritzia. 90% of customers have a real use case live within their first week, delivering world-class personalization at scale. Learn more at www.hightouch.com/msom.
Connect & Subscribe
Creators and Guests
What is Making Sense of Martech?
Unfiltered takes on the biggest shifts in marketing technology. We spotlight what matters, who's leading (or lagging), and what's next. In Martech, clarity is power — and we're here to deliver it.
00;00;06;10 - 00;00;26;28
Unknown
Welcome to the Making Sense of My Tech podcast, where we interview leaders and put them in the hotseat. I'm Jaclyn Friedman, founder of monarch and global head of advisory for the MarTech weekly. Today, we bring together the frontline email security, one person building infrastructure and the other person defending it. We'll dig into the explosion, the ethics of free email, and what happens when verification systems get weaponized.
00;00;26;29 - 00;00;50;21
Unknown
So let's start us off by meeting our guests. We have Risca and Jaco. Hello. Welcome. Thank you for being here. Thank you for having. Of course. And so a little bit of an introduction about them in their work. So Caleb Rees is a senior manager of information security, a beehive, which for those who don't know, that is a spinoff company from the Morning brew.
00;00;50;24 - 00;01;20;21
Unknown
And she's also the co-chair of the Mog brand SIG. And previously she worked at Outreach and Smartsheet. She brings expertise in cybersecurity, email abuse prevention, and integrating Anti-Abuse into product strategy. Pretty impressive. Then Jacob Jacobo Alexa is the founder and CEO of Milk Carton omnivorous with over 20 years and email infrastructure. He's also a co-chair of Mark. He leads development on tools like Bot Detection API and champions Shared intelligence for combating abuse.
00;01;20;25 - 00;01;45;26
Unknown
Thank you again for being here, and I'm excited to dive in at a couple of rapid fire questions. How are you feeling? Are you ready? All ready to go. All right. What has been your absolute worst unsubscribe experience? It's all Dell. Yeah. Some nightmare. I think it was 17 steps of questionnaires and it wasn't honored. I went through that like, three times now.
00;01;45;27 - 00;02;17;02
Unknown
And then I reached out to Adobe to. Guys. Just catch me of that list. Whatever you do, just get me of the. That sounds highly illegal on there. And. Yes. What about yourself? My personal unsubscribe nightmare. Nightmare was Yahoo goal by far, I think, and I was at outreach at the time and, and making sure that our customers were in compliance with all of their given goal requirements.
00;02;17;03 - 00;02;58;15
Unknown
That was very, very challenging. Yeah, I can only imagine this sort of work. North side zero work. Yeah. Oh, man. Making it a little bit more fun. What is a piece of infrastructure you admire? Roman aqueduct. Fare. Different category altogether, but a very, very valid, very European. I mean, honestly, I think that, one of the, like, core pieces of infrastructure that I feel that way about is actually some of the infrastructure that we've created, that I frankly don't think that I personally have the capability of creating.
00;02;58;15 - 00;03;21;05
Unknown
And I wish I had the skill set that I was an engineer hands on that I just have progressed in my, you know, professional development that I'm no longer hands on the way that I would need to be to do that. I can relate to that very much. So in the same vein, what is one martech or email tool you cannot live without?
00;03;21;07 - 00;03;49;12
Unknown
For me, it's my email client. It's very simple. That's fair. And I think for me it would probably be this sense of really challenging one for me that's okay. Maybe 2 or 3. Then I'm at zero. No, you're supposed to be behind. It's always really hard to be marketing. So I think the problem is, is that at its core, I hate email.
00;03;49;15 - 00;04;18;03
Unknown
You know what? It's surprising. I'm the same way. I don't subscribe to anything. I have burner accounts so that I am subscribed, that I never check in to unless I need a discount. So frankly, I don't have a like a problem receiving email. I personally have spent a lot of my career really taking the charge against, you know, phishing and working, you know, in the anti-abuse realm.
00;04;18;04 - 00;04;43;23
Unknown
And so as much as I dislike spam, I really spend a lot of time in more of the security space than the anti-spam space. Understood. All right. Last rapid fire question that we ask everyone. Who is someone you admire professionally or personally? Professionally? Mariska. I know personally my wife.
00;04;43;25 - 00;05;16;02
Unknown
Professionally, Jakub and I were too easy to. So personally, I would say James Murphy from LCD Sound System. And the reason why I have that answer is he's a music nerd and I feel that way about being a security nerd or an email nerd. What I work on, I feel passionate about, and I want to know the ins and outside of the way that he is with music, and that's very important to me.
00;05;16;02 - 00;05;41;06
Unknown
And so I find enamored with with that. I can definitely relate. I love that answer. That's excellent. All right. Let's set the stage and talk about like, what are we really protecting? The irony of you both being at Mog, which is an anti-abuse conference. I want to start with the concept and the perception that email is basically free, which it is and it's not.
00;05;41;08 - 00;06;09;09
Unknown
And I think that's also a big part of the problem. And where do you both see that cheapness in inviting systemic abuse and folks who are so readily and willing to just take it to the extreme because it's free? I mean, you have two reasons why white things get abuse most heavily. It's either because it's super free to do it or or super cheap to do it, or it's super expensive.
00;06;09;09 - 00;06;54;05
Unknown
So it's worst abusing. So we're on the cheap side and email gets abused because the cost of doing the abuse is zero. I think that another component is the fact that everyone uses it. And so because it's like this required technology, it is very easy to just like seep into it. It's like becoming part of wider distribution. And so people think that they can go unseen as part of, you know, I guess the I think that, with large volume malicious actors or spammers feel as though they can sneak by with large volume.
