FCC Wireless Domain Rules Take Effect

Wondering what's next with CAN-SPAM? If you didn't know, the FCC was compelled to make rules regarding sending messages to wireless devices/domains. And rule they did! On 2/7 they posted a list of domains to which no unsolicited commercial email should be sent. The catch -- the FCC gave marketers just 30 days to comply, meaning that if you're still sending to these domains as of 3/9/05 you are violating CAN-SPAM.

You can find a full list of the excluded domains at: http://www.fcc.gov/cgb/policy/DomainNameDownload.html 

These domains will make up less than 1% of most consumer lists. However, one thing you will notice when reviewing your list is the high percentage of names from the "surewest" and "alltel.net" domains. We pointed this out to the FCC and are waiting to hear back. We're concerned that it is a slippery slope and loophole that may allow any ISP to declare their domain "wireless" -- creating an eSignature burden far beyond the FCC's intended consequences.

As always, I'd love your thoughts...

Over and out -

Chip House

2005 Predictions

Though I don’t have any predictions about J-Lo, “Bennifer,” or whatever in 2005, I’ve got lots of ideas of what will happen in the email space. It turns out that 2004 was a pretty interesting (and pivotal) year for email, and next year hopes to be much the same. At least if my predictions come true…

1. Email Sender Authentication Becomes Standard
2004 was the year that email sender authentication moved from just an idea to a set of proposals. Though there was mixed industry cooperation. SPF, Sender ID and Domain Keys gained followers with the help of major corporate backing from AOL, Microsoft and Yahoo, respectively.

Nearly 70% of the mail received at some ISP’s is now SPF compliant, and both Yahoo and Gmail are now signing outbound email with DomainKeys. 2005 will see not only consolidation of sender authentication standards, but also widespread adoption of them from the sending and receiving communities. By late ’05, a majority of major ISP’s will be using some form of sender authentication check on inbound email and use the results as a component of their accept/reject decision.

2. Sender Reputation Gains Prominence
Legitimate email senders will have more opportunity to prove themselves in 2005 by sending clean email. With authentication will come more responsibility on the senders and spammers will be forced into the light. Ultimately a sender’s reputation (for name opt-in name capture, consumer privacy, list hygiene, and unsubscribe practices) will drive delivery.

Hotmail already relies on Bonded Sender, a reputation program created by IronPort and TRUSTe, to help them make inbox or filter decisions on incoming mail. Other reputation providers such as CloudMark and Habeus will gain traction, as well as e-stamp pioneers GoodMail will all see further adoption of their technologies next year. If I have my wish, reputation systems will be used by all major ISP’s—though I’m not predicting they will (at least not by next year).

3. Address Book Strategy Critical to ROI
With Microsoft Outlook, AOL, Gmail, and Hotmail all using image and link suppression to reduce the impact of spam on their users, marketers will find that the presence (or lack there of) of their email “from address” in their subscribers’ address books more critical than ever to their ROI. Once in a subscriber’s address book (or safe sender list) as marketer can hope for not only improved message rendering and visible images, but reduced filtering and higher ROI.

4. Quality List Practices a Must, not an Option
In 2005 marketers will no longer be able to live by pre-Web name capture, trade and sell methodologies. What worked in the offline/catalog world for the past 30 years doesn’t fly when it comes to email—not even close. In fact, living by old name capture and hygiene practices can result in reduced ROI, increased customer attrition, reduced deliverability, and possibly litigation.

By 2007, Jupiter expects a typical user to receive double the number of opt-in emails than they do now. The increase will become evident for most subscribers in 2005 and more of them will treat messages that are irrelevant or come too frequently as spam. In an email environment driven by reputation, end user complaints could be the death of a company’s deliverability. Also, managing removal requests across an organization will continue to be critical to CAN-SPAM compliance—requiring more diligence and technology focused on enterprise data hygiene.

