What not to do when buying lists

Saturday morning I check my mail and notice multiple emails from the DMA. Yes, I got three copies of an email from the US Direct Marketing Association with the subject line Kick It Up A Notch With The DMA Career Center. It seems the DMA are buying addresses from various companies. Because I use tagged email addresses, this means their naive de-duping doesn’t realize that laura-x and laura-y are the same email address. Of course, they’ve also managed to send to an untagged email address, too. I have no idea where they got that particular address; I’m sure I’ve never handed that address over to the DMA for any reason.
Saturday afternoon, I check one of the professional filtering / anti-spam mailing list.  Some subscribers are asking for copies of spam from 97.107.23.191 to .194. They’d seen a lot of mail to non-existent email addresses from that range and were looking to see what was going on and who was sending such bad mail. Multiple people on the list popped up with examples of the DMA mail.
Sunday morning, I checked the discussions wherein I discovered the DMA was added to the SBL (SBL 202218, SBL 202217, SBL 202216). It seems not only did they hit over a hundred Spamhaus spamtraps, they spammed Steve Linford himself.

Today the U.S. Direct Marketing Association (DMA) spammed a dirty list. Along with a number of personal email addresses of people who had decidedly never requested email from them (among them Spamhaus’ CEO Steve Linford), they have hit over 150 of our spamtraps so far today.
The DMA knows very well what the accepted standards of bulk email marketing are in 2013. They know that appended or purchased lists are acceptable to almost no receivers. Yet they chose to email that type of list.

Monday morning I check some of my marketing lists and discover that at least two people outside the US received the email.
If you’re going to buy addresses, you want to do it better than the DMA.
Let’s look at how many things they did wrong in this one email.

  1. Bought lists that had different email addresses for the same person. To me, there is no clearer sign of spam than getting more than one copy of a message.
  2. Bought multiple mailing lists and mailed the whole thing with no testing. Had they mailed this slower, watching for bounces and complaints and Spamcop reports, they may have realized the list was a problem before they got themselves in trouble.
  3. Mailed  the list without looking for well known “don’t email this” addresses. This one seems to me to be about the dumbest thing, they didn’t even take @spamhaus.org addresses off the lists before mailing them.
  4. Didn’t do any work to determine the geolocation of recipients. For a lot of things this may not be an issue, but in this case, the DMA is advertising a jobs center. Moving countries for a job is not unheard of, but it can be tricky to get work permits. Pay attention to what you’re sending.
  5. Added a disclaimer that is clearly untrue. Don’t tell people they’re getting this because they “expressed interest in…” when purchasing list. No one likes to be lied to, and many people do know what they have and have not expressed interest in.

I do expect better from the DMA. Avoiding this sort of highly visible catastrophe requires a competent implementation of your entire email programme, from address capture through sending practices and list maintenance to graceful disaster recovery. Do you have the expertise in-house to create that programme? Are you sure? I can help.

Related Posts

Who are you and why are you mailing me?

I’ve mentioned here before that I use tagged addresses whenever I sign up for. This does help me mentally sort out what’s real spam and what’s just mail I’ve forgotten I’ve signed up for.
Yesterday, I received and email from e-fense.com thanking me for my interest in their new product. The mail came to a tagged address, but not a tag that I would have given to e-fense.com. Their opening paragraph said:

Read More

TWSD: Run, hide and obfuscate

Spammers and spamming companies have elevated obfuscating their corporate identities to an artform. Some of the more dedicated, but just this side of legal, spammers set up 3 or 4 different front companies: one to sell advertising, one or more to actually send mail, one to get connectivity and one as a backup for when the first three fail. Because they use rotating domain names and IP addresses all hidden behind fake names or “privacy protection services”, the actual spammer can be impossible to track without court documents.
One example of this is Ken Magill’s ongoing series of reports about EmailAppenders.
Aug 5, 2008 Ouch: A List-Purchase Nighmare
Sept 9, 2008 Umm… About EmailAppenders’ NYC Office
Sept 15, 2008 E-mail Appending Plot Thickens
Nov 11, 2008 EmailAppenders Hawking Bogus List, Claims Publisher
Dec 23, 2008 Internet Retailer Sues EmailAppenders
Feb 1, 2009 EmailAppenders Update
Mar 10, 2009 Another Bogus E-mail List Claimed
April 14, 2009 EmailAppenders a Court No-Show, Says Internet Retailer
April 21, 2009 EmailAppenders Gone? New Firm Surfaces
May 5, 2009 EmailAppenders Back with New Web Site, New Name
Their actions, chronicled in his posts, are exactly what I see list providers, list brokers and “affiliate marketers” do every day. They hide, they lie, they cheat and they obfuscate. When someone finally decides to sue, they dissolve one company and start another. Every new article demonstrates what spammers do in order to stay one step ahead of their victims.
While Ken has chronicled one example of this, there are dozens of similar scammers. Many of them don’t have a persistent reporter documenting all the company changes, so normal due diligence searches fail to turn up any of the truth. Companies looking for affiliates or list sources often fall victim to scammers and spammers, and suffer delivery and reputation problems as a result.
Companies that insist on using list sellers, lead generation companies and affilates must protect themselves from these sorts of scammers. Due diligence can be a challenge, because of the many names, domains and businesses these companies hide behind. Those tasked with investigating affiliates, address sources or or mailing partners can use some of the same investigative techniques Ken did to identify potential problems.

Read More

No, I'm really not Christine

Got this to one of my accounts recently.

Congratulations and welcome to emailinform.

Read More