Not a customer you want

Earlier this week one of my ESP clients contacted me. They have a new (potential?) customer dealing with some delivery challenges. Client was looking for advice on how to move the customer over and improve their delivery at the same time.
My advice was actually pretty simple: this isn’t a customer you want. Walk away.
I reached that conclusion about 10 seconds after I loaded the customer’s website. Because I know sometimes initial impressions are wrong, I did spend about 10 more minutes poking around. What I found did nothing to change my mind or convince me my initial impression was wrong. In fact, everything I found reinforced the belief that this was not a good customer for my client.
I sent my client an email explaining what I’d found and they agreed. Future deliverability problem averted!
Some of what I found inspired the conversations with spammers blog post from earlier this week. For instance, the website had two different signup forms, each pointing to a different ESP. Both links were dead.

Then I looked at the company’s whois record and found a bunch of cookie cutter websites, all with different domain names, all with the same broken subscription links.
I do this manually and I can’t fathom how you would automate this kind of checking. For me, it seems there absolutely needs to be a human in the loop. But I suspect that there are ways to automate these types of checks.
In any case, there’s a spammer looking for an email service provider. He’s having problems with IP reputation at his current ESP. He sends content and will even share with you the domain he’s using to collect email addresses. Pro tip: try and sign up for his mail before he signs your contract.

Related Posts

Poor delivery at Gmail but no where else

I’ve mentioned before that I can often tell what ISP is making filter changes by what my calls are about. The last few weeks it’s been Gmail where folks are struggling to get to the inbox. One of the things most clients and potential clients have mentioned is that they’re not having any problems at the other major ISPs.

Read More

Marketing automation plugins facilitate spam

There’s been an explosion of “Google plugins” that facilitate spam through Gmail and G Suite. They have a similar set of features. Most of these features act to protect the spammer from spam filtering and the poor reputation that comes from purchasing lists and incessantly spamming targets. Some of these plugins have all the features of a full fledged ESP, except a SMTP server and a compliance / deliverability team.
I’ll give the folks creating these programs credit. They identified that the marketers want a way to send mail to purchased lists. But ESPs with good deliverability and reputations don’t allow purchased lists. ESPs that do allow purchased lists often have horrible delivery problems. Enter the spam enabling programs.
From the outside, the folks creating these programs have a design goal to permit spam without the negatives. What do I mean? I mean that the program feature set creates an environment where users can send spam without affect the rest of their mail.
The primary way the software prevents spam blocking is using  Google, Amazon or Office 365 as their outbound mail server. Let’s be frank, these systems carry enough real mail, they’re unlikely to be widely blocked. These ISPs are also not geared up to deal with compliance the same way ESPs or consumer providers are.
There seem to be more and more of these companies around. I first learned of them when I started getting a lot of spam from vaguely legitimate companies through google mail servers. Some of them were even kind enough to inform me they were using Gmail as their marketing strategy.

I didn’t realize quite how big this space was, though. And it does seem to be getting even bigger.
Then a vendor in the space reached out looking for delivery help for them and their customers. Seems they were having some challenges getting mail into some ISPs. I told them I couldn’t help. They did mention 3 or 4 names of their competitors, to help me understand their business model.
Last week, one of the companies selling this sort of software asked me if I’d provide quotes for a blog article they were writing. This blog article was about various blocklists and how their software makes it such that their customers don’t really have to worry about blocking. According to the article, even domain based blocking isn’t an issue because they recommend using a domain completely separate from their actual domain. I declined to participate. I did spend a little time on their website just to see what they were doing.
This morning a vendor in the space joined one of the email slack channels I participate in asking for feedback on their software. Again, they provide software so companies can send spam through google outbound IPs. Discussions with the vendor made it clear that they take zero responsibility for how their software is used.
I don’t actually expect that even naming and shaming these companies facilitating spam will do anything to change their minds. They don’t care about the email ecosystem or how annoying their customers are. About the best they could do is accept opt-out requests from those of us who really don’t want to be bothered by their customers. Even that won’t really help, even domain based opt-outs are ineffective.
What needs to happen is companies like Google, Amazon and Microsoft need to step up and enforce their anti-spam policies.

Read More

Incentivizing incites fraud

There are few address acquisition processes that make me cringe as badly as incentivized point of sale collection. Companies have tried many different ways to incentivize address collection at the point of sale. Some offer the benefit to the shopper, like offering discounts if they supply an email address. Some offer the benefits to the employee. Some offer punishments to the employee if they don’t collect addresses from a certain percentage of customers.
All of these types of incentive programs are problematic for email collection.
listshoppingcart
On the shopper side, if they want mail from a retailer, they’ll give an address simply because they want that mail.  In fact, asking for an address without offering any incentive is way more likely to get their real address. If they don’t want mail but there is a financial incentive, they’re likely to give a made up address. Sometimes it will be deliverable, but belong to another person. Sometimes it will be undeliverable. And sometimes it will be a spamtrap. One of my delivery colleagues occasionally shares addresses she’s found in customer lists over on her FB page. It’s mostly fun stuff like “dont@wantyourmail.com” and “notonyour@life.com” and many addresses consisting of NSFW type words.
On the employee side there can also be abuses. Retailers have tried to tie employee evaluations, raises and promotions to the number of email addresses collected. Other retailers will actively demote or fire employees who don’t collect a certain number of addresses. In either case, the progression is the same. Employees know that most customers don’t want the mail, and they feel bad asking. But they’re expected to ask, so they do. But they don’t push, so they don’t get enough addresses. Eventually, to protect their jobs, they start putting in addresses they make up.
Either way, incentivizing point of sale collection of information leads to fraud. In a case I read about in the NY Times, it can lead to fraud much more serious than a little spam. In fact, Wells Fargo employees committed bank fraud because of the incentives related to selling additional banking products at the teller.

Read More