00;06;54;06 - 00;07;17;18
Unknown
I mean, yeah, that's an important component, but I think it's just the accessibility of it. Like 20 years ago when we started, you know, building a marketing platform, we had to explain customers why is it that they should be paying us? Because they were like, an email is free. I can send any emails I want and it's free.
00;07;17;21 - 00;07;57;00
Unknown
I guess that ease of use, accessibility just simply invites abuse. It's interesting that you bring that up, because I actually have a colleague that was working on a site project, and they reached out to me because they were trying to do an internal phishing test with a new organization, and they could they were really challenged to find a way to be able to email their organization, like they weren't able to go ahead and easily send email to their organization without using an email service provider.
00;07;57;07 - 00;08;25;02
Unknown
And they didn't want to go ahead and spend the money to actually spin up an account with an email service provider. And I thought it was a really interesting concept that a lot of people actually utilize email service providers for their malicious use. At this point, rather than taking the time to spin up a post server or something more technical and do it yourself.
00;08;25;02 - 00;08;57;28
Unknown
They are actually utilizing the things that we're creating to prevent abuse. They're actually using that as their vehicle to drive abuse. Yeah. And it also adds that additional responsibility on the providers to have guardrails to take immediate action. And it's tricky. It's very tricky. And that's the exact opposite of what you guys are wanting to build. So speaking of all of the this, there's clearly an evolution in terms of what is or isn't being protected.
00;08;57;28 - 00;09;22;29
Unknown
I would love your insights on. We originally started with servers and then we started protecting reputation and engagement and our inbox trust in bot clicks. I'm just curious, where do we see protection stopping or is it going to only continue to escalate? I think it's going to escalate, but a lot of what you've mentioned are not of what we are protecting, but what we are using to protect.
00;09;23;01 - 00;09;52;14
Unknown
I think we got to a point where we are trying to protect brands and domains and do it as well as possible, but I don't think we're anywhere near that point. That makes sense. One thing about what we do is the threats are always evolving and they always like like we always say whack a mole in the industry because it is always evolving.
00;09;52;17 - 00;10;30;11
Unknown
Our threat actors, they become more and more sophisticated with time, and we have to change what we do every day, minute to minute, hour to hour. And it is very, very challenging. And so I think that for sure, like the things that we're seeing, they are going to change and they change dramatically. Yeah. Like whatever we, we come up with as a means of detection, the bad actors are already one step ahead thinking about how do we bypass whatever protection there is.
00;10;30;13 - 00;10;53;29
Unknown
And they sit and they test it and they test it and they test it. So when you make a change within 30 minutes, an hour, sometimes a day, like, if you're lucky, a day, they already know what the change as they know your platform better than you know your platform. It is incredibly impressive. It's not just it's not just platforms.
00;10;54;01 - 00;11;23;00
Unknown
You know, if you look at technology, if you look at, you know, Beam Me, which was supposed to be that one identifier of perfect authentication and trust, that was the originally it was supposed to be a trust indicator. What happened? You know, they found a way. How to bypass Google's protection, how to leverage that trust indicator to right.
00;11;23;01 - 00;11;48;25
Unknown
Send phishing emails. That seemed like they're perfectly great. So they are spending a lot of time on this. And if only we could turn these black hatters into white hatters. And in terms of them evolving, it's almost like the evolution of man is just and like a virus, it's it's truly it. It learns a new way to stay alive on a new host every iteration.
00;11;48;27 - 00;12;08;25
Unknown
And that's seemingly kind of what happens in this realm. And it's a constant change, constant battle. There's no cure, but there are vaccines. And so it's making things easier and better from a protection standpoint. But it still gets circumvented and you'll still get a little sick, but you're not going to die. You can go to the hospital maybe at most.
00;12;09;00 - 00;12;32;23
Unknown
Was that a kind of fair analogy of how it's been evolving and continued to just be in the space? Yeah, but I don't agree completely with the statement that it's getting easier. Okay. Challenge me. Let's go. Tell me more. It gets more complicated because, you know, early on, early on you could fairly simple tools that would cover a lot of issues.
00;12;32;26 - 00;13;05;07
Unknown
So you blocked IPS right. Then you know it would go into blocking domains. Now you're thinking specific streams because of how internal that evolves. But you know, we have phones that we carry with ourselves. You know, suddenly the IPv4 space is exhausted and you have network address translation. So from one IP you can get different types of traffic valid, abusive, you know, questionable.
00;13;05;07 - 00;13;34;25
Unknown
So it's a lot of a lot of gray area that I see. You know I agree and I think that there are more technologies that are brought into it. There's more innovation. And so it's also very difficult to keep track of the new things that are coming out. And so one of the other, like popular trends that we're seeing is threat actors are actually building services and their own products.
00;13;35;02 - 00;14;05;14
Unknown
So like service and they're distributing that within their realms. And so now we're trying to go ahead and fight against that in addition to the small threat actors. So we're kind of like we're dealing with a bunch of different things at the same time. Which already makes it inherently like more complex on top of everything else, for sure.
00;14;05;14 - 00;14;32;18
Unknown
It sounds like we need some governing bodies to act quicker, as opposed to as slow as they can and or enforce. Who would be the governing body. What would the governing body do like? Because this is not a local problem in a specific place. It's like it's global, right? So Mariska might be attacked from Uzbekistan or South America somewhere.
00;14;32;19 - 00;15;05;22
Unknown
Brazil, woods or Brazil. Right. Like in that VPN. Right. Like, and that's and that's also one of the other issues is like, we used to be able to go ahead and block by IP and stuff like that, but now it has become incredibly complex, especially because the way that the internet works and when you have an enterprise business, your enterprise business has the potential to have business in those geo locations.
