Good news today was posted by Return Path. For those using Sender Score Certified, you now will receive automatic image and link enabling at both Hotmail and Yahoo!

What do you have to do to get this privilege at Yahoo?

1. Be a Certified level member in the program. Apply right now.
2. Have IPs that are rarely, if ever, suspended from the Certified list 
3. Authenticate your email with Domain Keys and/or DKIM and have unique domain/selector pairs dedicated to your Certified IPs
4. Submit domain [d=] and selector [s=] values associated with your Certified IPs

Pretty simple I say. This should help anyone in the program to clearly communicate their value proposition and provide your customers the best possible experience.

Congratulations Return Path and Yahoo! for making this a reality. Membership DOES have its privileges.

-Dennis
Eloqua

Don't Just Send, Deliver!

I couldn't agree more with what Morgan put into his article. Why aren't the email client makers and web email providers interested in improving email to its fullest extent. Yes, Yes, Yes, I know that marketers are only <1% of abuse desk issues while they fight the real battles of spam, bots, phishing, etc, but really how hard can it be to create a button to remove a negative from the reputation score or filter count when some does something right?

I constantly hear at these secret behind closed door email coalition sessions where ISP's or filtering companies give a good ole' pat on the back to those senders who participate in email best practice discussions and ensure their customers are doing the right things, but to me that should also come in the form of something more measurable. It's odd that all I ever hear from the email client makers, web email providers, and email filtering companies is reputation rules when it comes to getting your email delivered properly and that if they see negative measurable compliant's via a spam button you'll surely will be in the dog house, but no one to date seems to support the notation of sending good email will get you back into the bigger house via a not-spam button. Why is it that ISP's, web email providers, and email filtering companies make senders plea their way out of false positive spam issues via a phone call, web forms, or a secret email list on behalf of their customers when the end-users, whom they already listen to about spam issues, should be the ones voting positively about their good experiences in email?

Most here know metrics are a good thing for senders to see so they can identify what the issues really are and can correct things on their own without a call or web form. I can also safely say from experience that most senders RARELY call someone/something on the receiver side these days if they have a clear overview in thanks partly to data we can see via negative feedback loops. So why not give a FULLER or more complete picture of how end-users see email? To me and what I read from Morgan here is that we are only seeing half the picture when it comes to metrics. So I agree with Morgan! How can we turn email for the better in 2010?

Good article Morgan!

 -Dennis
Eloqua

Don't Just Send, Deliver!

Good news for those who are on the Return Path’s Certification program. RPost and Return Path announced a partnership today where Return Path’s Certification clients will now be able to access an integrated offering where your outbound messages can incorporate RPost’s proof of delivery technology with the Return Path’s Certification service.

For those who don't know them, RPost provides the sender legally valid and court admissible evidence of email correspondence occurring directly from the sender’s desktop email client or from other applications which will provide a sender with evidence of delivery, content, and timing of any document or notice sent by email, without requiring recipients to download any software, click links, or visit special websites to open and read messages.

--MORE--

-Dennis
Eloqua

Don't Just Sender, Deliver

Spamhaus is announcing this week that they are launching their Domain Block List (DBL). The Spamhaus DBL is a realtime database of Uniform Resource Identifiers (URIs), typically web site domains found in spam messages. Mail server software capable of scanning email message contents can use the DBL to identify, classify or reject spam containing DBL-listed domains and other URIs.

What's this mean for you? Not only are your IP's a thing to watch over when it comes to reputation, but now your domains in your email are also.

Does this count as reputation for domains? In my eyes, YES!

They plan on launching this March 1, 2010.

For those who don't know, The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet's spam operations, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spammers worldwide, and to lobby governments for effective anti-spam legislation.

Spamhaus maintains a number of realtime spam-blocking databases ('DNSBLs') responsible for keeping back the vast majority of spam sent out on the Internet. These include the Spamhaus Block List (SBL), the Exploits Block List (XBL), the Policy Block List (PBL) and the Domain Block List (DBL). Spamhaus DNSBLs are today used by the majority of the Internet's Email Service Providers, Corporations, Universities, Governments and Military networks.

-Dennis
Eloqua

Don't Just Send, Deliver!

As some of you know, the Federal Trade Commission (FTC) has been hosting a series of roundtable discussions to explore some of our most recent privacy challenges.  These challenges are being exposed more and more each day by the ever evolving technology base and combination business practices that help us to collect and use consumer data.

The FTC hopes to hold these roundtables and then use the information gleaned from them to determine how to best protect consumer privacy moving forward while still supporting the uses of new technologies within marketing.

Without realizing it, many of you may be in the midst of these issues identified by the FTC, as you use social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses.

To date, the FTC has already held two (2) roundtables.

• December 7, 2009 in Washington, D.C.: They focused on data collection and use online and offline. They also discussed consumer expectations and the state of self-regulation. 
• January 28, 2010 in Berkeley, California: They focused on how technology can affect consumer privacy positively and negatively.  

A third event will be held on March 17, 2010 in Washington, D.C.   It is expected to focus on several things including how to safeguard health data and other sensitive consumer information

Unfortunately, the findings from the roundtable thus far have been alarming.  It appears that most consumers are grossly unaware of what happens to the data they submit to marketers.  The majority of the time it seems as if they are providing their information to virtual strangers without any regard for their own protection.  The public’s understanding of the need for privacy and security of personal information is sorely lacking, and when overlooked, can have startling consequences.  

Ultimately, the FTC is investigating the possibility of creating a U.S. Privacy framework to give powers to consumers.  This would involve regulations for businesses regarding the collection, processing, transfer, and protection of consumers’ information. 

This could result in a process that would require marketers to become hyper-transparent.  In this case, as the amount of data the consumer provides increases, so does the number of choices the marketer must allow for the said consumer.  The consumer would be provided with more information about what will be done with the personal details they are disclosing as the sensitivity of the information rises.  This means the more data that you need to perform your job of catering your marketing plan to them, the more you will have to tell them about how you are going to safeguard and effectively use their information. (read: Your Privacy policy isn't enough anymore.)

