Alex Rubin at Return Path says hold up, wait a minute. He writes: “Our contacts at Yahoo! tell us this idea is purely in the research realm, and is not scheduled for development in Yahoo! Mail. In other words: it isn’t even vaporware and isn’t likely to be a part of the Yahoo! mail system anytime soon.” He goes on to say (I’m paraphrasing) that oops, Yahoo didn’t really intend for this research to become public.

So, apparently, there are no plans for Yahoo to roll out E-Postage today, tomorrow or next week. Nothing to see here, beyond a simple web site and some thoughts from a Yahoo researcher. Some individual’s hopeful vision for the future, not a corporate announcement of an upcoming product.

E-Postage has always been a neat idea, I’ve thought. A neat idea beset by insurmountable problems. First, end users don’t want to pay for the email messages they send, they want all you can eat. With years of webmail providers offering free email access, you’ll have a heck of a time convincing somebody’s grandmother that they have to pony up a nickel to be able to email the grandkids.

Then, answer me this: Who’s going to handle the economics on the back-end? And any time you have a computer storing a resource (like, say, account information for that tiny little bit of money you’ll need to be able to send me an email), that information can be hacked, exploited, stolen. You think spammers are actually going to pony up? Why would they? They’ll just hack into millions of exploitable computers, stealing five cents from everyone along the way, and gleefully shoveling millions of spams into millions of inboxes.

This concept of E-Postage, either paying money to send email, or spending “computational power” to send email, has been kicking around for years. Periodically, some researcher comes up with the idea anew, and suggests that we all immediately adopt their sure fire plan to solve the world’s spam problem, immediately, pennies at a time. These ideas never seem to go anywhere. And that will never change until somebody can actually convince most of the world to adopt their proposed scheme. Will it ever happen? Never say never, but I have no plans to rush out and buy e-Stamps any time soon.

– Al Iverson

Average e-mail click-through rates dropped 0.1% in the fourth quarter of 2008 from the third to 5.8%, the lowest ever recorded, according to a study released today by Epsilon. [...]

They are down from 6.1% in 2007 and 6.5% in 2006, according to the marketing services provider. [...]

According to the study, average open rates increased for the third quarter in a row to 20.9%, up almost 6% from the fourth quarter of last year.

The real factoid that jumped out at me about this is that it clearly demonstrates what a useless metric “open rate” is. As more and more people are, supposedly, reading commercial bulk email fewer and fewer of them are actually clicking on links.

What does this tell us? It tells us that open rate is not a way to tell you anything useful about an email campaign. If a sender can get more people looking at a particular email, and fewer people actually following through on the call to action, then clearly the problem is not that no one is seeing the email. There are lots of reasons why the clickthroughs might be decreasing, but it seems clear from the Epsilon study that simply getting more eyeballs will not fix anything.

Can we now stop using “open rate” to measure anything relevant?

In general, why do politicians get such lax rules? Did the crafters of CAN-SPAM actually thing that candidates would (or could) ethically deal with this? The examples in my inbox show something different.

The flip answer is that the drafters of CAN SPAM are the political candidates and exempted themselves from the law because they did not want to have to follow it.

The less flip answer is that regulating political speech has less legal precedent than regulating commercial speech. Including non-commercial email in CAN SPAM would open the law up to a Constitutional challenge. By not including anything other than commercial speech, which the Supreme Court has ruled can be regulated by the government, there is much less chance that the law will be overturned as unconstitutional. In the 2005 final rule document, the FTC addresses the constitutionality of the law and provides references to case law supporting the role of government to regulate commercial speech (2005 Final rule, p 57 – 64 (link to PDF)).

There have been other reports of political spam this season. Ron Paul supporters used open proxies in China to send spam pushing their candidate. Campaigns of other major candidates have open signups on their web sites, allowing anyone to forge any email address into the form. Political advocacy groups have had similar problems in the past with not verifying subscriptions and therefore generating lots of complaints because the recipient never actually signed up for the mail.

I do have clients who send political mail. What I tell them is that the bar is set so low on CAN SPAM that there is no reason they should not comply with the law even though it does not apply to them. Allowing people to unsubscribe? Providing a physical postal address? Not forging headers? Meeting these conditions is trivial for any legitimate candidate and gives the recipients that warm fuzzy feeling that the candidate is acting in good faith.

