Over on Spam Resource Al posted about data sellers and the ESP that supports them. As part of the post, he lists the pricing for email address lists.
Check out The Data Supplier. One billion email addresses – only $795. Comes with:
15 Million Companies Emails
3 Million Fresh Bulk Emails
8 Million Worldwide Emails
9.4 Million Misc Emails
250K Germany Emails
1 Million Yahoo Emails
Think about that for a minute. One billion email addresses for less than 800 dollars. Think about the average marketing program, responsible senders invest money in address collection. How much verification can be done? How careful can the sellers be with permission? How much is that list actually worth?
For the marketer who purchases that list, dealing with the bad delivery, blocks and complaints is going to cost much more than the $800 spent on the list. Recently, I attended a talk discussing the cost of a blocklisting to their company. The numbers, well into seven figures, astonished even me.
Sending mail to a list of one billion addresses, purchased from anyone, will cause massive delivery problems, spam blocking, and decreased delivery.
One of the thing savvy spammers are doing these days is appropriating the reputation of someone else. Reputation appropriate takes many forms. Some spammers hijack windows machines, turn them into bots and send spam through major ISP smarthosts. “Legitimate email marketers” buy service from mainstream ESPs to send their permission-challenged email that they cannot get delivered through their own IP space.
There are different strategies for companies to prevent bad groups from appropriating their reputation. For the ESP, the prime defense against reputation appropriation is screening new customers and new lists.
When screening potential customers, there are three broad categories that customers fall into. One is the legit prospect that is exactly whom they represent to you, these are the easy guys. Another is the naive mailer, who really does not have any clue about email but wants to move into the digital age. This mailer is often extremely small, but knows nothing about email. The final category is the subversive prospect. This is the company who knows exactly what they are doing, and who is actively working to hide their practices from the ESP. They are attempting to subvert the process.
Over the coming weeks I will be talking more about screening new customers and how to distinguish the naive customer from the subversive one.
Friday Al posted about data verification, building on discussions last week about Mr. Poopyhead’s article on open signup forms. He has a very insightful analogy, that I like and I am going to steal (emphasis from the original).
Running a web form, especially one that requires that an Internet user provide information before handing over something, whether it be a login to a website, a free download, or a subscription to a political newsletter, is a bit like putting a box in the middle of the sidewalk, somewhere up the block, and writing “Please put my free kitten here!” on the side of the box. You might end up with something in it, but it most certainly is not going to be that kitten you were hoping for. No matter how hard you wish, there is no agreement between you and the people who stumble across that form that they must behave, and must act a certain way. And, if you’re a savvy marketer, if you know how email works, you already know that certain people who stumble across your form are NOT going to behave. (Unless you’re just going to blindly assume that whatever you received must be a kitten, because that’s what the box is for. Duh!)
The solution is to make people give correct data before they get the prize, login, reward or free stuff. This can be accomplished by using confirmed opt-in. Al has concrete reasons why this is a win for marketers so go read his post.
Yesterday I blogged about eROIs contention that consumers should not be wasting the time of lead gen companies by filling in fake data. There were lots of good comments on the post, and I strongly encourage you to go read them if you are interested in different perspectives on the data issue.
One of the arguments I was making is that people are only going to give accurate information if they trust the website that is collecting information. I do, strongly, believe this. I also believe very strongly that websites collecting information need to do so defensively. It is the only way you can get good information.
This ties in with an earlier post about a website that collects email addresses from any visitor, then turns around and submits those addresses to webforms. Hundreds of mailing lists have already been corrupted by this group. They are a prime reason companies must design address collection process defensively. There are people who do bad things, who will take an opportunity to harass senders and recipients. This company is not the first, nor will they be the last to commit such abuses.
Taking a stand against abusive companies and people may be useful, but that will not stop the abuse. It is much easier to design process that limits the amount of abuse. For lead gen, in particular, confirmed opt-in is one way to limit the amount of bad data collected. As a side effect, it also results in less blocked mail, fewer complaints and better delivery.
VerticalResponse Blog has a post up about collecting information from subscribers to mailing lists. Go check it out.
