There is a very lively discussion going on today at the URIBL’s discussion group. It shows that although the email space seems to be a mature one there is still a lot of different interpretations of some basic terms. This may lead to misunderstandings and thus problems with solving blacklisting issues.
What could be witnessed today at URIBL was a marketer that was trying to remove his domain from the blacklist and he used the term "double opt-in" referring to his subscriber acquisition process. According to the representatives of the blacklist this term is "spammy" and the only valid term is Confirmed Opt-In or Closed-Loop Opt-In (COI).
This seems to be a typical approach among blacklists as SpamHaus is even publishing some definitions and what SpamHaus finds spam and ham.
Bottom line: to avoid any misunderstandings during conversations with blacklists’ representatives proper terms need to be used
Another thing that is really radical is that blacklists go "easy" and simply skip what marketer’s refer to as single opt-in. When someone fills in the opt-in form and wants to receive some newsletter it is perfectly legal to send it to them without confirmation (in USA of course, some countries may differ). Blacklists seem somehow to ignore this fact and assume that any email without confirmation is harvested. A lot of marketers using single opt-in have better email practices and results (especially in terms of relevant emails and low complaints) than people that do COI. This means that their emails are welcome by their beholders. This is the ultimate point and it’s presence is somewhat invisible, when looking at the blacklists.
As a conclusion I think that there should be some cooperation opened between organizations like MAAWG, ESPC and the major blacklists to cover all aspects and create an understanding between legitimate marketers and blacklists that both hate spammers.
Any thoughts on this from fellow delivery experts?
Last 5 posts by Krzysztof Jarecki
- When behavior-based filtering goes wrong... - September 13th, 2010
- Spam on Twitter - December 3rd, 2008
- Have you removed good subscribers because of changes in Yahoo's FBL? - November 12th, 2008
- Seems like Yahoo FBL is back in the game - November 12th, 2008
- Some Yahoo findings - Let's compare approaches - September 13th, 2008
For single optin, lets put it this way.
Senders can continue to send but if they get reported, they'll get blocked.
Then, when the sender contacts us, he says say my customer signed up.
My customer clicks report spam, says he didnt sign up. In fact, lots of my customers do.
So, unless a lot of my customers are suffering from temporary insanity, or got themselves alzheimers and forgot.. I will just take their word for it. And block the sender till he gets into the habit of COI
I dont particularly care if the sender calls it double optin, confirmed optin, or even double confirmed optin. As long as its COI.
I dont care if single optin and coreg are legal and allowed under CAN-SPAM. CAN-SPAM sets a minimum threshold of good behavior below which the FTC may, if pressed, go after the sender. And it explicitly allows ISPs to block based on their own critieria anyway.
For us at least, single optin, coreg etc are not valid critieria for optin, when there is a block because of complaints and trap hits, and the sender requests removal.
I've had this interesting experience today. A sender came in asking for removal for three or four of his IPs. I looked around, and saw that his numbers look bad and there are complaints / trap hits spread across his /24, though only those 4 IPs were actually automatically blocked.
I simply thanked him for bringing the range to our attention, and blocked the /24.
Great point. Basically COI is about the proof that someone actually has subscribed.
With proper logs it is possible with single opt-in as the IP, date and referring URLs are held. For ISPs that also offer Internet access services it is quite easy to match those records with a particular customer.
COI is obviously a bullet-proof way of confirming the fact of subscription, but there are ways to do this with single opt-in as well.
Yes Krzysztof, there are ways. Only, when it comes to a choice between "senders word" and "the words of several of our customers".. guess who invariably wins?
I think that one of the things many senders "just don't get" about this situation is that the burden of proof is on them. If they have good practices and can send single-optin email while maintaining acceptable complaint rates and best practices, then they won't have any problems. But if they have lazy practices and choose bad partners then they are going to have problems. In my opinion, COI is rarely needed by companies with great practices who monitor their outbound email reputation carefully (note – that does NOT imply that a company who uses COI has bad practices – just that they might still get great delivery without it).
