BLOG
The sledgehammer of confirmed opt-in
We focused Monday on Trend/MAPS blocking fully confirmed opt-in (COI) mail, because that is the Gold Standard for opt-in. It is also Trend/MAPS stated policy that all mail should be COI. There are some problems with this approach. The biggest is that Trend/MAPS is confirming some of the email they receive and then listing COI senders.
The other problem is that typos happen by real people signing up for mail they want. Because MAPS is using typo domains to drive listings, they’re going to see a lot of mail from companies that are doing single opt-in. I realize that there are problems with single opt-in mail, but the problems depends on a lot of factors. Not all single opt-in lists are full of traps and spam and bad data.
In fact, one ESP has a customer with a list of more than 50 million single opt-in email addresses. This sender mails extremely heavily, and yet sees little to no blocking by public or private blocklists.
Trend/MAPS policy is singling out senders that are sending mail people signed up to receive. We know for sure that hard core spammers spend a lot of time and money to identify spamtraps. The typo traps that Trend/MAPS use are pretty easy to find and I have no doubt that the real, problematic spammers are pulling traps out of their lists. Legitimate senders, particularly the ESPs, aren’t going to do that. As one ESP rep commented on yesterday’s post:
I work for an ESP and we don’t suppress domains like this, based on the theory that if a client is hitting spamtraps, we want to know so we can sanction or terminate them. But if Trend are acting in bad faith here, I guess my best bet is just to suppress any domain of theirs I can find (and it took about 30 seconds to find 2700 of them). Another Anon
That’s a sentiment I heard over and over again from companies listed by Trend/MAPS. The companies are happy to force their customers to clean up their acts. They want reports of bad behaviour by customers, but Trend/MAPS policy of forcing confirmations is taking a sledgehammer to kill a fly.
I think we have a reputation of being a bit harsh on customers, and we’re honestly a little proud of that. But I’m most proud of the fact that we are always fair and honest, even with the bad people.
We tell people what they need to change. The bad people who won’t take our advice are easy to kick out after that.
In this particular situation, we don’t have any advice to give. We don’t have a way to tell people “go do this.” Because it would be a lie. “Go remove inactives” won’t help. “Go re-confirm inactives” won’t help. Even “Go use double opt-in” won’t help if MAPS is clicking and opening everything.
And because MAPS is who they are, we can’t provide a lot of detail to customers, either. An ESP Executive
COI is a tool. It is occasionally a good tool for keeping lists clean. But I’ve worked with dozens of senders over the year that aren’t using COI and are still keeping their lists clean because they have other processes in place to do so.
I presume the problem is that Trend follows all the links in mail to their spam traps, looking for the malware that their primary products block. But that clicks the COI links. Oops, well tough, the malware is more important. In the finest bad management tradition, now it’s someone else’s problem.
It’s not particularly hard to program around this, e.g., have the link lead to a landing page with a confirmation button that does a POST, but I agree it’s not up to Trend to force people to do that.
I agree, but there’s only one elegant solution to this, and that’s for someone at Trend to smarten up and fix their process, and this is an issue that no sender* can force.
Among the inelegant solutions:
– senders can suppress Trend’s traps,
– senders can re-work their COI mechanisms to make them machine-proof (but that only works if it’s machines and not people doing the confirmations), or the most inelegant solution,
* a sufficiently motivated senders’ lawyer might be able to force the issue.
I doubt the legal approach would work. Case law says that the CDA means what it says, filtering is absolutely protected so long as it’s done in good faith, even if incompetently. I don’t see any evidence of bad faith, e.g., demanding that listees pay for removal, just major dumbitude.
Doesn’t an insistence that everyone use COI, but then listing people who use COI anyway, and telling people to reconfirm, but this not really making all that much difference since presumably the same mechanism that confirmed in the first place will reconfirm, pretty clearly demonstrate ‘not acting in good faith’ ? I mean, does ‘intent’ really have to enter into it, or could someone just plead Not Guilty By Virtue Of Being Dumber Than A Sack Of Hair?
