Training recipients

Want to see a WWF style smackdown? Put a marketer and a delivery expert in a room and ask them to discuss frequency and whether or not more mail is better.
The marketer will point to the bottom line and how much more money they make when they increase frequency. The delivery expert will point to inbox rates and user engagement and point out that too much mail drives users to ignore the mail.
This isn’t actually unique to marketing mail. Send a lot of mail that doesn’t engage recipients and recipients are trained that they don’t have to actually pay attention to the mail. Some of them hit delete. Some may even report the mail as spam.
According to Cloudmark, this is exactly what happened when LinkedIn informed users of the recent data breach. They estimate that up to 4% of users who received the fully DKIM authenticated mail about the data breach deleted it immediately without reading it. This is higher than notification emails from other social networks.

Cloudmark suggests that part of the problem is that LinkedIn has an unclear opt-in process. Instead of asking users for preferences, LinkedIn assumes that all users want all the mail LinkedIn cares to send them. Then LinkedIn makes it difficult to find the page to change mail settings. This means recipients are very trained to ignore mail from LinkedIn. I know I ignore most of it. Anything that’s not a “want to connect” gets filed in the “I’ll read it when I’m bored” mailbox. So far I’ve not been bored enough to read any of it.
But I’m not sure it’s just about too much email. LinkedIn is a company that is heavily forged in phishing mail. Since May 1, just one of my email addresses has received over 50 messages purporting to be from LinkedIn.

Mailbox Screenshot
Phishers like to forge LinkedIn
All of these emails are phishing attempts. The mailbox you’re looking at is not registered at LinkedIn. None of them are legitimate LinkedIn messages. I suspect part of the problem and the reason that so many people treated the mail LinkedIn Password mail as spam is that the phishers have trained recipients that unexpected mail that mentions LinkedIn and a password is spam. I suspect most people never even opened the mail from LinkedIn. They saw the subject line, and just hit this is spam.
Authentication, careful wording, and all the right things LinkedIn did with the email doesn’t matter because there was nothing in the message list to distinguish this mail from all the phishes.

Related Posts

Everybody wins!

There was a recent question on a mailing list during a discussion of spam and delivery problems. A number of folks who work in delivery were discussing how a bad address got on a list. Someone who works on the spam blocking end of things asked why do you care how a bad address got onto a mailing list?
For recipients, they usually don’t care. They just want the unsolicited mail to stop. It’s a position I have no problem with; I want the unsolicited mail to stop, too. But understanding why a particular sender is sending mail to addresses that never asked for it can be an important step in making it stop. Not by the receivers and the spam filters, they’ll just block the bad sender and move on. Or if they’re an ISP or ESP they’ll just throw the sender off for AUP violations and let the sender be somebody else’s problem.
In the broader context, though, this only changes the source of the spam. It doesn’t help the victim; the bad sender can always find another host and they will continue to mail people who never asked for that mail. And, in fairness to these senders, often they are mailing lists of mixed sources. Some of the addresses didn’t opt-in, and don’t want the mail, but a lot of addresses on their list did opt-in and do want their mail. Fixing their problem means they can mail people who want their mail. The sender is happy, the recipients are happy and the receivers are happy; everybody wins!
Everybody winning is something I can get fully behind.

Read More

Negative brand building with email

Seth Godin compares and contrasts two different email campaigns he’s received. One is a opt-in campaign that is highly relevant to him. The other is spam, sent to two “discovered” email addresses. The whole post is very good, but there are a couple things he said that bear repeating.

Read More

Where do subscribers come from?

Do you know all the ways subscribers can get on your lists?
Are you sure?
I recently used the contact form belonging to a marketing company to inform them that someone had stolen my email address from their database and I was receiving spam to the address only they had.
They had an opt-out link on the form, allowing me to opt-out of personal contact and a demo of their product. But that opt-out didn’t translate to not adding me to their marketing list.
When I contacted the person who was talking with me about the address leak, he told me it was the contact form that led to my address ending up on their marketing list. I asked, just to make sure, if I did remember to check the opt-out link. He confirmed I had, but there was an oversight when they updated their contact page and there was no opt-out for marketing mail.
I believe that the majority of delivery problems for real companies that “only send mail with permission” come from these types of oversights. The biggest problem with these oversights is how long they can go on until companies notice the effect. With the overall  focus on aggregate delivery statistics (complaint rates, bounces, etc) oversights like this aren’t noticed until they cause some massive problem, like a SBL listing or a block at a major ISP.
The company involved in this most recent incident was very responsive to my contact and immediately corrected the oversight. But there are other companies that don’t notice or respond to the notifications individuals send. This leads to resentment and frustration on the part of the recipient.
Every company should have at least one person who can account for every address on their marketing list. Who is that person at your company?
 

Read More