In addition, if an FTC Privacy process were to be instituted, marketers would have to be increasingly diligent in protecting their consumers’ information because these consumers’ should be much more aware of how their information should be used.  The consumers’ expectations would be more prevalent in deciding who was wronged if a negative event  such as a theft, occurred.

Whatever framework the FTC creates in 2010, we can certainly be assured that it will be much broader than today’s form of self-regulating "notice, access, and choice."  The FTC has said that the current forms and processes have been helpful in giving customers knowledge about what will happen to their data if given, but as you have heard me say in the past, it has also resulted in privacy policies that only a lawyer may understand.  In many cases, the knowledge provided was lost on the average consumer because of its overwhelming scope and language.  Given that, you need to be sure that your company’s privacy policy is well-written and geared towards consumers.  This policy stands to be a strong marketing opportunity, provided it is treated as such.

Tips for writing a good policy:

1. Write it for consumers. (Bearing in mind, most do not have a law degree.)
2. Keep it short.
3. Index it, or give it headers so readers can find what they want quickly.
4. Audit the policy at least once a year (and have non-lawyers read it for clarity).
5. Add “contact us” features in relevant sections of your policy so people with questions can get answers quickly and easily.
6. Inform customers about policy changes, but be sure to do so before the changes go into effect.  Give them a chance to change preferences prior to launch. 
7. Highlight the policy throughout your website and on forms.
8. Make the information (notice, access, and choice) available as more than just a “read the fine print” option.  Use the opportunity to build their confidence.
9. Do not try to think for the customer. Do not assume that subscribers or visitors will want new information or want you to share their information.

Keep in mind that the customers’ trust and loyalty will grow when you give them some control over their own information.

In the course of the next week, take the time to look into your data collection practices and programs.  It is important to understand what sort of U.S based framework would best suit your legitimate business needs, while protecting your consumers’ data. Consider attending the next FTC roundtable to make your voice on this subject heard.

-Dennis, CIPP
Eloqua

Don't Just Send, Deliver! 

What is with the month January this year? Seems that a few celebrity marriages have taken a turn for the worse and caused them to separate. I'm not trying to make fun of someone's misfortunes, but wow.

To make things more interesting in our terms of email, sometime this week a bunch of new buzz stirred up around Goodmail's and Yahoo! relationship. Are they breaking up? Taking a little break from each other? Who knows, but the chatter around the industry is that Goodmail has made phone calls or sent the below email to it's ESP partners and customers notifying then of such. You decide.

My viewpoint? I'm not so sold on this information just yet. Just doesn't make sense... UPDATED: as I think more about this, is it because Yahoo! doesn't see a big enough benefit over the hassle of keep up the infrastructure? Someone also said to me maybe the Goodmail stuff was in the way during the recent Yahoo! inbound outages? or caused it? is pay for email really worth it?

Effective February 1: There will be a reduction in privileges granted to CertifiedEmail messages sent to yahoo.com and other domains controlled by Yahoo:

1. The CertifiedEmail icon won’t be displayed for CertifiedEmail messages sent to these domains.
2. Delivery rates to Yahoo mailboxes will be very high but Goodmail can no longer assure delivery, as messages will be subject to filtering by Yahoo.
3. Images will be displayed for most CertifiedEmail messages but not for all.

Effective February 1: CertifiedEmail coverage will expand to include Verizon.net and all Mail.com mailboxes.

Goodmail remains committed to its CertifiedEmail platform, the only solution for senders, receivers and consumers who expect the highest level of security, best email practices and Inbox functionality. During 2010, CertifiedEmail will grow its ISP footprint and we will launch new exciting products.

If you have any questions, please contact our Customer Service group via email at customerservice (AT) goodmailsystems.com

-Dennis
Eloqua

Don't Just Send, Deliver!

Email Health Checking

By Dennis Dayman, Chief Privacy and Deliverability Officer at Eloqua

The rapid pace at which email has developed means that criminals and spammers are constantly looking for new ways to make money and bypass the law. Consequently, email technology and regulators are being forced to keep up. In the past, the threats posed by spam were prevented using fairly basic measures that would block untargeted emails. Content filters were set up to protect inboxes from messages that contained certain keywords. 

For a while this worked, but despite the initial success, filters of this kind caused two main problems. First there are false positives, where legitimate companies, marketing a valid product, were limited in their outreach if one of their key terms was blocked by the spam filter. For example, Pfizer was unable to communicate material around the product Viagra, despite having a legitimate right to market its content. The other was around interfering with personal emails and the result of excessive filters placing emails from family and friends into spam folders....

--MORE--? Click here!

-Dennis
Eloqua

Don't Just Send, Deliver!

REPOSTED from mad.co.uk

When email was first developed, it was primarily used as a channel to exchange research between universities, the government and to share military information with targeted parties. Today the landscape is quite different, and  email is now a fully-fledged method of communication. As is typical however, as its popularity has grown, so has its appeal to criminals. This has created both a challenge in terms of how to prevent this criminal activity, as well as an opportunity, particularly for marketing services companies who strive to support organisations that dispatch targeted emails as part of their marketing communications activities...

MORE? Click here: http://technologyweekly.mad.co.uk

Don't Just Send, Deliver!

Bounces in email marketing are inevitable, but I often wonder how many marketers in email truly watch their bounces on a regular and consistent basis.

Enter UBER email marketing geek like me. 

At Groupon where I work, our frequency is high and we send a tremendous amount of segmented email.  Some may think that managing and reacting to bounces in this type of environment seems like a daunting task.  One of the requirements that I have as professional is that I am fed a constant stream of information on all areas relating to running an email program.  I hate being caught off guard and want to know if there is a problem before anyone tells me that we have a problem.

I spoke to my ESP and told them of my requirement to be notified when we are having a bounce problem.  I specifically wanted to know if we were having any block bounce issues with my top domains so that I can be proactive in solving them.

They responded quickly and are now generating a bounce report every 3 hours (7 days a week) indicating all of my bounce rates across domains.  I scan almost every report as they come in looking for patterns or trends in the percentages and notify my ESP peeps if I see issues.

My point in all of this is that if you are the manager or director of an email program, this means you own the  whole shebang....bounces and all.  Don't rely on anyone but yourselves to manage the tough stuff like this.  Take control of your bounces, specifically those block bounces which can wreak havoc on your program if an early warning system is not in place.  Is every 3 hours overkill?  Perhaps, but in some programs it might be necessary especially if your program relies on email as its main source of revenue.