I work for an ESP delivery team and I manage the delivery for hundreds of UK and European clients. I would say fewer than twenty of my clients have ever used COI. Almost universally everyone prefers other methods after trying COI and being unhappy with the results or being unable or unwilling to implement the process. There are a range of reasons, but the three I hear most often are:
1) that COI is not appropriate because the sign-ups are not just online but multi-channel (in-store, send to a friend, social, sales process, etc. And who is going to risk an online sale by insisting on a shopper go through a COI process?)
2) that the web pages are managed by third party web design company and would cost too much, or managed in house and they can’t get or afford the development time or costs.
3) COI just puts too many people off
I am not here to defend are argue against any of these; my personal thoughts on them are totally irrelevant. This is just what I hear from clients.
Instead over the years I have developed software and processes to deal with new/old/good/bad data, to deal with new clients with data we have never seen and deal with clients who we have worked with for years, to deal with good senders and those who seriously need help.
COI is NOT the only legitimate way to work.
The processes I put in are to work with the standards and guidelines of the big ISPs, the DMA and the UK, European and international regulations.
If I come across a domain which is not following these standards and is harming the delivery of good clients with good practices then I block delivery to that entire domain set.
Trend should be working with the industry, not against it, to support the needs of their customers.
If they are taking action which stops their customers getting sales confirmations, warranty reminders, online bills (the list is endless), then they are going to start seeing their customers migrate accounts to alternative email providers
yes steve henderson you are right thta trend should support the needs of their customers. if they do not then the customers will stop using maps lists. it has happened before to other dnsbls.
but you have to remember that esps like you are not the customer. the only time they think about you is when you are letting your customers do stupid things, and even then it is not you that they care about. it is the spam you are sending. if you do not like that then stop sending the spam.
Maybe, Barry. But customers who don’t get email that they signed up for and want can and do complain. The complaints were thick on the ground at my employer some years ago because Postini blocked a lot of non-spam. Postini’s failure to fix the problem led to my employer finding another anti-spam solution.
I’m one of the stronger COI supporters who reads this blog. When responding to Steve’s last blog, I reacted rather negatively to the suggestion that blacklists who list “single opt-in” sources of email for spam when they hit spamtraps were engaging in overkill. However, even I don’t think that COI is anything more than a tool for enforcing opt-in *and* (perhaps more important) providing some level of proof that the opt-in process took place to refute untrue accusations. The core anti-spam position isn’t “COI only”. It’s “don’t send bulk email unless the user explicitly requested it in advance.”
Users can request bulk email in a plethora of ways. If a company has a web form to subscribe to marketing emails, then yes, they should confirm those subscriptions. But in other cases a COI confirmation may be unnecessary or redundant. I didn’t bother with COI when I set up a small mailing list for a group of about twenty friends working on a project: I just asked them verbally in person. After confirming that they wanted me to use their “usual email address”, I didn’t even have them write that down — I took it from my Thunderbird address book. Do you think I sent any bulk email to people who didn’t request it? Neither do I. 🙂 But this was a single opt-in list.
Bulk emailers (be they ESPs, companies, or somebody running a Mailman list for their club) who meet the standard of sending bulk email only to those who asked to receive it are doing the right thing. Those who do not — are not. All of the confirmation mechanisms (COI and everything else) are just details to support meeting that standard.
why do senders turn everything into an argument about opt in? it is such a waste of time.
Barry, Trend apparently has happy customers, if they were blocking legitimate mail that people wanted they would have customers dumping them.
As to arguments about COI, spammers invariably define spam as that which they do not do.
I receive spam daily, signups someone did that they obviously didn’t have to confirm since I get the email not them- from the largest corporations in the world. It’s hard to understand why the unsubscribe link just doesn’t work at all.
Lots of spam in the world. If you want to be in the ESP business you are going to have to deal with it. It’s not a happy place.
If Trend truly is blocking COI mail, that mail, by definition, is wanted. Trend’s “happy customers” either don’t know about the issue or don’t understand it. Let me ask you, what reasonable person would knowingly blacklist COI listmail? COI is the requested standard asked for by Trend and Spamhaus to prevent and resolve listings, for chrissakes.