Some of those folks are clients or sales prospects but some of them are actually industry colleagues that have customers sending spam. In either case, I’ve been thinking a lot about best practices and what we all mean when we talk about best practices. In conversing with various people it’s clear that the term doesn’t mean what the speakers think it means.

For me, best practice means sending mail in a way that create happy and engaged recipients. There are a lot of details wrapped up in there, but all implementation choices stem from the answer to the question “what will make our customers happy.” But a lot of marketers, email and otherwise, don’t focus on what makes their recipients or targets happy.

In fact, for many people I talk to when they say “best practice” what they really mean is “send as much mail as recipients will tolerate.” This isn’t that surprising, the advertising and marketing industries survive by pushing things as far as the target will tolerate (emphasis added).

Just as it did over-the-air, those purveyors of television advertising will push the limits of toleration in their quest for profit. There’s nothing wrong with that, but let’s understand that in so doing, we’re pushing people who can now push back.

The unwanted messages theme is the same with mass media in print. A paper with nothing but ads is called a sale paper or advertising supplement. There’s only so far you can stretch the display advertising model before people begin to complain, too. Why? Because there’s no demand for unwanted messages.

The ability of people to push back is magnified in the email space. Recipients can push back against unwanted messages directly as individuals by using the this-is-spam button in their mail clients. They can block certain senders, they can filter mail out of their inbox. But even more than that, if many recipients push back against a particular sender, the ISPs notice. Their individual pushbacks are noticed the ISP acts to block or filter mail for all their users.

Best practices aren’t just about authentication, or personalization or any of the specific actions people are thinking about when they mention best practices. The term best practices is really shorthand for “don’t send spam.” Unfortunately, there are a lot of companies that send spam and still proclaim they’re following all best practices.

Really. Spam isn’t a best practice.

In Rik Ferguson’s investigation (which I read about on CNet News), he came across a link to a URL that asked for his Facebook credentials, supposedly necessary to allow installation of a specific Facebook application. Once the credentials were handed over, the app immediately spammed all of his Facebook friends, sending them a bogus notification, attempting to draw them into visiting the phishing/malware URL, with (one assumes) the hope of spreading the infection even wider.

He’s a researcher for Trend Micro, so he knows what he’s doing. But for the rest of us, this highlights how necessary it is to be careful with who you give your usernames and passwords to. In my opinion, it’s never safe to take your username and password from one site and hand it over to another site. Some social networking make the problem even worse by blurring the lines between safe and unsafe by asking for usernames and passwords to third party accounts, but you just can never know with 100% certainty which sites are legitimate and which ones aren’t.

– Al Iverson

In my own mailbox, I have noticed a drastic decrease in the amount of spam over the last week. I am too jaded to expect that the change is permanent, but it is nice while it lasts.

Multiple e-mails obtained by this newsletter clearly show VIV was prospecting the EEC member list from its servers in violation of the EEC’s own privacy policy. [...] Moreover, one reader sent this newsletter two separate free issues of two different editions of VIV that were spammed into his inbox on two different days. So Mullen’s claim that the effort only involved one issue of the magazine is nonsense.

So let’s recap: That’s at least two issues of the magazine—one of which was sent three times—and at least one standalone prospecting e-mail spammed into the inboxes of the members of an organization ostensibly dedicated to setting standards in the e-mail marketing industry.

I have to admit, I am not hugely surprised that the EEC is behaving this way. The DMA has long been the organization pushing for no limits on spamming. In 2003 I was sitting on a panel with Bob Wientzen at the FTC spam summit where he stated that direct marketers did not want to spam people, they just wanted the opportunity to take a single bite out of the apple. With millions of small businesses in the US, it does not take long before that apple is gone. In my experience the DMA has never been on the side of restraint or control in marketing. They seem to be all about sending more and more advertising at consumers, with the consumers unable to control  either their own personal information or the amount of junk they have to get rid of.

