Recent Posts

Transparency in sending

Al has a post listing some of the bad things some sender representatives do when approaching ISPs for delisting.
One of the things I would add to the list is hiding behind a privacy protected domain registration. No matter how you dice it, having a business domain behind privacy protection makes a company look illegitimate. For any company sending commercial mail, it’s not even an issue as senders are required by law to include an address in every email. With this sort of requirement, it’s not like customers aren’t going to be able to find them.
This is an issue I feel so strongly about, I will not represent senders to ISPs unless they have a valid, unprotected whois registration. I do offer consulting and other services to them, but will not contact the ISPs on their behalf. This is not the reputation I want to create with the ISPs for myself or my other clients.
I challenge anyone who is running a business and using a whois privacy protection service to put the same address in their whois record as is on every email you send out.
I challenge ISPs to stop offering whitelisting, FBL or other services to senders who insist on using whois privacy services.

Defining spam

This is a post I’ve put off for a while as the definition of spam is a sticky subject. There are online fora where the definition of spam has been debated for more than 10 years, and if there isn’t a working definition after all that time, it’s unlikely there will ever be a definition the participants can agree on.
This came up again recently because one of the comments on my “Reputation is not permission” post took me to task for daring to call the mail “spam.” I’m going to assert here that the mail was unsolicited bulk email. I did not ask for it and I know at least 4 other people that received it.
The commenter, and a few marketers, argue that if the mail is sent without any forgery and the mail contains an opt-out link then it is not spam. It is a definition I have only seen folks who want to send unsolicited bulk email use, however. What they are really arguing is their mail isn’t spam because they provide a valid return address and a way to opt-out. Few people actually agree with this definition.
Here are 10 of the many definitions of spam that I’ve seen.

Rescuing reputation

One of the more challenging things I do is work with companies who have poor reputations that they’re trying to repair. These companies have been getting by with poor practices for a while, but finally the daily delivery falls below their pain threshold and they decide they need to fix things.
That’s when they call me in, usually asking me if I can go to the ISPs and tell the ISPs that they’re not spammers, they’re doing everything right and will the ISP please stop unfairly blocking them. Usually I will agree to talk to the ISPs, if fixing the underlying problems doesn’t improve their delivery on its own. But before we can talk to the ISPs, we have to try to fix things and at least have some visible changes in behavior to take to them. Once they have externally visible changes, then we can ask the ISPs for a little slack.
With these clients there isn’t just one thing they’ve done to create their bad reputation. Often nothing they’re doing is really evil, it’s just a combination of sorta-bad practices that makes their overall reputation really bad. The struggle is fixing the reputation requires more than one change and no single change is going to necessarily make an immediate improvement on their reputation.
This is a struggle for the customer, because they have to start thinking about email differently. Things have to be done differently from how they’ve always been done. This is a struggle for me because I can’t guarantee if they do this one thing that it will have improved delivery. I can’t guarantee that any one thing will fix their delivery, because ISPs measure and weight dozens of things as part of their delivery making decisions. But what I can guarantee is that if they make the small improvements I recommend then their overall reputation and delivery will improve.
What small improvement have you made today?

Overusing ISP contacts

I’ve written frequently about personal contacts at ISPs and how the vast majority of delivery problems can be solved without picking up the “Bat Phone” and having someone at the ISP do something. Al touches on the same subject today, blogging about his recent experiences having to contact “Barry” multiple times for many different issues.
Al resolves

Tension at the DMA

What is arguably an internal dispute at the DMA has spilled over into an email and ad battle. Gary Pike is sending email and publishing ads on websites asking DMA members to sign their proxy votes over to him. I saw one of the ads on Chief Marketer a few days ago, but am now unable to get the same ad to load.
The dispute has also generated a lawsuit as the DMA alleges that Mr. Pike has inappropriately used the DMA membership contact lists to support his bid for election.
Who is Gerry Pike Big Fat Marketing Blog
Proxy fight for DMA board Direct Mag
Legal action against Pike DirectMag
DMA proxy fight DirectMag
Gunfight at the DMA corral Ken Magill

Registration is not permission

“But we only mail people who registered at our website! How can they say we’re spamming?”
In those cases where website registration includes notice that the recipient will be added to a list, and / or the recipient receives an email informing them of the type of email they have agreed to receive there is some permission involved. Without any notice, however, there is no permission. Senders must tell the recipient they should expect to receive mail at the time of registration (or shortly thereafter) otherwise there is not even any pretense of opt-in associated with that registration.
Take, for example, a photographers website. The photographer took photos at a friend’s wedding and put them up on a website for the friend and guests to see. Guests were able to purchase photos directly from the site, if they so desired. In order to control access, the photographer required users to register on the site, including an email address.
None of this is bad. It’s all standard and reasonably good practice.
Unfortunately, the photographer seems to have fallen into the fallacy that everyone who registers at a website wants to receive mail from the website as this morning I received mail from “Kate and Al’s Photos <pictage@pictage.example.com>.” It includes this disclaimer on the bottom:

Spamhaus rolls out anti-snowshoe filters

Spamhaus announced today that they are rolling out a new system to detect snowshoe spammers.
What is a snowshoe spammer?
Snowshoe spammers send spam not from compromised servers or botnets, but from large numbers of IP addresses that they are using legitimately. They try to stay below the radar of spam filters, and so get their unwanted email through to the inbox, by looking like a lot of little senders of email rather than one big volume of email.
While a legitimate user of lots of IP addresses might ask for a /23 (500 adjacent IP addresses) from their ISP, and put their real name on the network registration, a snowshoe spammer might instead have 50 blocks of 8 or 16 IP addresses scattered all across their ISP. And they won’t have their real names on the network registrations – instead there’ll be no records at all, or fake but plausible looking company names.
Like a legitimate sender a snowshoe spammer uses real domain names in the mail they send – but unlike the legitimate sender instead of using one real domain name they’ll typically use hundreds of different ones. They’ll sometimes be created completely randomly, such as dreamingdisposal.com or acrosticvienna.com, sometimes they’ll be created so as to sound vaguely like plausible businesses. The contact information on the domain registration is falsified, usually by using one of the commercial domain registration anonymization services such as DomainsByProxy.
And, just like botnet spam, the snowshoe spammer will send low volumes of email from each IP address, to stay below the threshold where someone might look closely at a particular source. This spreading their activity out, so there’s not too much noticable pressure at any one point, is where the term snowshoe spammers comes from.
What are Spamhaus doing?
Spamhaus CSS is a list of IP addresses that Spamhaus think are being used by a snowshoe spammer. It isn’t being published as a separate blacklist, rather it’s being published as part of the Spamhaus SBL, so it’ll be used automatically by everyone using the SBL or Zen lists from Spamhaus. This will help Spamhaus react much more quickly to block snowshoe spammer infestations.
Does this affect me?
If you’re a legitimate sender, this should be yet another reason for you to make sure that you’re being transparent about who you are and what you do.
If you don’t want to risk being mistaken for a snowshoe spammer make sure you’re using one or two real domains with a web presence rather than dozens or hundreds of opaque domain names. Use mail1.yourcompany.com – mail25.yourcompany.com rather than yc1.com – yc25.com.
And make sure you have real contact information in all your domain and network registration information, not false or out of date information and definitely not an anonymisation service.

Sharing content, sharing reputation

Over at SpamResource Al talks about how sharing content is like sharing needles.

Email address validation

One thing anyone collecting email addresses anywhere has to think about is address validation. How do you prevent users from typing bad addresses into your forms?
I ran into this yesterday attempting to take an online quiz. Before I was allowed to take the quiz, I had to provide my name, phone number and email address. Initially I attempted to use a tagged email address. This is one that delivers to my wordtothewise.com mailbox, but lets me identify who I initially gave the address to. The form wouldn’t let me give a tagged address “contains invalid characters.” Well, no, it doesn’t, but there are a lot of websites that think + and – and other characters are invalid.
So what did I do? I ended up using a yahoo address associated with my yahoo IM account. An account that may actually not be accepting mail any longer as I rarely log into it.
What did address validation get them in this case? Well, it got them an address I don’t read and may not even be active rather than the address I wanted to give them which would have delivered directly to my primary mail box. Somehow I don’t think this solution is really ideal for them. (It’s great for me, I’ll never know if they ever attempt to contact me.)
Coincidentally, UserGlue posted about email address validation and alternatives to “make them type their address twice.” (Do people do this? I typically cut and paste my address instead of retyping.)
How are other people validating email addresses?

Links for 9/29/09

A little bit of link sharing today.
Mark Brownlow posts about how critical clicks are to conversion. He also looks at successful techniques that various marketers have used to engage customers.
Chris Wheeler has an insightful post at SpamResource discussing reputation, engagement and what the ISPs are looking at when making delivery decisions. J.D. Falk touches on some of the same themes in his blog post “The Spam Folder is Your Chance to Shine.”
Neil Schwartzman talks about delivery emergencies from the ISP side of the desk.
Terry Zink gives a brief background on sender reputation and a followup looking at how ISPs are working to prevent spammers from stealing their reputations.
Seth Godin continues to turn marketing on his head with his discussion of how marketers have gone from renting to owning.