A fellow colleague and outstanding contributor of this great blog Dennis Dayman has had some posts centered around bounces and if you haven't read them, I encourage you to do so.

Long live email marketing.

Waltham, Mass. – January 13, 2010 - Unica Corporation (Nasdaq: UNCA), the recognized leader in marketing software solutions, today announced that it has acquired privately-held Pivotal Veracity, a leading provider of tools that enable companies to optimize the deliverability and reputation of their digital communications, for approximately $17.8 million in cash....

--Click here for MORE--

-Dennis
Eloqua 

Don't Just Send, Deliver!

Quick note this morning. SpamAssassin has notified the industry that a bug exists in their software.

What's the deal here you ask? Well it seems that SpamAssassin had a rule in their default installations YEARS ago that would catch any spam with the date 2010+. Yes, believe it or not, but spammers forged their dates to confuse filters at one time or another. 

Well, email HAS survived up to 2010 now and the rule was never updated. Any emails sent as of January 1, 2010 to servers running SpamAssassin before the fix was made available, and to any servers running SpamAssassin that have not implemented the fix, will experience a higher than normal SpamAssassin score. This will effect delivery for messages where the score increase is significant enough to put the email's score above a filtering threshold

A fix to this issue has been made available, but it may take some time for servers running SpamAssassin to make the necessary updates since administrators are the ones who have to make the fix happen.

Make sure you poke as many people about this.

-Dennis
Eloqua

Don't Just Send, Deliver!

The Final Word on DKIM and Deliverability

By: J.D. Falk of Return Path

Seems like every week, I see another industry colleague asking for a detailed list of how each DKIM option affects deliverability. Everyone who's asked for this is a smart person, generally clueful, but this question stumps me. Perhaps it's that while I learned about email technology as a way to get a message from one autonomous system to another, he learned about it in the frustrating context of trying to figure out why his mail was being blocked -- so it has never before crossed his mind that new email technology might be invented that won't make delivery of his marketing messages more difficult.

See, DKIM isn't some wacky new anti-spam method intended to reduce your ability to get mail delivered (that's what that made-up word "deliverability" means, after all.) It's authentication, designed to make it easier to identify the good senders.

DKIM only answers two questions:

1. Does the message have a valid signature?
2. If it does, what domain signed it?

The signing domain, identified by the d= tag in the DKIM signature header, is the only part of the DKIM signature where the choices you make now will directly affect the continued deliverability of your messages. This is because d= is how you tell the receiving system who you are.

With a valid signature on the message, if the receiving system has a domain-based whitelist, and your d= is on it, the message gets in. If they have a domain-based blacklist, and your d= is on it, the message will be rejected. Few mailbox providers have either of those today -- but if they have a domain-based reputation system, which we know the big mailbox providers are working on, then delivery depends on reputation. It's exactly the same as with IP addresses today.

And just as with IP addresses, consistency is critical. If you want to separate different mailstreams, then instead of sending from different IPs like you were before, you can now sign with different domains: shipping.example.com, marketing.example.com, corporate.example.com. Within the context of authentication, each of those is an entirely separate entity. Reputation assessment systems will quickly figure out that there's a relationship between everything that's part of example.com, though, so you can't use this to escape the much-deserved bad reputation of a bad mail stream.

If you send through an ESP today, chances are they sign with their own domain. This means that if you switch to another ESP, you can't take your reputation with you. However, it also means you can borrow the ESP's reputation as long as you're their customer. Work with your ESP to choose the configuration most appropriate for your situation.

So you can stop worrying, sign your mail, and get back to the important work of making sure your recipients are happy to receive the messages you send.

If you're interested, here's a rundown of all the other options in the base spec -- RFC 4871 -- and what effect they're likely to have on delivery of signed messages. If you haven't read the introduction and the terminology and definitions section yet, please do so now.

There's currently only one acceptable value for the version (v=) tag. If yours isn't 1, then the DKIM signature isn't valid. Effect on deliverability: none if it's 1, otherwise the message will be treated as if it wasn't signed.

The algorithm (a=) is very important to cryptography geeks, but we're not talking about ICBM launch codes here. Unless you remember why DLG2209TVX was replaced with CPE1704TKS, accept whichever algorithm and key size your mail software vendor or ESP recommends and be done with it. (Just watch, someone will comment that rsa-sha1 is insecure because someone could decrypt it in a matter of months -- per message.) Effect on deliverability: none.

Canonicalization (c=) is a sneaky way to get around the fact that sometimes an intermediary mail server will make minor changes to a message, like capitalizing header field names or snipping empty lines at the end of a message. With the default "simple" algorithm, those changes would cause the signature verification to fail. With the "relaxed" algorithm, those changes may pass. Effect on deliverability: none unless the message fails.

You can choose to specify, in the h= tag, which header fields you're signing. There's a good description in the base spec of why you might or might not choose particular fields. If you use this, I'd go with the headers that users are likely to see in their mail client, plus anything you use for tracking. Effect on deliverability: none.

Similarly, you can copy all of the signed header fields into the signature with the z= tag. I'm not sure why you would, except for debugging. Effect on deliverability: none.

The selector (s=) is just a way to look up which key you're using, allowing you to use multiple keys with the same domain. You might have different keys for different offices, or systems, or create a key that you can give to your ESP to sign on your behalf. The selector is also useful for changing keys periodically, in case the private key is no longer private -- for example, you could change selectors every other month, removing old ones a few months after you've stopped using 'em. Effect on deliverability: none.

A somewhat controversial option is the body length limit, designated by the l= tag. This allows the signer to say "I signed this much of the message, but there might be more content after that -- and if so I'm not responsible for it." It's a reaction to discussion list software which may automatically add an informational footer to the end of a message. Thing is, these lists invariably make other changes also -- new headers, et cetera -- so the signature would be broken anyway. And, if your focus is on keeping the recipient safe (as it is for all mailbox providers), why would you deliver a message where the top part is from a trusted sender and the bottom part could be malware? Effect on deliverability: could be bad. Don't use this.

