May 16, 2008

Reputations play with the FTC Ruling on Multiple Senders

So as you may know, after years in the waiting, the FTC has finally released updated regulations to CAN-SPAM in response to the many questions raised throughout the years.

As I am completing a thorough review of the United States Federal Trade Commission (FTC) final ruling on CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act), I wondered just how reputation would play in some of this.

In one of the rulings, the FTC has clarified the definition of “sender” and it provides that multiple parties advertising in a single commercial message, under certain conditions, may identify ONE among them as the sole “sender” of the message or the responsible party for making sure the message is compliant with CAN-SPAM. This also means that if that “sender” is not compliant in that email, then all parties advertising could be held accountable for the message and noncompliance.

How does the reputation of the SOLE sender affect the delivery of the email when multiple advertisers are in it? This mean that ontop of deciding who wants the legal liability (who does) to be the representative for others products/services within that email, you should also be looking at just how reputable that SOLE sender is in today's reputation based driven email market.

Example: For us fogies who have been around long enough in the anti-spam market, we all know of a certain coffee maker who in the past and still today's has some "bad" emailing practices (they spam).

Questions are:

  1. When said coffee maker is one of many advertisers in a single email and also the designated sender, how does their reputation hurt the others? Will it? when it comes to complaints driven to a point that the receiver blocks by content will that coffee makers content hurt others?
  2. When multiply advertisers are deciding who the sole sender will be, will that sole sender ensure that email comes from a clean IP/domain? associated with the sender brand? one they control (especially when it comes to authentication)?
  3. How will reputation be monitored or calculated on multi advertisers?

I have my own thoughts, but wanted to hear yours.

-Dennis
Eloqua

May 14, 2008

Myspace awarded $233 million dollars under CAN-SPAM

Myspace was awarded $233 million dollars in a suit against Sanford Wallace under the CAN-SPAM Act and California anti-phishing law. This is the biggest win so far under CAN-SPAM and puts some more teeth behind it.

What's interesting is that MySpace is also suing Scott Richter for the same thing. I remember back when MySpace was owned by Intermix (then called eUniverse) and SKYLIST was an email service provider to both OptinBig and eUniverse. OptinBig and eUniverse worked together, so ironically, I think its very likely that Scott Richter sent out emails to acquire many of the first MySpace users!

May 12, 2008

FTC Releases new CAN-SPAM regulations

Well, we've been waiting for years and the FTC has finally released updated regulations to CAN-SPAM in response to many questions that have come up over the years.

From their press release:

The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the Act). The provisions are intended to clarify the Act’s requirements. The provisions and the Commission’s Statement of Basis and Purpose (SBP) will be published in the Federal Register shortly. The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements; (3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

In addition, the SBP accompanying the final rule also addresses a number of topics that are not the subject of any new rule provisions. These include: CAN-SPAM’s definition of “transactional or relationship message”; the Commission’s decision not to alter the length of time a “sender” of commercial e-mail has to honor an opt-out request; the Commission’s determination not to designate additional “aggravated violations” under the Act; and the Commission’s views on how CAN-SPAM applies to forward-to-a-“friend” e-mail marketing campaigns, in which someone either receives a commercial e-mail message and forwards the e-mail to another person, or uses a Web-based mechanism to forward a link to or copy of a Web page to another person. The SBP explains that, as a general matter, if the seller offers something of value in exchange for forwarding a commercial message, the seller must comply with the Act’s requirements, such as honoring opt-out requests.

You can get the full regulations from the FTC website.

What do you think about the regs?

May 09, 2008

How bounces work

With the fundamental shift from content to reputation based filtering, it becomes even MORE important today to make sure that all customers understand their failures or behaviors when it comes to email. Their failures could be classified as things such as unknown users, complaints, blocking, technical failures, and temporary problems. The way we know these things is by bounce processing. When there is a problem delivering your message to its destination you receive an error message included in the mail returned from a receivers system. A bounce message, or Delivery Status Notification (DSN) message, aka Non-Delivery Report/Receipt (NDR), Non-Delivery Notification (NDN), or simply a bounce is an automated electronic mail message from a mail system informing the sender of another message about a delivery problem. The original message is said to have bounced.

Example coursity of Wikipedia, the free encyclopedia

Imagine that Jack (jack@example.com) sends a message to Jill (jill@example.org) at a different site. (Note that these are two different domains: Jack uses a COM domain while Jill is using an ORG one). Once Jack's mail server has accepted the message, it must either pass it along to Jill's mail server, or else deposit a bounce message in Jack's mailbox.

