Q&A | Protecting users from fraud

I got asked a great question by a co-worker today...

"What have you seen other organizations doing to protect their users from fraud or phishing in emails?"

It got me thinking of all the different things I see when dealing with different organizations.

1. Yahoo!'s security seal is a good example of a service that lets you can create an avatar type icon hat is displayed on their login pages
2. Credit card companies may send the last 5 digits of your card in every email message.
3. Your phone company might send you your postal code or the last 4 digits of your phone number in each message to validate the relationship and validity of the message
4. Your bank or financial institution may ask you to populate a number of security questions/answers that are then randomly presented during your login.
5. PayPal's random number security key

While not all of these are email related, they could easily be applied to protect your users from fraud as part of your security planning process to protect your members.

What are you doing to protect your members? Care to share with us leave a comment or email us at contact.

My take on the spam button report...

Recently there was a report released (DMNews) about the use and understanding of the "Report spam" button by consumers and that they actually report legitimate email as spam.

This is not really a surprise, experience shows that users will use the button for the following reasons:

• As an unsubscribe - ISPs are looking at ways to manage this - Hotmail was the first to implement an Unsubscribe button for "Known senders".
• By mistake - Users are potentially reporting a number of unsolicited email at the same time and if your message/brand is not clear you might get included in the mass report. Even personal email communications get reported as spam.
• To tell you "It's just not relevant" - spam has evolved from pills, porn and gambling to stuff I (the consumer) just don't want.

Mark has a great write up summarizing a few of the other articles written about this report.

Watch the trends in your Feedback Loops to identify potential issues in your email program, group these individuals by collection source (especially if your using multiple collection locations), Types of messages being sent and the demographics of your members to focus and improve your messaging so that it becomes relevant to your subscribers.

If your not watching - be warned - the ISPs and your ESP are all watching and you might just find your self in hot water with one or both of them.

If Content is King...who is Queen?

Food for thought:

I ran across this question today on LinkedIn's Answer pages... My first thoughts agree with the best answer I see so far reads:

Relevance is Queen.
You can have all the content in the world, but if it isn't relevant in a meaningful way to your target, you're wasting your (and everyone else's) time.

Do you have a better answer?

Now that's how you run a contest

Great example today on getting users to enter a contest and using the data you already have to make it easy.

My Internet provider is running a contest for a free trip to Las Vegas to attend some VIP events, in a joint promotion with A&E, for the new Season of Gene Simmons Family Jewels.

Here is what made this a success:

1 - They linked directly to entry page in the email
2- Used Known Data instead of asking me to enter all of my contact information again (I'm a customer after all and they have all my details already)
3- Two clicks to enter (I read and accept the rules/regs, and click submit)
4-Fingers crosses - Hoping I win! Wish me luck

How much easier can a customer interaction get. Many of your customers are busy - make these small interactions with them easy.

Where to improve;

Offer contest entrants the chance to subscribe to your partners email (in this case A&E might have had a new subscriber - but they missed out).

New Blogs to read

Today I found some new information sources to read courtesy of our friends over at Microsoft:

Windows Live Hotmail Technical Support Blog - The official technical support blog for Windows Live Hotmail and the Live Mail Client.
Your mail is here, come and get it! -
Web mail musings from the Windows Live Hotmail team
Windows Live Mail
It's for more than just email

I'm sure there are some hidden treasures in these... Once I have more time to digest the contents I'll share what I find.

Also don't forget to add these to the list of necessary reads:

Official Gmail Blog
Yahoo! Mail Blog

Do you have any other ISP blogs to share, Leave us a a comment or email us at contact.

Why you need Segmentation!

There are a few things that annoy me more then blatantly lazy; marketing, targeting and/or segmenting when it comes to email marketing… one of these things happened to me today.

When targeting promotions to individuals based on their age you should do one of two things... Verify their age and segment/target appropriately or give them the option to opt-out of age specific promotions in the future.

Lets dissect this promotion for a second
- Are you under 28 - NOPE
- Are you in Media buying or Planning - NOPE
- Willing to travel - SURE, but I've already been disqualified from participation (TWICE).
- Think you Cannes? - WTH is CANNES? I know the place in France, but I don't know how to CANNES anything? This is a poor play on words.