The q= value is easy: it can only be "dns/txt". Anything else is invalid. Effect on deliverability: none if it's dns/txt, otherwise the message will be treated as if it wasn't signed.

There are two optional tags referring to time: t= is the time the signature was created, while x= is when it expires. Both of these are designed to catch stupid criminals. If the signature was (allegedly) created after the message was received, it's not valid. Or if the message is received after the signature expires, it's not valid. While it's not entirely clear what will happen in the wild, I'd recommend skipping both of these. Effect on deliverability: none if the times match up or the tags aren't used; otherwise, the message will appear suspicious.

A formerly controversial feature is the i= tag, which looks like an email address -- but probably isn't. As I explained back in March, Cisco uses this to identify individual users: i=santaclaus@cisco.com, if Santa Claus worked for Cisco. And you know, he might. More common, I'd expect, senders will use i= to denote distinct mailstreams or internal divisions for their own tracking purposes: i=transactional@example.com, i=marketing@example.com, i=nyc-office@example.com. Thing is, there's simply no way for anyone on the receiving side to know whether marketing@example.com is a mailstream, a department, a individual email address, or simply a string of randomly generated characters. As such, reputation is more likely to accrue to the d= value. Effect on deliverability: probably none.

So unless you use l= or have unrealistic expectations about i= or s=, as we discussed above, d= is the only thing that matters. See? Nothing to worry about.

------------

-Dennis
Eloqua

Don't Just Send, Deliver!

My good friend Rick Buck of e-Dialog sent this around over the Thanksgiving holiday and I thought it would be mighty appropriate to post it for your reading pleasure. Hope everyone had a great start to their holiday's, now get to work ;)

------------

‘Twas the month before Christmas, when all through the land,

marketers were scheming to hit year-end plans.

Their e-mails were designed in great detail and care,

in hopes that all of their customers soon would be there.

Mail the entire list. Mail them all!

Mail away! Mail away! Mail away all!"

The executives were nestled all snug in their beds,

with visions of Q4 revenue dancing in their heads.

When back in the office arose such a clatter,

that delivery support ran to see what was the matter?

Away to their reporting tools they flew like a flash,

investigating each client’s mailing to look for the trash.

The data before them on the newly sent mail

gave all indications of why they did fail.

When what to their wondering eyes should appear,

but a slew of bounce codes that no one would endear.

Unknown User! Inactive Account! Mailbox Doesn’t Exist!

Blocks from the ISPs were hard to resist.

If only they’d listened and segmented their data.

Their mailing would have been delivered,  staying off of the ISP’s radar.

Relevance, hygiene, permission and more,

ultimately gets the campaign safely out the door.

Reach out to your clients now and give them a shout.

Make sure they understand what this is all about.

Eliminate unknown users, non-responders, and hard bounces alike, and watch delivery and response rates soar and spike.

It is important to take heed of this trustworthy advice,

because the ISPs know if you’re naughty or nice.

During this important mailing season we must get it right.

Happy Holidays to all, and to all a good-night!

------------

-Dennis
Eloqua

Don't Just Send, Deliver!

Wow! being last week in Washington, D.C. was a head-turner. This post might sound like a bore to read, but stick with it and begin to apply it to your email and other online marketing programs.

First, The United States Department of Commerce with the participation and cooperation of the European Commission and the Article 29 Working Party on Data Protection (those entrusted with privacy in the EU) held the "Across the Divide: Successfully Navigating Safe Harbor --
The 2009 Conference on Cross Border Data Flows, Data Protection and Privacy"

In this, participants examined the progress that the Framework has made, reviewed any changes made to the process for approving binding corporate rules, looked at new paradigms for privacy compliance, and address the role information security plays in data protection and privacy. Other topics considered included:

• Cross border data sharing during pandemics
• privacy by design
• strategic information management for the enterprise
• social network service providers and behavioral advertising in cloud computing
• global privacy standards
• electronic discovery in civil litigation

Second, the U.S. House Committee on Energy & Commerce held another joint hearing to examine consumer data collection & use. Witnesses testified before a joint hearing of the House Energy and Commerce Subcommittee on Commerce, Trade, and Consumer Protection (CTCP) and Subcommittee on Communications, Technology, and the Internet (CTI) last week in which they discussed collection and commercial use of consumer data in the offline and online marketplace.

Members of the committee's expressed interest in learning what controls would instill confidence in consumers about data collection and use, questioning whether concerns about targeted marketing would be allayed by providing thorough disclosures of what and how information is collected and offering consumers the choice of opt-in or opt-out depending on the nature of the information.

As you may already know, the chairmen and ranking members of both subcommittees are working on draft legislation to address a range of privacy issues at the federal level. A draft bill is expected to be circulated in the next several weeks.

Folks, you've heard it from me once , if not twice, or three times. Privacy and compliance should be an integral part of your online marketing activities and daily decisions when creating campaigns. As it is today, the Internet knows no bounds when it comes to states and country borders. Many of these countries already have stringent privacy regulations that you might have to comply with when it comes to opt-in for email and or tracking cookies.

• Who Cares About Privacy Policies?
• Privacy policy isn't enough anymore
• Privacy in marketing/advertising

What we are seeing today in these sessions all applies to online and possibly offline marketing. Will we see a U.S. privacy federal rule like Canada and the EU? have today. Very possible in my opinion, but will not be without major discussions as you see above. You need to ensure your companies are involved in these discussions or at a minimum monitoring these changes.

More reading: FTC Urged To Clamp Down On Data Collection Online

-Dennis
Eloqua

Don't Just Send, Deliver!

Well I'm not sure how the cookie monster will take this news, but if you haven't heard online advertising and tracking is threatened by Europe's new cookie law.

If the new law is passed within the next few weeks, websites in the EU will be required to seek consent from users before serving cookies which will ensure more pop-ups for customers to click on for consent. This requirement will go into effect eighteen (18) months after the bill is signed somewhere around December 14th.

