One of the critical things to remember about blocklists is that they are an early warning sign. Sure, some of them are one crank and his cat and will not hurt your overall delivery. A sender may be listed for totally spurious reasons . On the other hand, many of the widely used public lists and the private lists at the big ISPs, list IPs that they see as doing something wrong.

The challenge for anyone listed on any IP based blocklist is to look inside and determine what it is that they’re doing that caused the listing. The first step is to look at the technical issues, does your mail look like something coming out of infected bots? Is there a configuration problem? If the answer is no, then senders have to look at their practices. Are they sending mail to people who don’t expect it? Are they sending mail to people who didn’t ask for it? Most listings that will affect large numbers of recipients fall into the above 2 categories: technical or practices.

Technical problems can be fixed easily, once they’re identified. Permission or practice problems can also be fixed, but may require a sender reassess how they are using email and what value email brings to the business.

Three myths about DKIM by John Levine. A very good explanation taking down some of the myths of DKIM. Also on the DKIM front, RFC 5585 DKIM Service Overview was published last month. According to Cisco, DKIM adoption is climbing. More information about DKIM is available at dkim.org and our own dkimcore.org.

The always awesome guys at Mailchimp have embraced twitter as part of their platform. Not only have they  set up their own service for link shortening so that links can be tweeted, but have also incorporated twitter stats into their mail dashboard.

Al has an insightful post on delivery, spam filtering vendors and the differences (or lack thereof) between B2C and B2B marketing. As I tell my customers, there is no switch inside the filtering scheme for “I know this person, they’re OK, let the mail in.”

Terry Zink has started a series about blacklists triggered by the recent SORBS announcement.  His first post, My take on blacklists, part 2, discusses how some people go about building a blocklist from scratch.

Happy 7-8-9 everyone.

In one case, a client had a spammer slip onto their system. As a result the client was added to the SBL. The client disconnected the customer, got their IP delisted from the SBL and all was good until the spammer managed to sweet talk the new abuse rep into turning his account back on. Predictably, he started spamming again and the SBL relisted the IP.

My client contacted me and asked me to intercede with Spamhaus. I received a detailed analysis of what happened, how it happened and how they were addressing the issue to prevent it happening in the future. I relayed the info to Spamhaus, the block was lifted and things are all back to normal.

Contrast that with another client dealing with widespread blocking due to a reputation problem. Their approach was to ask the blocking entity which clients they needed to disconnect in order to fix the problem. When the blocking entity responded, the customer disconnected the clients and considered the issue closed. They didn’t look at the underlying issues that caused the reputation problems, nor did they look at how they could prevent this in the future. They didn’t evaluate the customers they disconnected to identify where their processes failed.

The first client took responsibility for their problems, looked at the issues and resolved things without relying on Spamhaus to tell them how to fix things. Even though they had a problem, and is statistically going to have the occasional problem in the future, this interaction was very positive for them. Their reputation with the Spamhaus volunteers is improved because of their actions.

The second client didn’t do any of that. And the people they were dealing with at the blocking entity know it. Their reputation with the people behind the blocking entity was not improved by their actions.

These two clients are quite representative of what I’ve seen over the years. Some senders see blocking as a sign that somehow, somewhere there is a flaw in their process and a sign they need to figure out how to fix it. Others see blocking as an inconvenience. Their only involvement is finding out the minimum they need to do to get unblocked, doing it and then returning to business as usual. Unsurprisingly, the first type of client has a much better delivery rate than the second.

Stephanie Miller over at ReturnPath addresses the lost revenue from current programs.

Consider that if we can earn a nearly $60 ROI by creating email programs that are compelling to just a few subscribers, just occasionally – imagine what we could do if we actually optimized our programs. Your true email ROI isn’t captured by averages. It’s misleading to think about email’s contribution without factoring in the risks of batch and blast which include higher spam complaints and diminished deliverability, list churn and inattentive customers, brand damage and lost future revenue through continued irrelevancy.

Yes. Bad email marketing is profitable now. But the email landscape is not static. Senders must continually improve their programs in order to stay ahead of consumer demands and ISP changes.

Mark Brownlow over at Email Marketing Reports addresses companies who currently have successful email marketing programs even though they do not follow all the sender best practices.

Yes, some of the more advanced techniques and tactics rely on access to tools or expertise that, frankly, the majority of us don’t have or can’t find the required investment for.

But there are so many ignored best practices that involve minor tweaks requiring a few minutes of your time. No exaggeration…just a few minutes to make small changes that can make big improvements to your success.