This example is actually the second mailer in recent months that started sending content based on age... This one is close - I'm not too far from 28 - but I'm excluded because I surpassed this benchmark a few years back. Sending messages like this without the option - as a subscriber - to say 'This is not relevant to me' or I'm over 28 don't send me these types of messages again can (and likely do) hurt your relationship with your subscribers.

The last faux pas here is that the opt-out process for these messages actually stop all further communication from the sender, there is no method to stop these (under X yrs) messages from being sent in the future... thus alienating your subscribers further.

Don't make this same mistake, gather the proper profile information before sending (Age qualifying promotions), or give people the option to opt-out of these types of messages while remaining part of your core program.

Following the rules

I get asked a lot about the different rules at each ISP, and how to find more information on these policies. Here is a short list of the most common domains I get asked about;

• AOL - http://postmaster.info.aol.com/
• Gmail - http://www.google.com/mail/help/bulk_mail.html
• Hotmail/MSN - http://postmaster.msn.com/
• OutBlaze - http://spamblock.outblaze.com/
• Yahoo - http://help.yahoo.com/l/us/yahoo/mail/postmaster/

These pages contain many helpful resources that will help you understand the policies, practices, common questions and tools available from each ISP.

Have others to list, or need to know about a specific ISP - let us know or leave a comment.

I want you!

Have you been following along for a while?

Do you think you have Privacy, ISP Relations and Delivery all worked out?

Do you know a few things about marketing, technology and networking?

Then I want you to apply for the ISP Relations Analyst position (Toronto location only).

While your at it check out the other positions available here at ThinData.

Q&A | Setting up Authentication Records

Q:
Hello Email Karma,

Would you happen to have a link that specifically shows how to set up SPF2.0 records?

Thanks very much for your help.

A:
Thanks for your question.

SPF 2.0 (aka. Sender ID) is probably better known as Sender ID, and the full details are available directly from Microsoft's Sender ID Home Page. Microsoft also supplies a handy "Sender ID Framework SPF Record Wizard" tool for building your records correctly.

Regarding the setup of these records... Create a new TXT record in your DNS for the domain your setting up Sender ID for and add the results from the Wizard tool above. Your result should look something like this (depending on the network information of your email system):

email.example.com in TXT "a mx ip4:1.2.3.4 -all"

While I'm talking about Authentication, some other handy sites include;

• OpenSPF
• DKIM.org
• ESPC's Authentication testing tool

Hope these tools and suggestions help you out.

Do you have another tool you use for testing or a better suggestion on setting these records up - let us know, by leaving a comment or email us at contact.

Y! puts FBL additions and updates on hold

For those of you participating in the Yahoo Feedback Loop program, be aware that any new IPs or modifications to your existing program are currently on hold.

Yahoo! reciently updated their Postmaster pages and posted the following notice:

Due to the success of our beta program, we are currently making changes to the application process for the Yahoo! Mail Complaint Feedback Loop program. As such, we are *not* processing new applications at this time. We do hope to re-launch an improved, more streamlined online process for interested participants soon.

This appears to be part of the ongoing changes and process updates that Yahoo is undergoing, that were discussed in a recent post; Yahoo! Reaches out to Senders. Hopefully these changes will be made quickly and the application/update process will return to normal, keep an eye out for updates on this and other ISP related news.

Q&A | Not all complaints are created equal

Q: Dear EmailKarma,

Recently we had a member of our opt-in (we only send opt-in) mailing list complain about a message that we sent to them by posting a long article about it on their blog. After working with our ESP and investigating the acquisition of this address it was found that another member of their family had subscribed and used this address in the past.

What should we do about these types of complaints in the future?

Thanks,
[name withheld at request of sender]

A: Hello,

This appears to be a case of an individual user overreacting to your messages, because they were accessing an account shared with another individual in there household. This is occasionally seen when one individual subscribes and the other doesn’t realize of know about this (i.e. husband/wife, parent/child).