5. Relevance Drives Action
When email ceases to be relevant it becomes spam. Or at least that is what most users will tell you. 2005 will reward only companies sending relevant, timely messages. Though this trend has existed as long as email has, unwanted messages now make up the bulk of mail we each receive. Only by speaking to your subscribers with information that they care about can you hope to continually be “invited back.” Permission marketing, after all, is about dialog. Dialog needs to be two-way, so if you’re not listening, or observing, your subscribers behavior, interests, etc.—then expect to get a pink slip from them in 2005.

Agree, disagree or indifferent, I’d love to hear your thoughts!

Brand Names Under Fire

Protecting your Brand in the New Email World Order

By Chip House, ExactTarget.

I received a phishing email today that made me smirk. The email pretended to be an “eBay Fraud Mediation Request,” saying that someone had used my account to make “fake bids” at eBay. Funny thing is, I don’t have an eBay account and the address the email was sent to, privacy@exacttarget.com, isn’t subscribed to anything—so it was clearly scraped from the web. The email then asked for me to provide my eBay account log-in information, which they would have no doubt captured for their own fraudulent operations.

This wasn’t a big deal to me, but it’s a big deal to those who believe scams like these (per www.anti-phishing.org, about 5% of recipients fall for this sort of scam), and an even bigger annoyance for eBay and other organizations that find their brands under fire.

Hopefully, sender authentication plans like SPF and Sender ID will begin to take hold with ISP’s soon, thereby allowing legitimate senders to better protect their brand names. But what about damage you do to your own brand via email? Don’t think it can happen? Think again. One type of blacklist gaining adoption is called a SURBL. These blacklists focus on domain names and links in an email, rather than IP addresses, as the key component of their filtering logic.

Historically, blocking has been done at the IP address level, affecting marketers with poor name capture policies or those that fail to capture proper opt-in permission. But an IP address isn’t intrinsically tied to a brand, whereas a URL and domain often is. With the increasing use of sender authentication and blocking technologies like SURBL’s, it is more difficult for a company to escape its past email missteps. A SURBL is a “Spam URL Realtime Block List,” and focuses not on message source, but message content—specifically URL’s used in unwanted email. For example, if the domain www.mycompany.com shows up on a SURBL it can destroy their deliverability and brand reputation. Also, since there isn’t a common procedure for removal of your URL, the problem can be difficult to correct.

Your company’s email practices may be creating skeletons in your closet that can damage your brand over time. Want to see if your brand is in peril? Plug your brand name into the “lookup” function on www.surbl.org and see what you get.

How does this affect you? My friends at Pivotal Veracity who offer phenomenal new technology for tracking email deliveries to top ISP’s recently completed a study on the topic of SURBL’s and deliverability. They found that emails containing a blocked URL were blocked entirely at 5 of the 20 ISP’s tested, while 7 ISP’s moved the email to the bulk folder. Also, their tests showed that emails with blocked URL’s were filtered to bulk or discarded at 50% of medium to larger enterprises. Pivotal Veracity’s new product, eBrand Monitor (also offered via ExactTarget’s Inbox Detective), helps companies detect blocking before it causes problems.

Still think sending unsolicited email can’t hurt your brand? Think again.

Until next time…

Chip

Sender ID In Peril?

Will Microsoft charge for Sender ID? Will their aggressive stance on their patent request force the Internet Engineering Task Force (IETF) to look elsewhere for a sender authentication standard?

There is no question that Microsoft's position has slowed the acceptance of Sender ID at major ISP's and in the open source community. Apache already rejected it, and AOL says that they will stick with their Sender Policy Framework (SPF) when authenticating inboud emails to their users. However, here is why I think that Sender ID will have legs -- even AOL is publishing Sender ID records for their outbound email. Why?! Because the largest free email service in the world (Hotmail) will require them by 10/1.

Is Sender ID irrelevant? NO. 120 million Hotmail users say so...

Don't want your message marked at the top with a Hotmail warning saying "could not be authenticated by Sender ID?" You'll need to post your records by 10/1 to meet Microsoft's goal implementation date.

Until next time. Cheers!

