ESPs need to step up their compliance game

I don’t send a lot of spam complaints generally. Mostly I block and move on. There are some companies, though, that I offer the professional courtesy of sending a complaint or a report to their abuse@ address. Former clients, friends and colleagues generally get that courtesy.

The number of ESPs that completely fail to take any action is disappointing. Too many of them can’t even manage the simple courtesy of removing addresses. A few don’t even process bounces correctly and continue to send mail even when getting a spam block or 550 user unknown.

Sometimes I’ll reach out to folks who I know work at particular ESPs, although that’s less common these days as everyone seems to be moving companies and I can’t keep track. Often I get an invite to “always send me complaints directly.” That … is not a solution, people. Expecting people who are reporting spam to go out of their way to send mail to individuals rather than a standard mailbox just puts more on the recipient. For me, at least, it involves a trip to LinkedIn to figure out who I know at a particular place and sometimes I’m just too busy.

There’s also the problem where at least one ESP throws away direct reports to their staff, probably because ‘they contain spam.’ I reached out to a colleague who asked me to forward the reports to them. They never received the reports and we resorted to me cutting and pasting headers into a slack conversation.

Look, I get it. Compliance is a challenge. I’ve set up enough compliance desks over the years to understand things will fall through the cracks. But I’ve also worked with desks that have automation that extract the address from every complaint at receipt time and make sure that address is suppressed from the problem customer’s list. That happens before the report is ever seen by a human, ensuring that people who are complaining don’t have to complain more than once.

I also understand that mergers and acquisitions and company expansions mean that sometime there’s not a clear pathway to the abuse box. There was one ESP that had abuse@esp in their headers as the right place to complain. The problem was those emails were handled by legal at the parent company and were never sent to the actual division sending the mail. There’s also been a massive relaxation in what’s acceptable, with many ESPs looking the other way when lists or addresses are acquired without permission. And, yes, some of those are on my list and I have heard directly from their abuse desks that action won’t be taken against the sender even though there’s incontrovertible evidence the address was acquired through a third party.

Many ESPs are failing to effectively stop abuse through their networks. Some of this is because how we monitor abuse hasn’t kept up with the changes in the email ecosystem. Other problems include unsupportive management, understaffed compliance desks, and abandoned or unmonitored abuse@ addresses. Then there is the entire ecosystem of spam that is built around Google, Office365 and data sellers.

In a week, many of us will be getting together in London to talk about ways to reduce messaging abuse. These events tend to be busy and there’s so much to talk about we don’t always get to have the conversations we need to. Maybe we need to make some time to have this conversation, though. How can we, as ESPs, stop more abuse than we’re currently managing to stop? What can we do to make the Internet a better, safer place? Are there some easy changes we can make to improve things?

Related Posts

ESPs and deliverability

There’s an ongoing discussion, one I normally avoid, regarding how much impact an ESP has on deliverability. Overall, my opinion is that as long as you have a half way decent ESP they have no impact on deliverability. Then I started writing an email and realised that my thoughts are more complex than that.

Read More

Amendment is futile, part 2

When Yahoo filed for dismissal of the Holomaxx complaint, they ended the motion with “Amendment would be futile in this case.” The judge granted Yahoo’s motion but did grant Holomaxx leave to amend. Holomaxx filed an amended complaint earlier this month.
The judge referenced a couple specific deficiencies of Holomaxx’s claims in his dismissal.

Read More

Arguing against the anti-spam policy

Not long ago I was talking with a colleague who works for an ESP.  She was telling me about this new client who is in the process of negotiating a contract. Normally she doesn’t get involved in negotiations, but the sales group brought her. It seems this new client is attempting to remove all mention of the anti-spam policy from the contract. As she is the deliverability and compliance person, the sales people won’t agree unless compliance does.
Her sales team needs props for bringing her in to negotiate a contract where the anti-spam clause is removed.
This isn’t that unusual situation. Many well managed ESPs will include deliverability and compliance personnel in negotiations if the customer indicates they want changes to the language of the anti spam clause.
On the face of thing it seems reasonable for customers to want to negotiate compliance terms. They want to protect themselves from unexpected outages. It seems irresponsible to allow a service provider to have the ability to made such a business affecting decision.
Many folks try to negotiate their way out of anti-spam clauses. Just asking for changes isn’t a big deal. However, some companies push the issue with sales and contract folks to an extreme. They threaten to not sign if the anti-spam clauses are removed completely. ContractForBlog
Threatening a contract over compliance issues can poison an entire working relationship. The fact is that most people who argue about anti-spam clauses and compliance issues are people who have had problems with other ESPs in the past. For better or worse, prospects that try and remove anti-spam clauses from contracts are often problem customers.
On the compliance side, if someone is pushing hard to get the spam clause removed, they think a few different things:

Read More