Garbage in… garbage out

Ken Magill (hereafter known as Mr. Stupid Poopypants) has a follow up article today on his article from last week about the Obama campaign’s mailing practices. While poking Dylan a bit, his message is that marketers really need to look harder at double opt-in.

All these things can and do go wrong with double opt-in, but the risks of not using it have simply become too great. For one thing, if a marketer gets blacklisted by, say, Spamhaus, and the mailer is not using double opt-in, the folks at Spamhaus will force the issue.
On the plus side, marketers using double opt-in don’t get blacklisted by Spamhaus because they never hit Spamhaus’s traps—fake e-mail addresses set up to catch spammers.
Also, fake signups are nothing to get worked up about. They are simply a fact of e-mail list building that the marketer must guard against or accept the inevitable consequences. It is solely up to mailers to keep their lists clean, and no one else.

Data verification is a necessary and critical bit of email marketing on today’s internet. For many marketers, the only solution may be to move to double opt-in.

Related Posts

7th circuit court ruling in e360 v. Spamhaus

Mickey has some commentary and the full ruling up on Spamsuite. In short the appeals court affirmed the default judgment, vacated the judgment on damages and remanded the case back to the lower court to determine appropriate damages.
There are a couple bits of the ruling that stand out to me and that I think are worthy of comment.
Spamhaus made a very bad tactical decision by initially answering and then withdrawing that answer. The appeals court ruled that action signaled that Spamhaus waived their right to argue jurisdiction and that they submitted to the jurisdiction of the court. Based on this, the appeals court upheld the default judgment against Spamhaus. Not necessarily the outcome any of us wanted, but that doesn’t set any precedent for future cases unless defendants answer and then withdraw the answer. Specifically on page 12 of the ruling the court says:

Read More

Yahoo and Spamhaus

Yahoo has updated and modified their postmaster pages. They have also put a lot of work into clarifying their response codes. The changes should help senders identify and troubleshoot problems without relying on individual help from Yahoo.
There is one major change that deserves its own discussion. Yahoo is now using the SBL, XBL and PBL to block connections from listed IP addresses. These are public blocklists run by Spamhaus. Each of them targets a different type of spam source.
The SBL is the blocklist that addresses fixed spam sources. To get listed on the SBL, a sender is sending email to people who have never requested it. Typically, this involves email sent to an address that has not opted in to the email. These addresses, known as spamtraps, are used as sentinel addresses. Any mail sent to them is, by definition, not opt-in. These addresses are never signed up to any email address lists by the person who owns the email address. Spamtraps can get onto a mailing list in a number of different ways, but none of them involve the owner of the address giving the sender permission to email them.
Additionally, the SBL will list spam gangs and spam supporters. Spam supporters include networks that provide services to spammers and do not take prompt action to remove the spammers from their services.
The XBL is a list of IP addresses which appear to be infected with trojans or spamware or can be used by hackers to send spam (open proxies or open relays). This list includes both the CBL and the NJABL open proxy list. The CBL list machines which appear to be infected with spamware or trojans. The CBL works passively, looking only at those machines which actively make connections to CBL detectors. NJABL lists machines that are open proxies and open relays.
The Policy Block List (PBL) is Spamhaus’ newest list. Spamhaus describes this list as

Read More

Spamfilters are stupid

Ben over at MailChimp writes about spamfilters that are following links in emails resulting in people being unsubscribed from lists without their knowledge. I strongly suggest clients use a 2 step unsubscribe system, that does not require any passwords or information. The recipient clicks on a link in the email and confirms that they do want to be unsubscribed once they get to the unsubscribe webpage.
Even more concerning for me is the idea that people could be subscribed to emails without their knowledge. For some subset of lists, using confirmed (double) opt-in is the best way to make sure that the sender really has permission from the recipient. Now we have a spam filter that is rendering “click here to opt-in” completely useless. I am sure there are ways to compensate for the stupidity of filters. As usual, though, the spammers are doing things which push more work off onto the end user and the legitimate mailers.

Read More