Chip

When Email Addresses Go Bad

Keeping your List Clean and Responsive

August 2004

Battling a shrinking email list? You’re not alone. In an industry where 30% of a typical email list goes bad every year*, it takes active effort on your part to keep up with the changes and maintain a current file of good addresses.

The need for proactive list hygiene efforts is illustrated by the recent change at high-speed Internet access provider Comcast. They announced that their customers now have the option to shut off forwarding of attbi.com addresses to the new comcast.com domain. Comcast, who acquired AT&T broadband in 2003, will be turning off all of the older “attbi” addresses in December of 2004, meaning marketers will need to set a strategy to update all of their opt-in attbi.com subscribers to the correct Comcast.com address. Sounds easy right? Well, it’s trickier than it seems.

For example, you can’t just assume that ***@attbi.com will automatically be ***@comcast.com. Though this logic will work in many cases, it definitely won’t work in all cases. Due to email address overlap between the two providers, many users will have an entirely different email address at the new domain, and you’ll end up sending email to the wrong people.

This change illustrates on a macro scale the type of changes that take place every day in your customer list, and unfortunately just ignoring these changes won’t make them go away. Internet users are changing their service providers daily, rendering their email address dead. You’ll need to take an active role in the maintenance and hygiene of your list if you want to maintain your email deliverability and response.

So what can you do to keep your list clean?

1. Provide the ability for subscribers to update their own email address
You’ve seen that we provide this option to you in this newsletter when you click the “modify profile” link below. Hopefully what you’re sending has value to your subscribers and they’ll let you know ahead of time if they’re changing email addresses. Also, if you know an address will be changing (as in the comcast.com / attbi scenario), don’t be shy – ask those users to make sure they let you know their new address.

2. Retry then remove bounces
Undeliverable addresses (bounces) aren’t always permanently undeliverable. Many bounces are “transient bounces” (also called soft bounces) and may have bounced simply due to the remote email server being down or otherwise unavailable. Another common transient bounce is a “mailbox full” error, many of which are corrected over time. However, if an address bounces 3 times over a period of time greater than 15 days, you should remove that address from your system as it is now inactive.

In fact, mailing bad addresses too many times can actually increase the chance that an ISP will stop accepting your mail. Most ISP’s have bounce thresholds such that bounce rates over a certain percentage (10% in many cases) will trigger automated filters.

ExactTarget’s system automates this “retry then remove” process. If your system doesn’t, you’ll have to be extra diligent about manually counting your retries and then remove the multiple mailing bounces.

3. Discard or update old addresses
Haven’t mailed your list in awhile? Be careful! With 30% on average of your addresses going bad each year, that means that 2.5% of an unattended list will go undeliverable each month.

Plus, many ISP’s recycle old addresses as spamtraps assuming that any marketer that had opt-in rights to the name has long since cleaned the address from their system. This is especially true when an email address is over a year old.

The bottom line: Failure to keep your list up-to-date not only costs your organization directly because of the lost subscribers -- a lack of list hygiene efforts can lead to accelerated list attrition due to ISP blocking. By cleansing your list, you are taking the first step in optimizing email deliverablity.

Phishing: Hook, Line and Spammer

Protecting your Brand via Email

July 2004

An increasing number of businesses, especially those in the financial or ecommerce arenas, are finding themselves the target of a new type of fraudulent spam called phishing. The term has nothing to do with rod, reel, or hook, or with the band. Phishing is a form of identity theft where the recipient is tricked into providing personal information, such as his or her credit card number, by an email that “looks like” it’s from a company with whom they do business. Per the phish-fighting group www.antiphishing.org, up to 5% of recipients take the bait. They also report that since August 2003, most major banks in the US, UK and Australia have been hit by an attack.

What makes phishing possible? The security hole inherent to SMTP email logic makes it easy to impersonate anyone’s domain. For example, by bouncing a message off an open relay and falsifying the domain in the email header, a phisher can make you believe that your email is from eBay or any other site. Then they simply copy the look and feel of the eBay website and voilà—you’re hooked!

