Back to The Basics - How is your email perceived?

To continue with the theme of email Bests Practices topics, I think it's fair to state that both the ISPs and their email recipient clients are able to differentiate between legitimate marketers, and spammers. But the ISP and the email recipient share a frustration with the legitimate marketers. They notice inconsistencies in recognizing the need for best email delivery practices by the legitimate marketers.

When all is said and done, it is the ISP, and the email recipient perception that will affect your deliverability. As a whole, both parties, act as the combined force for deciding whether or not they accept your email to the recipient inbox.

To break this down, most ISPs are mainly concerned about certain technical factors about the email itself including; the header and subject line information, the body of the email, the reputation and past performance of the sending network. So you want to ensure the content and technical setup in your emails can pass the filters, gateways and servers designed by the ISPs for their customer's privacy; furthermore, you want to ensure that your emails are recognized by the human ISPs postmaster employees, as your email subscribers - for more on this see the five R's of email.

With the email recipient, the issues become more about the presentation, the intent of the email, and the recognition of the sender, and less about technical specifics; therefore, it is important that you ensure that your emails are recognized by the email recipient, as legitimate email. It is imperative that your intentions and practices are clear and conspicuous to the email recipient at the time of subscribing and with each message being delivered. By ensuring both the ISP and email recipient are satisfied, increase the likelihood that your email will make it to the recipient inbox.

So, are your issues technical or presentational? Do you know how some ISPs interact and collaborate with their clients to combat spam? Are you aware of the differences in how the ISPs and email recipients in other countries regard data collection and protection?

The answers could be as simple as a consistent "from domain", ensuring a proper DNS setup, a broken URL link which does not go to a legitimate "Subscribe" or "Privacy" link, or a misinterpretation of countries data protection legislation.

So ask yourself - "Where do my sending practices need tweaking?"

How not to do things...

Hello from MAAWG! Stay tuned for my wrap up early next week.

This is new to me... I got this in a spam message yesterday, and if there were ever a list of how NOT to do email marketing published, this would be right at the top of the list.

"You are receiving this email because you or someone you know (or a virus) has submitted it to us. You may have been included by mistake. Please accept our apology. To be removed immediately click the link at the botom of this page."

I would highly recommend if you start your email messages with this or something similar to this that you should really reevaluate your data collection process.

Being Vigilant with BCP

In an article by Directmag.com, by the last count in February of 2008, the world population was at 6.684 billion people. It was estimated that 1.463 billion people had access to the internet. Of that, 29% of internet users have bought from spam.

Now, calculating this, the total would be 424 million users, who would potentially buy things from spam.

Now considering in this article, it was stated that average user paid between $5.00 USD - $10.00 USD for products and services, that averages $ 2.12 billion to $4.24 billion USD are spent on spam purchases. Interestingly, these amounts are occurring on a day-to-day basis!

They were correct, by doing the math, you begin to understand why spammers are willing to endure criticism and legal repercussions of these fraudulent practices. If you consider that within a week, you can generate over a million dollars for just one site, which runs as a part of several sites operated by the one organization, then the temptation is staggering!

But the truth is, a consumer cannot rely on a spammer for reputable products or services. The hard reality is that spammers pose a serious delivery issue for reputable ESPs and Direct Marketers.

Since email was first in general use, there has always been dual battle between the legitimate email marketers and spammers to gain control over the recipient inboxes. Unfortunately, with real spam making up between 80 - 95% of all email in the world, at any given time, and legitimate marketing emails making from 1% to 5% of the total volume, then the spammers, tarnish the good reputation of all senders. So it’s harder for marketers to get fair representation by ISPs.

This is why it is so important, for marketers, to follow the Best Common Email Sending Practices (pdf) to ensure your marketing email is delivered. So, the question becomes “Where should we go from here?”

Virginia Spam Law Roundup

Lately I've been putting links in my delicious feed (available via RSS or email only - Subscribe on the right sidebar) to a number of sites that have written and commented on the recient court rulings where the Virginia Supreme Court declared the state's anti-spam law unconstitutional. By doing so they automatically reversed the conviction of a man once considered one of the world's most prolific spammers.