00;15;05;24 - 00;15;38;09
Unknown
So how do you manage good traffic versus bad traffic in those same geo locations? So and what if your network gets BGP hijacked, for example. So there's a lot of a lot of problems. Yeah we can go very technical like just looking just a few risks. But I don't think this is a problem that can be solved by by the governments, by, you know, faster action by police or anything like that.
00;15;38;09 - 00;16;02;13
Unknown
They're working hard, but it's just really difficult to get much done because it's always, you know, fighting against someone on the other side of the world or in your backyard or in your backyard. But yeah, looking depending on what the VPN chose, right? Yeah. It doesn't even have to be a VPN. It could be your kids in the bedroom next door.
00;16;02;14 - 00;16;34;11
Unknown
I mean, like, that's true. You're right. The call can sometimes be coming from inside the house. We've mentioned a few things here and there in terms of the invisible architecture. To those who are not technical and understand all of these dynamics and the complexity, if there was a takeaway for those who are much more on the non-technical marketing side, for example, and they are actually trying to do the right things, not, you know, the really bad spam and abuse and phishing attempts.
00;16;34;13 - 00;17;01;17
Unknown
What advice would you give or what would you like folks to understand, you know, as it relates to for what can seem magical to those who don't understand it? I think that my biggest piece of advice like, and this is probably a little off base with exactly what your question is. But I don't think that we say it enough, and I'm going to use this forum as the opportunity to say it.
00;17;01;20 - 00;17;34;28
Unknown
If you don't recognize the email, don't engage with it at all. Don't touch it. Like don't hit unsubscribe. Don't click on it, don't respond to it, do nothing with it and just delete it. And of day. Move on. Have your morning coffee and that's it. I love it. I'm a report to spam. And then yes, I mean in my opinion, what marketers need to know is that email is hard, that it's not as simple as they think.
00;17;35;00 - 00;18;03;05
Unknown
I think most email marketers know that in marketing operations and martech professionals. But the perception outside of that for sure. I'm not convinced about that. They understand that it's hard to have good results. But on the technical side and on a lot of levels, this is hard. It's not like, hey, I can send an email to my mom so I understand him.
00;18;03;10 - 00;18;32;00
Unknown
No, it's it's very complicated. And when your provider tells you that you should do something, even if it's optional, you should do it right, because a lot of times for business purposes, stuff is optional, right? Just to remove friction during onboarding, etc., there will come a time when that will become suddenly very much required. That was the whole situation.
00;18;32;00 - 00;18;55;15
Unknown
Yeah. Like we haven't had a problem because all of what Yahoo and Google started requiring, we enforced for years. Those were standards that were around for two decades. So why not enforce them? We enforced it. Our customers didn't even know that there is something like that. And so when things go wrong, it's it's almost a consequence of your own inactions.
00;18;55;17 - 00;19;37;25
Unknown
Often times. Well, there's a reason why we established best practices like. And they really are best practices for a reason. And investing in those best practices are meaningful and they really are meaningful. And I think that the other takeaway for me is that everything with email is it requires abstract thinking. Correct? It is very difficult for somebody who wants to think about things in a very binary fashion, getting them to email, because everything with email is complicated, very rarely is there a yes or no answer to something.
00;19;38;01 - 00;20;02;28
Unknown
There is from a, you know, 250 okay perspective. But when it comes to the actual deliverability components and rulesets, when you think about it from that perspective, it requires a lot of abstract thinking, and you really have to be in the mindset to do that, to be successful in this field. Yeah, I kind of see email is art and science.
00;20;03;02 - 00;20;30;00
Unknown
Yeah. And you have to have qualitative data and quantitative to be able to properly do it and understand it and leverage it. Not to mention diagnosed when something goes wrong. And the most common response to any question here at Mag is it depends. Yes, yes, that is one of the most important questions. It's always Tell me more.
00;20;30;03 - 00;20;51;11
Unknown
And I feel like that's where I've built my entire life as a consultant. I've just always consulting like, oh, it depends, but let's see what else we can, like, dig up and glean from from what we've learned. All right. Shifting gears a little bit. I would love to hear your particularly your definition of non-human interactions. What are they and why do they distort engagement metrics?
00;20;51;11 - 00;21;30;21
Unknown
And also, how did you at Omni Berry create the bot detection API in relation. Okay. So non-human interactions are non-human interactions with with animal. So well thank you. Yes okay. The one reason why we came up with the term non-human interactions, which was here at Mog when we wrote the white paper eight years ago. I actually a golf clap congratulate was because bot click is not really the right term, but imply that it's something that malicious non-human interactions are often.
00;21;30;22 - 00;22;15;17
Unknown
Security systems are the good guys. Scanning emails, following the links, which results in interactions that don't really represent the human should have clicked and is the final recipient of the message, but it was simply a device or a spam filter or, you know, any security component on the way of delivery. But it's not just security. Of course, there are malicious ones that we should call bots or fully automated bots that you know, are crawlers indexing the content of emails.
00;22;15;17 - 00;22;40;13
Unknown
So there are many types of these non-human interactions, or many sources of non-human interactions. Some are malicious, some are not. So really, it's it's an umbrella term. And at some point, hopefully, if not already, we can really break down of those differences that you'd identified. So everything from security to crawlers to actual humans and separate them out.
00;22;40;15 - 00;23;11;21
Unknown
Is that kind of a fair assessment of that particular? Certainly not. Not a goal, because the information that we provide in our API is it's a bot or not, right? Simplified, I like it. I. For very I feel like I feel like you're like the Paris Hilton bot or not. Of course there are use cases where the information, whether it was malicious or not or of interest.
00;23;11;26 - 00;23;44;12
Unknown
Mariska would love that information and we are feeling. Yeah, we are definitely working on providing that additional attribute for you also have to think about that. This also has an abuse factor, right? I trust Mariska, I trust our customers that they will implement it correctly, but we always have to think about the abuse factor that it brings. Like, what if a spammer gets hold of this information?