A few recommendations immediately come to mind reading the steps needed to correct this type of issue in the future;

• Build a program that will keep your users (even less engaged users) seeing your messages on a regular basis, those that fall off based on your business rules should be sunset correctly.
• Build personalization into these messages, starting with Dear "First Name", vs. Dear Valued Client, allows for instant recognition of the subscriber at a shared address.
• Add in footers with the individuals name, subscribed date and email address that reinforce the individual that subscribed to your list. This is also good for an individual that may forward one account to another (or a friend).
• Build an easy opt-out, requiring a password or membership number will also drive individuals like this to complain about your mail as they will generally not know the password on the account as it was created by another member of their household.
• Last but not least, be polite and honest when dealing with people like this. Explain how you got the email address, who subscribed it and when.

Hope this helps you avoid these types of issues in the future. Have any other tips for your fellow reader on avoiding these types of issues, leave a comment.

Yahoo! Reaches out to Senders

On Yahoo's Mail blog you will find a notice for bulk senders, ISPs, and commercial emailers, describing the delays and steps that need to be reviewed when reaching out to the Postmaster team in order to help with issues your experiencing.

Key items from this posting:

• The Correct form is accessible from the Postmaster section in Yahoo! Mail Help (http://postmaster.yahoo.com) site.
• Follow-up inquiries from senders delay things even more as they create additional queue items.
• Be careful when you fill out the form, double check for completeness and accurately. This prevents a lengthy back and forth dialog that delays your progress.

Read the full article: Delays responding to Postmaster requests

NEWS ALERT: TRANSCONTINENTAL ACQUIRES THINDATA INC

TRANSCONTINENTAL ACQUIRES THINDATA INC (Release).

Montreal, March 11, 2008 – Transcontinental Inc. today announced the acquisition of ThinData Inc., Canada's leading permission-based email marketing services firm. This partnering of industry leaders will shape the next evolution of marketing – bringing the best of print and direct marketing together with the power and speed of electronic marketing.

ThinData's offering fits perfectly with Transcontinental's value-added services growth strategy which includes expanding its premedia, database management, direct marketing and analytics and e-marketing capabilities to deliver unique solutions to its clients and its media properties.

Full Release available.

Making Your Privacy Policy Marketing-Friendly

This Q&A was originally posted in the ThinData Email Strategies newsletter:

Q:
As a National media firm, we have several different online initiatives and each has its own privacy requirements and related policies. We want to make sure that our privacy policy is strong from a marketing perspective as well as compliant from a legal perspective. Can you provide any recommendations – particularly since we plan to dramatically increase our focus on email?

Here is my answer:

You are wise to make your privacy policy marketing-friendly in addition to legally sound. Here are a few guidelines:

The Message. From a marketing perspective, your privacy policy should convey the messages that you:

- Are genuinely respectful of private information;
- Have processes in-place to protect private information; and
- Welcome inquiries about your privacy policies and procedures.

The Content. To convey these messages, at a minimum, answer the following:

- What private information you will track and collect
- How you will collect private information
- How you will use the private information you collect
- Whether you will share with, or sell private information to, anyone
- How you will store private information
- How and when you will update private information
- Who can be contacted if there are questions or concerns about how private information is being used

You should also include:

- Instructions for how to opt-out of email/subscriptions
- The date your privacy policy was last updated
- How people will be updated when privacy policies are changed

The Language. Make your policy clear and concise. If your policy is convoluted, you can inadvertently send the message that you are hiding something.

Other Sources. Make sure your online marketing privacy practices and initiatives reflect the rules set out in PIPEDA. Download The Marketer’s PIPEDA Checklists

Q&A | Follow up to comment on Y!

As I was writing a reply to the comment made by DJ on yesterday's post I realized I had a whole posts worth of stuff to say so I moved the reply to here. DJ asked three key questions:

What are you thoughts on Yahoo! in general?

I love Y! I have been using the same account at @yahoo.com for personal email for the last 10 (maybe more) years and with the latest spam filtering changes my daily spam load inbound has dropped to a handful each day (I might even go as low as a dozen a week). It's great to see an ISP, the size of Y!, participate and interact with groups like the Email Standards Project to ensure that they are able to render the messages being sent into there users, if only others would participate and listen with this same interest.

Do you see this as a potential issue going forward? An anomaly?

Most ISPs go through times like these, where Technology is being updated/tweaked or all together replaced. Yahoo is a big company with a huge network, small mistakes or changes can have a much larger then expected effect on the general public with network like this.