Va. Court Strikes Down Anti-Spam Law
Spammer Freed On First Amendment Ruling
Virginial Court Overturns anti-spam law
Why Virginia is right to overturn spam conviction
Why it doesn't matter that the Virginia anti-spam law was struck down
Virginia Spam Law Overturned: Doesn’t Matter

I understand the ruling here, and can see the implications that the courts have pointed out regarding the limitation and the protection of the First Amendment (Free Speech), and you should also note that going forward spam cases should be covered by CAN-SPAM, and thus not need this law.

AOL ARF switch over

Yesterday at approximately 11:15 AM EST, everyone participating in the AOL FBL to switch over to the new ARF (more on ARF) format. You will notice a new subject line for these messages that will make abusive IP tracking easier

OLD:  "Client TOS Notification"
NEW: "Email Feedback Report for IP XX.XX.XX.XX"

And a new message in the body of these reports:

ALERT:

Your feedback loop has been converted to Abuse Reporting Format (ARF).AOL announced on June 27 that all feedback loops will be converted to ARF on September 2, 2008.  We no longer offer or support the traditional AOL feedback loop format. 

Read our announcement of the FBL conversion

For information about how AOL uses ARF, visit our website.  This page contains links to information about ARF and describes how ARF differs from the former AOL FBL format.  In addition, we have a blog post with information about how to view ARF complaints if you read FBLs manually.

Please do not contact the AOL Postmaster for assistance in processing ARF complaints.

Thank you,
AOL Postmaster

This is an email abuse report for an email message received from IP address XX.XX.XX.XX on Tue, 02 Sep 2008 11:14:11 -0400

For information, please review the top portion of the following page.

For information about AOL E-mail guidelines

If you would like to cancel or change the configuration for your FBL please contact our postmaster help desk. Up to date contact information for the postmaster help desk is located at http://postmaster.aol.com/contact

Take the time today to review your FBL tools and processes to ensure your current processes are functioning at their normal and expected levels.

Spam risks at MobileMe

TechCrunch posted an article recently about a security flaw in the MobileMe webhosting platform that puts every user at risk of having their email addresses harvested by spammers and targeted with loads of spam.

Quote from TechCrunch:

Here’s how it works. Every MobileMe user gets a public idisk file sharing site where they can post files for their public or private use. It’s simple to set the page to private, but it still shows the username if you to to the page. An example of a bad username: idisk.mac.com/mehmehmeh-Public. Here’s a good one: idisk.mac.com/steve-Public (That’s Steve Jobs’ account). There is no way as a user to hide or delete your public folder. If you are a MobileMe customer, you have one.

It's only a matter of time before this exploit is abused (especially after it's published on TechCrunch) and users at mac.com and me.com are inundated with spam. Lets hope MobileMe is up to the task of filtering these messages, fixing this already overly exploited flaw and letting the legitimate email continue to delivery accordingly.

Guest post: Japan's Updated Anti-spam Bill (2 of 3)

As promised yesterday here is part two of three with our guest writer Matt Hill, see part 1 here.

Penalties For Violations under Japan's updated Anti-spam Law.

1. The Minister of MIC (Ministry of Internal Affairs and Communications) can order the Sender to take measures to bring itself into compliance.

a. The Sender may also be subject to a fine of up to ¥1,000,000 or imprisonment for up to a year if it violates such an order.

2. A Sender may also be subject to these penalties if commercial email using false Sender information is sent in violation of Article 5.

3. The Minister of MIC may also require Senders to submit reports regarding the Sender's transmission of commercial email, and may inspect the Sender's premises, books and other documents.

a. A Sender may be subject to a penalty of up to ¥1,000,000 if they refuse to submit such reports or to cooperate with an inspection.

4. In addition, under the New Anti-Spam Law, Senders may face additional penalties if their agents violate the provisions of the law.

a. A Sender whose agent violates an administrative order from MIC to comply with the law is subject to a fine of up to ¥30,000,000.

b. If a Sender's agent refuses to cooperate with a MIC investigation, the Sender is subject to a fine of up to ¥1,000,000.

5. The New Anti-Spam Law authorizes MIC to share information with foreign governments.

a. Accordingly, any non-Japanese Senders may face scrutiny from their home regulators in regard to commercial email they send to Japan.

Stay tuned for the conclusion tomorrow where Matt discusses "What this means to Senders".

