Validity Charging for Feedback Loop Emails



Return Path was a major driver for the establishment of Feedback Loops (FBLs) back in the mid to late 2000s. They worked with a number of ISPs to help them set up FBLs and managed the signup and validation step for them. In return for providing this service to senders and receivers, they used this data as part of their certification process and their deliverability consulting. Return Path had a strong corporate ethos of improving the overall email ecosystem that originated from the CEO and permeated through the whole organization.

In 2019 Validity acquired Return Path and within two months closed two offices and laid off more than 170 employees, many who are industry leaders and long time colleagues. In 2020 Validity acquired 250OK, one of their major competitors. Over the next year they then ended long term agreements with ESP partners, sued competitors and significantly raised prices for their product suite.

I was always a little concerned about Return Path’s near monopoly on certain parts of the email ecosystem. Under the guidance of the leadership team at the time, most of that power was used to improve email and drive the adoption of good practices (and a brief visit through old Return Path blog posts reinforces that memory). But that ethos left with that leadership team. In my blog post about the Return Path acquisition I noted that Validity’s announcement did not focus on the health of the email ecosystem. Instead they seemed focused on building a suite of tools designed to minimize the bad effects of acquiring addresses through channels other than direct opt-in.

It turns out that Validity is a very different company from Return Path. The dedication to keeping the email ecosystem healthy is no longer a part of their company ethos. As one Glassdoor reviewer put it: “at Validity you’re either sales or you’re sales support. There is no other position in the company.”

What happened

In mid-August a number of people reported getting emails from Validity announcing they would be charging to receive individual email messages (ARF reports) from their universal FBL. An example shared with me:

Email from Amber Bunch at Validity with the Subject Line: Important Update: Enhancements to our Feedback Loop Service and the text:

Dear Valued Subscriber,
We are thrilled to announce some exciting changes coming in September to our Feedback Loop service!
What's Changing:
•Service Model Enhancement: Moving forward you will only have access to aggregated data insights within the application. To continue receiving spam complaints (ARF reports) you will need to upgrade your package.
• Login Method Update: We are introducing a new, more secure login method. Email authentication will change from a secure email link to a username and password method supported by Autho.
You will receive an additional reminder one week before the launch with additional information to ensure that you are well-prepared for the transition and have all the information you need to securely log in to your account.
Thank you for your continued support.
Best regards,
Universal Feedback Loop team

Other folks received similar emails, but without mention of charges. Still others received multiple emails, some saying they would be charged for emails and some only discussing the login update. Needless to say, there was and is a lot of confusion about what was actually going on.

At the end of August, Validity made a blog post about the program, indicating that summary data would be available for free, but actual ARF reports would be charged at a rate of $1500 a year, including a maximum of 100K emails, starting September 21. According to Validity employees in the emailgeeks slack channel, additional blocks of 100K emails can be purchased for $1500. Current Validity customers paying for any sort of product are apparently exempt from this payment.

Since this was announced, I’ve been talking to a lot of folks about their FBL makeup and volumes to try and get an understanding of how this change would affect them. As with most things in deliverability, the details matter, but there are a few trends I found.

  • The bulk of ARF reports are, unsurprisingly, from Yahoo/AOL and from Microsoft’s JMRP program, which are not part of Validity’s Universal FBL program.
  • Senders focusing on the business market or who send to non-US residents have very low volumes of Universal FBL reports coming in.
  • Of the reports coming from the Validity managed Universal FBL most reports are from Comcast (note: this may reflect the US nature of the folks I talked to).

Senders use ARF reports in a few ways: to suppress folks who report mail, to provide deliverability support for customers, and as part of their compliance actions against customers. The images provided by Validity as an example of their summary report doesn’t look like those reports are going to be useable for any of those functions. It’s possible that the “export as CSV” will have useable details, like the IP address or the customer identifier, but that remains to be seen.

A screen shot from a recent Validity email showing what their new summary page looks like. It has a graph with lots of lines, each one being a different ISP.  The X axis is a range of dates and the Y axis runs from 0 to 12K. There is a button for "filter" and a button to "export as CSV".

Validity’s rationale for doing this is that managing their Universal FBL product costs them money. That is valid. In the past they covered the costs of the program by leveraging that data in their deliverability and certification services. Return Path’s dominant position in the market and their commitment to the health of the email ecosystem allowed them to generously support FBLs for the benefit of senders, recipients and end users. But now Validity, an investment vehicle, has shareholders expecting healthy returns. In the face of a number of well-funded competitors in the deliverability space, the gutting of their deliverability consulting program, and an overall decrease in the value of IP based certification I expect they just can’t monetize the data the same as they did in the past. Consequently they’re going to charge for the FBL service directly.