Most of this misguided email ranges from boring to funny, but today I got a purchase confirmation with the order number, amount and last 4 digits of the CC number. Since I “own” the email that is associated with this account, what prevents me from logging in to this guy’s account (have the e-commerce site send the password to “my” email due to my temporary amnesia) and redirecting the order to another zip code that happens to be my house?

I have recently been going through a very similar situation. It appears that someone in the UK signed up at an address harvesting website with my email address. This Mr. Laura Corbishley gave win4now.co.uk full authority to sell my email address to all and sundry, and they have. Emailinform got my address first and has been sending me email “because [I] opted in at win4now.co.uk. In the process of trying to track down this spam, I did “recover” my password at win4now.co.uk and took over the account.

I am suspicious of the signup at win4now.co.uk for a couple reasons.

1. “Mr.” Laura. Sure, it is possible someone missed a pulldown window. Possible but unlikely.
2. The postal address is Solihull, Warwickshire. But, according to Royal Mail Solihull is no longer in Warwickshire for purposes of mail delivery. The correct address is West Midlands. Another possible error, but how many people do not know their snail mail address.
3. I have never received any mail from win4now.co.uk. I have only received mail from emailinform.

I know this is fairly common, people sign up bad addresses at website, either maliciously or accidentally. Even more frustrating is the inability to contact a real human at win4now.

I checked out their privacy policy. At the very top of their privacy policy it says:

This Privacy Policy Statement explains the data processing practices of win4now.co.uk. If you have any requests concerning your personal information or any queries with regard to these practices please contact our Privacy Officer by e-mail at privacy@win4now.co.uk) and sent mail to privacy@win4now.co.uk.

Fair enough. I sent email to their Privacy Officer. In the email I explained that one of their users had fraudulently used my email address to signup and I was now receiving spam. I requested that they remove my email address and notify everyone that they had sold my address to that there was no permission with that address and to remove it from their list as well.

Win4now sent me an email back that had the following at the very top:

IMPORTANT NOTE: Please do not respond to this email, it is auto-generated and replies are not monitored.

They provided a short FAQ and no indication that there is any human actually reading the privacy mail. Having an unmonitored privacy address is bad, but the auto-ignore goes out of its way to ignore privacy questions. The text of the message answers some questions, none of which seem to address their privacy policy.

• Q: I have a problem using my Win4now password
• Q: I do not want to receive any more new competition emails
• Q: I would like to update my details
• Q: I would like to unsubscribe from Win4Now
• Q: I am having problems viewing the website
• Q: I would like to know if I am a competition winner

None of those questions relate to privacy. At the bottom of the email there is another address I can send mail to, but at this point it is clear to me that win4now is exhibiting all the signs of spammers and scammers. They are avoiding email to privacy@, they do no form of confirmation not even a welcome message giving me the chance to inform them this registration is fraudulent, they are selling my address around but there is no way for me to stop them from doing that. I have gone in and changed the preferences on that account, but given win4now’s sloppy system I do not actually believe that will have an effect.

Thanks to some helpful folks over at a large ISP, I have been contacted by people at emailinform. They have unsubscribed me from their list. They are also looking into the address purchase. I am expecting they will return with some IP address “confirming” that I signed up at win4now and that therefore their mail is not spam.

Let me be clear, an IP address is not consent. It may help jog a memory, or remind a user they did sign up. In this case, however, I can categorically say this was not me as I always use tagged addresses to sign up for mail. Furthermore, I am not a UK resident and am not eligible for any benefits of the signup at win4now or the products being marketed by emailinform.

Both of these situations speak to the importance of any group collecting email addresses, for any reason, to incorporate some sort of confirmation into the signup process. While my preference is for positive confirmation (click here if this is you), even the bare minimum of negative confirmation (click here if this is not you) would have made win4now look slightly legitimate. As it is, they do not seem any different from any other spammers collecting email addresses and selling them to all and sundry.

My specific situation also speaks to the importance of being contactable by people. Do not make it hard for your recipients to contact a person inside your organization. These are your customers there is no reason to avoid them. The dodging and weaving looks suspiciously like you are a spammer.

My clients and I, however, do have to deal with the fallout from botnets.  Because of botnets, receiver ISPs are extremely suspicious of mail from any IP address that they have not seen mail from previously. Mail from new IPs is, more often than not, a newly infected Windows machine. This results in mail from new IPs not starting with a reputation of zero but starting with a negative reputation.

Botnets are another example of spammers making it more difficult for mailers with permission to use email.

“MySpace has zero tolerance for those who attempt to act illegally on our site,” [MySpace Chief Privacy officer] Nigam said in a statement. “We remain committed to punishing those who violate the law and try to harm our members.”

