Reading some of the articles on the case, though, I’m less worried. This isn’t a blogger making some statements. Instead, Ms. Cox acted more like a stalker and harasser than a reporter. The judge even concluded that had she been granted protection as a journalist it was unlikely she could prevail as there was little factual basis for her statements.

Others have done better summaries of the case and the effect and I encourage everyone to read them.

Seattle Weekly
New York Times
Ars Technica
Forbes

I also discourage folks from applying this ruling to all bloggers. It’s not clear she was doing anything journalistic. I did find it interesting that some of her techniques to ruin the lawyer’s search results were defined as Search Engine Optimization. I’ve long thought SEO was akin to spam: say something often enough in enough places and you start to dominate the conversation. Not because you have anything useful to say, but because no one can get an idea in otherwise.

My bayesian filter gets trained mostly by me hitting “this is spam” when spam makes it to my inbox. If I’m expecting an email “immediately” – something like a mailing list COI confirmation or email as part of buying something online – I’ll check my spam filter and move the mail to my inbox in the rare case it ended up there. Other than that I let it and spamassassin chug along with no tweaking.

I’m starting a data analysis project, based on my own inboxes, and as part of that I’m using some tools to look for false positives in my junk folders, and manually fixing anything that’s misclassified. I’ve been doing this for a couple of hours now, and I’ve found some interesting things.

1. Simple content filters work remarkably well out of the box, at least for my mail stream. Spectacularly well. There’s very little in the way of false positives. Very, very little.
2. Of those false positives there’s nothing I’d have been bothered about. It’s generic, unexciting junk mail.
3. Most of the systemic false positives seem to be correlated with the senders doing something bad. Heathrow Express, for instance, sent me mail every two weeks or so since I’d signed up. Then for no obvious reason they stopped sending for three months, then started sending again. Every mail they sent after that pause ended up in the junk folder, and I never missed them.
4. I get regular newsletters from ThinkGeek. Every one of those goes to the inbox. I occasionally get mails from them about my account (“you’ve got 420 geek points left”) that are kinda transactional, but not something I expect to see – and they all end up in the junk folder. Several other senders do the same thing, and get the same result.
5. Several companies have used tagged addresses to send me newsletters for a while, and also used them to send unsolicited facebook invites (to the tagged address, from facebook servers). The regular newsletters all go to the inbox, while the facebook invites all go to the junk folder. “Legitimate” facebook mail, meanwhile, keeps going to the inbox.
6. Apple send me a lot of newsletters – I’m a Mac and iPhone developer, I get their consumer newsletters, transactional stuff from our local store – lots and lots of newsletters. They all made it to the inbox except for one. The one that ended up in the junk folder was a one-off about recycling, and it wasn’t up to their usual design standards – it had ugly big green “call to action” headlines in it, very different to their usual clean design.
7. Just one sender hit the junk folder every time. The distinctive thing about their messages (apart from them not being something I missed) was that the plain text part of them was dreadful, just a bad lynx dump of the html section. Even a “No plain text for you! Go to this link!” would have been better.

I was surprised at how effective this simple content-based filtering setup had worked with little tuning other than hitting the this-is-spam button – both in it’s accuracy at removing spam while keeping a very low false positive rate, but also how well the false positives matched my judgement of “Meh. This mail isn’t interesting.”.

We spend a lot of time talking about the things you should do to make the mail relevant to the recipient – compelling content, consistent, predictable delivery schedules, clear consistent branding, use of a single consistent mail stream to communicate with a recipient rather than several different streams. Until I went through this exercise it wasn’t clear to me how much of an effect those things also have on fairly simple recipient-trained filters.

We spent the past week with family on the east coast. Our flight back to the west coast was very, very early Sunday morning so I booked a night at the airport hotel. That way we could just stumble to the shuttle at some horrible hour and not worry about trying to coordinate drivers and cars and all that other stuff.

As we were headed to the airport, I pulled out my phone to confirm directions. I found a new message in my mailbox offering me the opportunity to check-in online. I decided to see how it worked.