Guest post: Japan's Updated Anti-spam Bill (1 of 3)

A long time friend and co-worker asked me about writing for EmailKarma.net and what kinds of information would be good to share, so I thought I'd let him guest post on the recent updates on Japan's anti-spam laws. Please welcome guest post by Matt Hill, if you like these maybe we can convince him to write regularly...

Here is Post one of three that will appear each day for the remainder of the week.

There has been a huge response to ever changing mode and methodology of how spam affects consumers in Japan. It has grown from an industry of self-regulation in 2001, by mobile operators, to two national laws, which were enacted to combat internet spam in 2005:

1. “The Law Concerning the Proper Transmission of Specified Electronic Mail (the "Anti-Spam Law").
2. “Law for the Partial Amendment to the Law Concerning Specified Commercial Transactions (the "Revised Transactions Law").”

Later in 2005, the Japanese government made their first amendments to the Anti-Spam Law, and has now, with their 2008 amendments, made several substantial changes to this Law.

Implications of these new amendments:

Categories of Sending
Under the New Anti-Spam Law, a Sender may only distribute commercial email if the recipient falls into one of the following categories of individuals or groups who have or are:

1. Notified the Sender in advance that they request or agree to receive commercial email.
2. Provided the Sender with their own email addresses.
3. Expecting commercial interaction with Senders:
a. Limited access is granted to individuals and groups have publicly announced their own email addresses for “non-solicitation” or “Non-Profit activities” purposes.
4. Maintained a pre-existing business relationship with the Sender.

Additional Requirements
In addition to requiring opt-in consent; there are four further requirements under the New Anti-Spam Law that Senders are required to:

1. Keep records which prove that the recipients requested the emails.
2. Honour opt-out requests received from individuals.
3. Include certain information in the commercial email sent.
4. Prohibit sending email using programs, which generate email addresses and falsify information about themselves.

Tomorrow Matt will cover the "Penalties for Violating" these laws, then wrap up the week with the ever important information "What this means to Senders".

Please leave us (Matt H) some feedback.

What do you get your ISP relations person for their Birthday?

Recently I had a birthday and our systems admin thought it would be a good laugh to buy me a gift...
Oddly enough after 8 years working in Email Marketing I have never received a can of SPAM as a gift... I promptly asked him in return why our filters let this in the office ;)

AOL gives tips on Upcoming Feedback Loop Conversion

Back in June, AOL announced that they were converting all feedback loops to the ARF format. Needless to say they received a number of comments from senders concerned about the needed resources to implement systems to read and process these ARF messages.

Anna provides some new tips on how to read and processes these messages.

There will be no changes with content of the header and these will remain in the current format, Header redactions will will remain. Information is in the body of the email (ex footer text) that says,"recipient@aol.com is subscribed to this mailing list", will remain as it currently does.

Header information will remain as is currently is presented to recipients of ARF messages and examples of how to access this in a number of email clients can be found here. Anna also points you to a tool, written by our friends over at Word to the Wise, that can help Unix users ARFFilter.

Have more questions on ARF or Feedback loops, Email me or leave a comment.

Are you an Email Addict?

Laura - from Word to the wise - tells the story of an email marketer that is addicted to sending email, to the point that they just can't stop doing a bad thing. Apparently sticking your hand in the fire and getting burned once is not enough... Read her full post here: Addictive email marketing.

A great quote from the atricle:

Drug users go to the pusher for their drug and the pushers keep the streets plentiful with drugs. Similarly, marketers go to list services for their drug and many of these list services sell tainted goods. And it’s these list services that fuel the spread of spam.

Based on the lead article in MagillaMarketing yesterday.

Comments from a far

Found this website kinda of randomly, while researching some PIPEDA information... It talks about several Key factors for marketers when looking to market to Canadians - a report published by Marketing Sherpa.

Some of the tips are very funny; our strong relationship with hockey is mentioned a few times, and the "Looooong" winters - LOL - that we have here and the "Short" summers... Some times I love when things like this are produced and published - makes me smile and wonder where some of these thoughts truly come from.

Any way the key point I have issue with seems to be the idea that PIPEDA and CAN-SPAM are two related law... Guess what - THEY ARE NOTHING ALIKE...

