Industry News & Analysis

How to hire an affiliate

Yesterday I talked about all the reasons that using affiliate email can hurt overall delivery. In some cases, though, marketing departments and the savvy email marketer don’t have a choice in the matter. Someone in management makes a decision and employees are expected to implement it.

If you’re stuck in a place where you have to hire an affiliate, how can you protect the opt-in marketing program you’ve so painstakingly built? Nothing is foolproof, but there are some ways you can screen affiliates.

Who are they?

First step is to ask them for a bunch of information about their company.

  • What is their full corporate information: company name, address, phone number and online URL.
  • Where do people sign up for mail?
  • What domains and IPs they use to send email?
  • Do they use ESPs or manage their own servers?
  • Will they contract out your send to other parties?

Trust but verify

Next step is to visit the websites they shared with you.

  • Does their corporate site have any person’s name on it anywhere?
  • Does the corporate site mention any of their brands? Again, if they’re hiding something why are they hiding it?
  • Does the signup site link back to the parent company?
  • Is there any information about the corporate structure on the signup site?
  • Is there a privacy policy on the site?

🚩When should you worry?

Signs that all may not be as it seems.

  • When the vendor can’t or won’t tell you the websites where they collect email addresses.
  • When you visit the website they told you about, but there isn’t a clear way to opt-in to any mail.
  • When the privacy policy of the signup site mentions a completely different site somewhere in the text.
  • When they won’t tell you what domains they use in email.

Any one of these things signals something might not be right. But any combination of them should set off alarm bells.

Other investigative routes

Check the company and your contacts through LinkedIn. Do they have a profile and if so, how does it match with what they’ve told you? And, really, what sales person doesn’t have a LinkedIn page?

Sign up for their mail. I suggest you don’t do it through your regular mailbox, setup a freemail account on each of the major services and use that. See what happens. Monitor them for a while. The mailbox I shared in my earlier affiliate post was almost 2 years after I first signed up at a job site. It took about 6 weeks to start getting stuff that wasn’t job offers. Then it took another few months before I started getting actual spam. For that mailbox I initially signed up June 6; the first unauthetnicated and non-job email showed up September 16 (Quick Loans eLoanPersonal). The address got a mix of requested mail and spam through October 6 and then the spam floodgates opened.

One of the biggest red flags is not telling you what domains and IPs they send from. If you sign up for their mail you’ll get it. I once had a customer tell me their brands, domains and IPs were proprietary information. That’s just silly. And it reeks of the sender being a spammer and not wanting you to know they are using botnets.

Ask them how they monitor for and deal with delivery problems.

These questions and investigative techniques aren’t fool proof. But they’ll open up a discussion with the vendor. I pointed out some of the red flags here, but the crux of the matter is this is a company you are hiring to do work for you. If they do it badly you’re not just wasting money, you’re risking having to clean up a deliverability mess. Can you trust this company to value your mail and your company reputation the same way you do? If the answer is no, maybe this isn’t the vendor for you.


Affiliate marketing overview

Most retailers have realized that sending unsolicited email is bad for their overall deliverability. Still, the idea they can send mail to people who never heard of them is seductive.

Enter affiliate email. That magical place where companies hire an agency, or a contractor, or some other third party to send email advertising their new product. Their mail and company reputation is protected because they aren’t sending the messages. Even better, affiliates assure their customers that the mail is opt-in. I’m sure some of them even believe it.

The reality is a little different from what affiliates and their customers want to believe.

Affiliate marketing is sold as opt-in

It’s been a while since I’ve taken on affiliate mailers as clients, and I routinely turn down clients who tell me ahead of time they use affiliates. Sometimes, though I’ll take on a client who is having problems with their mail and discover that they use affiliates. “Oh, we probably should have mentioned we also have this affiliate program way over there, but that shouldn’t be why our opt-in and transactional mail is failing at Gmail.”

That’s when I pull out the Google Bulk Mail Senders Guidelines and point at the very bottom of the page.