Some of my clients come to me in crisis mode, they were blocklisted or suspended from their ESP for AUP violations. Because their email programs are suspended, they are forced to scramble to make massive changes to their program. This is the absolute worst time to be make changes, when under external and internal pressure. Often the changes that must be made to comply are drastic and immediate. In contrast, when making changes to a currently active and working email program. Internally driven, gradual change will avoid the panic and result is a marketing program more protected against blocklisting or suspension.

Multiple e-mails obtained by this newsletter clearly show VIV was prospecting the EEC member list from its servers in violation of the EEC’s own privacy policy. [...] Moreover, one reader sent this newsletter two separate free issues of two different editions of VIV that were spammed into his inbox on two different days. So Mullen’s claim that the effort only involved one issue of the magazine is nonsense.

So let’s recap: That’s at least two issues of the magazine—one of which was sent three times—and at least one standalone prospecting e-mail spammed into the inboxes of the members of an organization ostensibly dedicated to setting standards in the e-mail marketing industry.

I have to admit, I am not hugely surprised that the EEC is behaving this way. The DMA has long been the organization pushing for no limits on spamming. In 2003 I was sitting on a panel with Bob Wientzen at the FTC spam summit where he stated that direct marketers did not want to spam people, they just wanted the opportunity to take a single bite out of the apple. With millions of small businesses in the US, it does not take long before that apple is gone. In my experience the DMA has never been on the side of restraint or control in marketing. They seem to be all about sending more and more advertising at consumers, with the consumers unable to control  either their own personal information or the amount of junk they have to get rid of.

If this seems contrary to my post on the EEC mailing from last week, it is. I was giving the EEC the benefit of the doubt. Taking their statements at face value and giving them the opportunity to use their experience as an example of how not to do things. This week there is even more evidence contradicting their statements and explanations.

I was not the only person to give the EEC the benefit of the doubt. Ken takes a little bit of issue with that.

Does everybody get this now? Because judging by various blog entries last week, it seemed some people were simply chalking up to a learning experience the fact that the EEC handed over its members’ e-mail addresses to a private company—for whom the EEC’s co-chair, Mullen, just happens to be the vice president of marketing—to spam them multiple times with an irrelevant and inappropriate acquisition campaign.
Folks, this is not a teachable moment. Everybody in this industry knows not to pull the nonsense Zinio pulled in cahoots with the EEC—everyone, that is, except apparently the one organization claiming to be dedicated to pointing out sh*t everyone else should and shouldn’t do.

He is right. The EEC is supposed to be a leader in the industry and they should not be pulling these boneheaded moves. They should know the pitfalls and be held to higher standards than the rest of the industry.

Overall, I think there is room for discussion and feedback between senders and recipients, but on both sides the goal needs to be improving the enduser experience.

And sure, it’s a best practice for filtering companies to respond politely to requests from filterees. But is it a requirement? Do senders have a right to demand explanations?

There is not really an easy answer for that. My first response is “of course not!” but then I think about some of my clients who really have been trying to do the right thing and how we work through issue after issue and finally fix everything I can think of, but they still have delivery problems. These are not spammers, they are sending mail to people who have asked for it and by all measures do actually want it, but some mail is being blocked for reasons neither my client or I can figure out. In those cases it would be really nice if someone from the group doing the blocking would take 10 minutes to point me in the right direction and show me what I missed.

I have been doing this long enough to know that spamfilters are not 100% accurate. I know there are times when a specific block is outside the scope of what email the filter designer, or user, expected to block. Look at what happened when Yahoo started using the PBL a few months back. There was a bug in the implementation that neither Yahoo nor Spamhaus expected and that caused mail from IPs not listed on the PBL to be blocked because of the PBL. With a valid report of the problem, I could contact both Spamhaus volunteers and someone at Yahoo to point out there was a problem with the implementation. Yahoo and Spamhaus figured out the issue and fixed the problem and Yahoo is no longer blocking IPs not on the PBL for being on the PBL.

I do believe that there are times when feedback from senders and blockees is beneficial and can help improve the overall filters. I have clear evidence this is the case.

On the flip side, I also have been in the email business long enough to know that more than 99% of senders just want their mail delivered and do not care about anything other than getting into the inbox. They believe every block is a mistake and the ISP / spamfilter is wrong or broken. They are not interested in actually making sure the implementation of the filter meets the design goals, usually they do not care what the goals of that filter are. They are just interested in delivery of their mail. This creates a signal / noise ratio into the filters or ISPs that is so weighted to the noise side, there is almost no value to the filter or ISP in even having a channel for the small amount of signal.