Phishing is fraudulent and is a direct violation of a number of laws, including the CAN-SPAM Act. Being a corporate or consumer victim of phishing isn’t pretty and the negative fall-out to your brand can last months or years.

So what do you need to do to reduce you or your organization’s chance of being a victim?

Reduce Your Risks By:

1. Sending Authenticated Email

A good place to start is to send authenticated email. New sender authentication technologies like SPF (Sender Policy Framework) reduce the ability for header spoofing. Look to an email provider such as ExactTarget that publishes SPF (link to http://spf.pobox.com/) records to help authenticate your mail. Though SPF isn’t a silver bullet everywhere, more ISP’s are beginning to check SPF records before receiving mail (AOL reports beginning this in August of ’04). ISP’s that check SPF records will refuse messages from spoofing sources claiming to originate from your domain. Ultimately, more robust technologies like Microsoft’s Sender ID (link to http://www.microsoft.com/mscorp/twc/privacy/spam_senderid.mspx), or Yahoo’s Domain Keys (link to http://antispam.yahoo.com/domainkeys) show even more promise, though they are at least 6 months from reality.

2. Educating and Communicating with Customers

Another key step to prevent your customers from being duped by a phishing scheme is to communicate specifics of the data you’ll collect from them via email. For example, if you never plan to ask for personal information like credit card or social security numbers via email, then create a customer education plan around that messaging. Consider using all media (postal mail, web site, email, phone calls, etc.) to your advantage to increase customer reach. It’s critical that all customers understand what information you’ll ask for and what you won’t. Also, educate them on what they can do to identify phishing emails (see below).

3. Becoming Familiar with the Consumer Tips Below

As a consumer, you may be personally at risk. Verisign reports that 57 million users were targets of phishing attacks in 2003. As a consumer, here are some tips to help protect you:

• Don’t trust any email urgently requesting personal information such as credit card numbers, social security numbers, user names, passwords, or other financial information.

• Don’t use links in an email if you suspect they aren’t authentic.

• When clicking links in an email, watch the “address bar” of your browser to ensure you’re directed to the authentic, branded domain. It is easy for a phisher to spoof a web link and redirect it to another web site.

• Make sure you only enter secure information on secure sites showing https:// in the address bar. This indicates SSL security is in place.

The Anti-phishing Working Group (APWG) provides similar tips and others on their web site.

If you have received a phishing email, make sure you report it to both of the following addresses:
reportphishing@antipshishing.com
uce@ftc.gov

What’s the bottom line? Be careful next time you receive something phishy in your inbox. Don’t take the bait!

Getting Emails Delivered is Getting Tougher

The Deliverability Top Ten

May 2004

An estimated 13% of your emails are not reaching their destination.* Creating emails that are not delivered is a loss of time, money, and a missed opportunity for revenue and lead generation.

How can you continue to build strong relationships despite an increase in filtering? How can you ensure that your emails are not mistaken erroneously blocked? Read ExactTarget’s Top 10 Deliverability Tips now to begin a more successful email program.

Top 10 Tips:

1. Get and Confirm Permission
Receiving permission from your subscribers email is the crux of a successful email program. Capturing an opt-in and confirming it with a follow-up email is the best practice to ensure you only add recipients that really want your email. Unwanted email and success can never coexist. To find out if you’re sending something that’s unwanted, look at your email from the eyes of your recipients. Will they anticipate receiving the email? Does it contain information that interests them? If the answer is “no,” then you shouldn’t send it. It’s likely to get filtered due to complaints or content and will cause harm to your deliverability, as well as your brand and profitability over time.

2. Send Highly Valuable & Highly Relevant Emails
As the inbox gets more crowded with spam, your users are looking to your email to provide them with relevant content – the content they expected when subscribing to receive your email in the first place. The age of email blasting is over. Begin capturing data on your subscribers via surveys or during sign-up. Over time you will be able to send more relevant content, which lessens the chance that your email will be interpreted as spam by your subscribers.