Let us say that Jack's mail server passes it on to Jill's mail server (at example.org), which accepts the message for delivery. However, unfortunately, a moment later the disk on the example.org server fills up, and so the mail daemon cannot deposit the message in Jill's mailbox.

The example.org mail server then must send a bounce message to jack@example.com, informing Jack that his message to Jill's mailbox could not be delivered.

Had the example.org mail server known that the message would be undeliverable (for instance, if Jill had no user account there) then it would not have accepted the message in the first place, and therefore would not have sent the bounce. Instead, it would have rejected the message with an SMTP error code (bounce still). This would leave Jack's mail server (at example.com) the obligation to create and deliver a bounce

There are many reasons why an email may bounce. One reason as stated above is if the recipient address is misspelled, or simply does not exist on the receiving system. This is a user unknown condition. Other reasons include resource exhaustion — such as a full disk — or the rejection of the message due to spam filters.

Typically, a bounce message will contain several pieces of information to help the original sender in understanding the reason his message was not delivered:

  • The date and time the message was bounced,
  • The identity of the mail server that bounced it,
  • The reason that it was bounced (e.g. user unknown or mailbox full),
  • The headers of the bounced message, and
  • Some or all of the content of the bounced message.

RFC 3463 describes the codes used to indicate the bounce reason. Common codes are 5.1.1 (Unknown user), 5.2.2 (Mailbox full) and 5.7.1 (Rejected by security policy/mail filter).

When a receiver bounces a message, they will always send it to the “Return-Path:” header. This header is hidden behind all that pretty HTML and IMAGES you stuff into your emails these days and normally contains an email address for the author of the message so they are notified of the problem. In the case of BULK sending that email address is usually an email address pointing back to an automated system and not a person due to the amounts of bounces that might occur in such large mailings (let's just hope it's WAY much less than 10% of your entire database).

In cases of bulk sending, ISP’s and other receivers REQUIRE that you

  1. Accept ALL bounces sent to you in a timely manner
  2. That you take action or adhere to the bounce message request or suggestions.
    • This include removing users when they say they don't exist there.
      • 550 "username" Is Not Accepting Mail From This Sender
      • 550 Mailbox not found
  3. They you do not second guess what they are trying to tell you

If you do not, then the IP sending the email that generated the bounces will be blocked. In some cases, the domain being used in the emails or other aspects of the sending system will be blocked.

-Dennis
Eloqua

Recent changes at Charter.net?

Someone wrote to me today with the following question.

"We are having a hard time getting email through to Charter.net and I thought I might ping you for some advice/help. They seem to be blocking and rate limiting at a fairly broad level - mostly within the last few months. Not sure if this is unique to us or if others are seeing the problem."

I haven't heard of any issues but wanted to post it here in case anyone else wants to comment.

May 07, 2008

You have been unsubscribed. This is the last email, I swear!

The question often comes up about whether or not to send a confirmation email message after you unsubscribe someone. In other words, they receive an email from you and either click on the unsubscribe link or reply with "unsubscribe" in the subject. Should you write back with an email saying "you have been unsubscribed?".

This is one of those places where common sense seems to diverge from reality. The intuitive, common sense answer is yes. Of course you should send them a confirmation email. It should comfort them by confirming that you received the request. It looks professional. It is consistent with the way other parts of your email program work.

However, the practical reality is that it is rarely a best practice to send an unsubscribe confirmation message. When someone tells you to stop sending them email, they usually mean NOW. They don't want any other emails. And this is evidenced by a complaint rate as high as 50% (that's not a typo - I've really seen complaint rates that high).

There are a few cases where an unsubscribe confirmation is appropriate and seems to generate lower complaint rates. Banks and financial institutions are generally in a class of their own for email best practices so none of this applies to them. Also if you are getting a paid email subscription and you unsubscribe, it makes sense and is well received to send an unsubscribe confirmation

Now, you probably don't have many unsubscribes day so even if half the people complain it probably isn't enough complaints to get you blacklisted. But every complaint counts, and it might be the difference that pushes you over the edge and negatively impacts your deliverability.

Note: I'm just talking about a notification email when I say confirmation. I'm not suggesting that you would ever require a user to "double optout" by requiring an action to unsubscribe by email. There are probably some legitimate scenarios where you would do that, but I've never come across one.

Suppression list abuse is rampant

Every day I'm more and more surprised how rampant suppression list abuse is. In my recent OtherInbox post I show an example of spam received as a result of signing up for the emusic.com free download offer that I'm fairly certain was caused by suppression list abuse. Either that or their database got hacked. I'm sure the spam I received was not authorized by emusic.com.

