10 things every mailer must do

A bit of a refresh of a post from 2011: Six best practices for every mailer. I still think best practices are primarily technical and that how senders present themselves to recipients is more about messaging and branding than best practices. These 6 best practices from 2011 are no longer best, these days, they’re the absolute minimum practices for senders.

If you can’t manage to do these, then find someone who can.

  1. Authenticate email with both SPF and DKIM. These are both mature technologies now and it’s long past time that every email is authenticated with both protocols. Bonus points if the authentication domains align with the visible from (5322.from) for DMARC authentication. Negative points if you use cousin domains.
  2. Send technically correct email. Most ESPs manage to do this well these days and a lot of the pressure is off marketers to create templates that are correct. For those who want to create their own templates, Litmus is my go to reference for displaying email.
  3. Stop hammering on bad addresses. This means correctly handling addresses that bounce and implementing some sort of data hygiene that’s appropriate for your lists and market segments. This does not mean hiring some hygiene company to wash your list. You have better data than the hygiene companies if you’re mailing regularly.
  4. Use VERP. VERP means each email is tagged with the subscriber, list, and even mailing. Having that data encoded in the headers allows troubleshooting, bounce processing and FBL processing much, much easier. Again, most ESPs manage this for you.
  5. Send only opt-in mail. I know a lot of people argue permission is passé but I don’t believe that is true. ISPs, receivers and filtering companies don’t like it when you send mail without permission. Yes, even if you’re sending B2B mail. Stop buying lists scraped from LinkedIn and spamming them through your google apps account. People don’t like spam, even when they’re at work. Plus, your “cutesy” “friendly” automated mail looks like every other one out there.
  6. Respect the unsubscribe. If someone unsubscribes then stop mailing them. Do it as fast as possible and make it permanent. The number of senders who reactivate subscriptions months or years after an unsubscribe are legion. It’s not just annoying, it’s illegal in most jurisdictions.
  7. Be up front with recipients how you’re going to use their email address. Don’t hide the opt-in language in your privacy policy.
  8. Have adequate security for recipient information. Really, it’s 2017, time to treat user data as valuable and protect it. Don’t be Equifax.
  9. Monitor your sends. Between opens, clicks, FBLs, straight complaints, Spamcop summary reports, and inbox monitoring services there is no excuse for not having data on your sends. Use this data to drive improvements to your program.
  10. Send a welcome message. Introduce yourself, introduce your program, get your message in front of your new subscriber as soon as possible after they subscribed. They signup because they’re interested in what you have to offer, get into their inbox ASAP to engage them before they move on.

It’s 2017, time to step up.
 

Related Posts

Would you buy a used car from that guy?

