Spamhaus answers marketer questions

A few months ago, Ken Magill asked marketers, including the folks at Only Influencers to provide him with questions to pass along to Spamhaus. Spamhaus answered the first set in March, but then were hit with the Stophaus attack and put answering further questions on hold. Last week, they provided a second set of answers and this week they provided a third.
Nothing in there is surprising, but it’s worth folks heading over and reading.
There are a couple useful things that I think are worth highlighting.
When discussing spamtraps and how Spamhaus handles the traps.

[A]ll the emphasis on spamtraps is rather misplaced. While traps are one way to detect spam problems, the goal of legitimate mailers should be to only send to fully opt-in subscribers, not simply to avoid spamtraps. If only spamtraps received spam and user mailboxes were completely free of it, Spamhaus would have no reason to exist. Part 2

When discussing proving that senders are using an opt in process.

Most systems log email address, connecting IP, timestamp, and origin of the subscription (where the address was collected). Name and other personal info may also be collected. That’s all good for your own use, but all such evidence can also be forged so it really doesn’t help in resolving an SBL. Besides, we understand that you may not be able to share private information. The important thing to show us is not the historic logs, although they might help in some case, but a documented process of address acquisition, for example a process where we could confirm a subscription for our own test address. Part 3

The overall theme of the answers is that Spamhaus’ responsibility is to their users. They take that responsibility very seriously and use whatever tools they have available to identify mail sent without recipient permission.
On a more administrative level: July has been busy and I’ve been swamped with client work. I’m working on a couple long blog posts and hoped to have one of them done today, but the world did not cooperate. But I will have posts up later this week.

New top level domains
Delivery implications of Yahoo releasing usernames

Related Posts

Are you sure? Part 2

There was a bit of discussion about yesterday’s blog post over on my G+ circles. One person was telling me that “did you forget you opted-in?” was a perfectly valid question. He also commented he’s had the same address for 20 years and that he does, sometimes forget he opted in to mail years ago.
As an anti-spammer with the idea that it’s all about consent, I can see his point. Anti-spammers, for years, have chanted the mantra: “it’s about consent, not content.” Which is a short, pithy way to say they don’t care what you send people, as long as the recipients themselves have asked for it.
This is the perfect bumper sticker policy. As with most bumper sticker policies, though, it’s too short to deal with the messy realities.
I’m not knocking consent. Consent is great. Every bulk mailer should only be sending mail to people who have asked or agreed to receive that mail.
But if your focus is on delivery and getting mail to the recipient’s inbox and getting the recipient to react to that mail then you can’t just fall back on consent. You have to send them mail that they expect. You have to send them mail that they like. You have to send them mail they will open, read and interact with.
If your permission based recipients are saying they forgot that they signed up for mail, that is a sign that the sender’s program is futile. These are people who, at one point or another, actually asked to receive mail from a sender, and then the mail they receive is so unremarkable that they totally forget about the sender.
Maybe that’s another reason the question “are you sure you didn’t forget you opted in” from clients bothers me so much. If I signed up and forgot that points to problems in your program, mostly that it’s totally unremarkable and your subscribers can forget.

Read More

The dark side of email marketing

Everyone I talk to when dealing with issues inevitably has to tell me they are legitimate email marketers. They’re not spammers, they’re just business people. I often find it difficult to fathom why they need to tell me this. It’s not like email marketers are criminals or anything.
Two recent stories reminded me how evil some folks are. While I’ve not had any direct contact (that I know of) with any of the players on this end of things I have zero doubt that if they called me they would tell me that they were legitimate email marketers.
In one case, a members of a spam gang kidnapped the teenage daughter of someone investigating their activities. The gang held her for more than 5 years in horrific conditions. Yesterday Joseph Menn, author of “Fatal System Error” posted on Boing Boing that his friend got his daughter back. It is a heartbreaking story and incredibly sobering.
In another case, the Russian police arrested a man who ran spammit.com, a clearinghouse for viagra sellers to find spammers to send their mail. Reports say that mail volumes dropped by a fifth after the site was taken offline.
There is real evil in the email marketing industry. Sure, they’re spammers and we can all stand up and say they’re not legitimate. But, this is what the ISPs and Spamhaus and law enforcement are dealing with on a regular basis.

Read More

Would you buy a used car from that guy?

There are dozens of people and companies standing up and offering suggestions on best practices in email marketing. Unfortunately, many of those companies don’t actually practice what they preach in managing their own email accounts.
I got email today to an old work email address of mine from Strongmail. To be fair it was a technically correct email. Everything one would expect from a company handling large volumes of emails.  It’s clear that time and energy was put into the technical setup of the send. If only they had put even half that effort into deciding who to send the email to. Sadly, they didn’t.
My first thought, upon receiving the mail, was that some new, eager employee bought a very old and crufty list somewhere. Because Strongmail has a reputation for being responsible mailers, I sent them a copy of the email to abuse@. I figured they’d want to know that they had a new sales / marketing person who was doing some bad stuff.
I know how frustrating handling abuse@ can be, so I try to be short and sweet in my complaints. For this one, I simply said, “Someone at Strongmail has appended, harvested or otherwise acquired an old email address of mine. This has been added to your mailing list and I’m now receiving spam from you. ”
They respond with an email that starts with:
“Thank you for your thoughtful response to our opt-in request. On occasion, we provide members of our database with the opportunity to opt-in to receive email marketing communications from us.”
Wait. What? Members of our database? How did this address get into your database?
“I can’t be sure from our records but it looks like someone from StrongMail reached out to you several years ago.  It’s helpful that you let us know to unsubscribe you.  Thank you again.”
There you have it. According to the person answering email at abuse@ Strongmail they sent me a message because they had sent mail to me in the past. Is that really what you did? Send mail to very old email addresses because someone, at some point in the past, sent mail to that address? And you don’t know when, don’t know where the address came from, don’t know how it was acquired, but decided to reach out to me?
How many bad practices can you mix into a single send, Strongmail? Sending mail to addresses where you don’t know how you got them? Sending mail to addresses that you got at least 6 years ago? Sending mail to addresses that were never opted-in to any of your mail? And when people point out, gently and subtly, that maybe this is a bad idea, you just add them to your global suppression list?
Oh. Wait. I know what you’re going to tell me. All of your bad practices don’t count because this was an ‘opt-in’ request. People who didn’t want the mail didn’t have to do anything, therefore there is no reason not to spam them! They ignore it and they are dropped from your list. Except it doesn’t work that way. Double opt-in requests to someone has asked to be subscribed or is an active customer or prospect is one thing. Requests sent to addresses of unknown provenance are still spam.
Just for the record, I have a good idea of where they got my address. Many years ago Strongmail approached Word to the Wise to explore a potential partnership. We would work with and through Strongmail to provide delivery consulting and best practices advice for their customers. As part of this process we did exchange business cards with a number of Strongmail employees. I suspect those cards were left in a desk when the employees moved on. Whoever got that desk, or cleaned it out, found  those cards and added them to the ‘member database.’
But wait! It gets even better. Strongmail was sending me this mail, so that they could get permission to send me email about Email and Social Media Marketing Best Practices. I’m almost tempted to sign up to provide me unending blog fodder for my new series entitled “Don’t do this!”

Read More