3. Set Content & Frequency Expectations
Nothing can trigger subscriber dissatisfaction like continued emails that don’t meet subscriber expectations in terms of content of frequency. Did you promise valuable, informational content, but continue to send just product pitches? Did you promise a monthly newsletter, but send weekly promotions? A recent study* shows that 65% of men and 56% of women define spam as “email from a company that I have done business with that comes too often.”

4. Use a Recognizable, Short, and Consistent “From Address”
Before even opening your email, a user has to recognize you, your company, your publication, and remember that they requested your email. This leads to many users accidentally reporting email that they opted-in to receive as spam or deleting it all together. The email “from address” is the first thing email recipients look at when deciding if they should open a message. It is important to keep this in mind with all email applications, but especially important when mailing to AOL since their application only shows the email “from address” (info@xyzcompany.com) rather than the friendly “from name” (XYZ Company). If your email address looks like this (iqytchg@cz.upc.net) you’re likely to receive a high number of spam complaints that could result in your email routing to the bulk folder or being blocked completely.

5. Use a Service Provider with a Good Reputation
Commercial email is getting more and more difficult with the advent of CAN-SPAM Act and the increase in ISP filtering. Staying up-to-date on current legislation and policies of ISPs and anti-spam groups is difficult to do on your own. Reputable service providers such as ExactTarget dedicate significant resources to managing ISP relationships, monitoring email deliveries, and evaluating current email laws. If you don’t have similar resources or an in-house expert, outsourcing is likely to be the best way to get your messages delivered.

6. Ask to be Placed in the Address Book or Safe Senders List
AOL 9.0, Yahoo, Hotmail/MSN and Outlook 2003 all remove their email filtering techniques when the sender’s email address is in the recipient’s address book. This is another good reason to keep the same address over time. Once your “from address” is in a subscriber’s book, your emails will continue to reach the inbox with images and links intact.

7. Keep it Clean (Your List, That is)
One sure way to get your message blocked is by “looking like a spammer.” Most ISPs use list quality filters to detect when a sender is attempting to deliver email to a large number of invalid addresses. These messages “bounce” back to the originating server, which is why they’re called bounces. Filtering can start at a bounce rate of just 10% at many ISPs. Even a good, permission-based list will see bounces over time. Per Return Path, an average email list will lose 30% of its names each year due to subscribers changing email addresses. To stay clean, monitor your bounces on a regular basis and remove bad addresses from your list.

8. Promptly Remove Unsubscribes and Respond to Complaints
No matter the quality of your opt-in efforts, some subscribers won’t want to receive your email any longer. Nothing will cause more problems for your deliverability than ignoring unsubscribes and complaints. You need to be diligent about removals and make it very easy for your subscribers to leave you if they so desire. It is also important to manage your reply email address so that manual requests can be removed and complaints can be monitored. Monitoring your complaints closely is an effective indicator of how clearly you informed your subscribers regarding content and frequency when they opted-in to your publications.

In the age of CAN-SPAM, it’s important to not only provide a clear way for users to register for your email publications, but also a place to manage their subscriptions or unsubscribe. A profile management form allows a user to select the publications to which they want to subscribe to or be removed from. This enables you to stay in compliance with the 10-day unsubscribe removal period mandated by CAN-SPAM, while still offering another option besides unsubscribing from all of your communications.

9. Use ISP Inbox Testing
Setting up an “ISP Test List” can be a fast and easy way to find out if your email will pass through spam filters. You can do so by simply setting up email accounts with the major ISPs such as AOL, Hotmail, Yahoo, etc. Before sending to your entire subscriber list, send to your “test list” and make sure your email reaches the inbox of each ISP. If it lands in a bulk folder or is blocked all together, you are then able to investigate and make the appropriate changes.

10. Avoid “Spammy” Words and Phrases
Systematically scanning email subject lines and body content (also called content filtering) is the most widely used filtering method among ISPs.** Avoid overly promotional words and phrases, multiple exclamation points, all capital letters and other text often used by spammers. One of the best articles I’ve seen on content filtering is from Dr. Wilson at Wilsonweb. Check out his article, “20 Ways Opt-in Emailers Can Outsmart Spam Filters.”