Here are my comments posted to them, in case they decided to moderate them ;)

PIPEDA and CAN-SPAM are about as similar as apples and oranges... CAN-SPAM is a marketing law dealing with the rules, regulations and structures to have a "legal" online marketing program.

PIPEDA is a "PRIVACY" law, and has nothing to do with email marketing or spam... It has everything to do with how you can collect, use, store and maintain Personal information on a Canadian buyer. There are 10 fundamental principles that you need to follow - find them here.

For a Canadian comparison to CAN-SPAM you need to look at Senate Bill - s235 (The Spam Act).

Also for businesses I'd recommend reading the PIPEDA Checklist prepared by 4 leading Canadian Privacy Practitioners: http://tinyurl.com/PIPEDA

Q&A | Email Software

Q: Dear EmailKarma.net,

Right now I'm sending to Europe via send safe with a proxy service. I want to sent to the US via; msn, aol, yahoo.com and others. Is there any better software to send with than send safe? I'm trying to find software "light speed nexus"?

[Name Withheld]

A: Occasionally I receive questions I'd normally pass on and not answer but this one needs to be shared for the benefit of marketers everywhere.

The software your asking about is commonly used as a spam tool (or tools in this case), the whole idea of using "Proxies" to send email is just a awful idea. Many times they are blocked by ISPs before even getting mail out onto the Internet, think Spamhaus PBL. Blocking the commonly used mail port (Port 25) to prevent mail being sent by proxies is actually a highly recommended practise, drafted by members of MAAWG, to help ISPs prevent spam from originating from their networks. Many times these "Proxies" are actually created by virus infected PCs acting within a botnet.

I would recommend staying well away from both of these services, and other similar services, and finding a real Email Service Provider to work with. Supporting and using these types of tools only further supports the problems that legitimate marketers and services providers (both ISPs and ESPs) need to overcome everyday.

DMA investigation of the EEC is in

As mentioned in the previous Direct Mag article the DMA planed on investigating Earth Day mailings sent to the the EEC's member base (For those that didn't get the letter, Laura posted the full text here), and implement some changes to the way the EEC operates. I've noticed some odd things contained within the letter:

1. Quote: "We have also determined that the list was not directly provided to VIV magazine, but to VIV’s hired electronic fulfillment company. Because the current eec co-chair, Jeanniey Mullen is employed by VIV"
   * [From: Viv Magazine Digital - support@notification.zinio.net] - Zinio is where Jeanniey works not Viv - Zinio was the fulfillment company.
   
2. Quote: "We also understand that some people received two notification emails instead of the intended one."
   * I got THREE messages - view the messages here: EEC: Good Intentions Gone Bad

Too bad these discrepancies are here, I would have been happy with the answer otherwise :(

Return Path | Feedback loop updates

I'm not sure how I missed this one...

Last month while Return Path was announcing the addition of the Comcast feedback loop to their hosted solutions they slipped in a small announcement for the addition for Mailtrust's addition to their hosted FBL solutions as well (4th paragraph from the bottom).

Bringing the total for Return Path hosted FBLs to three; Comcast, USA.net, and Mailtrust.

CAN-SPAM Rule Clarification

Recently the FTC clarified a number of rules within CAN-SPAM (pdf).

Here is my understanding of these changes (please note this is not legal advice).

There are two major changes to note within these clarifications:

• Changes to the definition of a "sender." The new rule enforces the idea of a single designated sender, for messages with multiple advertisers. The designated sender is defined as the entity in the "From" line of the communication, clarifying the need to have multiple opt-outs within each messages. It also clarifies that only that designated sender need to provide an opt-out link, a valid postal address to satisfying the usual requirements within the Act (ex: subject line, headers, etc).
• Changes to opt-out requirements. The new rule stipulates the amount of complexity and information needed to be supplied by the recipient during an opt-out request. Most importantly, the opt-out process need only require that the recipient provide only their email address to unsubscribe. The opt-out process must not consist of more than a single webpage or an email reply from the recipient.

Minor Clarifications from the FTC include the following;

• A P.O. box or private mailbox has been confirmed as acceptable under the "valid postal address" requirement.
• The definition of "person" has been clarified to include the legal definition of "person," and expanded to include; corporations, groups, partnerships, nonprofits, and associations.