These are two of the spammers responsible for me learning to read headers and report spam. Both of them have previous judgments against them. Wallace sued AOL to force AOL to accept his mail. Eventually the judge ruled against Cyber Promotions and Wallace.

The Court declares that Cyber Promotions, Inc. does not have a right under the First Amendment to the United States Constitution or under the Constitutions of Pennsylvania and Virginia to send unsolicited e-mail advertisements over the Internet to members of American Online, Inc. and, as a result, American Online, Inc. may block any attempts by Cyber Promotions, Inc. to do so.

This case was one of the first to declare that ISPs could block mail and is still cited in spam related cases. (Text of Ruling, AOL page on Cyber Promotions Case)

Walt Rines was less involved in lawsuits with ISPs, but after the demise of Cyber Promotions and his trade group (IEMMC), moved on to infecting PCs with spamware. The FTC put an end to that.

MySpace has now put an end to their account stealing and spamming through social networking sites.

I wonder what way they will discover to dump unwanted advertising on people next?

Multiple e-mails obtained by this newsletter clearly show VIV was prospecting the EEC member list from its servers in violation of the EEC’s own privacy policy. [...] Moreover, one reader sent this newsletter two separate free issues of two different editions of VIV that were spammed into his inbox on two different days. So Mullen’s claim that the effort only involved one issue of the magazine is nonsense.

So let’s recap: That’s at least two issues of the magazine—one of which was sent three times—and at least one standalone prospecting e-mail spammed into the inboxes of the members of an organization ostensibly dedicated to setting standards in the e-mail marketing industry.

I have to admit, I am not hugely surprised that the EEC is behaving this way. The DMA has long been the organization pushing for no limits on spamming. In 2003 I was sitting on a panel with Bob Wientzen at the FTC spam summit where he stated that direct marketers did not want to spam people, they just wanted the opportunity to take a single bite out of the apple. With millions of small businesses in the US, it does not take long before that apple is gone. In my experience the DMA has never been on the side of restraint or control in marketing. They seem to be all about sending more and more advertising at consumers, with the consumers unable to control  either their own personal information or the amount of junk they have to get rid of.

If this seems contrary to my post on the EEC mailing from last week, it is. I was giving the EEC the benefit of the doubt. Taking their statements at face value and giving them the opportunity to use their experience as an example of how not to do things. This week there is even more evidence contradicting their statements and explanations.

I was not the only person to give the EEC the benefit of the doubt. Ken takes a little bit of issue with that.

Does everybody get this now? Because judging by various blog entries last week, it seemed some people were simply chalking up to a learning experience the fact that the EEC handed over its members’ e-mail addresses to a private company—for whom the EEC’s co-chair, Mullen, just happens to be the vice president of marketing—to spam them multiple times with an irrelevant and inappropriate acquisition campaign.
Folks, this is not a teachable moment. Everybody in this industry knows not to pull the nonsense Zinio pulled in cahoots with the EEC—everyone, that is, except apparently the one organization claiming to be dedicated to pointing out sh*t everyone else should and shouldn’t do.

He is right. The EEC is supposed to be a leader in the industry and they should not be pulling these boneheaded moves. They should know the pitfalls and be held to higher standards than the rest of the industry.

Today, banks can flood your mailbox with all the credit card offers they want, but they can’t flood your email box with the same offers. First, it’s not as easy to get your email address as it is your postal address. Second, even if a business has your email address, you can opt-out of that first prospecting email and be free forever from further offers. For these very important reasons, there is no direct linear progression from mail to email in the marketing world. Email is the most cost-effective retention, cross-sell and loyalty tactic in the universe, but it is not a viable acquisition tool in the way that direct mail is (though some would argue both are equally bad due to the sheer amount of wasted impressions).

The big reason he missed is complaints. It is difficult, if not impossible, to complain about direct mail. Even the opt-outs listed on the circulars do not work. For email, though, complaints are trivial. The ISPs have set up and manage a way for recipients to tell a sender they do not want any mail from that sender. Those complaints feed a scoring engine that allows the ISP to block mail that the recipients mark as spam. This feedback process makes it extremely difficult to use purchased email lists to acquire new customers.

Hat tip: BeRelevant

The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements; (3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

Once the rules are published, I will be sure to link to them and comment on them here. From the FTC press release, it seems that the rules are reasonably sane and any current mailer following best practices will already be in compliance.

Hat tip: MailChimp