00;23;44;15 - 00;24;17;16
Unknown
What if, Fisher gets hold of this information? What if we provide that information to beehive? Beehive surface? Is it somehow, somewhere can that how the bad actors. So a lot of this is is not an abuse from our direct customer, but right in the wrong hands, you know, in a distant, you know, three times removed, somebody can use that information to do something nasty.
00;24;17;17 - 00;24;41;01
Unknown
The one thing I've learned the most about, really, the technical side of email, is there are a lot of gatekeeping of how it works, and that's by design and intention. Otherwise, those bad actors can learn quicker than they already do. Is that a fair assessment? Yeah, to some extent for sure. But again, email is open, right? It's an open standards.
00;24;41;04 - 00;25;14;26
Unknown
It's what ISP's are doing is their their secrets right. So yeah, to some extent they don't want to tell even people they trust what they're doing. Just like Mariska wouldn't publish an FAQ you about their internal limits so the bad actors can bypass them. Of course, there would be some customers who would like to know those limits because it would help them with their API calls, etc..
00;25;14;29 - 00;25;43;24
Unknown
Understood. And I guess in that capacity, as you built the API, the block section API, to really kind of take it to the next level, because a fair amount of ISPs have bot detection and I have come to learn this, it's not really all that accurate or excellent. And so I'm curious what you're willing to disclose the difference of what you guys have created and what should be the standard here?
00;25;44;02 - 00;26;10;27
Unknown
Okay. So we use a lot of a lot of data sources. We don't do heuristic guesswork whether this it seems like a bot. So it's a bot. No. We have to you know, could you share what that entails? I don't BSP like what would they consider a bot? Often this could be some predictive model. We have seen too many interactions from a certain IP address, so cannot be human.
00;26;10;27 - 00;26;35;09
Unknown
Just because we got a thousand clicks from this IP, it's got to be a bot. Well, not surprisingly, there are IPS that function as a gateway for a massive corporation with 50,000 employees, and then thousand clicks is nothing, right? So so there's a lot of false positives that leads to a lot of false positives. And we hate those.
00;26;35;14 - 00;27;15;13
Unknown
Understandably, you want to have confidence that they're at least as accuracy to what you're perceiving from your reporting, your metrics to really understand the health of your program. But also from my perspective, in this case, false positives cause more harm than false negatives, right? Which are interesting. If you misclassify a human, that human can speak up like, hey, you stopped sending me emails and you know, I really loved your emails, but you bastard, stop sending me emails or you didn't send me my confirmation email, whatever the outcome might be.
00;27;15;15 - 00;27;40;18
Unknown
But there's a voice. There's a human who will be unhappy if it's a false negative. Okay, an extra email has been sent, so. Right. But yeah, it's a tricky balance. And also there's of course economic tension here between ISPs. As a result, their customers really protecting them as much as possible versus really just the high level economic component of just trying to increase revenue.
00;27;40;18 - 00;28;03;19
Unknown
And it's multifold. That's at the the high level platform, but also the customer base and particularly masked. I'm curious, like, how do you think we move beyond this? Like short term thinking of only focus on revenue? We don't need to invest in all of these additional protections, or we can build it ourselves when maybe those folks don't actually have the technical skill set to do so.
00;28;03;19 - 00;28;41;26
Unknown
As much as I research because this information isn't as public. So we utilize their technology for a couple of different reasons. But the first of which was we felt it was really important to elevate actual verified human behavior to our customers. So they didn't have this false sense of engagement with their newsletters, right? So they would receive click tracking engagement that was super overinflated because of a lot of different reasons, right?
00;28;41;26 - 00;29;19;29
Unknown
In addition to that, we also have a lot of monetization tools on our platform that include ads and boosts, and those things tend to be abused on our platform. And so it was a perfect opportunity for us to go ahead and elevate verified human traffic, while also mitigating abuse of advertising, abuse of boosts by actually looking at human engagement instead of just engagement with these clicks.
00;29;20;01 - 00;29;57;25
Unknown
And that was very important to us. It was important for us to be honest with our customers and for them to get a better idea, because I think at the end of the day, when it comes to understanding your audience and deliverability, understanding clicking is just as important. We as an industry, as the email industry started moving away from opens a long time ago, you can use it as, yes, a general like understanding for a signal as to whether or not your campaign was successful.
00;29;57;27 - 00;30;34;23
Unknown
But when you start using a call to action and then you can't measure the call to action accurately because of inflated clicks, because of non-human components, what are you really measuring? And so I think it is important to use a product like what you've designed or Anti-Abuse, but also for email marketers or for products like ours, to be honest with our customers or to be honest as senders, what our audience is doing.
00;30;34;26 - 00;30;57;11
Unknown
Yeah, I value and appreciate that level of transparency. Was that an internal struggle or is that part of the culture at beehive that it's if it's best for our customers as a as a result, our bottom line, we will do it regardless, because I know for me, having been in situations, business casing is oftentimes the singular most important thing to navigate.
00;30;57;11 - 00;31;31;00
Unknown
And how is this going to generate revenue? Yeah, no, we decided that we wanted to be honest and transparent with our customers. That was paramount to everything else, to the data, and we knew that that was not the popular thing in the industry at the time. When we went ahead and started to elevating it within our application, and we still especially when customers migrate from other platforms over to ours, we still, give all the raw data within our application so that you can see the differences.
00;31;31;00 - 00;31;58;08
Unknown
And so there is a verified clicks. I would point out that while the industry moved on from open rates and click rates, it's not the case with necessarily with marketers who still rely on open rates and click rates and believe believe those numbers. Oh yeah. If they have wrong metrics, they have no way to actually improve their marketing strategies.