What now

FBL consumers are now faced with some hard decisions. These charges are set to take effect September 21. This is a new expense coming at very short notice near the end of the fiscal year and right before the holiday mailing season. Talking with various FBL consumers the costs they’re estimating to cover their current Universal FBL reports range from $10,000 a year (sending 3 billion emails a month) to >$250,000 a year (sending over a trillion emails a month). One person I talked to pointed out that the amount they would be paying was more than 10% of their entire deliverability budget, including MTA costs, organizational memberships and conference travel. Many senders are scrambling to decide what to do. Some senders have publicly stated they’re just going to stop using Validity’s service.

Senders are understandably concerned that their deliverability will suffer if they cannot get the ARF reports. I’m not sure that’s as true as it may have been in the past. The major example is Google. Google does not provide ARF reports, they provide summary data. But folks still manage to get good deliverability at Google without the ability to suppress recipients that complain. Other ESPs don’t send FBL emails for every this-is-spam report and delivery is still possible there.

There are a lot of factors involved in the business decision to pay Validity for a previously free resource. I do expect, however, that few companies are going to be able to find the necessary funding in such a short period of time. I did have one colleague tell me they absolutely would not be able to find the funding before their next budget period starting next June.

If there’s one thing I have seen demonstrated over the years it’s the resilience and adaptability of ESP compliance departments. For practical and cost reasons I think a lot of compliance groups are not going to be able to access FBL emails at the current price point. I don’t think costs are something they can easily absorb and if they intend to pass them along to customers, that’s going to involve product and billing changes.

As a product rollout, this was badly executed by Validity. Even now, less than 2 weeks out from when the product is supposed to be live, there is nothing on the Validity FBL signup page about pricing or even any notice that there is a cost associated with receiving FBL reports. Their Universal FBL FAQ mentions nothing about pricing. There is no product page.

Next Steps

I think many email programs can thrive without FBL reports and don’t need to pay Validity for them. Some of this depends on what’s in the .csv download of the free summary reports; there may be enough information in them to be useful. But, overall, the vast majority of consumer mail goes to Gmail who doesn’t provide FBL reports and companies manage deliverability there quite well.

I also expect that some ISPs are looking at other options for providing FBL emails to senders. I spoke with one ISP employee that was supportive of the idea of a public discovery process for FBL emails. There’s even an independent RFC defining new header field for FBL messages to be sent to.


I think, honestly, this is a badly managed money grab. Someone who doesn’t understand their existing FBL partners, perhaps someone new to Validity, saw something they thought they could get immediate revenue from and made that decision. They announced it publicly without putting together an actual product. There’s no landing page, there’s no pricing page, there’s no information on the FBL signup page, there’s no example free summary report. The only evidence of the new charges is a blog post and some confusing emails.

I also find it telling that what they’re charging for is the ARF reports and providing summary reports for free. It cannot be cheaper for them to extract and store all the data, manage a new interface and generate summary reports and forward email than simply to forward the email directly.

What I think is going to happen is many companies aren’t going to be able to pay for the FBL when it starts next week. They’re going to struggle through the next few months without access to FBL reports and then discover other data is just as useful at identifying problem customers. They’re going to find out that they can maintain their reputation and deliverability, particularly at the major consumer mailbox providers, without FBL reports from Validity’s Universal FBL.

I also think it’s long past time any of us who remember Return Path fondly to stop thinking of Validity as anything to do with Return Path. It’s not the same company. It doesn’t have the same values. They’re not here to make the email ecosystem better.

I am glad there are more competitors around and Validity is but one company in a diverse industry and, unlike many years ago, there are other options for most of their products.

This blog post would not have happened without the assistance of industry colleagues. You took the time to answer my questions, correct my misconceptions, share your data and emails, and provide feedback on this post. I thank all of you individually and collectively.

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Excellent article about an important component. Detailed and extremely pragmatic.
    Small correction: Complaint Feedback Loop Address Header {draft-benecke-cfbl-address-header} is not an RFC. It has Internet-Draft status, which means it is prior to getting any approvals. It is on the Independent Stream. That means it is within the IETF community, but outside the IETF, administrative structure. Approval is by the Independent Stream Editor. Most significantly, although it has been getting revised with some regularity, I’m not finding reference to it on any of the obvious IETF mailing lists. The last discussion of it was on the ietf-smtp list, January 2022.

    The Independent Stream Editor has their own processes for deciding whether to publish, but typically it involves both a technical assessment by some experts and an indication of community interest. To that end, it will help for anti-abuse community participants to join public discussion about the draft, both to improve it and to indicate community interest.

  • @Dave The ISE has sent the discovery draft to the RFC Editor and it will be published as RFC 9477. It’s currently in the AUTH48 state, the final review before publication.
    The timing is a coincidence, but a good one.

By laura

Recent Posts


Follow Us