Monthly Archive for April, 2008

Signup forms and bad data

Published
by
laura
16Apr
in Best Practices
.

One thing I frequently mention, both here on the blog and with my clients, is the importance of setting recipient expectations during the signup process. Mark Brownlow posted yesterday about signup forms, and linked to a number of resources and blog posts discussing how to create user friendly and usable signup forms.

As a consumer, a signup process for an online-only experience that requires a postal address annoys and frustrates me to no end. Just recently I purchased a Nike + iPod sport kit. Part of the benefit to this, is free access to the Nike website, where I can see pretty graphs showing my pace, distance and time. When I went to go register, however, Nike asked me to give them a postal address. I know there are a lot of reasons they might want to do this, but, to my mind, they have no need to know my address and I am reluctant go give that info out. An attempt to register leaving those blanks empty was rejected. A blatantly fake street address (nowhere, nowhere, valid zipcode) did not inhibit my ability to sign up at the site.

Still, I find more and more sites are asking for more and more information about their site users. From a marketing perspective it is a no-brainer to ask for the information, at least in the short term. Over the longer term, asking for more and more information may result in more and more users avoiding websites or providing false data.

In the context of email addresses, many users already fill in random addresses into forms when they are required to give up addresses. This results in higher complaint rates, spamtrap hits and high bounce rates for the sender. Eventually, the sender ends up blocked or blacklisted, and they cannot figure out why because all of their addresses belong to their users. They have done everything right, so they think.

What they have not done is compensate for their users. Information collection is a critical part of the senders process, but some senders seem give little thought to data integrity or user reluctance to share data. This lack of thought can, and often does, result in poor email delivery.

1 Comment

Social network sends spam

Published
by
laura
15Apr
in Best Practices
.

Yesterday we talked about social networks that harvest the address books of registered  users and send mail to all those addresses on behalf of their registered user. In the specific case, the registered user did not know that the network was going to send that mail and subsequently apologized to everyone.

That is not the only way social networks collect addresses. After I posted that, Steve mentioned to me that he had been receiving invitations from a different social network. In that case, the sender was unknown to Steve. It was random mail from a random person claiming that they knew each other and should network on this new website site.  After some investigation, Steve discovered that the person making the invitation was the founder of the website in question and there was no previous connection between them.

The founder of the social networking site was harvesting email addresses and sending out spam inviting people he did not know to join his site.

Social networking is making huge use of email. Many of my new clients are social networking sites having problems delivering mail. Like with most things, there are some good guys who really do respect their users and their privacy and personal information. There are also bad guys who will do anything they can to grow a site, including appropriating their users information and the information of all their users correspondents.

It is relatively early in the social networking product cycle. It remains to be seen how much of an impact the spammers and sloppier end will have. If too much spam gets through, the spam filters and ISPs will adapt and social networks will have to focus more on respecting users and potential users in order for their mail to get delivered.

1 Comment

Address harvesting through social networks

Published
by
laura
14Apr
in Best Practices
.

The next killer ap on the Internet seems to be social networking. Everyone has a great idea for the next facebook or or myspace. All of these sites, though, have to find users. The site will fail if there are no users. One way to get new users is to ask all your current users to invite all their friends to join. This tends to lead to the marketing / product decision to insert functionality into the social networking site which allows current users to upload their address book and the site itself will send out invitations to all your friends and contacts.

This is not actually as great as an idea as it sounds, however. First, you end up with situations like what happened to me this past week.  On Wednesday I received the following email:

Hi,

I looked for you on Reunion.com, the largest people search service — but you weren’t there.

See who else has been searching for you! Click here.

—Bob

Reunion.com - Life Changes. Keep in Touch.™
You have received this email because a Reunion.com Member sent an invitation to this email address. For assistance, please refer to our FAQ or Contact Us.
Our Address: 2118 Wilshire Blvd., Box 1008, Santa Monica, CA 90403-5784

Bob is actually a current client and I recognized his full name in the from address. Bob has my current information and we have had contact within the last few weeks so I know he is not actually using reunion.com to try and find me. I spend a few minutes poking at reunion.com trying to figure out how to make the mail stop and make sure they never bother me again, discover they do not want to make that easy and give up. I can always block them if their email becomes annoying.

The next day, I receive an email from Bob, it says:

All,

If you received an email from reunion.com on my behalf, please IGNORE it as that email was sent without my knowledge and I have not sent it willingly. This email was sent to all my contacts in my email address book.

I have already cancelled my account on that site and it is really weird that the site would do this without my permission.

The site is “force inviting” people from your contacts if you register on the site, which is very annoying.

Thanks,


Bob

Because of this behaviour, reunion.com has now lost one registered user, and he has told all his contacts to avoid the site in the future.

Reunion.com is not alone in their rush to grab any address they can get a hold of. Most sites will let you upload address books, or your account information so they can mail all your contacts introducing their new product. It is an attempt to appear to be organic viral marketing, but it is not. In point of fact it is no different than randomly harvesting addresses off websites and mailing them.