00;31;58;13 - 00;32;25;11
Unknown
Anything. Because so they're looking at, you know, increasing open rates because of non human interactions, decreasing click rates because they're sending to unengaged people and they think that they are doing something wrong on the content side on the you know segmentation side every step of the way. They're questioning just the email instead questioning could it be something else.
00;32;25;11 - 00;32;50;21
Unknown
Yeah. It's once again the false positives. It's yeah. And we had a customer who exactly. You know, they were going crazy, you know, redesigning CTAs etc.. And when they moved over to us and saw real data, they saw suddenly, oh, the email is not the problem. It's our website. That's where we are losing the customers, the end of the funnel.
00;32;50;21 - 00;33;13;01
Unknown
And then they redesign their shopping cart and problem was solved. Yeah, this resonates so much with me and validates. I wrote an essay earlier and I actually make a case for vanity metrics being important, but purely as signals. And that's it. And to that end, our vanity metrics, if you use them solely in the way that folks continue to use them.
00;33;13;01 - 00;33;36;22
Unknown
And so to your point, the transparency makes the vanity metrics less vain and more confident metrics, and also just means the signals and the capabilities that you're able to leverage within your program and recognize how to tweak as opposed to going off of false information and data that you're never, you know, the antithesis of what I think every person analyzing their own program once.
00;33;36;27 - 00;34;05;21
Unknown
So really, you should be investing, especially with automations that get triggered by false clicks and false opens. And marketers need to know. Brought to you by our sponsors. If there's one thing that's followed me at every stop in my martech career, it's trying to get good data into the hands of marketers. That's why I'm so excited to tell you about our sponsor, High Touch, a leading composable CTP, and I decisioning platform companies like Domino's, chime, Aritzia, and PetSmart trust high Touch to power their data.
00;34;05;21 - 00;34;24;01
Unknown
And here's the kicker 90% of customers have a real use case live in production within their first week. That means you can implement a world class CDP in months rather than the usual years long. Hey, that's my top brands. Choose high touch to personalize every customer interaction at scale. See what high touch can do for you at high touch.com/msm.
00;34;24;04 - 00;34;48;27
Unknown
And now back to the hotseat. Agreed. All right, have us take a step back. We've gotten into the nitty gritty, even though we're probably still going to get into a little bit the nitty gritty. But I want to talk about ethics, abuse and like the future of messaging beyond just solely email. And so I'm really curious with now email and of course, SMS, which has been around for the longest times, and now RCS finally being on the market for marketing purposes.
00;34;49;00 - 00;35;17;13
Unknown
How does a cost and structure here affect abuse with SMS? What can go wrong? And I know Jaco, you have some thoughts here because that's how we originally met. Yeah, I think RCS is going to kill SMS and will become a major abuse channel. Or majorly abuse channel because right now the reason that prevents that rampant SMS abuse is price, right?
00;35;17;18 - 00;35;48;19
Unknown
The price is still controlled by the telcos at this point. Right. And the providers really have a lot of say in all of these things currently. Well, but we we have no say in the price. Right. And of course not. But there is one company that does, that controls RCS, which is Google and is Google decides that they will open up RCS and then they no longer need the telcos, which they've done before.
00;35;48;26 - 00;36;16;10
Unknown
They will slash the prices. Yeah, ten times. That's where that economic quality time for me again, it will become extremely cheap suddenly. Yeah, there is I don't see any sane person sending SMS. So that's the final end of SMS, which is a 2G technology. It should have been dead, but it's still what's interesting that I will slightly push back on.
00;36;16;13 - 00;36;48;23
Unknown
So I've had a conversation with the CSO of attentive Eric. I'm sure you know him in some capacity, and he claims SMS is never going to be dead and are obviously RCS is the future and is the way. However, with SMS truly the singular most identifiable metric numeric anything is everyone's cell phone. You typically don't change your cell phone number every few years, unlike email you.
00;36;48;28 - 00;37;14;23
Unknown
I've had the same number since I was in high school, and I'm curious if you see that coming into play or really is just RCS the next BME. But for texting the only reason why SMS is still around as a technology, it's not the phone number because the same goes with WhatsApp, Viber or RCS. They're tied to a phone number, right?
00;37;14;23 - 00;38;11;18
Unknown
The only reason why SMS is still around is because that's the only part of the GSM standard from the 2G era that interesting, that uses different signaling on the network, which means limited bandwidth. That's why the SMS are short, but is also independent of any data transmission on a data network on the 3G, 4G, etc.. So let's say you get to a World War three, and there's a really horrendous situation with all the data networks that 2G part of SMEs should still work, and emergency services rely on SMS and broadcast SMS, etc. to that end, it sounds like SMS shouldn't die, at least in transactional as a technology.
00;38;11;18 - 00;38;34;27
Unknown
Not. But the use case for SMS. It sounds like this is going to become more limited and more focused. Maybe to your point, like on NGOs and governmental agencies and potentially more misuse, I don't know. I don't think that it's going to be NGOs. Why would you pay, you know, 50 times more if you can do it for almost three over RCS?
00;38;34;29 - 00;39;04;08
Unknown
That's fair. That's right. But governmental agencies, it sounds like they're still a high use case. Yeah. And I relate this like same conversation. We've been saying the same thing about email and leaving email for forever now. Or email is king no matter what people say. So another example of this same conversation is faxing and fax that the fax industry is still huge.
00;39;04;10 - 00;39;29;25
Unknown
It is mind boggling to me that as somebody who spent several years working in the fax industry, VoIP is still like ginormous. Who would have thunk? But here we are. It's 2025 and it's still a really big thing. There are a lot of industries that still rely on it. It's to your point, in terms of the evolution of the technology, it's like, okay, when does faxing, for example, become the telegram?