This happens all the time - I find a new example from a company I recognize at least once a week. Any time I sign up for something I use a unique email address (been doing this for many years) and so when I receive a message I can look at the TO address to see what caused me to get it.

Suppression list abuse is easy to monitor and easy to prevent. Both the ESPC and the IAB are working on best practices documents that touch on suppression list management. I hope these will help to educate marketers about how easy it is to make sure that your customer list doesn't end up in the hands of spammers.

May 06, 2008

RESOLVED: Postmaster Yahoo! Queue Delays

If you haven't already heard, Yahoo! postmasters used their blog and Yahoo! groups today to tell us some GREAT news.

http://www.ymailblog.com/blog/2008/05/resolved-postmaster-queue-delays/

We received this email as well today

Hello all,

During the past few months, we have received a consistently high volume of incoming tickets sent to our Postmaster team (http://postmaster.yahoo.com), and have had delays in responding to them in a timely manner. The team has been working very hard to respond to all inquiries coming in, and I'm glad to let you all know that they are now able to respond to all new tickets within 24 to 48 hours of receipt.

We greatly appreciate everyone's patience while we were experiencing a backlog and look forward to providing you with efficient Postmaster support for all your delivery concerns to Yahoo! Mail.

-------

-Dennis
Eloqua

Postmaster Blogs

If you weren't aware, a few of our favorite ISP's have started postmaster blogs. As some of you have heard me say a thousand time this is GREAT news! These ISP's (and they aren't the only ones) have seen the benefit in sharing information when and where practical (sorry, no spammer support still)  to reduce their inbound support requests. Many others like Comcast, RoadRunner, Outblaze, etc also have very open procedures in dealing with email issues.

AOL:
http://journals.aol.com/pmtjournal/blog/

Yahoo:
http://www.ymailblog.com/

Thanks folks. Keep up the leadership!

-Dennis
Eloqua

May 02, 2008

Sender complaints about spamfiltering

JD posed a question in my post about Postini and trying to sort out a customer getting marked as spam by their filtering mechanism and I think it bears more discussion than can be done in comments.

And sure, it’s a best practice for filtering companies to respond politely to requests from filterees. But is it a requirement? Do senders have a right to demand explanations?

There is not really an easy answer for that. My first response is “of course not!” but then I think about some of my clients who really have been trying to do the right thing and how we work through issue after issue and finally fix everything I can think of, but they still have delivery problems. These are not spammers, they are sending mail to people who have asked for it and by all measures do actually want it, but some mail is being blocked for reasons neither my client or I can figure out. In those cases it would be really nice if someone from the group doing the blocking would take 10 minutes to point me in the right direction and show me what I missed.

I have been doing this long enough to know that spamfilters are not 100% accurate. I know there are times when a specific block is outside the scope of what email the filter designer, or user, expected to block. Look at what happened when Yahoo started using the PBL a few months back. There was a bug in the implementation that neither Yahoo nor Spamhaus expected and that caused mail from IPs not listed on the PBL to be blocked because of the PBL. With a valid report of the problem, I could contact both Spamhaus volunteers and someone at Yahoo to point out there was a problem with the implementation. Yahoo and Spamhaus figured out the issue and fixed the problem and Yahoo is no longer blocking IPs not on the PBL for being on the PBL.

I do believe that there are times when feedback from senders and blockees is beneficial and can help improve the overall filters. I have clear evidence this is the case.

On the flip side, I also have been in the email business long enough to know that more than 99% of senders just want their mail delivered and do not care about anything other than getting into the inbox. They believe every block is a mistake and the ISP / spamfilter is wrong or broken. They are not interested in actually making sure the implementation of the filter meets the design goals, usually they do not care what the goals of that filter are. They are just interested in delivery of their mail. This creates a signal / noise ratio into the filters or ISPs that is so weighted to the noise side, there is almost no value to the filter or ISP in even having a channel for the small amount of signal.

The reality is that most senders do not spend a lot of time looking into a block before contacting the ISP. They use the ISP points of contact as a way to avoid doing hard work internally. This transfers lot more work onto the ISPs and makes them less conducive to working with any senders at all.

I also think there are slightly different obligations on commercial spamfiltering companies and ISPs in regards to listening to senders. Commercial spamfiltering companies are further removed from the end user than the ISPs are. In many cases the end user has no idea that the spamfiltering at their ISP has been outsourced to a commercial company and they have no internal resolution path. They can contact their ISP, but that is only useful if the ISP has an escalation path back to the filtering company. I think that this distance, and the fact that the spamfiltering companies are profiting directly from blocking mail, means that spamfiltering companies have more of a responsibility to be accessible to the people they are blocking. The irony is that the spamfiltering companies are generally less accessible to senders than ISPs are.