1. Click link in email that takes you to a webpage.
2. Confirm data pre-populated on the webpage.
3. Select time you’re going to arrive at the hotel.
4. Click check-in.

Immediately afterwards, I received an email confirming the check-in process.

All the information I needed

We arrived at the hotel about 20 minutes later. There was no line for check-in, so I didn’t bother scanning, just gave my name at the desk. They had all my info, gave me a key and we were checked in.

It gets better. Instead of the normal printed bill under the door in the middle of the night, they sent me email. From this email I was directed to a website where I could review all my charges, confirm they were correct and then check out. I could even choose the time I wanted to check out. All I had to do when leaving was drop off my key and wave goodbye.

I’m often impressed when someone gets email right. I know I shouldn’t be, email is not rocket science. But there are so many poorly designed and executed email programs out there that it’s often a surprise when I see a program that works.

Not only that, a well-functioning email program tells me quite a bit about the company.

• They understand I’m traveling and don’t always have access to a printer, so they give me a virtual barcode to scan.
• They understand I’m probably reading email on a mobile device and design emails for those devices.
• They make sure the information I need is easy to find, including their address and phone number of the hotel.
• They don’t need to sell me at every touch point, they already have my business, so the emails focus on the current transaction with branding and invitations at the bottom of the email.

This email tells me that Hyatt puts my needs, as a customer and a traveler, first. And that does mean they’ve earned my repeat business.

The frequency recipients will respond to depends on the type of mail, the recipient expectations, the sender and a host of other factors.

For one example look at the mail sent by social networks. Many people, myself included, will accept dozens of emails a day telling me someone wrote on my Facebook wall or retweeted something I said or wants to link to my network on LinkedIn. Another example is when I’m traveling or waiting to pick up someone who is, I am thrilled to receive multiple updates an hour from the airline.

This willingness to receive frequent commercial or bulk emails doesn’t necessarily translate to marketing emails. When Sur la Table started sending double digit amounts of email a week, I down-subscribed, and had they not let me pick an acceptable-to-me frequency I would have unsubscribed completely.

A lot of marketing experts insist that mailers don’t send frequently enough. That increasing frequency increases ROI. What a lot of people miss are all the caveats in the fine print. In their minds, increasing frequency goes hand in hand with increased segmentation, targeting and recipient specific emails.

The idea isn’t simply to mail the entire list more frequently but to mail those who are more open to increased frequency. This is an idea I wholeheartedly support.

As a past guest and/or meeting planner of Millennium Hotels and Resorts we are pleased to share these occasional special offers. If you no longer wish to receive email communications from us, please click the unsubscribe link. Please note that this broadcast is sent from an address which is not monitored. If you have questions about the offer, please contact us directly. Our hotel contact details may be found in this email offer above or you may visit www.millenniumhotels.com.

This is the footer of an email sent by a hotel I stayed at sometime in the past. I thought it was a year ago, but I checked with the groom of that particular wedding party and it seems it was 2 years ago. My, how time flies.

But where is the relevancy to me? I went to the hotel as a part of a block carved out for the above mentioned wedding. It was two years ago and I’ve not been back to that city since. I can understand that there are long periods of time between visits to a city. And I can understand that sending emails to people who haven’t stayed in your hotel in 2 years might make good marketing sense.

What I can’t understand is why this hotel thought that this particular deal might be of interest to me. Remember, I visited said hotel as part of a wedding party. The hotel knows I came just for a wedding. So a good “come back” message might be to visit my friends and take them out for dinner to remember their wedding day. Or something slightly relevant to what I did the last time I was in that city.

What is clearly irrelevant is an offer to come visit the hotel and get tickets to see the local baseball team play. Wait? What? Baseball? Baseball in a city 2 timezones east of me? Really? They know where I live, they could have even made it slightly more relevant by offering me tickets to see one of my local teams play their team. Sadly, no, they didn’t even do that.

Email recipients want mail that speaks to them. That brings them an offer or an idea or information. That makes their lives easier or better or happier. What they don’t need is irrelevant junk clogging up their inbox.

What senders want is email that persuades recipients to buy something.

