Evolution of policy

Last week, I talked about policy, using some different blocklist policies as examples. In that post I talked about how important it is that policy evolve. One example of that is how we’ve been evolving policy related to companies that get listed on Purchased Lists and ESPs. Who is listed has evolved over time, and we’re actually looking at some policy changes right now.

Listing policy 1

The first iteration of the list was crowdsourced by deliverability people. One person mentioned they had a list they used when customers would argue “X company lets me send to purchased lists.” That list got shared and lots of folks contributed their company names. I offered to publish the list and thus the initial blog post.

  • Your company was added to the list by being nominated from a small group of people.

Listing policy 2

Once the blog post went up a surprising number of companies asked to be added to the list. I was happy to add the companies but needed some criteria other than nominated by this group of people. Our policy had to evolve to cover self-nominations. Whatever the policy was it needed to be something I could easily check and verify and couldn’t take up a significant amount of time.

  • Your company was added to the list by being nominated from a small group of people; or
  • Your company was self nominated and your terms and conditions / acceptable use policy states you do not allow purchased lists.

At the time I created policy 2 there were some specific goals driving it. We were getting regular requests to be added to the list. I didn’t have a lot of time or energy to vet every listing. There was also some pushback from anti-spam groups on the initial post that the list wasn’t accurate. Thus, the requirement that there be a public statement on the company’s website stating public lists weren’t allowed.

Listing policy 3

There’s one company on the list we’ve been having ongoing, frustrating interactions with. They don’t seem to enforce their abuse policy at all. We’ve reported multiple customers who are spamming purchased (and “purchased“) lists and the company refuses to take any action. The same customers keep spamming us over and over again. They meet the criteria for listing – they have a public policy that says they don’t allow purchased lists. But we’re seeing ongoing mail to addresses that are either purchased or stolen.

We decided to remove strike that company from the list. That’s fine, we’re allowed to make exceptions to the policy. I also always knew that “having a public statement against purchased lists” was a bit of a weak policy. Many companies have those public statements but don’t actually stop customers from sending to purchased lists. I was sure I’d have to wrestle with this issue sooner or later.

What are the goals?

The initial goal was to post timely information based on conversations happening in the industry. There were folks who wanted the lists to be more public, so they could point their own customers at it. We met that goal.

The second goal was to allow companies to add themselves to the list with some confidence they belonged on the list.

My newest goal is to sensibly and fairly add (and remove) companies who are not enforcing their policy. But what does not enforcing their policy look like? In the case of the company we removed from the list, we have sufficient evidence that they’re not stopping spam off their network. I’m pretty convinced there are other companies on the list that poorly manage their customers, too. But we don’t have as much direct evidence against those other companies.

The questions I’m asking as I think about what a sane policy would look like include:

  • what is the goal of the list now? is it to give props to companies that enforce their policies? is it simply to give companies a place to point to regarding ESPs that prohibit purchased lists?
  • if the goal is to highlight companies that are actually enforcing their policies, what does ‘enforcing their policies’ look like?
  • do I want to do all the vetting myself or should other people be involved in vetting?
  • how accurate do I want the list to be?
  • does it matter if companies get onto the list when they don’t qualify?
  • what is my time availability and how does that interact with the policy requirements?
  • does any of this matter?

I don’t have answers to all of the questions. I would prefer that the list be accurate and reflect only those companies that actively prevent their customers from sending to purchased lists. But how to ensure accuracy? And what counts? Does blocking mail to people who complain count? Making customers reconfirm lists?

This is one of the challenging bits of policy development. I don’t have answers, yet. At best the current policy is

  • Your company was added to the list by being nominated from a small group of people; or
  • Your company was self nominated and your terms and conditions / acceptable use policy states you do not allow purchased lists.
  • I don’t have any direct or overwhelming evidence customers are allowed to send spam to purchased lists.

For today, that’s good enough. But I know that it’s a stop gap policy, not a long term one.