Now of course your asking yourself, why didn't I heard about this? Well don't worry, your not disconnected... this cookie requirement, similar to German cookie law, is attached/hidden in a new telecom package which seeks clauses that requires a court's authority before an individual can be disconnected from the internet for illegal downloading. EU's Council of Ministers and Parliament are in disagreement over that single clause in the package of laws. The rest of the package which includes the cookie plan is closed and agreed to, but for the cookie plan to go into effect the ENTIRE package has to pass. So if we are lucky and they can't agree to the rest of the package by December 14th, then we are safe. If they do agree, then cookies will be opt-in in the EU.

The law does however make an exception for cookies that are "strictly necessary" to provide a service. So anything requiring a cookie that helps a shopper get from a product page to a checkout doesn't require a consent notice. A consent notice through will be still required for cookies that are used in traffic analysis or advertising. For most of us we might have some issues here.

The current law says that sites using cookies must give visitors "clear and comprehensive information" about the purpose of the cookies and must offer visitors "the right to refuse" the use of cookies.

What's happening here is that many websites don't seem to offer the clear and comprehensive information and the right to refuse mentioned in the current law. An example of choice can be seen on Eloqua's website here. So what we see happening here is they are making it a requirement; short, sweet, and clear.

Stayed tuned, hopeful our cookies won't go stale on us.

-Dennis
Eloqua

Don't Just Send, Deliver!

Blogged from 37,000 feet using GoGo InFlight

So a few weeks ago, GMAIL launched a beta test called "Sponsored mail with enhanced content" which in basic terms means that if your an approved vendor by GMAIL that your marketing or transactional emails will also have a little icon to the side of the email showing off your recognized branding.

Also, supposedly if the sender authenticates their email (SPF/DKIM), the branded content will help identify emails as being legitimate and not spoofed (GMAIL will only show branded content when the sender authenticates their mail).

Do I think it's worth wild option? perhaps, but only time will tell. If I knew more about how GMAIL is preparing to "approve" vendors so they may have their icon showing that might make it easier to understand or know whether or not this will help them address some of the phishing emails or mistaken marking of email as spam. What I can say about this is it might be a cheaper option to having some of your email arriving in the inbox and recognized. Could this be a pay for enhanced whitelist?

I also hope it doesn't complicate the email anymore in terms of how it loads or what browser support you might need.

I for one might take more time to read an email that had a branded icon to the side of it vs. a overused blue ribbon (not attacking GoodMail Systems). I'm overloaded on email (1,000 per day). Lists, corporate, personal, etc.

• What happens if your using IMAP or POP to see your GMAIL email in a thick client like Thunderbird, Outlook, or Apple Mail? Do you see the icons there? Probably not. I use IMAP with Apple Mail so I can see all my email accounts while I travel.
• What happens if you forward this trusted email within GMAIL to another GMAIL user? to an outside user? Does the icon or trust survive? probably not since the author has changed.
• What happens if now senders have to buy into all these enhanced programs like Sender Score Certified, GoodMail Systems, GMAIL's icon whitelist? Who's next in this AOL? HotMail?

thoughts anyone?

-Dennis
Eloqua

Don't Just Send, Deliver!

The holiday season is right around the corner and it's time to prepare my bank account. So, I asked the wife about her plans for online shopping this year and here's what she had to tell me.

-------

Hi, honey.  Thanks for knowing that I'll be starting my holiday shopping soon.  It's good to know that you're not going to freak out when you see our checking account steadily draining over the next few months.  'Tis the season, eh?

You asked me the other day if I plan to shop online much this season, and I think that I probably will, for a variety of reasons. 

1) Sometimes online marketplaces can offer products that I can't find elsewhere.

My first choice for online marketplaces, especially during the gift giving season, would have to be Etsy.  It's like an online arts and crafts fair, and the level of creativity that can be found there is just amazing.  While it might not suit everyone, Etsy is right up my alley, and every transaction I've ever made (with a variety of different vendors) has been a breeze. They make it a piece of cake to search for things, and I'm telling you, they've got tons of unique things.  From vintage to handmade, jewelry to linens, it would be tough to walk away from a site like that without being able to cross someone's name off your gift list. (Ahem.  Hint, hint.)



I will also be shopping on sites that:

1. have a popular item in stock, 
2. give me a few price comparisons, and
3. show me some reviews of the product I'm interested in.

2) Sometimes I can find a better deal online.

I'm nothing if not a bargain shopper, and I'm always willing to look for an online deal before making an in-store purchase.  And if I can find a better deal online AND get *free shipping*, well then they've pretty much sealed the deal for me.  Why wouldn't you avoid the hassle if it can be delivered to your door free of charge? Man, that *free shipping* (plus a good deal) makes a big difference for me.  It's a powerful thing to this shopper.  (If I underline and BOLD *free shipping* every time I type it, will it tell marketers what I want from them for Christmas?)

3) Sometimes I can't shop with two eight-year-olds in tow.

Some days I have the patience, and some days I don't.  Need I say more?

4) Sometimes I need to be a little sneaky.

A long time ago I could sneak something into the cart while the boys were with me shopping at Target. Strategically place a jacket on top of the future Christmas present, whisper a word of warning to the nice cashier, and out I'd walk with two boys and said Christmas presents all in one armload.  Those were the days. Now, I can't be nearly as sneaky with them around as I used to be.  They notice everything.   And since they are still "believers," which I love, I don't want to get caught buying any Santa presents right under their noses.   It's a little easier to get a plain old box in the mail (please don't let it say Lego all over the sides!!) and just dismiss it as something for mom or dad. 

By the way, I've always had trouble sneaking things past the "big kid" in the family.  **WANTED:  Retailer who can help me purchase items without them showing up on bank statement that husband looks at inquisitively during holiday season.**

5) Sometimes it's nice to have the shipping done for you.


The lines at the post office are insane by mid-December, which unfortunately is the time I usually have things ready to go. During this time of year, it's definitely easier to have the retailer package and ship my purchases directly to the recipient. (Preferably with free gift wrap!  That personal touch goes a long way with me.)