Overall I do not think that good spamfiltering happens in a vacuum, and that reliable reports from senders about inaccurate filtering help improve blocking schemes. Senders are not in a position to be making any demands of ISPs and filtering companies, however, I do believe that the end user experience would be better if there were more communication between senders and recipients. The problem is that the history of communication between the two groups has been contentious at best and there are only so many times the receivers are going to spend time listening to the senders, again.

I guess it boils down to no, senders do not have a right to demand explanations, but things might be better if more ISPs and spamfiltering companies engaged with non-spamming but blocked senders more often. Sorting out those non-spamming but blocked senders from legitimately blocked senders is the real trick and I expect if receivers could do that reliably, there would be no false positives.

Crossposted from my blog.

AOTA announces Deliverability Academy

The Authentication and Online Trust Alliance (AOTA) announced that they will be having a one day Deliverability & Trust Academy on June 6, the day after their 2 day annual summit, in cooperation with the DMA's eec and other organizations.

Speakers include David Daniels from Jupiter Research, George Bilbrey from ReturnPath and John Engler from UnsubCentral as well as representatives from AOL, Costco, Epsilon, Goodmail, Microsoft, National Geographic, NY Times, Publishers Clearing House, and Symantec.

Topics include authentication, reputation, marketing best practices, tools, metrics, analysis and ISP perspectives.

If you're a new deliverability professional, this is a great way to get up to speed!

May 01, 2008

New WHOIS Policy for Canada

What the heck is a WHOIS you ask? It is an official database in order to determine the owner of a domain name, an IP address, or an autonomous system number on the Internet. Currently, when a domain name is entered into the CIRA WHOIS look-up service, the name of the Registrant and the personal information about the contact(s) for that domain name, such as their address and telephone number, is made available to the public. This will change due to tight privacy regulations in Canada. As of June 10, 2008, CIRA will no longer release information about individual registrants without their permission.

I quote a good explanation of all this from the Canadian Internet Registration Authority (CIRA) website

"In January 2004, the Personal Information Protection and Electronic Documents Act (PIPEDA) took effect in Canada. This Federal law provides guidelines for the collection, use, and disclosure of personal information by private organizations. Under this act, the situations where an organization can disclose an individual’s personal information are strictly limited and require consent."

"In response to the introduction of PIPEDA, CIRA conducted an exhaustive series of consultations with Registrars, Registrants, Lawyers and Law Enforcement Personnel to develop an approach that would protect the privacy of individual consumers while continuing to allow access to information pertaining to corporations, organizations, and institutions."

"The resulting policy balances the need for PIPEDA compliance and individual domain name holder privacy while allowing WHOIS searches for commercial, legal, and law enforcement purposes to continue."

Under the new .CA WHOIS Policy, information about individual Registrants and their Administrative and Technical contacts will no longer be displayed.  Individual Registrants may “opt-in” to display their information. Information about corporate Registrants will be displayed by default and can "opt-out"

They, like many registrars who offer anonymous services, will create a way to pass correspondences from interested parties to the hidden Registrants. This too will be available June 10, 2008.

I can see how an individual might want to keep their information private (as I do the same thing with my personal/vanity domains), but I am unsure why a corporation would opt-in for this service. In fact, I would say that most PUBLIC companies should keep their contact information public in the WHOIS system and up-to-date so that if something goes wrong, like spamming, that anyone could contact them ASAP. Not saying I don't like privacy laws, heck I'm the privacy officer for Eloqua, but I'm just saying what are they hiding? As Jack Carlson said and I agree "The policy recognizes that corporate information does not raise specific privacy concerns since corporate information does not constitute personally identifiable information."

Big companies, don't opt-in for the privacy WHOIS part. No reason to.

-Dennis
Eloqua

P.S. I applaud Canada for again leading the way to protecting our personal information once again.. Wake up U.S.

April 30, 2008

Colorado Has a New Spam Law

Governor Bill Ritter on Wednesday signed into law the Spam Reduction Act of 2008, which invokes state enforcement authority by the Attorney General's office and other available remedies under the Colorado Consumer Protection Act. This law is similar to federal authority against unwanted emails and makes it a crime under state law to violate the federal CAN-SPAM Act of 2003.

Sending unwanted commercial e-mail to an account held by a Colorado resident will become a misdemeanor crime. The law also allows for private right of action where spam recipients who can identify a sender and prove financial losses to seek to recover damages of up to $10 million in civil court instead of just ISP's being able to take action like Can-Spam only allows for.

