Vetting customers: an intro
I promised a couple weeks ago, pre-MAAWG, to write about screening new customers. Things have been a bit busy and I have not had a lot of time for the blog. However, today there has been a long conversation on one of the spam related mailing lists relating to ESPs and customer screening. This conversation inspired me to write this introduction to customer vetting.
I have designed customer screening programs for a number of clients as well as actually had an active role in some of those processes. I also screen my own customers and have taught other people how to vet customers.
When designing a vetting process a company must target the process to the size and revenue potential of their customers. If an ESP has a small number of customers, each having a very large recipient base, one single bad customer has the potential to affect the overall reputation of all the ESP customers. With large number of customers sending to very small recipient bases, then one single bad customer is not going to affect overall reputation as dramatically as larger senders will
Because the larger customers have an actual impact on reputation, it is really important to vet the customer. It’s going to cost money and some time, but responsible ESPs have to do it. Really good customers are going to be vetting the ESP at the same time. They don’t want to go with an ESP that has a poor reputation. It is much like dating, each party is assessing the other party and the suitability of a longer term relationship.
For the tiny mailers, though, there is a very small chance that one, single bad customer sending a single bad mailing will destroy the overall delivery of an ESP and ruin their reputation at large receivers. In this case, it makes a lot more sense, both financially and in terms of resource allocation, to screen the email address list rather than the individual customer. This can be mostly automated, with clearly bad lists being prohibited from being mailed and suspicious lists being kicked to humans for decisions.
Let’s be honest, anyone who comes to an ESP with a list of under 20K names is not a big time spammer trying to steal their reputation. Those are the easy ones to deal with, screen the list, limit the number of addresses that can be uploaded upload and limit, even if just by price, the number of mails that can be sent out during any period. Some ESPs really do cater to the small, community group market and they do tend to screen lists not customers.
For larger customers ESPs have a greater challenge. They must identify the real, legitimate mailers that have permission to send mail and identify the ones that are spammers attempting to steal an ESPs reputation. Spammers attempting to steal an ESPs reputation go out of their way to subvert the screening process. One of the hardest things about screening customers is getting the subversive ones to give an ESP enough information to make an informed decision about that customer. I will not lie, a subversive potential customer is expensive to screen, but that investment protects a sender’s reputation and the reputation of their other customers.
Another thing to remember about vetting is that no vetting process is going to be 100% accurate. ESPs with a good process can screen out 80 – 90% of the bad guys before a single email is sent. Most responsible ESPs do that and then stomp wildly on that remaining percentage that are evil or malicious.