In reality, using affiliates can affect all mail from a company. I’m not sure how Google does it, but their ability to draw connections between a company’s affiliate mail and their opt-in mail is pretty good. Senders using affiliates in the hopes of prospecting without affecting their “regular” mail discover this, eventually.

Affiliate marketing is kinda opt-in

In my experience most affiliate websites are not very user friendly. Going through signups seems designed to distract and confuse visitors into clicking on agreements. This isn’t just evident in the flashy website design, but the wording on many pages seems designed to confuse.

About a decade ago, one of the MTA vendors hired me to be their in house deliverability expert for some of their major clients. One of the clients they asked me to work with was an affiliate marketing company. They were attempting to “do things right.” And, in fact, they were confirming email addresses before mailing.

However, this company was also sharing data with third parties. One of those parties started sending email to me before the actual client sent me the opt-in request. When I mentioned this to the client, they explained that the company spamming was supposed to only send direct mail, not email. They couldn’t explain why they were passing on email addresses if their partner wasn’t supposed to mail them. 🤔

Affiliate marketing is overwhelming

In June 2016, one of my clients revealed they were collecting addresses through affiliates. They sent me to a few different websites to sign up for mail.  I did. In the 22 months since I signed up, I’ve received a lot of mail.

lot of mail.

Yes, those are actual email counts.  I’m most intrigued by the addresses with only a couple emails, they appear to be truncated versions of some of the addresses I actually used to sign up. I’m not sure what kind of horrible data processing does that, but clearly there’s something truly broken out there mangling email addresses.

Not only did the sites mangle the addresses I gave them, most of the current messages aren’t even job related. Phishing, male enhancement drugs, dating scams they’re all in there. Even the one message offering job vacancies is a work from home scam.

Want to see what one of the emails looks like? I picked CVS/Drug Mall ! Expect Something Extra, Jane Doe

Not all affiliates…

I’m sure it’s not all affiliates. But 95% of affiliate marketers give the other 5% a bad name.


1 Comment

SNDS issues and new Gmail

A bunch of folks reported problems with Microsoft’s SNDS page earlier today. This afternoon, our friendly Microsoft rep told the mailop mailing list that it should be fixed. If you see problems again, you can report it to mailop or your ESP and the message will get shared to the folks who can fix it.

The other big thing that happened today was Gmail rolled out their new inbox layout.

It’s… nice. I’ll be honest, I am not a big gmail user and have never been a huge fan. I got my first account way-back-during-the-beta. I used it to handle some of my mailing list mail. I could never work out how to get it to stop breaking threads by deciding to put some mail into the junk folder. I just gave up and went back to my shell with procmail (now sieve) scripts. I still have a couple lists routed to my gmail account, and the filtering is much improved – I can at least tell it to never bulk folder certain email.

The feature I’m really interested in is the confidential, expiring email. I’m interested in how that’s going to work with non-Gmail accounts. Within Gmail makes perfect sense, but I don’t think Gmail can control mail once it’s off their system.

My best guess is that Gmail will end up sending some type of secure link to recipients using non-Gmail mail servers. The message itself will stay inside Google and recipients will only be able to view mail through the web. That’s how the vast majority of secure mail systems work.

If anyone has the secure message already, feel free to send me a secure message. I’ll report back as to how it works.

1 Comment

What kind of mail do filters target?

All to often we think of filters as a linear scale. There’s blocking on one end, and there’s an inbox on the other. Every email falls somewhere on that line.

Makes sense, right? Bad mail is blocked, good mail goes to the inbox. The bulk folder exists for mail that’s not bad enough to block, but isn’t good enough to go to the inbox.

Once we get to that model, we can think of filters as just different tolerances for what is bad and good. Using the same model, we can see aggressive filters block more mail and send more mail to bulk, while letting less into the inbox. There are also permissive filters that block very little mail and send most mail to the inbox.

That’s a somewhat useful model, but it doesn’t really capture the full complexity of filters. There isn’t just good mail and bad mail. Mail isn’t simply solicited or unsolicited. Filters take into account any number of factors before deciding what to do with mail.

