Thoughts on policy

A particular blocklist, once again, listed a major ESP this week. Their justification is “this is our policy.” Which is true, it is their policy to list under these circumstances. That doesn’t make it a good policy, or even an effective policy. It’s simply a policy.

Crafting policies

Crafting good policy starts with the question “what is the desired outcome in this situation?” Once we know the desired outcome, then we can craft a policy that reaches that outcome. Along the way, every piece of the policy is evaluated against the desired outcome: does this get us further down the path to achieving our goal?

In many ways, identifying the final goal is the most important part of crafting policy. Those who choose the wrong goal, end up with policy that doesn’t reach that goal. There are some really clear examples of that in the email space. Picking the wrong goal results in policy that meets the goal, but doesn’t necessarily do what the creators intended.

Blocklist policy

The blocklist currently listing most, if not all, of the IPs belonging to at least 2 major ESPs has a policy to increase listings based on a numerical formula. If a certain percentage of IPs in a range are hitting spamtraps, then the listing is escalated, until they list all the IPs under a ASN. This is quite aggressive listing policy. The blocklist documentation even clearly states this will block wanted mail.

This type of policy is designed to bring heavy amounts of pressure on network owners to aggressively remove spammers from their network. The problem is that because the escalations are so aggressive and because the aggressiveness blocks so much wanted mail, larger networks don’t use the list. Since the list isn’t used, there is very little pressure on any IP owner to clean up their customer base.

Compare that with a different blocklist. This blocklist doesn’t have an aggressive escalation policy. They will escalate in some cases, but in general their listings are quite conservative. They even list some IPs that don’t send mail, as a warning to the IP owner that there is some problem. Despite being less aggressive, this blocklist is much more effective at changing behaviour. Why? Because this list is widely used.

Unexpected consequences

In order for a blocklist to be effective, it needs to actually affect mail delivery. The reason the less aggressive list is more effective is due to its wider use. There isn’t a lot of persuasion in a list that blocks mail to one or two subscribers at an obscure ISP. Those two subscribers may be annoyed at their inability to receive a particular mail, but they can simply move a particular subscription to a different email address. On the other hand a list that’s used by major webmail providers and incorporated into numerous filters will have a significant impact on sender behaviour, even if that’s not their policy goals.

Policy should not be fixed

Simply having a policy isn’t enough. There have to be processes for when the policy is broken. Processes include when and how to undertake an investigation and then how to address the problem once the investigation is finished. Policies are not worth the paper they’re written on without effective enforcement.

Good policy enforcement is, in most cases, pretty simple. But inevitably policy violations arise that challenge current processes to handle in a way that further the policy goals. There are two primary ways organisations handle this. The first is to fall back on “it’s policy” and “this is what happens.” Even when the outcome is unfair or doesn’t further the underlying policy goals there is no room for discussion or modification to the policy. The second case is more fluid. Policy is not fixed and immovable. Instead, the underlying goal is fixed and immovable, and processes are changed to meet the policy goals. Of course, you don’t want to be modifying policies all the time, but when a process is inadequate to address a situation, modification should be on the table.

In the case of the aggressive blocklist, their current policies and processes are not, from an outside perspective, meeting their stated goals. Because their listing process is so aggressive and because they block mail people want to receive, the list is not widely used. Since it’s not widely used, being listed is meaningless. Companies aren’t  making changes in order to get delisted because there’s no need. I’m sure they know this, but have chosen not to modify their policies.

There are a lot of challenges to crafting effective policies and processes around those policies. Over the next few months I’ll be writing more about how to think about policies and processes that surround them.

 

Related Posts

January 2017: The Month in Email

Between client work and our national political climate, it’s been a very busy month around here and blogging has been light. Things show no sign of slowing down in February, so we’d love to hear from you with questions and suggestions of what you’d most like to see us focus on in our limited blogging time this month. We got a great question about how senders can access their Google Postmaster tools, and I wrote up a guide that you might find useful.

We’re also revisiting some older posts on often-requested topics, such as spamtraps, so feel free to comment below if there are topics you’d like us to address or update. One topic that comes up frequently, both on the blog and in our consulting practice, is about what to do when you’re on a blocklist. I revisited an old-but-still-relevant post on that topic as well.
On the Best Practices front, I wrote about how brands can use multiple channels to connect with customers and prospective customers to promote and enhance email delivery. I also took a moment to look back over 2016 and forward to 2017 in the realm of email security.
I continue to be annoyed by B2B spam, and have started responding to those “requests” for my time directly. Steve also wrote a long post about B2B spam, focusing on how these spammers are using Google and Amazon to try to work around reputation issues.
In case you missed it, I contributed some thoughts to a discussion on 2017 email trends over at Freshmail with my exhortation to “Make 2017 the year you turn deliverability into a KPI.”
I’m also still in the process of completing my 2017 speaking schedule, so I’m looking for any can’t-miss conferences and events you’d recommend. Thanks for keeping in touch!

Read More

Monetizing the complaint stream

What if ESPs (and ISPs, for that matter) started charging users for every complaint generated? Think of it like peak pricing for electricity. In California, businesses can opt for discounted power, with the agreement that they are the first companies shut off if electrical demand exceeds supply. What if ESPs and ISPs offered discounted hosting rates to bulk senders who agreed to pay per complaint?
I see pricing scheme something like this.

Read More

UCEProtect and GDPR fallout

First thing this morning I got an email from a client that they were listed on the UCEProtect Level 3 blacklist. Mid-morning I got a message from a different client telling me the same thing. Both clients shared their bounce messages with me:

Read More