In this case Millennium hotels gave me fodder for a blog post, which does make today a little easier. But I also unsubscribed from future emails because it’s unlikely I’m going to return to that particular city any time soon. And if I do I’ll probably stay with friends and not in a hotel.

What did Millennium hotels get out of this? Not a whole lot, other than a lot of unsubscribes and probably a number of complaints. Oh and a blog post talking about how badly they ran this particular marketing campaign.

Over the years I’ve heard just about every excuse as to why a particular client can’t set expectations well. One of the most common is that no one does it. My experience this weekend at a PetSmart indicates otherwise.

As I was checking out I showed my loyalty card to the cashier. He ran it through the machine and then started talking about the program.

Cashier: Did you give us your email address when you signed up for the program?

Me: I’m not sure, probably not. I get a lot of email already.

Cashier: Well, if you do give us an email address associated with the card every purchase will trigger coupons sent to your email address. These aren’t random, they’re based on your purchase. So if you purchase cat stuff we won’t send you coupons for horse supplies.

I have to admit, I was impressed. PetSmart has email address processes that I recommend to clients on a regular basis. No, they’re not a client so I can’t directly take credit. But whoever runs their email program knows recipients are an important part of email delivery. They’re investing time and training into making sure their floor staff communicate what the email address will be used for, what the emails will offer and how often they’ll arrive.

It’s certainly possible PetSmart has the occasional email delivery problem despite this, but I expect they’re as close to 100% inbox delivery as anyone else out there.

We could have fodder for blog content for weeks!

Right now I’m just going to look at one of the reasons why it’s worth stealing a list of email addresses from an ESP or a list owner, rather than just gathering them from other sources. That is, why the ESPs and list owners are high value targets beyond just “that’s where the email addresses are“.

If you steal a list of addresses from a list owner, or a bunch of lists from an ESP, you have one very useful extra piece of information about the recipients beyond the usual name-and-email-address. You know a company that the recipient is already expecting to receive email from.

That means that you know someone you can pretend to be in order to get a recipient to open and respond to a malicious email you send them – which will make an attempt to phish someones credentials or compromise their computer via email much more likely to be effective.

A good example of targeted phishing for credentials is the online game World of Warcraft. There’s a huge criminal underground that makes real world money by selling game money to players. The main thing the gold sellers need to have to be able to acquire game money, advertise their services to players and to give game money to players in return for dollars is an endless series of World of Warcraft accounts. Blizzard, the World of Warcraft owner, work reasonably hard to squash those accounts and make it slightly tricky for the gold sellers to sign up for them, so stealing account credentials from existing users is a great way to get them. And you can also strip those accounts bare of in-game possessions and gold in the process.

Some of the phishing is done in the game itself, where you know that everyone has an account you can steal if you can just get them to visit your website and compromise their machine…

… but that’s something that’s requires a lot of work to do given the work Blizzard does to prevent it, and which isn’t that effective. It’d be much more effective if you could send messages via email, outside the game, which pretend to come from Blizzard. All you need to do that effectively is a list of email addresses of people who play World of Warcraft.

Cracking Blizzards database would be tricky, as they keep all their email addresses in-house and don’t send them out to third parties. But there’s a healthy ecosystem of third party websites that are used by WoW players, which gather email addresses and which are easier to crack. Some time in early February one of those, curse.com, was compromised and their list of email addresses stolen. I can track this because I gave Curse a tagged email address. Since then that tagged address has received a steady trickle of plausible looking emails claiming to be from Blizzard, suggesting that my login needs to be validated, or my WoW account is about to be suspended, or that someone is trying to break into my account or…

The common factor is that they’re trying to make me go to a fake WoW or Blizzard website and either enter my username, password and (in some cases) the magic cookie produced by my two-factor authentication widget or download some piece of malware disguised as an official WoW update that’ll compromise my machine and (usually) install a keylogger to steal my login that way.

These emails do most of the things we talk about an effective email campaign doing.