Here's a link to the some House representatives who sponsored it.
http://cohousedems.typepad.com/my_weblog/2008/04/lawmakers-decla.html

As my friend John Levine said and I agree " There’s certainly some spammers in Colorado, so I look forward to seeing cases filed."

-Dennis
Eloqua

April 29, 2008

Oh where, Oh where, has my Postini admin gone?

So a few of us around here in email world are a little mifted (still) at the lack of interest Postini has shown when it comes to relations of any sort. No more than ever since Google purchased them. For years I have dealt with Postini as both a user of the system and also as a sender that has been blocked by the system. In all accounts my relationship with them has been lifeless. That's not to say I haven't ever met or talked to anyone there, but usually it's met with a little skepticism.

They have attempted to launch a headers analyzer to troubleshoot issues, but that to lacks a little life. Doesn't much help if the email is blocked at the gateway and can't get it stamped with a headers to analyze now does it? https://www.postini.com/support/header_analyzer.php

I would love to see them work more in the industry by playing in some of the coalitions like MAAWG or even open up more by launching a real abuse relations desk like AOL, Comcast, Brightmail, and RoadRunner have successfully to mitigate issues. Some complain that they don't even talk to their own customers or listen to them when it comes to false positives. What can we do Postini to make you more open to suggestions?

I know there isn't much to this post, but I just had to rant a little more publicly  I am seeing more and more issues creep up with my customers and there isn't more I can do to help them.

-Dennis

Eloqua

Scrambled Eggs

So this has been a topic before, but I don't think has been given the right light it needs to have in today's ever changing landscape of the good guys (ISP's) trying to stop or identify the bad guys (spammers and bad marketers) or even know who the good senders are without taking their important efforts off finding the phishers out there

As some of you know, there has been a significant and fundamental shift in how receivers perform anti-spam functions. In the past and still a little today, receivers would review content mostly for triggers like bad words, porn and drug connotations, and other such moral and or offensive issues that weren’t so accepted years ago. As time has moved on, we have noticed a more accepting audience to some of the above-mentioned content (i.e. someone needs Viagra…no for real) and the false positive rate for content filtering got worse. So what are we to do?

Well today most receivers look to filter out email based on your behaviors today or on what we call reputation. Think of it as a credit score for your email program. You’ll know where you stand, how email receivers are evaluating you, and what you need to change about your program to improve your delivery rates. Things such as complaints, unknown users rates, spamtraps, and volume play a role in that. Think I am making this up? My good friend George Bilbrey said it perfectly here in this post “When it comes to email blocking and filtering, reputation -- not content -- can be blamed 83% of the time.”

So your saying to yourself either “I know this Dennis” “or what does this have to do with the subject line?” Here are few thoughts first:

  1. Each mode of messaging you send today or class of email (marketing vs. transactional vs. mixed mode vs. alerts) has a different importance today to those who receive it. How long they look at it? How easy or fast they might unsubscribe from it? or even complain about it (heaven forbid)
  2. Each sender or entity also has their own set of problems or criteria that drive or hurt their email programs. Some buy lists. Some do not perform confirmation opt it. Some make up an email strictly of images only with no HTML (images are blocked by default within most email clients). Some use lists that are five (5) years old and haven’t been used since.
  3. Just like today, your social security or driver’s licenses identification belongs to you and your habits, why would you want someone to share that identification? Or ruin yours? Think of it like the black sheep (not that I have one here) in your family… they can ruin the name of the family so easily without even caring about your real identity or habits as the white sheep.

Today I see so many people sending mixed messages through the same IP without even blinking an eye at understanding or concept of segmentation or risk of their email stream if their marketing messages are getting their transactional email blocked. Yes believe it, marketing message do get blocked or complained about more than transactional billing information (unless that bill is overdue) – seriously, a pay day loan company here in Dallas/Fort-Worth sees their overdue transactional notices marked as spam more than their marketing messages!

Today I see so many ESP’s who still allow customers to share IP space. That means if the guy sharing the same IP decides to send to one of those 30 million-email addresses on a CD’s he bought online, then you could get blocked as well for his mistake or habits.

Folks, don't put all your eggs in one basket is what I am trying to say here. Segment your email streams.

Segment by:

1) Customers or entity.
    a) Give them their own identity. If they mess up or someone else does, then you can mitigate the problem to a smaller space of IP’s. *HINT* This also helps the receivers from having to block large ranges of IP’s!