Sorry I didn't finish the burden of proof thought…
If they have good practices, no one asks any questions. If they have bad practices and set off complaint threshold alerts, they then will have to prove that they are not spamming and one of the only ways to do this in spite of complaint rates is to switch to COI.
Seems to me that what's missing from this conversation is why the term "double opt-in" is so galling to anti-spam & privacy folks.
Let's walk through the process.
Bob goes to a web site, types bob@aol.com, and clicks "subscribe." But how do you know bob@aol.com actually is Bob's address?
The current best practice is to send one message to bob@aol.com, requesting an active confirmation — such as clicking on a link, or replying to the message — before the subscription will begin. If that's Bob's address, he'll confirm it. If that's not Bob's address, the real bob@aol.com probably won't.
This is only "double" if you are absolutely certain that the Bob who visited your web site is bob@aol.com. Otherwise, it's "confirmed."
"Double" sounds like an unnecessary extra step, something you're only doing because you're forced to. "Confirmed" sounds like you're being cautious — it sounds like you actually care whether or not your email is going to someone who wants it.
Which impression would you rather convey?
The knee-jerk response of the geek side of spam fighting is to label anyone a spammer who doesn't learn to speak the geek language well enough. How about the geek side learn to speak the marketing language once in a while? If it's about making email better, maybe it would be good to learn to speak a foreign language, so you can be a better guide.
If a phrase is "so galling," then certainly, explaining why, is one way to respond. Another way to respond is to consider whether or not the person making the point is focusing too much on words and not enough on actions.
As it was related to me — many times — and as I have long observed myself, spammers misuse terms. They might call something an opt-in when it's not. They might call it a (gasp) double opt-in when it's not. When talking to spammers, I was warned, don't listen to what terms they use. Instead, look at what they actually do.
And yet, some of the same people who have given me advice like that are the ones who flip their wig over a term that they don't like, even though the PRACTICE BEING DESCRIBED is a good one.
What's the word for that? How about "galling."
J.D., I can see where you and other anti-spam and privacy folks are coming from, and I'm willing to alter my writing and speech so as not to draw the ire of anti-spam or privacy experts. However, it seems to me that what's also missing from this conversation is reason.
Semantics and hair-splitting aside, can't a reasonable person assume that a sender that uses the term double opt-in means the same thing as confirmed opt-in?
Doesn't both double opt-in and confirmed opt-in follow the same process? Bob goes to a web site, types bob@aol.com, and clicks "subscribe." Sender sends one message to bob@aol.com, requesting an active confirmation — such as clicking on a link, or replying to the message — before the subscription will begin.
If I was in URIBL's shoes I'd be more concerned about whether a listed sender is in fact doing closed loop opt-in, is getting complaints about their mail (as Suresh suggested), and what they're doing or have done to drive down complaints, rather than whether they use the term double opt-in or confirmed opt-in.
Even the email glossary linked to in this post says "See Confirmed Optin" when you look up Double Opt-in. Interestingly, there is no definition in the email glossary for Confirmed Opt-in.
The fine folks in Detroit can stomp their feet and get upset because not everyone calls their products automobiles, but that doesn't mean that those of us that call them cars and trucks aren't talking about the same thing.
This is a good discussion. Thanks for the opportunity to sound off.
Ok, as someone who has been on the technical side of things for twenty plus years *and* has an MBA, I can unequivocally side with the geeks on this one. Single opt-in marketing is cheaper than double opt-in, and might even have better rates. But this comes at the cost of a lot of people who are receiving UCE.
Marketing costs money, folks, and you can't get everything for free. Don't put your costs on uninterested third parties or you risk legislation that goes well beyond double opt-in (COI).
Both the marketing and IT camps have plenty of jargon, complaining about that is simply a red herring.
I'm working on a fight against fraud for affiliate marketers and I want to be able to validate the existence of an e-mail and taking into account the age of the account. Is Yahoo Mail allow this? G-mail? Hotmail?
I look forward to 8000 email users on a daily basis, sending them every 2-3 days by removing old users and importing new ones. I'm looking for a good email marketing solution that will send users e-mail to my inbox and mark them as spam. I am looking for software-only, or a good and cheap thanks to the site.