A number of ESPs have been tracking problematic signups over the last few days. These signups appear to be coming from an abusive service called SpamZa.
SpamZa allows anyone to sign up any address on their website, or they did before they were unceremoniously shut down by their webhost earlier this week, and then submits that address to hundreds of opt-in lists. This is a website designed to harass innocent recipients using open mailing lists as the harassment vehicle.
Geektech tested the signup and received almost a hundred emails 10 minutes after signing up.
SpamZa was hosted on GoDaddy, but were shut down early this week. SpamZa appears to be looking for new webhosting, based on the information they have posted on their website.
What does this mean for senders?
It means that senders are at greater risk for bad signups than ever before. If you are targeted by SpamZa, you will have addresses on your list that do not want your mail. Some of those addresses could be turned into spam traps.
- Check your signups. If you see hundreds of signups coming from the same IP address over a very short period of time, treat them carefully. There are a number of things a sender can do to limit the impact on a list.
- Delete the addresses coming from a single IP
- Confirm the addresses coming from a single IP
- Implement confirmation. Start using closed loop opt-in (double opt-in) on new signups going forward. This will keep future incarnations of SpamZa from corrupting a list. It will also prevent lists from acting as attractive nuisances.
- Do not trust vendors. Senders who are are buying a list or using a co-reg provider must confirm all the addresses before mailing them. There are some suggestions that the SpamZa people are selling addresses. Senders must protect themselves and their assets.
The one thing a sender absolutely does not want to do is add any SpamZa collected addresses to a mailing list. This is not a problem that will go away, it is out there in the wild now. This is the time to start implementing protections, not after the horse has left the barn. Confirmation is one of the better ways to protect an asset against this type of interference.
Followup post: Yet More Data Verification
RoadRunner announced changes to their FBL this morning. Everyone who is currently getting a FBL should have received an email. Important dates to remember include the following.
August 28: Existing RR FBL will be frozen. No changes to existing loops will be accepted and no new FBL applications will be processed. All current FBLs will continue to work.
November 17 (tentative): The new FBL will go live. Existing FBLs will not be converted from the old FBL to the new one. Everyone wishing to be a part of the new FBL will be required to re-enroll in the program beginning on this date.
December 31 (tentative): The old FBL ceases to exist.
More information about the migration is available at http://postmaster.rr.com/FBL.html
Through the grapevine, I have heard that PayPal is actually complying with the new CAN SPAM rulemaking and offering one-click unsubscribes.
Kevin Hillstrom over at MineThatData blog talks about using email metrics and other customer information to not market to people who cost a company money.
I thought I would give everyone a brief update on my continuing saga with trying to unsubscribe from PayPal’s marketing list. Because of what I do, I have some options not available to the average recipient. One of the things I did is ask people I know if they had any contacts at PayPal who may be able to address this issue.
I was given an internal contact at PayPal by a colleague who works at one of the certification companies. I sent the PayPal contact a brief summary of my experience. She explained she was not in a department that handled email any more, but that she forwarded my mail on to the responsible people. A little later I received another message saying that I had been unsubscribed and they were examining the tapes of my call. She also mentioned that their unsubscribe process would be changed “sometime in mid-July.” I was not given any details.
A colleague who attended the recent AOTA meeting in Seattle offered this comment.
I sat at a table during lunch with Michael Barrett, the CISO of Paypal recently at AOTA and I can assure you he is fully aware of CAN-SPAM laws and changes. Whether that translates to all layers of the company or not is another issue (one they are clearly not handling well). Ironically, his trust presenation talked about these types of battles for large companies.
In addition to looking for some personal contacts at PayPal, I contacted the vendor where I made the purchase from in February using a credit card through PayPal. He shared with me the information PayPal sent to him, including the notice that my PayPal account was unregistered. Unequivocal evidence that the last time I used their service, that I did not have an account with them. They had no business sending me that email.
His information confirms that their marketing message did violate CAN SPAM. The claims of the customer support reps that I had an existing account are contradicted by PayPal’s own statements to the vendor in February. There was no opt-out on the message as I received it.