2) Class of email.
    a) Marketing vs. transactional vs. mixed mode vs. alerts. If your marketing messages get blocked, then your transactional or mixed-mode messages won’t since they run off a different IP set

There are other ways as well to segment. Product lines purchased, activity of users, geography, purchased something, visits to your website and the list goes on and on.

Talk to your marketing or IT folk’s people. Make sure you start to assign separate IP segments to your customers or yourselves. When you separate customers, your divisions, and or classes of email... you can better maintain and monitor the reputations associated with them to see who is causing your problems. Maybe even determine which customers you need to fire (yes I said fire a customer!). Don’t put all your eggs into one basket.

Take a free look at your reputation today using ReturnPath’s reputation tool at http://www.senderscore.org. It looks at single IP and or domains as well. Funny? Isn’t that monitoring each separately as it should be measured?

-Dennis
Eloqua

The Future of Email Relies on Its Reputation

So this was an article/blog post that I wrote while at StrongMail (best in-house solution out there) that I think has some good points and history in it. I am re-publishing this from their site.

As you may know, email is thirty years old and its underlying infrastructure was never built with security and accountability in mind. No one ever thought that email would become as widely used as it is today, that the Internet itself would be subject to so much abuse.

The original email and Internet systems that we know today weren't invented by Al Gore, but by our own government missile defense system group called the Advanced Research Projects Agency (ARPA), whose primary job was to handle research for all space and strategic missile research. NASA was then formed, and the activities of ARPA moved away from aeronautics and focused mainly on computer science and information processing.

One of ARPA's goals was to connect mainframe computers at different universities around the country so that they would be able to communicate using a common language and a common protocol. Thus the ARPAnet -- the world's first multiple-site computer network -- was created in 1969. In order to have an account on these systems you simply asked for one and they just gave it to you almost without ANY questions, completely overlooking security and accountability.

Well, obviously, as time went by and the systems got larger and more interconnected, some people figured out the vulnerabilities and started to send out the first of many billions of unsolicited messages now known as SPAM. The question now comes down to how we can possibly patch a hole this big. Email authentication technologies like DKIM (DomainKeys Identified Mail) are a start.

DKIM is a signature/cryptography-based sender authentication protocol developed in order to address the problem of forged email messages (missing security and accountability) and to allow an organization or individual to take reasonability for the message it sends, which has given rise to the concept of email reputation. Now, I won't bore you with the details of email reputation and authentication, but I do want to focus on why we got involved in this early on.

Email is now about as mainstream as any technology can be, yet the viability of email is continually being threatened by viruses, spam, spoofing, and phishing. All of these threats are shaking the confidence in email as a viable tool for communications and conducting business, and StrongMail is committed to help protect it. We have been participating in the DKIM standard since day-one, and we are proud to have our own employees acknowledged for their hard work in the standard.

StrongMail was the first technology provider to integrate support for all emerging authentication protocols into its outbound email products to simplify compliance with whatever standards are mandated. DKIM has since gained a lot of traction, and AOL, GMAIL, and Yahoo! now use it successfully in production.

Unless you're a member of the CIA, a Matrix super fan, or a cryptographic expert, signature-based authentication can be difficult to understand. In StrongMail, you don't have to think about any of that stuff, since we make it as easy as 1-2-3 with our step-by-step interface, which will either create, upload, or use the existing keys needed to properly sign and verify any email.

In fact, StrongMail is specifically designed to make it easy to work in the complex and ever-changing world of email standards. You even have the ability to apply authentication to certain email streams or campaigns based on your needs. Our offering is so simple that anybody with a mouse, keyboard, and monitor can institute email authentication.

Overall, DKIM brings accountability to the sender, establishes a reputation and confirms whether they should be sending email from a certain domain. By doing this, receivers can better separate mail streams from those who are good and those who are bad, which enables better anti-spam technologies and reduces false positives.

-Dennis
Eloqua

Two unhappy spammers

Spamford Wallace is $4 million poorer
http://www.theregister.co.uk/2008/04/29/myspace_wallace_lawsuit/

And Eddie Davidson gets a slap on the wrist (Made $3.5 million on spam
and gets fined $714,139 with 21 months in jail)
http://www.rockymountainnews.com/news/2008/apr/28/spammer-sentenced-to-21-months-in-prison/

-Dennis
Eloqua

April 28, 2008

Nuture, Don't Numb

I am asked frequently, "What is the right frequency for email marketing?"  (pun intended).

The answer, like everything in marketing is, "It depends."  But in email marketing, it depends on the SUBSCRIBER interests, not the marketer's interests (the fact that these two interests should always be a aligned is such a fundamental truth of good marketing that I won't even mention it further).