* DoubleClick, 2003
** Jupiter Research

Leveraging What You Know

Targeting in the Age of Information

April 2004

Back in ’96 when I sent my first email campaign I had no choice but to communicate with all of my customers using the same email content and message. Though I had an ecommerce system supporting my efforts, as well as to capture purchase data and customer information, I simply didn’t have the ability to put that data to work in my email. Email technology just wasn’t there in ’96. But it is now.

Take your average “Joe Consumer.” In ’96 I could get away with sending Joe the same message I sent to everyone else, and though not perfectly targeted to him, Joe was pretty likely to open the email and even click on a link or two. In 2004, however, the age when over 62% of email is spam (source: Brightmail), Joe’s inbox is more crowded and he’s very wary of what he opens. This deterrent is heightened by the fact that 66% of the unwanted email Joe receives is fraudulent in some way (source: FTC, Feb. ’04).

How do I cut through the clutter? I need to speak to Joe as an individual.

One great example of this is the Scotts Company. They’re the people who bring you products like Turf Builder® and Miracle-Gro®, and they’re using an email strategy that should not only impress you…it might just make you want to subscribe!

Scotts® asks their newsletter subscribers, many of whom are customers, to provide their home address. They then combine this data with information on weather and growing zones to deliver each subscriber a customized email experience. Scotts® breaks the country into 18 growing regions and sends information regarding when to apply the appropriate products to their lawn.

They offer two email publications—a “Lawn Care Update,” which provides information on what to do and when for a healthy lawn, and their “Timely Gardening Tips,” with how-to’s and ideas related to subscriber gardening interests.

During registration, Scotts® enables their subscribers to select additional publications, such as special alerts on insect or fungus problems customized by area. In exchange for these publications, the subscriber needs to provide registration information such as location, and the types of grass, flowers, trees, shrubs and vegetables they are growing. Subscribers can log in at any time to update their profile should they move or add a new type of tree or flower.

Not only does speaking to the individual increase response, it also improves deliverability since recipients are less likely to equate the message with spam and issue a complaint with their ISP, which can cause blocking.

So how do you go about capturing and leveraging dynamic content in your business? Read on for tips:

1. Capture subscriber data during registration.
Though you don’t want a lengthy registration form that deters sign-ups, make sure you ask for at least basic city, state, business, industry, and other data when your subscribers sign up. Also give subscribers the option to provide more data if they choose to. And make sure you have a nearby link to your privacy policy to help allay subscriber fears of providing personal information.

2. Required or Not Required?
Only make critical fields (such as name and email address) “required” during the initial sign-up process. This helps reduce a subscriber’s impulse to bail on the registration. Plus, many registrants will still provide basic information if they trust you and your privacy policy.

3. Communicate benefits of providing data.
Why should subscribers tell you what city they live in? Why should they provide their hobbies? Make sure you tell them how providing this information will benefit them in more customized communications.

4. Survey regularly to deepen data.
Email is a great way to conduct surveys. Keep an email survey under 10 questions and you’ll get better response rates.

5. Track and capture behavior in your data.
The best predictors of what a subscriber likes or what he will do in the future are his past actions and behavior. What did Joe Consumer buy from you last time he visited your website? Track his purchase history and send him similar product or service offerings in the future.

6. Provide the ability to change profiles.
Your subscribers’ interests change, they move, they change jobs, etc. Allow them to click to a web page to update their interests. Capture this data in your database and use it in the very next email.

Not getting the results you want from your email? Make a commitment now to begin building your database of customer knowledge and begin to use it. You’ve now got the technology to make it happen. It just takes planning and a commitment to improve the personalization of each communication. So what are you waiting for?

P.S. – For more information on Scotts®, check out the Scott's Press Release.