00;39;29;27 - 00;39;59;24
Unknown
What is the kind of stopping point? And I guess to your point, each one slowly by slowly gets reduced every year to whatever the new adoption of technology will become. And I'm not sure that it does. Like, I think that to some extent things get reduced, but like so like with the faxing as an example, like they went digital, they do digital faxing now.
00;39;59;26 - 00;40;25;09
Unknown
My goodness. Because but it's true as hell don't have to go over the landline. But it's like old school. They still that's exactly right. It's how it's transmitted but it still exists. But compared to what it was that market, it's super tiny and it's the same thing. If you really look at SMS 15 years ago, every telco would publish on the 1st or 2nd of January.
00;40;25;14 - 00;40;49;24
Unknown
They would have a press release about how many SMS messages went out on the New Year's Eve, how robust the eve of all times. Yeah, because that's the that's the moment when people send each other SMS and it's like, hey, happy New Year. Yeah, right. So that was their peak peak moment. Every year and they would have a press release.
00;40;49;27 - 00;41;23;18
Unknown
I haven't seen such a press release in 15 years because people moved on. You used probably iMessage, you know, what's Viber now? RCS there's so many Facebook messengers. Yeah, I don't know. TikTok probably has some discord, discord and Instagram, you name it. When was the last time you sent an SMS? Actual after mass? That was an SMS only when I am unable to get my RCS to go through, and oftentimes it's when I'm abroad.
00;41;23;20 - 00;41;51;13
Unknown
Okay, so it's the case of the advantage of the 2G network. And also I had to send SMS up until Apple's adoption of RCS recently, in the past year, year and a half or so. And my I'm a divided household, I'm the Apple person and my husband is all things Android. So we have tension between our phones and operating systems often, which is not great, but it's the the hardware.
00;41;51;16 - 00;42;30;06
Unknown
It's the software on the hardware. Yeah, that is actually the problem. Yeah. But imagine the same disruption will come to the business to pure SMS and RCS, right? Because B2B RCS are a new thing. It's not global, so it's still energy intensive. That's fair. Well, and kind of thinking broader when currently trusted infrastructure players like Twilio. And I'm sure there's plenty of others sell verification tools that could potentially be misused by bad actors.
00;42;30;06 - 00;43;06;20
Unknown
Is that hypocrisy from a business standpoint, or is that just good business? Oh, this is I see question. I think this is like one of those ethical dividing questions I like in terms of, there are questions in the industry about the ethics behind the, the products that we produce and who, like, are we willing to sell them to anyone or are you going to vet your customers?
00;43;06;23 - 00;43;38;01
Unknown
What does that look like? There are some companies, especially at Mog, that are very minded as to who exactly they will sell their products to, and that is absolutely, I think, the right way to treat those types of products. I don't think that necessarily having products like this available to everyone is great, but similar. Heinously when you look at email validation as an example, that can even be misused by everybody.
00;43;38;01 - 00;44;03;01
Unknown
We see that by spammers all the time, but then again, email validation services aren't created equally. Some of the different companies that provide the services are higher quality and provide balance. Maybe some names were on that right now. Thank you. Well, we can cut this. I'm actually curious. Obviously we can talk about post recording because I want to know.
00;44;03;01 - 00;44;29;20
Unknown
So we use kick box like we have we we use kick box. I personally I moved to when I started at beehive we were on Never Bounce which is a zoom info. Yeah. And I was like, over my dead body were using this. I'm like, I want, I want you say data broker like that. Like, please get that.
00;44;29;23 - 00;44;55;08
Unknown
Oh, no, I'm in a cloud section because I am in full agreement, like I, I have everything blocked on zoom info. I have delete me like so one thing but is so from from that like from that aspect, I didn't want to do business or give our, our money to that type of company. So I went ahead and I took ownership of all of that infrastructure legitimately.
00;44;55;08 - 00;45;21;14
Unknown
So now security owns all of our email validation infrastructure API. That's great. So that we these kick box. Yeah, I would say that a lot of this is a it's a difference between the companies. They're privately owned and they have shareholders who if you're privately owned you're you can have morals if you have shareholders. Nobody has morals. Fascinating you.
00;45;21;14 - 00;46;03;11
Unknown
So there's there's no business case for morals when you have shareholders. That is very almost debilitating. Sad. In terms of if you become public then you're doomed. It's then. So it's like you making a case. All of these companies should never go public. Is that the right angle? No, no, I can make a case of record. If you track the amount of spam coming from ISPs before they went public and after, you would see that the moment they started preparing for IPO, they started onboarding any client left and right.
00;46;03;14 - 00;46;30;06
Unknown
They didn't care whether it's a spammer or not. They just needed that boost in revenue for the best possible IPO. Yeah. So corporate greed and and that tension the IPO happens. Most clients stay. And I think a show an as so as somebody who live got the experience of living the life cycle of pre and post IPO at a company.
00;46;30;07 - 00;47;04;10
Unknown
There is a huge push to go ahead and bring in business during that cycle course. The entire life cycle of the business is actually very interesting to me because like when you are startup, you are very hungry for business and you will take anything that you can get. And then when then you start going for quality over quantity because you want to protect your brand and you want to grow, but you want really rapid, stable customers.
00;47;04;13 - 00;47;34;27
Unknown
And then when you start getting into closer to IPO, you want that surge again. And so you have solutely start looking to on board. I guess the floodgates open. More questionable, customers. But to your point, I think that as soon as you are public, you lose the autonomy that you had when you were private and that inherently you lose that autonomy.