Okay, babe.  That's all the good reasons I can think of right now. But, really, who needs a good reason to shop online?  Or to shop at all for that matter?  It's good that you love me for who I am - flaws, clearance aisles, and all. 
xoxo - wife

------

As I was talking to my wife when I asked her this question, a few thoughts popped into my head that marketers need to consider when prepping emails for the holiday push

1. Short and straight to the point in your email.
2. No need for LARGE email print that's pages of deals
3. Offer something different and special like free shipping, free gift wrapping, and no hassle returns.
4. Use social media to create buzz. My wife who does *watch* Twitter a bit missed out on a huge going out of business sell (80% off) which I'm sure she would have gladly participated in. Give short lived deals in social media avenue's, but ensure you give good discounts to those who follow. i.e. http://www.woot.com
5. Buyers are VERY weary this season with the economy. If possible, give them confidence in their purchases by handling negative issues QUICKLY and also linking to customer reviews about products your selling. Even post a good review in the email for a specific product your pushing.
6. Give price comparisons in email or note discounts with final prices. Not the click here to see our prices on the website.
7. Possibly offer another way to notify the buyer of the purchase in case the email address is shared with the person they bought the gift for? Secondary email address for receipt perhaps?
8. Send relevant and targeted email perhaps on last year's purchases or of purchased throughout the year from your site.
9. Perform some AB Testing prior to your holiday push. Know what is going to work for you before you deploy live
10. Don't go outside your comfort box when it comes to frequency. Again, I know the economy has hit us all, but this doesn't give you a free for all to *BATCH AND BLAST* your customers during the holiday.

-Dennis
Eloqua

Don't Just Send, Deliver!

This is a little late in posting, but I'm glad that it was because I have been able to sit down and think about this at great length.

Is simply posting a privacy policy good enough anymore? Is simply saying what you will and will NOT do in a privacy policy enough? It may not be.

As you may have heard now, the Federal Trade Commission (FTC) charged in their complaint Sears, Roebuck and Company and Kmart Management Corporation that it failed to disclose adequately the scope of consumers’ personal information it collected via a downloadable software application.

Users could downloaded Sears' tracking software, which monitors web activity and each user was paid $10.00 (which is a lot) if they kept it for a minimum of one month... oh and all one had to do to secure this plentiful bounty was turn over to the company every single bit of information about one's Web browsing.

Now your probably saying, so? No worries on them tracking their customers on their site. No so fast, Sears and its data collection partner also gained access to the "contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for web-based e-mails," said the FTC. They also collected non-Web information about the user's personal computer.

Did Sears hide this fact they were collecting all this personal information? NOPE... They posted every juicy detail of what they were doing in their privacy policy and in a fifty-four (54) page license agreement for users to in GREAT detail read at their convenience. yea right! Who reads that stuff? (CYA note: I do as the Chief Privacy Officer) ;)

So, of course a few researchers noted this problem to the FTC who then charged that Sears did not "adequately disclose the scope of the tracking software's data collection."

Now, when you look at all the details involved here, Sears wasn't trying to hide the fact they were monitoring you, they weren't hijacking browsers, secretly doing drive-by installations, or anything illegal or anything unfair.  The FTC was concerned that Sears would be tracking people online for marketing purposes but hadn't clearly disclose what they're doing. Up until now, Sears's disclosures were both legally valid and commonplace. However, in the past the FTC has said in two (2) other cases that companies couldn't bury critical disclosures about the nature of adware in fine print (Zango and Direct Revenue). The Sears case here is NOT adware mind you. This is a case where the user would/should have known they were sharing personal identifiable information (PII) when they read those documents. They were ASKED to share their information if they download this program.

So what's the lesson learned here? What's the big deal to your business? Will it REALLY impact you? The simple answer in my eyes this beautiful fall morning in Texas is YES!

This settlement with the FTC shows that the FTC is watching and waiting for those who might be trying to confuse the average consumer. This means that you will need to be "hyper transparent" when your collecting, transferring, and processing PII. You can NO longer just think by posting in your privacy policy what your doing with a persons information is sufficient. You need to become "hyper transparent".

This could mean that in certain sign-up forms or marketing processes you should break out the relevant impact points of how your collecting and what your planning on doing with this information once you collect it upfront and not buried in some legal linked document. This means if you plan on doing more with transference of data that you warn the users more upfront about it. This means that if you want use their information for more than just normal out of ban use you need to be up front about it.

You get the point here? A PRIVACY POLICY IS NOT A GET OUT OF JAIL FREE CARD FOR YOUR MARKETING PROGRAMS AND PROCESSES. Never has been to be honest.

In this settlement

• Sears has agreed to destroy all data gained from the experiment and stop collecting data from any software still running in the public domain.
• If it wants to do any tracking in the future, the company has committed to "clearly and prominently disclose the types of data the software will monitor, record, or transmit.
• Any disclosure must be made prior to installation and separate from any user license agreement.
• Sears must also disclose whether any of the data will be used by a third party."

Here are the relevant links to the FTC announcements if you want to read further.

Sears Settles FTC Charges Regarding Tracking Software

FTC Approves Final Consent Order Requiring Sears to Disclose the Installation of Tracking Software Placed on Consumers’ Computers; FTC Approves Final Consent Order in Matter Concerning Enhanced Vision Systems, Inc.

-Dennis
Eloqua

Don't Just Send, Deliver!

So my friend, Fred Tabsharani of Port25 Solutions, ran an interesting interview Franck Martin from Genius.com on the future of DKIM and Domain-Based Reputation. This has been in the works for a few weeks now and really came out nice.

5 Questions with Franck Martin on the Future of DKIM and Domain-Based Reputation 

Below is my interview with Franck Martin, Email Deliverability Services Engineer at Genius.com., and contributing group member of the Internet IETF, in its effort to standardize the use of DKIM.  This interview was conducted via Skype since Franck just happens to live in Suva, Fiji. 

Q:FT - RFC 4871 (DKIM) essentially makes RFC 4870 (DomianKeys) obsolete.  In your opinion, what’s the future of DKIM and its overall traction in email industry thus far?