Sender Authentication

The Fight for a Spam-Free Future

March 2004

I saw FTC Commissioner Orson Swindle speak recently in Washington D.C. and he reported that a 2003 FTC study of state anti-spam laws showed that only 2 percent of email was compliant. Another study of theirs showed that 66% of spam is fraudulent. When I heard those stats I was struck by how greatly this medium is really abused. Then it dawned on me. Spam really is a symptom of a greater problem: email has a security hole. In fact, with the current Simple Mail Transfer Protocol (SMTP) in use, anyone can easily disguise their identity. That’s why spammers break the law. They think they’re untouchable.

So what’s going to solve the problem? Is it legislation? A National Do-Not-Email list? Technology? Though recent lawsuits under the CAN-SPAM Act will help deter spammers, I believe it will be up to technology, as well as cooperation between legitimate senders and receivers, to finally rid our inboxes of unwanted filth.

Telemarketing can be slowed by the national do not call registry because phone numbers are both registered and finite. Email is different. Email is the like the Wild West, and the number of servers internationally is nearly infinite. But what if each sender’s identity could be verified for a receiver before they choose to receive a message? This is “sender authentication,” and it may be the silver bullet to reducing unwanted email. Good news is, it may be just months away…

Following are the three main technologies proposed by the major ISP’s:

Sender Policy Framework (SPF)
SPF has been championed by AOL as their sender authentication solution, and they are already testing it on a limited basis. It works by leveraging the only part of email that can’t be spoofed: the IP address of the sending mail server. With SPF, senders publish the IP addresses of their approved mail servers in the Domain Naming System (DNS). So for example, Sample Company would post the IP address of the mail servers that are authorized to send email for their domain, samplecompany.com.

When receiving emails, ISP's will check to make sure that the IP address on the mail is approved by sending domain shown in the "received" line (also called the "envelope from") of the email header. (An email header is the part of the email that is not seen by the user, but mail servers use to communicate).

Caller ID
The Microsoft Caller ID proposal utilizes components of SPF and expands on it by also checking the “envelope from” in the email header, plus the visible "from" address of the sender. It uses XML coding in header to provide other information to ISP’s. Like SPF, Caller ID requires senders to publish the IP addresses that are approved to send email for a given domain. So, for example, if Sample Company is using an outside Provider Company to send emails on their behalf, then Sample Company would publish their domain to DNS and list Provider Company’s mail server IP address as an approved IP address. So, if an ISP received an email from an IP address claiming to be from the domain samplecompany.com that was not listed in their DNS record, they would know it was “spoofed” and would reject the message.

Microsoft’s full proposal is called the Coordinated Spam Reduction Initiative (CSRI) and it includes other concepts such as developing a 3rd party auditor of sender reputations that ISP’s could access when deciding whether or not to accept email. It also discusses options for using payments to deter spammers, whereby a legitimate sender would pay a fee unaffordable for spammers to have their message delivered.

DomainKeys
Though Yahoo hasn't yet released formal specifications of their DomainKeys proposal, they have issued a release on its existence and their move toward testing it later this year. DomainKeys uses public and private keys in the email header, a form of encryption where ISP’s are provided with the ability to reject emails for which they don’t have a valid key. Again, ISP’s would check the DNS for the valid key for each sender.

The Future of Sender Authentication
At the end of the day, sender Authentication is really just part of the equation for solving the spam problem. The second part of the solution is the development of a reputation system, similar to Project Lumos, which was proposed by the Email Service Provider Coalition (ESPC) last year. Lumos proposes that once you have sender authentication, you can add accreditation, reputation, and enforcement to the mix. This allows for the development of a “credit score” for each sender that would be made available to ISP’s. For example, an ISP could choose to accept email from a sender with a score of 190, indicating a clean sending history, but reject email from one with a score of 40 due to their history of high complaints.

Commercial “reputation” services have sprung up as well to fill the gap. One similar service now in place is Bonded Sender, which is an IronPort/TRUSTe program that provides data to ISP’s on the sending history of qualified senders, helping them differentiate themselves from spammers. Senders post a bond with Bonded Sender to guarantee the opt-in status of their list and their highest privacy standards. If complaints are over set thresholds, the sender’s bond is debited a small amount for each complaint over the threshold.