What kinds of factors?

There are five broad questions I think about when guiding clients through their email programs.

  • Is the mail safe?
  • Is the mail solicited?
  • Is the mail targeted?
  • Is the mail wanted?
  • Is the mail productive?

Different filters have different weights for the categories. Those weights explain why delivery can range so widely across domains and email providers.

Let’s look at each set of factors and talk about who might care more about those factors than others.

Is it safe?

Does the message contain malware, phishing, anything that could harm the recipient’s computer or the network as a whole? These filters are widespread and heavily weighted by most people. Safe doesn’t typically come into it for legitimate mail, but the filters are still there and still sniff at our mail.

Is it solicited?

Alternatively, did the user ask to receive mail from the sender? Many blocklists, including Spamhaus, specifically set out to block unsolicited email. They don’t really care about what the email is. They simply want to make sure that the recipients are receiving mail they asked for.

Confirmed opt-in is a way to ensure that mail is solicited. The folks behind many of the blocklists simply want users to receive mail they asked for. Senders who can demonstrate the mail is solicited get removed from the list.

At ISPs, solicited is somewhat important, but the signs of solicited mail overlap with signs of wanted mail. When ISPs measure unknown users and complaints, part of what they’re trying to determine is if the mail is solicited by their user.

Is it targeted?

Does the user understand why they’re receiving the mail? As a small business owner, I get a lot of targeted email. Random companies buy addresses and target me as someone who might want their service. The mail is targeted, so some filters, particularly those at ISPs, might not block or spam folder the mail.

But just because mail is targeted doesn’t mean the user wants it.

Is it wanted?

Does the user want the mail? Sometimes they do, sometimes they don’t. The big webmail providers (Oath, Microsoft, Gmail) heavily weight wanted. They don’t care so much if the message is solicited or targeted, although both things will increase the likelihood that the mail is wanted. At these ISPs, filters really focus on signs that the user is engaged with the message as part of the delivery process. Wanted mail gets into the inbox, unwanted mail not so much.

But just because the mail is wanted doesn’t mean it will make it to the inbox.

Is it productive?

This filter only really comes into effect when we’re talking about mailing into businesses. Email is a tool for businesses and they often want employees to be working while at work. Even if an employee solicits and email a business might decide it’s not productive for the business and they block that source of email. Likewise, businesses will block targeted and wanted messages simply because they’re unproductive.

What’s it all mean?

Effectively addressing delivery problems means understanding why a message isn’t reaching the inbox. Improving engagement isn’t going to help senders reach employee mailboxes if the mail is unproductive. Better targeting won’t help if the block is due to the mail being unsolicited. Using confirmed opt-in won’t magically get malware into the inbox.

It used to be that deliverability recommendations would work across the range of filters. Mail that made it to the inbox at an ISP like Gmail was likely to make it into the inbox almost anywhere. But as Gmail (and Oath and Microsoft) focus more and more on custom delivery for every recipient, recommendations that work there aren’t always going to work elsewhere.

Reaching the inbox outside of webmail providers means taking a lot more into account than just if the recipient is engaged with your mail.


No Comments

No, I won’t rate you!

Brick and mortar stores have tried to use feedback as a means of driving customer engagement for a while. Anyone who’s shopped at a big chain here in the US knows what I mean. You buy a pack of gum and end up with a 2 foot long receipt. At the bottom of the receipt there is a URL and bar code. The cashier circles the bar code and cheerfully tells you to go online and tell corporate about their service.

If you go to the website, they ask you for specific specific purchase information (time, date, store number, amount, cashier) and ask a bunch of questions about the store. Then, they offer you a chance to win something (gift card, something) if you’ll provide them with your personal information. 

Note: This particular form does not allow you to continue at all unless you’ve filled in the information request. Even if you check “prefer not to answer” the page throws up an error message and tells you to provide a valid phone number.