• They’re well branded (as Blizzard)
• They contain well-crafted content that is relevant and compelling to the recipients.
• They’re well targeted, all the recipients have a strong interest in the subject – World of Warcraft
• There’s a strong, ongoing relationship between the recipient and who the sender claims to be
• And finally, the emails contain a strong call to action – come to our website (and compromise your WoW account)

The key thing that enabled the accurate targeting of their phishing and malware emails was being able to steal a list of addresses that they knew were engaged WoW customers.

And that’s one reason why a list of email addresses of customers of a company is valuable to online criminals and why email senders – both ESPs and companies sending their own email – will increasingly be high value targets for data theft.

The server hosting that mail system has been flakey lately, and needs to be hard power cycled to make it come back. We had a major power glitch this morning and so ended up down at the colo and power cycled that box while we were there.

This box was last working February 4th. It’s been off the internet for almost 2 months now. It wasn’t answering on port 25. It was dead. No mail here. And, yet, a bunch of legitimate email marketers are still attempting to send those addresses mail.

Really. Dead for 2 months and the senders keep trying to mail to those addresses. The server came back about 2 1/2 hours ago. I already have 6 emails from two different senders.

Seriously. If you can’t deliver a mail to someone for TWO MONTHS just give it up already. I am sad that even companies that get the best advice I can give them still can’t get the simple things right.

And, really, don’t argue “but it came back! Clearly we should keep trying!” Yes, it came back. But in all the years I’ve had this disposable email system I have not opened a single image. I’ve not purchased a single thing. I’ve never shown any sign of life on any of those addresses. The mailserver has been down for months at a time. There is no value to continuing to send mail to those addresses. And, yet, people still do it.

Why? WHY!?

We don’t get much spam on Yahoo, mostly because we don’t give our email address out much. The only spam we really get is from <stockbroker website>, and that all goes to the spam folder. We use the site for checking stock quotes – it’s free, and we never see any of the spam they send.

A typical email marketer would look at that and object loudly to her use of the “S word” to describe their email – it’s mail the subscriber signed up and gave permission for, and they have an ongoing relationship with the sender, and they haven’t unsubscribed, and, and, and…

But a delivery expert will point out that none of that matters one jot. Sure, the sender has a figleaf of permission, because they convinced the recipient to “subscribe to their mailings” (even if that was via the threat of withholding a free web service if they didn’t sign up). And that does provide some legal protection.

But as far as delivering email to recipients inboxes, let alone receiving any ROI for an email campaign, it’s pretty much irrelevant. The recipient perceives the mail as spam, and describes it as such to other people – “<stockbroker company> sends spam” is not the image you want to have. The subscriber doesn’t read the email, doesn’t want the email, certainly doesn’t pull it out of the spam folder and may well be hitting the “this is spam” button for messages that end up in the inbox.

You’re certainly not getting any benefit at all from that subscriber, and their relationship to the mail you’re sending them – not opening or interacting with it, categorizing it as spam, etc – is teaching their ISPs spam filters that your mail is unwanted spam. The reputation of your domain, your content and your sending IP addresses will suffer, and your delivery rates to all your subscribers will suffer.

If you’re forcing someone to give you permission, it’s not permission-based marketing.

What worked today won’t work tomorrow. Spammers are forever evolving new techniques to get past spam filters. ISPs are forever evolving new techniques to stop them.

One of the current driving forces for spam filter development is focused on the individual recipients. Recipient wants and needs are king in the world of ISP mail filtering. Much of that is driven by the underlying business models of the free ISPs. They are selling eyeballs to their advertisers and that relies on keeping as many eyeballs around for as long as possible.

An early version of the recipient driven filtering was “add to your address book” where individual users could over ride ISP delivery decisions by actively adding a From: address to their address book. The ISPs have been refining this over time. For instance, if you reply to an email in some clients, you are prompted to add that address to your address books. If you take an email out of your bulk folder and move it to your inbox then that address is automatically added to your address book.

But the refinements haven’t stopped there. ISPs are now making smart decisions about what emails a particular recipient will want to receive. This raises a number of challenges to senders. How do you send email to ten thousand or a hundred thousand or a million people and make it relevant to all of them?

Smart senders will take the individual delivery challenge in stride. They will change along with the ISPs, to send mail that their recipients want to receive. Change is inevitable and required.