Frequency is a pretty important factor in deliverability - as it affects complaint rates and also is affected by the volume blocking at some ISPs/receivers.  I think of frequency as a factor not just of absolute touches, but of cadence.

Depending on your business and products, the right frequency for a segment of subscribers can vary from four messages in six months to four messages in four days.  If your prospects make a decision in a few days, make sure they have the info they need.   If the decision is top of mind or life changing, a daily frequency can be welcome - but test that and be cautious.  Too much email in short time periods will increase complaints, hurting the deliverability of all the email you send.  Listen to customer service and your sales team - they likely know the optimal cadence and frequency for helping without being annoying. Let that inform the number and speed of your email marketing touchpoints.

Segmentation - even simple segmentation - will also boost revenue by sending more email when the subscriber is in market and less when they are not.  That is less email overall, which is a good thing for subscriber satisfaction and the complaint rates of most marketing programs. While it's often true that when response goes up, complaints also go up, I believe that marketers can keep the former on the rise and the latter on the decline through segmentation.

Even wide segmentation slices can greatly simplify the email marketing message challenge, and boost performance.  Not all subscribers are the same - you may have new buyers (never before purchased from your company), active buyers (customers who are currently using one of your products) and lapsed buyers.   Tailor the message for each, featuring the information you know they need to make a decision.  Present the information in a compelling and credible way, and you can shorten the research phase for them (and close deals faster).  Further segmentation can be done by product line or category, and by allowing prospects to select information that is most interesting to them (what we call self segmentation).

The Internet has made the sale cycle longer - as prospects research online and learn about more options faster and more efficiently.  Segmentation is a way to nurture your file for opportunities - and improve all your response metrics, deliverability included.

It's not hard to do effective segmentation - but not doing it can cost a fortune in lost opportunity.

Stephanie Miller

VP, Strategic Services

Return Path Inc.

April 27, 2008

E-Marketers, ISPs Take Fresh Look at Battling Spam With Revised MAAWG Best Practices for Volume Senders

So as some of you know, I am the co-chair for the Messaging Anti-Abuse Working Group (MAAWG) Senders SIG and recently MAAWG has released version 2.0 of its Senders Best Communications Practices defining how volume email senders can improve the deliverability of legitimate e-newsletters and permission-based e-marketing. The recommendations, originally issued last year as one of the first collaborative efforts between network operators and volume senders worldwide, has been updated to address new forms of spam and to clarify permission options. The updated best practices include new guidelines to help legitimate email avoid being mistaken for image-based junk mail, which has become a popular spamming technique. List permission and opt-in recommendations have been amended to reflect current practices, and recommended user-unsubscribe processes are clarified, along with other updates to the document.

You can read the document here:
http://www.maawg.org/about/publishedDocuments/MAAWG_Senders_BCP_Ver2.pdf

Original PR: http://www.maawg.org/news/maawg080422

-Dennis
Eloqua

Russia Wants To Censor The Internet as well?

Techdirt is now reporting that Russia is the latest like the People's Republic of China who wants to censor the Internet within. In China, the Golden Shield Project (a.k.a. Great Firewall of China) is owned by the Government of China (MPS) and started in 1998. The system blocks content by preventing IP addresses from being routed through and consists of standard firewall and proxy servers at the Internet gateways of China's ISPs. The banning of websites is mostly uncoordinated and ad-hoc, with some web sites being blocked and similar web sites being allowed or blocked in one city and allowed in another

On the Russia issue, prosecutors are hoping that an internet version of the law would require ISPs to block access to any sites that include "extremist" content. Of course, extremist content is defined rather broadly. It seems pretty clear that this is just an attempt to try to stifle speech the government doesn't like. Isn't that the same with most laws? ;)

This could be a problem for those of you who do business in Russia like China. Why you ask?  Skype had a dilemma when they wanted to enter China with TOM Online. TOM's people told their Skype Technologies to avoid problems with the Chinese leadership, they needed filters to screen out words in text messages deemed offensive by Beijing. No filtering, no service. At first Skype executives resisted, but after it became clear that Skype had no choice, the company relented: TOM and Skype now filter phrases such as "Falun Gong" and "Dalai Lama."