Related Posts

Arguing against the anti-spam policy

Not long ago I was talking with a colleague who works for an ESP.  She was telling me about this new client who is in the process of negotiating a contract. Normally she doesn’t get involved in negotiations, but the sales group brought her. It seems this new client is attempting to remove all mention of the anti-spam policy from the contract. As she is the deliverability and compliance person, the sales people won’t agree unless compliance does.
Her sales team needs props for bringing her in to negotiate a contract where the anti-spam clause is removed.
This isn’t that unusual situation. Many well managed ESPs will include deliverability and compliance personnel in negotiations if the customer indicates they want changes to the language of the anti spam clause.
On the face of thing it seems reasonable for customers to want to negotiate compliance terms. They want to protect themselves from unexpected outages. It seems irresponsible to allow a service provider to have the ability to made such a business affecting decision.
Many folks try to negotiate their way out of anti-spam clauses. Just asking for changes isn’t a big deal. However, some companies push the issue with sales and contract folks to an extreme. They threaten to not sign if the anti-spam clauses are removed completely. ContractForBlog
Threatening a contract over compliance issues can poison an entire working relationship. The fact is that most people who argue about anti-spam clauses and compliance issues are people who have had problems with other ESPs in the past. For better or worse, prospects that try and remove anti-spam clauses from contracts are often problem customers.
On the compliance side, if someone is pushing hard to get the spam clause removed, they think a few different things:

Read More

Who pays for spam?

A couple weeks ago, I published a blog post about monetizing the complaint stream. The premise was that ESPs could offer lower base rates for sending if the customer agreed to pay per complaint. The idea came to me while talking with a deliverability expert at a major ESP. One of their potential customer wanted the ESP to allow them to mail purchased lists. The customer even offered to indemnify the ESP and assume all legal risk for mailing purchased lists.
While on the surface this may seem like a generous offer, there aren’t many legal liabilities associated with sending email. Follow a few basic rules that most of us learn in Kindergarten (say your name, stop poking when asked, don’t lie) and there’s no chance you’ll be legally liable for your actions.
Legal liability is not really the concern for most ESPs. The bigger issues for ESPs including overall sending reputation and cost associated with resolving a block. The idea behind monetizing the complaint stream was making the customer bear some of the risk for bad sends. ESP customers do a lot of bad things, up to and including spamming, without having any financial consequences for the behavior. By sharing  in the non-legal consequences of spamming, the customer may feel some of the effect of their bad decisions.
Right now, ESPs really protect customers from consequences. The ESP pays for the compliance team. The ESP handles negotiations with ISPs and filtering companies. The cost of this is partially built into the sending pricing, but if there is a big problem, the ESP ends up shouldering the bulk of the resolution costs. In some cases, the ESP even loses revenue as they disconnect the sender.
ESPs hide the cost of bad decisions from customers and do not incentivize customers to make good decisions. Maybe if they started making customers shoulder some of the financial liability for spamming there’d be less spamming.

Read More

Are you still thinking of purchasing a mailing list?

Last week there was an article published by btobonline promoting the services of a company called Netprospex. Netprospex, as you can probably gather from their company name, is all about the buying and selling of mailing lists. They will sell anyone a list of prospects.
The overall theme of the article is that there is nothing wrong with spam and that if a sender follows a few simple rules spamming will drive business to new heights. Understandably, there are a few people who disagree with the article and the value of the Netprospex lists.
I’ve stayed out of the discussion, mostly because it’s pretty clear to me that article was published solely to promote the Netprospex business, and their point of view is that they make more money when they can convince people to purchase lists from them. Dog bites man isn’t a very compelling news story. Data selling company wants you to buy data from them isn’t either.
They are right, there is nothing illegal about spam. Any sender can purchase a list and then send mail to the addresses on that list and as long as that sender meets the rock bottom standards set out in CAN SPAM. As long as your mail has an opt-out link, a physical postal address and unforged headers that mail is legal. The only other obligation on the sender is to honor any unsubscribe requests within ten days. So, yes, it is legal to send spam.
But legal action isn’t the only consequence of spamming. Today I received the following in an email from a colleague.

Read More