Evolution of policy

Last week, I talked about policy, using some different blocklist policies as examples. In that post I talked about how important it is that policy evolve. One example of that is how we’ve been evolving policy related to companies that get listed on Purchased Lists and ESPs. Who is listed has evolved over time, and we’re actually looking at some policy changes right now.

Listing policy 1

The first iteration of the list was crowdsourced by deliverability people. One person mentioned they had a list they used when customers would argue “X company lets me send to purchased lists.” That list got shared and lots of folks contributed their company names. I offered to publish the list and thus the initial blog post.

  • Your company was added to the list by being nominated from a small group of people.

Listing policy 2

Once the blog post went up a surprising number of companies asked to be added to the list. I was happy to add the companies but needed some criteria other than nominated by this group of people. Our policy had to evolve to cover self-nominations. Whatever the policy was it needed to be something I could easily check and verify and couldn’t take up a significant amount of time.

  • Your company was added to the list by being nominated from a small group of people; or
  • Your company was self nominated and your terms and conditions / acceptable use policy states you do not allow purchased lists.

At the time I created policy 2 there were some specific goals driving it. We were getting regular requests to be added to the list. I didn’t have a lot of time or energy to vet every listing. There was also some pushback from anti-spam groups on the initial post that the list wasn’t accurate. Thus, the requirement that there be a public statement on the company’s website stating public lists weren’t allowed.

Listing policy 3

There’s one company on the list we’ve been having ongoing, frustrating interactions with. They don’t seem to enforce their abuse policy at all. We’ve reported multiple customers who are spamming purchased (and “purchased“) lists and the company refuses to take any action. The same customers keep spamming us over and over again. They meet the criteria for listing – they have a public policy that says they don’t allow purchased lists. But we’re seeing ongoing mail to addresses that are either purchased or stolen.

We decided to remove strike that company from the list. That’s fine, we’re allowed to make exceptions to the policy. I also always knew that “having a public statement against purchased lists” was a bit of a weak policy. Many companies have those public statements but don’t actually stop customers from sending to purchased lists. I was sure I’d have to wrestle with this issue sooner or later.

What are the goals?

The initial goal was to post timely information based on conversations happening in the industry. There were folks who wanted the lists to be more public, so they could point their own customers at it. We met that goal.

The second goal was to allow companies to add themselves to the list with some confidence they belonged on the list.

My newest goal is to sensibly and fairly add (and remove) companies who are not enforcing their policy. But what does not enforcing their policy look like? In the case of the company we removed from the list, we have sufficient evidence that they’re not stopping spam off their network. I’m pretty convinced there are other companies on the list that poorly manage their customers, too. But we don’t have as much direct evidence against those other companies.

The questions I’m asking as I think about what a sane policy would look like include:

  • what is the goal of the list now? is it to give props to companies that enforce their policies? is it simply to give companies a place to point to regarding ESPs that prohibit purchased lists?
  • if the goal is to highlight companies that are actually enforcing their policies, what does ‘enforcing their policies’ look like?
  • do I want to do all the vetting myself or should other people be involved in vetting?
  • how accurate do I want the list to be?
  • does it matter if companies get onto the list when they don’t qualify?
  • what is my time availability and how does that interact with the policy requirements?
  • does any of this matter?

I don’t have answers to all of the questions. I would prefer that the list be accurate and reflect only those companies that actively prevent their customers from sending to purchased lists. But how to ensure accuracy? And what counts? Does blocking mail to people who complain count? Making customers reconfirm lists?

This is one of the challenging bits of policy development. I don’t have answers, yet. At best the current policy is

  • Your company was added to the list by being nominated from a small group of people; or
  • Your company was self nominated and your terms and conditions / acceptable use policy states you do not allow purchased lists.
  • I don’t have any direct or overwhelming evidence customers are allowed to send spam to purchased lists.

For today, that’s good enough. But I know that it’s a stop gap policy, not a long term one.

Related Posts

Thoughts on policy

A particular blocklist, once again, listed a major ESP this week. Their justification is “this is our policy.” Which is true, it is their policy to list under these circumstances. That doesn’t make it a good policy, or even an effective policy. It’s simply a policy.

Read More

Who pays for spam?

A couple weeks ago, I published a blog post about monetizing the complaint stream. The premise was that ESPs could offer lower base rates for sending if the customer agreed to pay per complaint. The idea came to me while talking with a deliverability expert at a major ESP. One of their potential customer wanted the ESP to allow them to mail purchased lists. The customer even offered to indemnify the ESP and assume all legal risk for mailing purchased lists.
While on the surface this may seem like a generous offer, there aren’t many legal liabilities associated with sending email. Follow a few basic rules that most of us learn in Kindergarten (say your name, stop poking when asked, don’t lie) and there’s no chance you’ll be legally liable for your actions.
Legal liability is not really the concern for most ESPs. The bigger issues for ESPs including overall sending reputation and cost associated with resolving a block. The idea behind monetizing the complaint stream was making the customer bear some of the risk for bad sends. ESP customers do a lot of bad things, up to and including spamming, without having any financial consequences for the behavior. By sharing  in the non-legal consequences of spamming, the customer may feel some of the effect of their bad decisions.
Right now, ESPs really protect customers from consequences. The ESP pays for the compliance team. The ESP handles negotiations with ISPs and filtering companies. The cost of this is partially built into the sending pricing, but if there is a big problem, the ESP ends up shouldering the bulk of the resolution costs. In some cases, the ESP even loses revenue as they disconnect the sender.
ESPs hide the cost of bad decisions from customers and do not incentivize customers to make good decisions. Maybe if they started making customers shoulder some of the financial liability for spamming there’d be less spamming.

Read More

State of Email Deliverability

I had other posts in the pipeline, but saw a link to the Litmus 2017 State of Email Deliverability Report and decided that deserved a mention here.
There’s all sorts of interesting data there, and well worth a download and read. I was, of course, interested in the “most problematic subscriber acquisition sources.” Senders having blocking issues or blacklist problems in the past 12 months use list rental, co-reg and purchased lists more often than senders that didn’t have problems.

Senders acquiring addresses through list rental are 104% more likely to be blacklisted than senders not using list rental. And they’re 47% more likely to be blocked.
These stats are the primary reason that most ESPs don’t allow list rentals, purchased or co-reg lists. They cause blocking and blacklisting. The ESP ends up having to deal with lots of problems and clean up the mess.
I’m unsurprised that lead generation by giving something away (a report, ebook, whatever) is related to problems. Most of these forms do little to no data checking and accept any and all fake data. There are fairly simple ways to enforce better data, but that does limit the spread of the information.
I am surprised to see signup through direct mail and catalog sales is so bad. Unless maybe people don’t know how to say no when asked for an email address over the phone. I know it seems awkward to say no when asked for an email address. Maybe some folks are giving fake addresses. I sometimes say I don’t have email, or just tell them no, they don’t need one.
The white paper itself is well worth a read. Go download it yourself (but don’t give them a fake email address!).

Read More