Microsoft and AOL are now coming together to work on potentially merging their competing proposals: Caller ID and SPF. ExactTarget will be testing these technologies in the coming months and may utilize one or more of them going forward. This arena is changing so fast, it is difficult to discern what horse to bet on. I will bet, however, that we will eventually have a solution that takes ideas from all proposals. Earthlink obviously recognizes this, and they have announced that they will be testing both SPF and Caller-ID this year. In the meantime, all we can do is protect our bets, put a bit of money down on each horse, and wait. The good news is, all of these solutions provide substantial tools to fight spam, and in a few years spam could be history. Let’s hope.

What Are They Complaining About?

Understanding Subscriber Complaints

February 2004

We have all done it—gone through our email inbox and quickly deleted each message for which we don’t recognize the sender or the subject line, only to find out later that we deleted a message from a friend or a commercial email we had requested. Here’s the problem: reporting an email as “spam” is just as easy.

With the largest email providers like Yahoo, AOL, and Hotmail, reporting a message as spam is easier than unsubscribing from the message. All three ISPs provide quick links or buttons that their users can click on to complain about your email. The ease-of-use of these links lead to frequent spam reports, many times by users that actually requested the email. After launching the “report as spam” button last year, Yahoo even ran a contest giving their users a sweepstakes entry for each time they clicked the complaint link. Think their users only complained about the email they should complain about? Of course not…there was a sweepstakes on the line!

Okay, so complaints are a reality, and keeping them in check is a challenge. The good news is that the ISPs recognize this and set thresholds for complaints, which allows all senders some number or percentage of them before filtering begins. Have a strong permission list that gets too many complaints? There are four main reasons why. Find out how to reduce complaints…read on!

Anticipation
If your subscribers didn’t actively give you consent to send them email, they are much more likely to complain. Remember the Carly Simon song…”Anticipation, it’s makin’ me wait...it’s keepin’ me wa-a-a-a-aiting?” Well, it’s a good rule of thumb to use when you are evaluating whether or not you have permission to send email to someone. Are they anticipating my message? Did I ask them if they want to receive it? If the answer is “No,” then you’ll need to reevaluate your email program, because your complaint level will continue to be high, and rightly so!

As always, the best practice is to capture an opt-in and confirm the email address before you begin sending mail.

Content
When you captured each subscriber’s opt-in, did you tell them what content you would be sending them? Did you promise an informative newsletter and follow-up with only promotions? Subscribers are sensitive to the content you are sending them and will likely issue a spam complaint if your emails don’t meet their expectations. Plus, keeping the content and the subject line fresh helps your email look “new” in the subscriber’s inbox, rather than the same old same old.

Frequency
Sending an email either too often or too seldom can also trigger complaints. Set clear expectations at the time your subscribers register to receive your email. For example, add language to your sign-up form and confirmation email such as: “We publish a monthly newsletter with the top fly fishing tips and success stories.” Be especially careful not to increase your mailing frequency drastically. Suddenly going to weekly or daily deliveries is bound to trigger complaints.

Recognition
The inability for a subscriber to remember they subscribed to your promotions and recognize that the message is “from your company” may be the most common reason for complaints. Keeping an easy to decipher email “from” address and always using your company name in the subject line are two good ways to help your subscribers recognize your email. Since most users look primarily at the “from” address and the subject line to determine if they should open an email, keeping these clear and using your company name is the best way to reduce erroneous complaints.

The second item to address is recency. How long ago did you acquire the names on your list? If it was over 6 months ago, and you haven’t sent them any email yet, you are asking for complaints. Your subscribers will forget that they requested your email and report your mail as spam. Make sure you start mailing soon after you capture an opt-in, and stick to a regular mailing schedule.

Also, it is important to remind your subscribers where they opted-in to receive your messages. Remind them at the top of every email where and when they asked to receive your email. Jogging their memory will prevent them from complaining.

Complaints are Important
Take them seriously. ISPs use subscriber complaint data as a key component of their spam filtering algorithms, so staying clean will keep your email in the inbox and your subscribers happy.