You used to be able yest any website in real-time and see if it is accessible from China at
http://www.greatfirewallofchina.org, but it seems that China has censored that too :)

-Dennis
Eloqua

Spam turns 30

The first spam message was sent to 393 users of ARPANET on May 2 1978 by someone from computing pioneers DEC. They had to type in all the addresses by hand first." It was Gary Thuerk who sent a marketing pitch for a new computer model from his employer, Digital Equipment Corporation

Brad Templeton of the Electronic Frontier Foundation actually has it archived. You can see the entire mail, plus the reactions it generated on this site.

http://www.templetons.com/brad/spamreact.html#msg

-Dennis
Eloqua

April 23, 2008

We need a way of measuring a true Relevance Score

We need a real way of measuring relevance in email. e-Dialog and Responsys have both come out with their own methodologies, but they seem to be a subjective self-assessment rather than an objective measurement.

In both examples, email marketers fill out a short survey where they rank themselves on various criteria. While I'm sure this is an interesting exercise, I don't think it's going to have a huge impact on the relevance of emails that people send. This is just another way to identify best practices and new ideas, but not a measurable, actionable score. It's an interactive whitepaper.

What we really need is a metric that is objective like deliverability. I'm sure we would find that the two metrics are tightly correlated.

The challenge is that relevance is hard to measure. It would probably be a subset of traditional email reputation - less focused on bounce rate and more focused on open rate and other indicators of user activity.

I don't think this is the answer, but here is a stab at the type of thing I'm thinking of:

Relevance = (Unique Opens / Total Valid Recipients) + (Unique Clicks * 3 / Unique Opens) - (Unsubscribes / Unique Opens) - (Spam Complaints * 10 / Total Valid Recipients)

So if you sent a message to 100,000 recipients with a 5% bounce rate and got a 10% open rate with a 10% clickthrough rate, 1% unsubscribes and 0.1% complaint rate, the Relevance Score would look like:

Relevance = (10,000 / 95,000) + (1,000 * 3 / 10,000) - (950 / 10,000) - (95 * 10 / 95,000) * 100
Relevance = 0.11 + 0.3 - 0.1 - 0.01 = 0.3 * 100 = 30%

A message to 100,000 recipients with a 1% bounce rate and a 30% open rate with a 20% clickthrough rate, 0.5% unsubscribes and 0.05% complaint rate, the Relevance Score would look like:

Relevance = (30,000 / 99,000) + (6,000 * 3 / 30,000) - (975 / 10,000) - (49 * 10 / 99,000) * 100
Relevance = 0.3 + 0.6 - 0.1 - 0 = 0.8 * 100 = 80%

It's possible to get over 100%, but it would be unusual. A message to 100,000 recipients with a 1% bounce rate and a 50% open rate with a 30% clickthrough rate and no unsubscribes or complaints would have a Relevance Score of 140%.

A message with a 100% open rate and 100% clickthrough rate would have a Relevance Score of 400%. You could normalize this further by putting a max value of 1.00 for each of the 4 contributing calculations (opens, clicks, unsubs and complaints).

I don't think this is the perfect equation (yet). But I think this is the kind of thing we need to be looking at when we talk about Relevance. What other factors should we be considering besides opens, clicks, unsubs and complaints? How would you weight each item?

How many Delivery Service Providers can the market support?

Last week at AdTech I heard a rumor that delivery service provider Habeas was for sale. Ken Magill confirmed it yesterday.

While I agree with his analysis that the leaders in this space are ReturnPath and Pivotal Veracity and may gain in the short term from rumors about Habeas, it makes me question the size of the overall delivery service provider market.

How many delivery service provider's can the market support? Right now there are only 4 that I can think of - and only Pivotal Veracity is a standalone business. Do you think that over the next few years we'll see consolidation in the DSP space or new competition?

April 22, 2008

Is SPF2.0 Dead?

There has been a good and confusing discussion on one of the marketers list recently asking which is supposed to be used spf1? or spf2?

I have always just had people publish an spf1 records for the domains in the return-path (bounce) and FROM (pretty) address and have had nothing negative come of it.

My good friend Matt Vernhout from Thindata posted this to his blog today

-Dennis
Eloqua

April 18, 2008

MAAWG Senders' Group Status Changes

So as some of you know, MAAWG has had a senders-subcommittee working for the past two years under the  technical group. The senders group has performed a great number of things including a MAAWG Sender Best Communications Practices document. This week, I was happy to find out that the Sender group is no longer a subcommittee! The board this week approved a request to be moved up and we are now a SIG reporting to the board!

What this means though is more responsibility on us to continue our work. I don't want this group to be a one document wonder. We also are at the mercy of the board to make sure we continue to develop earth shattering things and use the time wisely.

CONGRATULATIONS to those who are a part of the senders group. I am proud of the work put into it. Let's keep it up.

-Dennis
Eloqua