A:FM - The greatest thing that has come from the Internet Engineering Task Force (IETF) is that when an organization or an individual develops an Internet communication protocol, such as DKIM, the IETF makes it rock solid.  Essentially they look at it from all angles, strengthen it, and put their stamp of approval on it to basically say it has the quality of a standard. This shows its maturity and robustness as well as acceptance throughout the industry.  DKIM is not here to solve the spam problem, it’s just here to validate the domains that are taking ownership for sending the email.  DKIM is often times confused with signing.  Yes, DKIM signs some email headers as part of its process, but it does not sign the whole email.  PGP, and S/MIME are protocols that sign emails and are more complex to implement than DKIM because they require user participation.  DKIM requires only the mail administrator participation (and he/she is supposed to understand emails better than any other classic user).  DKIM also helps mitigate some phishing attacks, but here too, it will not solve phishing.  An email cannot claim to be from say ebay.com, have a DKIM signature related to ebay.com and not be validated back to ebay.com, providing that ebay states, via Author Domain Signing Practices (ADSP) or other means, that all their email will have their own DKIM validation. Unfortunately, it is not that simple, because the recipient mail server needs to perform various checks with the information that DKIM, ADSP and other tools provide.  I could send an email claiming to be from ebai.com and be DKIM validated back to ebai.com, and a lot of users may not recognize that ebai.com is not the same domain as ebay.com.

Q:FT - Have we reached an inflection point with DKIM?

A:FM - For the moment it’s the big players that are implementing DKIM.  If you want to have a FBL through any of the ISPs, then DKIM is a requirement.  For the smaller players, the value will come through the implementation of tools like SpamAssassin.  SpamAssassin is adding rules so that emails which pass the DKIM signature may be whitelisted.  A recent study done by Cisco shows there has been a strong growth of emails using DKIM.  It is more complex to identify DKIM use, because it is not like SPF, querying domains does not indicate the potential use of DKIM like SPF does.  Author Domain Signing Practices (ADSP), another IETF initiative, is a complement to DKIM.  It essentially adds information to the validation process to specify the policy of using DKIM for a domain name. If you receive an email that does not include a DKIM signature, you can check the domain name.  If it states that all emails will have DKIM, then you can safely drop/trash that email.   SpamAssassin is also implementing such rules.  There is another value of DKIM.   For instance when a bank sends you an email, you can validate the domain of the bank, but how do you know it truly is a bank?  A well-known industry association could include their DKIM validation as a third party which would provide a more influential path for reputation.  Finally with IPv6, IP based reputation has some serious challenges to overcome due to the database size required to contain all possible IPs. Domain based reputation may be the only way to have email work over IPv6.  At Genius.com we strongly support the adoption of DKIM (we use it too of course), and personally, when I was on the board of the Internet Society (which is strongly linked to the IETF), I supported its Trust and Identity initiative (which includes promoting DKIM adoption).

Q:FT - We’ve noticed that email headers from large companies utilize multiple modes of email authentication.  Some in fact are using all four—DKIM, SPF, Domain Keys, and SenderID. Is this redundant? Can we now officially call DKIM the standard?

A:FM - DomainKeys is becoming obsolete. Since Yahoo is moving to DKIM, there is no more reason to use DomainKeys.  Organizations such as MAAWG and ESPC require at least one form of signing and DKIM is one recommended method.  It is likely to become a requirement quickly because of various industry reputation organizations.  SenderID does not seem to have traction anymore, but SPF is a different story.  First for a sender, SPF is very easy to implement because all you need is to add one record to your DNS, and SPF provides a unique functionality in that if you want to know all the servers that a particular domain is sending from, you can use SPF to acquire a list of IP addresses. This is helpful when you try to figure out if you are blocking any IPs when a customer complains he is not receiving emails from the email address of his mother.  This shows there is a need for this type of information.

Q:FT - Regarding the early adoption with domain-based reputation by ISPs, where in the email header will these reputation effects be based?   

A:FM - My understanding is that it’s in the d= string, where the domain reputation will be based.   Organizations will use this domain as a reputation filtering mechanism when checking against DNS records (ADSP) and past behavior.  Essentially, what do we know about this sender (or domain)? As I understand, per IETF RFC, only the d= should be the criteria for reputation analysis.  Again, each ISP may treat this differently, and ongoing testing is taking place.  Because each ISP has different business rules with domain-based reputation, the IETF is trying to confirm to various implementers what is the intent of the standard.

Q:FT - Will there still be a need to warm-up IPs and establish a reputation through ISPs before sending large quantities of email?

A:FM - Since each ISP has its own filtering systems, warming up IPs would probably still be required to a certain extent.  Since DKIM naturally links to domain reputation, and since DKIM will help domain-based reputation, it will be faster to warm up IPs but we still have to exercise caution given that each ISP has its own set of business policies.  Now, on a side note, because we move to domain reputation, it will be useful to know who is behind each domain. On its side, ICANN is trying to limit bad behavior with domain registration such as “domain tasting.”   Domain tasting it is a practice where you can register a domain and drop it within the grace period without having to pay for it.   It allows people to use domains to send emails from and switch to another domain after a few days, making it difficult to track the source of the emails and which entity is responsible for that domain. There are other concerns with domain registration, but that's another issue. However, we have be certain that DKIM does not become an ICANN issue, because too many people are trying to bloat ICANN's mission. DKIM is an email administrator tool and may become a requirement but I don't think we will see in the future any major player, dare to drop any emails which does not include DKIM.

Franck has gone on record to say that when I visit Fiji, he will have an exotic Fijian cocktail waiting ☺

Fred Tabsharani

------

-Dennis
Eloqua

Don't Just Send, Deliver!

This report, based on Pivotal Veracity’s meetings with top ISPs, provides an overview of  the ISPs moving to domain-based reputation, their authentication plans, and critical insights and changes to white listing, volume throttles, and use of clicks and opens in filtering algorithms.

Its now available for download from their site (free, no registration required)

Key Take-Aways:

• Reputation is and will remain of your own doing & not that purchased from a 3rd party! Reputation is still within your control and will remain so. You do not need to pay someone to have a good reputation (nor will it do any good) and paying someone won’t save you from a bad one. Almost universally, your reputation is driven by Spam Complaints, Unknown User Rates, and Spam Trap/ Honey Pot Rates (mailing to old expired addresses). 
• 

Domain-based Reputation is here! A number of top ISPs including Yahoo & AOL are moving to augment IP-based reputation systems with portable Domain-based reputation systems for those mailers using DK/DKIM authentication.  This is a hugely important development and one that will be welcomed by legitimate mailers. This means, ISPs will “attach” (compute) your Spam Complaint Rate, Unknown User Rate, and Spam Trap Rates to your Domain (this will be the domain you are authenticating which for most mailers will be the friendly from domain)  in addition to your IP.   Switching IP addresses? With domain-based reputation ..you get to keep (for good or bad) your reputation. 