If this seems contrary to my post on the EEC mailing from last week, it is. I was giving the EEC the benefit of the doubt. Taking their statements at face value and giving them the opportunity to use their experience as an example of how not to do things. This week there is even more evidence contradicting their statements and explanations.

I was not the only person to give the EEC the benefit of the doubt. Ken takes a little bit of issue with that.

Does everybody get this now? Because judging by various blog entries last week, it seemed some people were simply chalking up to a learning experience the fact that the EEC handed over its members’ e-mail addresses to a private company—for whom the EEC’s co-chair, Mullen, just happens to be the vice president of marketing—to spam them multiple times with an irrelevant and inappropriate acquisition campaign.
Folks, this is not a teachable moment. Everybody in this industry knows not to pull the nonsense Zinio pulled in cahoots with the EEC—everyone, that is, except apparently the one organization claiming to be dedicated to pointing out sh*t everyone else should and shouldn’t do.

He is right. The EEC is supposed to be a leader in the industry and they should not be pulling these boneheaded moves. They should know the pitfalls and be held to higher standards than the rest of the industry.

The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements; (3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

Once the rules are published, I will be sure to link to them and comment on them here. From the FTC press release, it seems that the rules are reasonably sane and any current mailer following best practices will already be in compliance.

Hat tip: MailChimp

Mickey posts on Intellectual Intercourse about spam received from a recruiting agency trying to get him to hire one of their clients. This spam was amusing in that it contained reference to a bill that Mickey helped defeat years ago.

Box of Meat blog links to a CSO online article graphically demonstrating a botnet. The representation is really helps to understand the scope of the problem.

On Bronto Blog DJ posts about resurrecting old addresses. He has it right when he says: “If you continue to send email to customers that is random and unexpected, there will be consequences.”

Matt at ReturnPath has a couple posts about who should get delivery services and how ReturnPath chooses customers. This is something I end up dealing with occasionally. There are not specific types of companies I refuse to do consulting for. I will generally provide consulting on best practices to any business segment. My one restriction is that I will not provide ISP relations (ie, contacting the ISPs) for companies that do not send opt-in email. This has caused consternation with some potential customers.

Mark Brownlow at No Man is an iland suggests renaming “open rate” as “render rate” in an effort to make it much clearer what “open rates” really measure. Expect to see render rates referred to here on this blog in the future.

Josh talks about suppression list abuse on Deliverability.com. For those of us who use unique addresses for every signup, it quickly becomes clear that there are leaks in the suppression process. I have also seen problems with leaks from subscriptions, so do not think the problem is just in suppressions.

• sending out multiple copies of an email to the same recipients
• sending offers from a third party to recipients who did not opt-in for third party mail
• sending mail from a unrecognized address
• sending an offer of no interest to many of their recipients

In addition to the email mistakes, they also made some serious marketing mistakes, such as

• leaving out the branding
• leaving out personalization

The execution of this mailing was abysmal.

I have no direct experience with the EEC, but if they are truly leaders in the email industry, then they will use this experience with email gone horribly wrong as an example. There are lessons here, for the EEC and for all email marketers. Ideally, those lessons will be learned and shared in detail so that other marketers will not repeat these mistakes.

Other articles on this: BeRelevant, Ken Magill, EmailKarma, EEC.

Sanford Wallace (the spammer that prompted me to start figuring out how to read headers) lost his suit with MySpace for failure to comply with court orders and failing to turn over documents.

Scott and Steve Richter are in the Washington Post today in an article discussing hijacked IP space. Reading the Post article, though, it appears that Scott legitimately bought a business with a /16 and there is no hijacking going on. Spammers have hijacked IP space illegitimately in the past, but this does not seem to be the case.

The AOL postmaster blog has its first post up talking about bounces.

BeRelevant has a great blog with lots of suggestions email best practices.

Mark Brownlow had a great post this weekon moving the unsubscribe button to the top of your newsletter to make it easy for customers to unsubscribe. The comments are a must read as well, including one commenter that saw the number of ‘this is spam’ hits go down when he moved the unsubscribe link to the top of the email.