More recently email marketers have jumped on the asking for feedback bandwagon. Over the last few weeks multiple companies have sent me emails asking how my visit to their website was. It… was a website? I mean I went to your website and checked my credit card bill, it told me how much I owed. Your tech support told me they couldn’t fix my problem over chat, I’d have to take my laptop in for repairs. My package arrived and if it didn’t you can be sure I would have reached out to you.

And it’s not just online services that do this. Hotels send followup surveys, which if you’re a frequent traveler turns into a full time job. Yes, I visited your hotel it’s very nice. If I’m in town and that’s where the conference I’m attending is hosted, I’ll probably be back.

I get it, the more chances you provide for people to interact with your brand the more engaged they are and the more likely they are to purchase from you. But a simple search of my mailbox shows over a dozen messages from companies over the last few weeks, all of them asking me for feedback on their services. I’d like a little less email, please. The bank, the mortgage company, the credit card company, the food delivery service I used, the clothing website, the travel website, the ride share service, the hotel… the list goes on and on.

If only a few companies did this, it wouldn’t be such a big deal. But as more and more companies adopt the triggered email followup (and the followup reminder and the final reminder and the final final reminder), recipients are going to get tired of the messages. Some of the requests don’t even have opt-outs, although the majority of the ones in my mailbox do.

I get that each company is only responsible for the mail they, in particular, are sending. But the user has a different frame of reference, and maybe it’s time to consider that using surveys and triggered emails to drive engagement may not be a long term sustainable business model. The rest of the companies out there using the same strategy are going to ruin it for everyone.


No Comments

Laposte rejections

Update: The issue seems to have been resolved and Laposte say they’re no longer sending the 519 responses as of April 25th 2018. are having a bad couple of weeks. There’ve been reports from customers of their IMAP service being unusable, with attempts to move or delete messages timing out and expected emails simply not arriving.

Several delivery friends have mentioned that they’re rejecting mail with errors that look like this:

550 5.5.0 Service refuse. Veuillez essayer plus tard. Service refused, please try later. LPN007_519

It looks like they have some serious mailstore problems. They’ve said that the “519” bounce code means your mail won’t be delivered, but it’s a problem at their end and there’s nothing senders need to do to resolve it.

Their rejecting mail with a 550 response (“Requested action not taken: mailbox unavailable”), rather than a 4xx response that would allow for retries is probably a good operational decision for them if their infrastructure is melting down, but it does mean that recipients at are likely to bounce off lists. You should check on that, and add the bouncing addresses back.

Laposte’s statement to their customers says (badly translated from the French):

Alert: delay in receiving your mails

The situation has improved in recent days even if it is still unstable for some of you. This unprecedented incident is notably due to an exceptional growth in the number of advertising mails (multiplied by 10 in recent months).
We mobilized all technical expertise to restore optimal service by installing new servers. We carry out safety and scalability tests to ensure a lasting recovery of the device.

No Comments

GDPR and the EU and Opt-in Confirmation

There’s a lot of discussion going on about just what GDPR requires, and of who, and in which jurisdictions. German organizations in particular have been more aggressive than most about wanting to see opt-in confirmation for years and now seem to be adding “because GDPR” to their arguments.

I’m still not sure how this is going to shake out, but I’m beginning to see list owners take externally visible action.

I’ve been a subscriber for four or five years – it’s a good mailing list, run well, and I doubt it has any delivery issues beyond the unavoidable.

So this is a permission pass solely because they’re not sure whether I’m an EU resident, and aren’t 100% sure their opt-in confirmation data is squeaky clean (I subscribed as part of downloading an app of theirs, but after five years I couldn’t tell you whether that was technically confirmed opt-in or not, and I’m sure they can’t either).

Zoomdata aren’t taking any chances on confirmation. This isn’t a single “click to confirm you want to stay on the list” permission pass, rather it goes to a form that asks whether I’m an EU resident and if I am requires me to check an “Opt-in to email communications” checkbox and then click on a link in a confirmation email.

I’m not an EU resident today but may be an EU resident in the near future – yet my email address won’t change and nor will my mailing list subscriptions. That does make me wonder how valid it is to be capturing opt-in permission solely for recipients who are EU residents today.