An Act Concerning Unsolicated Comercial Electronic Messages | Bill S-235

The Senate of Canada is currently reviewing the Bill S-235, referred to as the Anti-Spam Act, presented to the senate by Senator Goldstein. This is somewhat similar to CAN-SPAM except for the fact that this is an OPT-IN email marketing law (PIPEDA also deals with opt-in for PII), and the US law is focused on opt-out.

The most important information about bill S-235 deals with how it would make the sending of Unsolicited commercial email (UCE) messages to Canadian subscribers illegal. Consent must be granted Prior to sending email communications to your subscribers.

Illegal activities under S-235:

• Sending UCE
  
• Address Harvesting
• Phishing
  
• Inaccurate subject lines

While the mandatory pieces of information that will be required are;

• Valid contact information
  
• and a functional unsubscribe facility

It is important to note that, S-235 also creates serious penalties for people caught spamming including; up to 5 years in prison and fines of up to $1.5 million for repeat offenders.

This bill also empowers ISPs to take the necessary actions to effectively block spam messages and allow Canadians to seek damages from spammers in court.

Monitor the status of this bill, LEGISinfo.

In a later post I'll discuss some of the exemptions and items I feel need to be reviewed by Senator Goldstein.

Q&A | Help with RBL

Q: Hello EmailKarma.net

I am currently trying to contact someone at the FiveTenOptin block list. They are carrying this message for all of the IP addresses that we own:

Reports CNAME of [removed].com.bulk.blackholes.five-ten-sg.com.
TXT= "added 2007-05-30; unconfirmed mailing lists"

Do you know where I can find information on contacting them to get this message removed?

A:
Are you using a reputation monitoring service that is flagging this as an issue? In all honestly don't waste your time or energy on this list... Here is a graph showing the false positive stats on FiveTen, as tracked by DNSBL Resource. You'll see that they consistently block more ham then spam, and that only a few domains use them. It appears your being listed under the "bulk" flag for this list.

Description: Bulk mailers that don't require closed loop confirmed opt-in from all their customers.

The list is full of issues and for most people it is truly a non-issue (affecting only a tiny portion of your list) when it comes to delivery. Asking the domains that are using this to white list your mail or showing them the inaccuracies (DNSBL report) with this list are probably the best way to go forward with this. If your determined to try the contact page to reach them.

Good luck.

Q&A | Protecting users from fraud

I got asked a great question by a co-worker today...

"What have you seen other organizations doing to protect their users from fraud or phishing in emails?"

It got me thinking of all the different things I see when dealing with different organizations.

1. Yahoo!'s security seal is a good example of a service that lets you can create an avatar type icon hat is displayed on their login pages
2. Credit card companies may send the last 5 digits of your card in every email message.
3. Your phone company might send you your postal code or the last 4 digits of your phone number in each message to validate the relationship and validity of the message
4. Your bank or financial institution may ask you to populate a number of security questions/answers that are then randomly presented during your login.
5. PayPal's random number security key

While not all of these are email related, they could easily be applied to protect your users from fraud as part of your security planning process to protect your members.

What are you doing to protect your members? Care to share with us leave a comment or email us at contact.

My take on the spam button report...

Recently there was a report released (DMNews) about the use and understanding of the "Report spam" button by consumers and that they actually report legitimate email as spam.

This is not really a surprise, experience shows that users will use the button for the following reasons:

• As an unsubscribe - ISPs are looking at ways to manage this - Hotmail was the first to implement an Unsubscribe button for "Known senders".
• By mistake - Users are potentially reporting a number of unsolicited email at the same time and if your message/brand is not clear you might get included in the mass report. Even personal email communications get reported as spam.
• To tell you "It's just not relevant" - spam has evolved from pills, porn and gambling to stuff I (the consumer) just don't want.

Mark has a great write up summarizing a few of the other articles written about this report.

Watch the trends in your Feedback Loops to identify potential issues in your email program, group these individuals by collection source (especially if your using multiple collection locations), Types of messages being sent and the demographics of your members to focus and improve your messaging so that it becomes relevant to your subscribers.

If your not watching - be warned - the ISPs and your ESP are all watching and you might just find your self in hot water with one or both of them.