Social networks need to be very careful about appropriating addresses and assuming permission. This week, reunion.com appropriated both Bob’s address and my own and assumed they had permission to email me on Bob’s behalf. In fact, they did not have Bob’s permission to appropriate his address and they certainly did not have my permission to contact me.

Many newborn social networks are using similar types of spam to spread their presence. It remains to be seen if this is a working strategy or if they are forced to actually start actually caring about permission.

1 Comment

Judge rules in e360 v. Comcast

Published
by
laura
11Apr
in Legal
.

Yesterday Judge Zagel ruled on Comcast’s motion for judgment on the pleadings. I think the tone of the ruling was clear in the first 3 sentences.

Plaintiff e360Insight, LLC is a marketer. It refers to itself as an Internet marketing company. Some, perhaps even a majority of people in this country, would call it a spammer

In the end, the judge ruled that Comcast has immunity for their actions under 230(c) and ruled in their favor.

I grant judgment on the pleadings with respect to the complaint as a whole on the grounds that § 230(c) precludes proceeding on any of the claims. Alternatively, I dismiss the remainder of the claims for the reasons stated above.

The judge has one of the better summaries of 230(c) in regards to email.

The initial question is whether the kind of unsolicited and bulk e-mails (whether you call them spam or mass marketing mailings) are the sort of communications an entity like Comcast could deem to be objectionable. A few courts have addressed the issue and answered “yes.” See Optinrealbig.com, LLC v. Ironport Systems, Inc., 323 F.Supp.2d 1037 (N.D. Cal. 2004) (company that forwarded spam complaints to ISPs entitled to immunity). Indeed, section 230 imposes a subjective element into the determination of whether a provider or user is immune from liability. Zango, Inc. v Kaspersky Lab, Inc., No. 07-0807, slip. op. at 6-7 (W.D. Wash. Aug. 28, 2007) (noting that section 203(c)(2) only requires that the provider subjectively deems the blocked material objectionable); Pallorium v. Jared, 2007 WL 80955, at *7 (Cal. Ct. App. Jan. 1, 2007) (same). This standard furthers one of section 230’s goals “to encourage the development of technologies which maximize user control over what information is received by individuals, families, and schools who use the Internet and other interactive computer services.” § 230(b)(3). Here, there is no question that Comcast, through the use of its numerous programs, software, and technologies, considers the material sent by e360 via e-mail objectionable.

He goes on to evaluate the protections of 230(c) against the text of CAN SPAM

But compliance with CAN-SPAM, Congress decreed, does not evict the right of the provider to make its own good faith judgment to block mailings.  Section 7707 of the Act says that nothing in the Act shall “have any effect on the lawfulness . . . under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle or store certain types of electronic mail messages.”  See White Buffalo Ventures, LLC v. University of Texas, 420 F.3d 366, 371 (5th Cir. 2005); § 7707(c).

Under the law, a mistaken choice to block, if made in good faith, cannot be the basis for
liability under federal or state law.  To force a provider like Comcast to litigate the question of
whether what it blocked was or was not spam would render § 230(c)(2) nearly meaningless.

As the judge has now determined that the protections of 230(c) do apply, and goes on to answer the question “was Comcast acting in good faith” with the answer “e360 did not adequately plead Comcast wasn’t acting in good faith.”

Two other things of note in the ruling. One was the Judge’s comment on the alleged denial of service attack. It was a footnote in the ruling, but worth mentioning.

e360 says, in its brief, that Comcast has also engaged in “denial of service” attacks on their system which acts overwhelm e360’s system and prevent it from sending or receiving e-mails.  e360 also claims that Comcast sends incorrect bounce information to their system with respect to e-mail addresses of those on e360’s opt-in list.  I do not understand what is being alleged.  If e360 means that Comcast is refusing to transmit the e-mails and communicates this fact to e360 by bouncing them back, then it is e360’s choice to submit very large numbers of e-mails for transmission which, after the first Comcast block, it should have known of this possibility and been prepared for it (perhaps by altering its protocols to allow for a connection to be disconnected).  It is hard to see that sending e-mails back, in this context, is a denial of service
“attack” when it is designed to prevent legitimate users of a service from using the service.  It is not an “attack” to prevent users not believed to be legitimate from using a service.  It is also impossible to see the allegations here as stating that Comcast intentionally accesses a computer without authorization.  Unless these computers operate in non-standard ways, the initiation of access is laid at e360’s door, not at Comcast’s.