00;47;35;00 - 00;48;02;20
Unknown
Or when you lose that autonomy, you lose the ability to really stand up and say, as a company, we draw this line here because you are looking at those bottom line numbers in a very different way, and it becomes more slack for even for us. So the way I built milk in Omnicare, we never had any investors because the investors would not agree with the business model that we have.
00;48;02;22 - 00;48;29;07
Unknown
We want to have the the best possible customers. You want to vet them. We want to have the right to terminate them if they screw up. So the reputation of our platform comes first. And that's not something that investors want to hear that we are going to kick off a customer, terminate their right, because they sent something good.
00;48;29;09 - 00;48;59;05
Unknown
They shouldn't have. It feels like almost like a full circle moment. And that it sounds like you really do have to bake anti-abuse then into product design. And I'm curious from both of your perspective of saying if morals will eventually go out the window for some companies, particularly those in the going public capacity, how do we as practitioners circumvent that and instead instill best practices that are the guardrails that are needed for the long term?
00;48;59;05 - 00;49;26;16
Unknown
That's my meat and potatoes. That's what I work on every day. That's what I'm building at beehive, literally from the ground up. We are trying to design all of our features with abuse in mind, and to do it in a very noninvasive way for our customers. That's very important to us as well. We don't want to provide a an experience where our customers have a lot of friction.
00;49;26;22 - 00;50;01;21
Unknown
We want them to be able to come to our platform and feel very welcomed, and feel as though they do have the autonomy to do what they want to build what they want. Express themselves, connect with their following. We specialize with content creation and content creators, and that is very, very important to them. And we want to present to them a platform that they can trust, that they can trust us, know that their customers have a safe place to be.
00;50;01;24 - 00;50;24;03
Unknown
And I think that means building something that they know that they're supported and that they're safe. They're not going to get taken advantage of. Their customers aren't either. And the best way to do that is to build it. That makes sense for us. I'm always looking at the same problem. Like if we got sold, what happens next, right?
00;50;24;03 - 00;50;57;15
Unknown
Somebody acquires the company, they want to tear everything apart. There are two components. One is like built in the security and anti-abuse aspect into the platform. That's one part. So at least when the bad guys come, they will have a lot of trouble taking it apart. But it's also about about the technology that supports the process. So for example, in our case, the sales team cannot overrule.
00;50;57;17 - 00;51;30;27
Unknown
I wish that existed everywhere I've ever worked doesn't approve a customer. The sales cannot sign the contract. Right, right. We have that same set up at beehive. That's how it should be. So because, because sales are incentivized to sell as much as possible. And the easiest customers to sell to are the bad actors. Yeah of course. And I don't want to demonize sales, but they do lean into the rudimentary understanding of email is cheap and you can do it no matter what.
00;51;31;00 - 00;51;57;21
Unknown
And there are very few consequences until you have anti-abuse folks on the security team and or you have knowledge. Technical marketers who like you, are screwing with the good consent based emails we're trying to send, and you're ruining our own brand's reputation, literally, in terms of emails, but also figuratively in the greater understanding of there's certain brands that you just know they send you the email no matter what.
00;51;57;24 - 00;52;16;28
Unknown
And you're like, I don't want it. I mark every single email that I didn't consent to as spam. Doesn't matter who it is or what brand it is, I do it a lot. Back to the fact that it's cheap and that's why they do it. They think it's cheap. Somebody will click. That's fair. It's the price. Looking kind of to the future.
00;52;16;28 - 00;52;39;10
Unknown
If you had a crystal ball, what do you see as a next battle ground for trust across all the different types of messaging platforms or any particular one? I would say that it's the problem is philosophical. You can have one entity that holds all the trust or, you know, owns the trust recognition. Like Google. They do the reputation for email.
00;52;39;10 - 00;53;06;29
Unknown
They know what companies have on their web. They can connect to everything on one brand, you know, push it out through Gemini. They also connect a lot of data from social networks. You have your Gmail account so they know everything about everyone. Connect that to the brands. It's the same now. How do you do that across different channels?
00;53;07;02 - 00;53;43;11
Unknown
Is TikTok going to ask Google, what do you think about this brand? Is Google going to ask Microsoft for their opinion? Yahoo! You know, every social network. Meta. That's where I think that problem becomes. Either there's a lot of data exchange where there's a central entity that has an outsized power, which which is a situation that we kind of have because Facebook knows way more than they should.
00;53;43;11 - 00;54;14;22
Unknown
Everyone Google. I recently got my $38 check because of my my privacy was not taken into consideration with Cambridge Analytica. You'd think my privacy and all of our privacy is worth more than $40. But you know, so I think that's going to be the future problem that you will have to find ways how to prevent the he the concentration of powers because you have an email ecosystem, if you look at it, you know, started concentrating into essentially two services.
00;54;14;22 - 00;55;16;05
Unknown
You have Gmail and you have outlook. From my perspective, I think that one of the biggest issues that we have right now is that we don't have a global privacy legislation, and so we have GDPR and we have like CcpA, and there are like little localities of little pockets, right. But the problem is like the inherent problem for a lot of organizations is that there are carve outs that make it so that when organizations don't know that they are supposed to be following these guidelines or these rules, or do they choose not to do it entirely or sorry, it's really difficult to manage.
00;55;16;07 - 00;55;43;21
Unknown
This user is in this geolocation and this user's in this geo location. And we're putting the onus of all of this on these individual companies. Whereas if we just had one baseline, you can't do this. It would be so much more like so simple. We don't do that. Not that there is a simple like there's no like, oh here.
00;55;43;21 - 00;56;15;29
Unknown
There's internet rules. Well but I mean yes and no. I think to your point and kind of what we alluded at on very early in the episode is there is no currently an international governing body. Well, I guess it would be really nice if like the EU and the US, UN different bodies were to come together and create, even if it was just rewriting GDPR for all the same locales.