• Authenticate with DK/DKIM! With the exception of Hotmail which is still sticking to its proprietary “Sender ID” authentication model, the authentication method of choice by all the other leading ISPs is DK/DKIM.  If you are not already ..authenticate !  You need to authenticate in order to take advantage of domain-based reputation and other ISP services such as Yahoo’s feedback loop.  You’ll find extensive resources on authentication within the Pivotal Veracity knowledge base.

-Dennis
Eloqua

Don't Just Send, Deliver!

The biggest one that you might have heard is the new Federal Trade Commissions (FTC) rule covering unwanted "Robocalls".The new requirements are a part of the larger FTC's Telemarketing Sales Rule (TSR) that begins September 1, 2009 prohibiting prerecorded commercial telemarketing calls to consumers, or robocalls, unless the telemarketer has obtained permission in WRITING from consumers who want to receive such calls. This was announced a year ago by the FTC.

 The rules look something like this.

• If you send robocall, telemarketer must have permission IN WRITING before calling the target
  
• If your a seller or telemarketer and you transmit without written permissions, the fine is $16,000 per call.
• it DOES prohibit robocalls even if you have previously done business before with them
• the pre-recorded call must tell the user how to opt-out st the start of the message
• provide an automated opt-out mechanism that os voice or keypress-activated
• If your pre-recorded message is left on an answering machine or voicemail, it must also provide a number that connects to the automated opt-out system.

• that their flight has been cancelled
• they have a service appointment, or similar messages

Such purely "informational" calls are not covered by the TSR because they do not attempt to sell the called party any goods or services. Others not covered and by no surprise are politicians, banks, survey's, debt collectors, health care/prescription refill messages, telephone/utility carriers, and most charitable organizations.

After September 1, sellers and telemarketers who transmit prerecorded messages to consumers who have not agreed in writing to accept such messages will face penalties of up to $16,000 per call.

Calls made by humans will still be allowed, but not if the phone number is on the National Do Not Call Registry.

After September 1, consumers who receive prerecorded telemarketing calls but have not agreed to get them should file a complaint with the Commission, either on the donotcall.gov Web site or by calling 1-888-382-1222.

If you want all the details about the robocalls regulations please read the Federal Register Telemarketing Sales Rules Final Rule Amendments. The FTC also published a site that helps business comply with the TSR's which is very lengthy, but should answer most of your burning questions that I did not touch on here like telemarketing calls to business.

Your now asking why I'm telling you about this and it doesn't impact digital communications like email? Think really hard now........

How many of you send out an email invite to a customers about something like a conference or webinar and then follow-up with a robocall telling the user to look for the email? For some of you, the email open rates are significantly higher than those that did not get the robocall in these situations and thus you regularly use this process. Can you still use this process? Probably not.

-Dennis
Eloqua

Don't Just Send, Deliver!

My posting of this is not to embarrass Campaign Monitor, but to notify users of Campaign Monitor that you should be vigilant about your lists and reputation if you use the service. It is possible that either

So, I need to apologize for the lateness of this post in the series, but with the kids on summer break and us taking a holiday it made it difficult to concentrate a bit it seems.

------

Hey, hon -

I forwarded an email to you, and I'm sure you're wondering why.  It's not some sort of ploy to get you to add a little goodie to my Christmas list.  (Not yet, at least.)  I wanted to show you a marketing email that impressed me!

http://www.roguegypsies.com/

Okay, so you love to tell me that I would buy anything that is one-to-a-customer.  While I stand by the fact that that's not entirely true (I know I love a good clearance rack!), I will admit that this email pulled me in the other day.  The level of creativity and the relevance to my interests was enough to break down my "anti-marketing email" walls.  Get this - not only did I read through the email in it's entirety, but then I clicked over to their website, and then (the icing on the cake!), I WATCHED A MARKETING VIDEO.  It was a quick YouTube video, and it was witty.   They had an entire website set up to go along with this marketing idea, complete with a blog and twitter updates.  They certainly made the most of social media, while keeping it light-hearted and fun. 

An aside:  Kudos to you, Provo Craft.  It's been a long time since I've been entertained by a marketing pitch, but your "Gypsy" updates have been so catchy.  You've done exactly what I would guess you intended to do - peak my interest in a new product that has yet to be released.  I'll be anxiously awaiting the arrival of the "Gypsy" in my local scrapbook store so I can see all that it's capable of!

Sorry I got off-track, babe.  Just thought you'd like to see an email that I was impressed with, given it seems I'm usually dumping on marketing emails.  I like to give credit and praise where it's due, and in this case, from my mom-perspective, it was well-deserved.  Glad to have the opportunity...

Love you - wife

PS - An after-thought:  I like that Provo Craft made use of all of the new social medias available, but didn't overwhelm me with emails.  Thus far, over the course of a month, I've only received two emails in my inbox - one when they first got started, and one update.  A nice balance - they let me keep up-to-date with their "progress" if I chose to, but didn't decide for me that I would want to see every bit of the process.  Again, so impressed!

------

My wife was right, after she sent me this I went to review their site and was impressed that Provo Craft DID really use a great set and balance of social media avenue's to allow customers to monitor the progress of these video's and other announcements of their new product release vs. just all email, all the time.

You want a good laugh as well, check out their "Dog the Bounty Hunter" style video's at http://www.roguegypsies.com/ I'm not a scrap-booker, but they kept me engaged.

Kudo's to Provo Craft for winning over my wife and breaking my bank again ;). This is award winning marketing in my book (checkbook that is)

-Dennis

Eloqua

Don't Just Send, Deliver!

Not sure how to go about this today without embarrassing a company, but I feel the need to make a point today about unsubscribing, list management, and Can-Spam.

Not to big of a surprise in terms of a stat headline, but Return Path today released a new Email Deliverability Benchmark Report that shows marketers may not be still not getting it or that some just can't get a break no matter what they do right.