The reality is that most senders do not spend a lot of time looking into a block before contacting the ISP. They use the ISP points of contact as a way to avoid doing hard work internally. This transfers lot more work onto the ISPs and makes them less conducive to working with any senders at all.

I also think there are slightly different obligations on commercial spamfiltering companies and ISPs in regards to listening to senders. Commercial spamfiltering companies are further removed from the end user than the ISPs are. In many cases the end user has no idea that the spamfiltering at their ISP has been outsourced to a commercial company and they have no internal resolution path. They can contact their ISP, but that is only useful if the ISP has an escalation path back to the filtering company. I think that this distance, and the fact that the spamfiltering companies are profiting directly from blocking mail, means that spamfiltering companies have more of a responsibility to be accessible to the people they are blocking. The irony is that the spamfiltering companies are generally less accessible to senders than ISPs are.

Overall I do not think that good spamfiltering happens in a vacuum, and that reliable reports from senders about inaccurate filtering help improve blocking schemes. Senders are not in a position to be making any demands of ISPs and filtering companies, however, I do believe that the end user experience would be better if there were more communication between senders and recipients. The problem is that the history of communication between the two groups has been contentious at best and there are only so many times the receivers are going to spend time listening to the senders, again.

I guess it boils down to no, senders do not have a right to demand explanations, but things might be better if more ISPs and spamfiltering companies engaged with non-spamming but blocked senders more often. Sorting out those non-spamming but blocked senders from legitimately blocked senders is the real trick and I expect if receivers could do that reliably, there would be no false positives.

Recently the FTC settled with Cyberheat over their liability for the behaviour of their affiliates. In this settlement Cyberheat is required to monitor their affiliates as follows:

• Contractually requiring the affiliate to identify any subaffiliates it intends to us
• Providing each affiliate a copy of the Order
• Obtaining from each affiliate an express agreement to comply with the Order and the CAN SPAM Act
• Contractually requiring each affiliate that intends to use email marketing to provide Cyberheat, at least 7 days before the campaign, the email address from which the email will be sent, the subject line, the proposed dates the email will be sent, the email addresses to which the email will be sent, and a certification regarding how the addresses were obtained
• At least 3 days prior to an email campaign being conducted, Cyberheat must review the campaign for compliance with the CAN SPAN Act and provide written acknowledge that it has reviewed the campaign and that it complies with the CAN SPAM Act, and
• Requiring each consumers that signs up for Cyberheat service to identify the manner through which they heard of the service. If they heard of the service via email, Cyberheat must monitor the affiliate that sent the email for continued compliance with the CAN SPAM Act.

These conditions are very similar to the conditions I helped some clients establish when they ended up on the SBL due to the behaviour of their affiliates. We did set contractual limits on what the affiliates could do, and require they comply with an AUP. We also set out a vetting process to verify that the affiliate would not send spam. Questions all affiliates had to answer included:

1. Company name, address, domain, opt-in policies
2. Main website
3. Outgoing mail IP(s)
4. Domains used in email
5. Where do they get their email addresses?

Each candidate must pass the at a minimum checks:

• Check the opt-in policies as listed on the website.
• Check mail IPs on spamhaus and other blacklists
• Check rDNS on IPs
  • Is their reverse DNS set up
  • Is it reasonable
  • what is rDNS of nearby space
• Check whois record
  • How new is the record
  • Is there valid contact information in the record?

Additionally, a unique address will be signed up at every affiliate.

One of the difficulties my client and I discovered while vetting affiliates is that many affiliate programs hide their mailing IPs and will refuse to reveal any information about where the mail comes from. This makes it difficult, if not impossible, to determine if they are associated with any reports of spam.

I have yet to find the silver bullet for determining the cleanliness of an affiliate program. I think it is clear, though, that the FTC expects companies to know who their affiliate mailers are and to not patronize affiliates who are sending spam.

Hat tip: Venkat

Analysis of the raw data suggests to me that Fiveten’s poor (high) false positive rates is primarily due to Fiveten’s listing of “bulk mailers that don’t require closed loop confirmation opt-in from all their customers.” As a result, Fiveten has thousands of senders listed that have never send spam, specifically because they choose not to utilize double opt-in. This means that Fiveten is effectively a tool that blocks “things the maintainer doesn’t like,” which is a wholly different criteria than blocking spam. Against my own data, it appears that there is no direct correlation between spam and the blacklist maintainer’s choices for listing criteria.

I’ve not been worrying much about FiveTen listings with my clients over the years. Analysis of delivery logs shows that FiveTen is not widely used by large receiver sites and the number of emails rejected related to a FiveTen listing is relatively low.