The other was the judge’s agreement with Comcast that even if 230 did not apply, that e360 failed to state claims on all counts. Another footnote:

Comcast argues that, absent its statutory protection, e360 has failed to state claims on all of its Counts.
(A)  I agree that the Tortious Interference with Prospective Economic Advantage Count is difficult to understand.  I have found no cases in which refusal to allow a plaintiff to run an advertisement in a medium with wide circulation (and thus reducing sales) of plaintiff’s products  or those from whom he is selling constitutes such tortious interference.  Usually the prospective economic advantage is far more concrete than selling to public which consists of people on a very, very long opt-in list.  It is illegal to interfere with a fair number of prospects, but usually they are a class of easily identified individuals and usually the interference is that of the defendant interacting directly with the prospective buyers.
(B)  The claim under CFAA under the “ denial of service” theory fails for the reasons
stated above.
(C)  Comcast is a private enterprise and has no obligation to honor the free speech rights of e360.  C.B.S. v. Democratic Nat’l Comm., 412 U.S. 94 (1973).  Comcast provides services traditionally performed by private enterprises, not the government.  The government does not,  with very few exceptions, connect people with one another through the Internet.  Jackson v. Metropolitan Edison, 419 U.S. 345 (1974) (publicly regulated utility).  The fact that an enterprise is regulated, licensed, or funded by the government does not make the enterprise part of the state.  Wilcher v. City of Akron, 498 F.3d 516 (6th Cir. 2007).

There we go. Comcast prevails, e360 loses. There is no word yet on whether Comcast will continue with the countersuit.

Not being a lawyer, I do not have the credentials or training to fully comment on the ruling. However, in my non-legal opinion, I think the judge demonstrated a firm grasp of the policy and technology involved in blocking spam and applied the law in a way that makes it very, very clear that blocking mail is legal and that a marketing company cannot use the law to attempt to get mail delivered.

Full text of the ruling is up at SpamSuite. I hear he’s currently /.ed so his site might load a little slowly.

1 Comment

Dealing with ISPs when you are blocked

Published
by
laura
09Apr
in Best Practices
.

Here is some advice on dealing with ISPs over a blocking issue.

  1. Do know what IP is blocked if it is an IP based block.
  2. Do know what domain is blocked if it is domain based block.
  3. Do know what the rejection message is and have it handy.
  4. Do be polite.  Most of the ISPs get hundreds of contacts a day, many of which are decidedly impolite. If you are the polite one you’re much more likely to float to the top than if you are one of the thousand screamers.
  5. Do not make threats. There is nothing you can threaten that they have not been threatened with before.
  6. Do not lecture them about the law. It is unlikely you understand the legal issues better than they, and their lawyers, do
  7. Do respect everyone’s time. Arguing is not productive. Asking for information and clarification is productive.
  8. Do remeber that they’re extremely busy. The ISP does not need to hear about your business model - brevity is a virtue.
  9. Do not mention CAN SPAM. That’s like saying “I do the bare minimum the law requires and expect you to accept my mail anyway.”
  10. Do not ask them to remove the block. Ask them what you did to get blocked and how to avoid being blocked in the future.
  11. Do remember this is probably the same person you will need to deal with in the future and that this is not a one time conversation. Leave them remembering you, if not fondly, at least productively.

The above all go for talking to the major blacklists, too.

Edited to add: 12. Do use the proper channels to contact them. 

6 Comments

Email related laws

Published
by
laura
07Apr
in Legal
.

I’ve been working on a document discussing laws relevant to email delivery and have found some useful websites about laws in different countries.

US Laws from the FTC website.

European Union Laws from the European Law site.

Two documents on United Kingdom Law from the Information Commissioner’s Office and the Data Protection Laws.

Canadian Laws from the Industry Canada website.

Australian Laws from the Australian Law website.

0 Comments

Blog roundup

Published
by
laura
04Apr
in Industry
.

Denise Cox has a list of 10 things your signup page should have over on her blog.

The AOL postmaster blog has its first post up talking about bounces.

BeRelevant has a great blog with lots of suggestions email best practices.

Mark Brownlow had a great post this weekon moving the unsubscribe button to the top of your newsletter to make it easy for customers to unsubscribe. The comments are a must read as well, including one commenter that saw the number of ‘this is spam’ hits go down when he moved the unsubscribe link to the top of the email.

0 Comments

AOL Postmaster blog

Published
by
laura
02Apr
in Asides
.

AOL announced today they are launching a postmaster blog http://journals.aol.com/pmtjournal/blog/

I’ll be updating the blogroll, too. I’ve been checking out some new delivery / marketing blogs the last few weeks.

0 Comments

Report subscriber and changes to whitelisting at some ISPs

Published
by
laura
01Apr
in Uncategorized
.

If you’re reading this through the archives please check the date before commenting on this post.

Mark Brownlow has a post on a new technology for senders. I think this will help ensure senders have a say in the general delivery of mail for receivers.

Through the grapevine, I have also heard there’s a new technology developed by a company called Purple Cod. This technology makes it easy for end users to control ISP whitelists. Users at ISPs that deploy this technology will be able to whitelist any sender at the MTA level. When a user receives a mail, there will be a new button “whitelist this sender”. That will exempt that sender from spam filtering of any future email.

The ISPs looking at this technology believe this will improve overall delivery for senders.

In order to fully take advantage of this technology, ISPs will be moving to only allowing email from whitelisted senders to send mail to the ISPs. Senders who are not whitelisted will use a different pool of servers. These servers will only accept 1 in 1000 emails. If a sender gets mail through, and the recipient requests whitelisting then the sender will be moved to the whitelist only pool.

More rumors as I hear them.

5 Comments