00;56;16;00 - 00;56;40;13
Unknown
There was an attempt on that. But tell us more. But the problem is that this is it's almost it's anti-business by considered by some, you cannot publish this, but it's also it's a us. Exactly. Yes. That's one concern that yes, that was the main problem. 911 it's like we can just say anti-business because it is anti-business from the US perspective.
00;56;40;13 - 00;57;09;14
Unknown
And you have to keep in mind that even though we have GDPR in Europe, there's still differences in approach to GDPR in individual countries. Right? Right. So GDPR is the baseline for Europe. That's the only thing you have to worry about. But yes, that would be your baseline. But if you have these differences and those are cultural differences that affect why why this is different.
00;57;09;16 - 00;57;36;22
Unknown
You cannot expect us culturally to be the same as Europe, because there's a reason why us why people ran from UK and went to us. And I the amount of times, when I speak with Europeans and I'm like, I love the GDPR, they're very confused because I am American, but so but this is the thing. Like I think on individual level, Americans would love to have their privacy protected.
00;57;36;23 - 00;58;01;12
Unknown
The consumers, the consumer or the consumer would love it. Like I haven't heard an American that would tell me, you have free health care. I don't want that. I've never heard that. Oh, well, you have in different ways. So the thing is, is like, I think that they want it. They don't want to give it to other people.
00;58;01;15 - 00;58;41;01
Unknown
And that's the distinction. Yeah. So but everybody wants it for the independent. Right. So and that's the thing like everybody would like to have privacy for themselves. But when somebody would go out and say but this will undermine our business, we will lose business. We can no longer spam you. Okay. Let's see losers. And you know, it's funny that now America or I hear often Americans talking about, oh, if only we had GDPR that, you know, would reduce the amount of spam.
00;58;41;01 - 00;59;20;21
Unknown
And, you know, we could use some legal tools to fight the bad actors, etc.. I say that for sure. So 20 years ago in Europe, we had laws individually that preceded GDPR, which were very strict, and the European spammers were always saying, it's okay. I sent it based on can spam. Oh no. So we are the problem. I'm not saying that you are the problem, but I said it is certainly not very good.
00;59;20;24 - 01;00;01;07
Unknown
But I think it's definitely I think it's it's all about, you know, what are the, example, what are the incentives that you have around you? If the leader of the free world is a bad example in something and everybody will follow that bad it so it gives permission. Yeah, completely. Well, as we wrap up, what are 1 or 2 actions you see that marketers could and should take immediately to reduce their abuse risk without maybe spending a lot of money or having to get fully educated on just how technical it can be.
01;00;01;09 - 01;00;25;20
Unknown
My number one low hanging fruit dangling DNS. If you are going to go ahead and spin up domain or DNS records to go ahead and send email and you stop sending on it, delete the records because that can get taken advantage of. Really, really, really quickly in my opinion, very technical for marketers. That's okay. You can make a judgment call.
01;00;25;20 - 01;00;53;14
Unknown
I would go even lower. I would say, please just read up on the best practices before you do any site. Who are some good sources? Because I think best practices get touted by many, and I know I've had a number of LinkedIn battles with those who know best, and they're spammers. I always personally, for anybody who walks in, I always recommend I'll Iverson's blog 100%.
01;00;53;14 - 01;01;25;13
Unknown
Yeah, spam resource is fabulous. Primary source QuickBooks has a really good blog. Little us used to, but I don't know all rip happened to them. Essentially. Blogs by industry insiders not yeah, forget influencers. That would be my recommendation. Do not talk to LinkedIn. Do not talk to Reddit. Ignore all the smart hats, talking heads, influencers, the gurus. Yeah, exactly.
01;01;25;13 - 01;01;57;21
Unknown
And industry insiders. And then do the best practices. Read up on that. And from there you can go. All right, last questions. Who is someone we should have on the podcast. And then I also have in parentheses preferably a senior woman leader because they're very hard to find. Senior woman leader Cleo Moore Oakley, it's a good morning. I would love to have clear on we've had conversations just haven't come to fruition all I'll let you do the digging for me.
01;01;57;24 - 01;02;26;04
Unknown
She's here, she's here I know she's there. Jenny is probably. And that's our. Oh or Lauren. Lauren Myers. Yeah, I just had her on the podcast. Oh, I love learning. She's awesome. Well, we'll go with Clea for you. Marissa. Oh, I guess for email. Have you interviewed Sarah Roper? No, I don't know. Sarah. She's the head of Mog.
01;02;26;12 - 01;02;48;03
Unknown
Yeah. Where is she? The one at MailChimp? No, she's at Bank of America. Okay. She was actually the first person who came to my mind because I think she is exceptional. Her background is. Yeah, she's she's she she used to be at return Pat. So she has. Oh okay. She gets background. Amazing. She's not working in the bank.
01;02;48;05 - 01;03;10;13
Unknown
He's a bank teller. You know, she's strong in security. Well I would love I love that introduction. Thank you so much for coming on the pod. Where can folks find you? It's like LinkedIn website I was let's see at home. I don't leave my house very often. Or I'm traveling. I'm across the world or at home.
01;03;10;14 - 01;03;32;24
Unknown
I'm available on LinkedIn. LinkedIn slash ban hammer. Yeah, I do have a LinkedIn profile, but, not on social networks. And I know you famously don't let anyone add to that. You haven't met. Yeah, I, I don't either. Yeah, they can follow me, but, I'm not connecting to people that I've met. That makes to Abhi.
01;03;32;24 - 01;03;41;29
Unknown
I don't blame you both. Well, thank you so much.
01;03;42;01 - 01;03;47;10
Unknown
I.