There are dozens of people and companies standing up and offering suggestions on best practices in email marketing. Unfortunately, many of those companies don’t actually practice what they preach in managing their own email accounts.
I got email today to an old work email address of mine from Strongmail. To be fair it was a technically correct email. Everything one would expect from a company handling large volumes of emails.  It’s clear that time and energy was put into the technical setup of the send. If only they had put even half that effort into deciding who to send the email to. Sadly, they didn’t.
My first thought, upon receiving the mail, was that some new, eager employee bought a very old and crufty list somewhere. Because Strongmail has a reputation for being responsible mailers, I sent them a copy of the email to abuse@. I figured they’d want to know that they had a new sales / marketing person who was doing some bad stuff.
I know how frustrating handling abuse@ can be, so I try to be short and sweet in my complaints. For this one, I simply said, “Someone at Strongmail has appended, harvested or otherwise acquired an old email address of mine. This has been added to your mailing list and I’m now receiving spam from you. ”
They respond with an email that starts with:
“Thank you for your thoughtful response to our opt-in request. On occasion, we provide members of our database with the opportunity to opt-in to receive email marketing communications from us.”
Wait. What? Members of our database? How did this address get into your database?
“I can’t be sure from our records but it looks like someone from StrongMail reached out to you several years ago.  It’s helpful that you let us know to unsubscribe you.  Thank you again.”
There you have it. According to the person answering email at abuse@ Strongmail they sent me a message because they had sent mail to me in the past. Is that really what you did? Send mail to very old email addresses because someone, at some point in the past, sent mail to that address? And you don’t know when, don’t know where the address came from, don’t know how it was acquired, but decided to reach out to me?
How many bad practices can you mix into a single send, Strongmail? Sending mail to addresses where you don’t know how you got them? Sending mail to addresses that you got at least 6 years ago? Sending mail to addresses that were never opted-in to any of your mail? And when people point out, gently and subtly, that maybe this is a bad idea, you just add them to your global suppression list?
Oh. Wait. I know what you’re going to tell me. All of your bad practices don’t count because this was an ‘opt-in’ request. People who didn’t want the mail didn’t have to do anything, therefore there is no reason not to spam them! They ignore it and they are dropped from your list. Except it doesn’t work that way. Double opt-in requests to someone has asked to be subscribed or is an active customer or prospect is one thing. Requests sent to addresses of unknown provenance are still spam.
Just for the record, I have a good idea of where they got my address. Many years ago Strongmail approached Word to the Wise to explore a potential partnership. We would work with and through Strongmail to provide delivery consulting and best practices advice for their customers. As part of this process we did exchange business cards with a number of Strongmail employees. I suspect those cards were left in a desk when the employees moved on. Whoever got that desk, or cleaned it out, found  those cards and added them to the ‘member database.’
But wait! It gets even better. Strongmail was sending me this mail, so that they could get permission to send me email about Email and Social Media Marketing Best Practices. I’m almost tempted to sign up to provide me unending blog fodder for my new series entitled “Don’t do this!”

Read More

Spamtraps are not the problem

Often clients come to me looking for help “removing spamtraps from their list.” They approach me because they’ve found my blog posts, or because they’ve been recommended by their ISP or ESP or because they found my name on Spamhaus’ website. Generally, their first question is: can you tell us the spamtrap addresses on our lists so we can remove them?
My answer is always the same. I cannot provide a list of spamtrap addresses or tell you what addresses to remove. Instead what I do is help clients work through their email address lists to identify addresses that do not and will not respond to offers. I also will help them identify how those bad addresses were added to the list in the first place.
Spamtraps on a list are not the problem, they’re simply a symptom of the underlying data hygiene problems. Spamtraps are a sign that somehow addresses are getting onto a list without the permission of the address owner. Removing the spamtrap addresses without addressing the underlying flaws in data handling may mean resolving immediate delivery issues, but won’t prevent future problems.
Improving data hygiene, particularly for senders who are having blocking problems due to spam traps, fixes a lot of the delivery issues. Sure, cleaning out the traps removes the immediate blocking issue, but it does nothing to address any other addresses on the list that were added without permission. In fact, many of my clients have discovered an overall improvement in delivery after addressing the underlying issues resulting in spamtraps on their lists.
Focusing on removing spamtraps, rather than looking at improving the overall integrity of data, misses the signal that spamtraps are sending.

Read More

Organizational security and doxxing

The security risks of organizational doxxing. 
These are risks every email marketer needs to understand. As collectors of data they are a major target for hackers and other bad people. Even worse, many marketers don’t collect valid data and risk implicating the wrong people if their data is ever stolen. I have repeatedly talked about incidents where people get mail not intended for them. I’ve talked about this before, in a number of posts talking about misdirected email. Consumerist, as well, has documented many incidents of companies mailing the wrong person with PII. Many of these stories end with the company not allowing the recipient to remove the address on the account because the user can’t prove they own the account.
I generally focus on the benefits to the company to verify addresses. There are definite deliverability advantages to making sure email address belongs to the account owner. But there’s also the PR benefits of not revealing PII attached to the wrong email address. With Ashley Madison nearly every article mentioned that the email address was never confirmed. But how many other companies don’t verify email addresses and risk losing personally damaging data belonging to non customers.
Data verification is so important. So very, very important. We’ve gone beyond the point where any big sender should just believe that the addresses users give them are accurate. They need to do it for their own business reasons and they need to do it to prevent incorrect PII from being leaked and shared.

Read More