Do you envision Yahoo! having deliverability issues on and off in the future?

Just like any feature role out there can be issues, I wouldn't harp on Y! to much about this one as they worked quickly to fix the issue. When dealing with (potentially) thousands of mail servers no matter how fast you work to fix something its going to take time. Time to investigate, time to find a solution and time to implement that solution.

Yahoo Delivery News

Recently there have been several discussions surrounding delivery issues with Yahoo's mail servers. Laura discusses these in three parts over at Word to the Wise; Part 1, 2 and 3.

The cause for these errors seems to have be some new and tighter spam filtering policies recently put in place for inbound mail messages. Like other ISPs Yahoo's systems are continually monitored and tweaked for performance. After receiving several notices from mailers Yahoo's team worked to diagnose and resolve this issue, returning delivery rates to normal - for most mailers. For those of your still having problems, you should contact Yahoo through their postmaster forms at http://postmaster.yahoo.com/

In other Yahoo news; the Email Standards Project has announced some changes in the Yahoo mail client which bring both of the Y! webmail clients into full compliance with their Acid Test. Original Test results.

Are you missing out?

Recently I was on vacation and I was amazed how many missed opportunities to collect email address I encountered while away, even without consciously thinking about email/work ;)

Like many other vacationers I was happily shopping away in a number of different stores (the brick and mortar kind), but what did I notice missing from these locations? Email (or postal mail) subscription forms.

Where is the love?
No paper to subscribe with, no kiosks to use, no sales person asking for my address to subscribe your lists while paying. Your missing out on a valuable client here, risking my memory to remember to subscribe when I get home (7500 KM away) is a big risk, especially if your missing out on "everyone" visiting these locations.

Remembering your offline clients, could very well become your online clients, with very little effort from your POS staff (that have an active, engaged client directly interacting with them) could have added at least one new subscriber to your email list.

Here are a few questions for you to consider (please share your answers):

• How much is each subscriber worth to you?
• How much do you spend online to get that subscriber?
• How much extra effort is needed to capture that same (engaged and active) subscriber at the Point of Sale in your store?
• How many missed opportunities does your business have everyday?

This might just be one of the most affordable data collection locations you have.

Back, Recharged and Running again

I'm back from a much needed Vacation and will begin posting regularly again.

It appears that the few Auto-pilot postings that I left in place failed, when my desktop was rebooted due to the monthly live update patches being downloaded and installed. These have now all been posted and live postings will also resumed.

I also found that there were access issues over the last 48 hours, where EmailKarma.net was returning "404 Page not found" errors. This has also been corrected and hopefully will not happen again.

Sorry if you could not access the site for the last few days and thanks for reading!

Evaluating ESPs

More and more I'm reading questions about finding and evaluating a new ESP, so I've reviewed a number of the answers and these links will be helpful in getting you through the process

* Competitive Analysis, Evaluating ESPs
* Switching Email Vendors
* Switching Email Vendors & Messing with Deliverability

If your looking for a new ESP you can find a very comprehensive list over at the Email Marketers Club Wiki; http://wiki.emailmarketersclub.com

Q&A | Can one FBL notification address be used for multiple domains

Dear EmailKarma.net,

Q: We are currently setting up some new Feedback Loops (FBLs) with several ISPs and I'm looking for a best practice recommendation regarding our set-up within these systems.

Suppose I send mail from two different domains (user@news.example1.com and user@sub.example2.com), I give the ISP one email address for my FBL notifications to go to (abuse@example.com)? Does the ISP expect the notification email address to be on the same domain or IP as my mailing domains? What do you suggest?

Thanks,
Steve

A:
Hi Steve,

The sending domains should not matter when configuring your FBLs as they are generally IP based systems and not domain based. These systems look at registered IPs or Netblocks (/24) and a preconfigured (usually supplied by the requesting party) reporting address. In fact many ESPs have setups similar to this; where mail is sent from alias@subdomain.client.com but FBL data is set to FBLContact@esp.com, which is a global address configured to accept FBL data for the mail servers, IP addresses, used by their Email Marketing Platform.

Thanks for the question. Do you have a question for EmailKarma.net? Email them to contact.