Also are non-EU residents likely to claim they live in the EU because they’ll be treated better as far as their privacy is concerned, much the same as telling Facebook or Twitter you live in Germany provides you with better content filters?

I guess I’ll be seeing more of this in my inbox over the next few weeks. How are all y’all handling GDPR compliance?


Don’t bother unsubscribing

In the early years of the spam problem, a common piece of advice was to never unsubscribe. At the time, this made a lot of sense. Multiple anti-spammers documented spammers harvesting addresses from unsubscribe forms. This activity tapered off around 2000 or so, although the myth persisted for much longer.

These days, there isn’t much harm in unsubscribing. I even spent a full month unsubscribing from spam at one of my dormant accounts (Yes, spam is still a problem). While the graph shows an initial increase in spam, levels dropped for the next few months. By the time I cancelled the account in 2017, spam levels were at very low. I don’t know if the decrease was due to the unsubscribing or if there were improvements in the filtering appliance the ISP used.

More recently the biggest problem is senders that don’t honor unsubscribes. There are a lot of reasons this can happen and they’re not all malicious. Still, too many companies don’t care enough to actually make sure their unsubscribe process is working. I’ve had way too many companies “lose” unsubscribe requests, sometimes years after I asked them to stop. I expect many of these cases are accidents. They switch ESPs and decide or forget or otherwise fail to transfer unsubscribes to the new ESP. But, in other cases, there doesn’t seem to be any ESP change. It appears the companies think that they can reactivate unsubscribes at some point (pro tip: there is no expiration on legally required unsubscribe requests).

All of this leads to my current recommendation: yeah, unsub if you feel like it, it’s unlikely to hurt, and it’s possible it will help. But, don’t expect them to actually work permanently. Companies just don’t care enough to make them permanent.



No Comments

Widespread Microsoft phishing warnings today

People throughout the industry are reporting phishing notices in a lot of mail going through Microsoft properties this morning. I even got one in an email from one of my clients earlier today

Multiple people have talked to employees inside Microsoft, and I suspect their customers have been blowing up support about this. I know they’re aware, I suspect they’re frantically working on a fix.

Update 11 am PDT: It appears this filter is firing when mail has the word “hotmail” in it. This includes if non displaying text (like CSS) has the word in it. It feels like they were attempting to mitigate something and wrote a rule that wasn’t quite right. Still no word on a fix, but don’t panic.

Update 12:30 PDT: Reports are that the warning is gone. No word from Microsoft, but as long as things get fixed we don’t need it.

No Comments

Change is coming…

A lot of email providers are rolling out changes to their systems. Some of these changes are so they will comply with GDPR. But, in other cases, the changes appear coincidental with GDPR coming into effect.

It seems, finally, some attention is being paid to the mail client. Over the last few years the webmail providers have tried to upgrade their interface.  Many of the upgrades are about managing high volumes of email in a more efficient manner. Google uses tabs while Microsoft has sweep and focused inbox.

It’s about time the mail client got an overhaul. My Apple mail client doesn’t look all that different from the desktop client I was using back in the late 90s on OS/2 Warp back in the late 90s. In some ways the OS/2 client was actually more functional. And, well, I do miss a lot of the flexibility of mutt in the shell.

Today, Google announced to Google Suite administrators that they would be rolling out a major client overhaul. G Suite admins who want to can join the early adopter program in the coming week. Techcrunch has a sketch of what the new mailbox layout looks like, done by someone who says they saw a Google engineer working on a train.

What’s interesting about the sketch is it seems tabs are going away. Given how many senders hate tabs I’m sure this is a welcome relief. We’ll see, though, if there’s not more inbox management built into the new client or not. The nifty new features are “snooze” – hide this email for some period of time and bring it back at some point in the future. The other big thing is calendar access right from the mail client.

I expect, too, that as OATH: brings the Yahoo and AOL mailboxes under one banner, there will also be some changes there. All of this amounts to more uncertainty in the email delivery space. But we’ll get through, we always do.

1 Comment