Recent Posts

And the ugly…

Getting back to my series on the good, the typical and the ugly in the ESP field, and there is some very ugly out there. I have 3 examples of the ugliness out there and what ESPs and legitimate senders are competing with.
The fake ESP
A spammer approached me early on in my consulting career, asking me to help him set up a fake ESP. He wanted to set up his corporate network so that to an outsider it would look like he was selling ESP services and thus had a large number of customers. There wouldn’t be any customers, however, all the mail would be coming from his company. When the blocking got bad enough, and it would as he would purchase addresses from anywhere, he would “disconnect” the responsible customer. My role was to help him come up with a plausible sounding acceptable use policy and then contact the ISPs when he “disconnected” the customer. I declined to participate in this scheme. This doesn’t appear to have stopped him, though, if the rumors I hear are to be believed.
Waterfalling
Related to the fake ESP scheme is waterfalling. Spammers acquire lists of email addresses and then begin the process of cleaning them by mailing. In some cases, they mail through fake ESPs, as above. In other cases, they actually spread their traffic out across legitimate ISPs. As they mail the lists through the ESPs, they remove unsubscribes, bounces and complaints. When the list reaches a set cleanliness, they move it to another ESP. They repeat this, gradually moving through cleaner and cleaner ESPs. Eventually, they move the list to their own network and sell mailings to it as an opt-in list. It’s not opt-in, it’s just cleansed of all negative responders.
The companies abusing ESPs to clean their lists do tarnish the reputation of ESPs. While the responsible ESPs do disconnect the waterfallers, they usually do so after problems are detected. That being said, there are some companies that are constantly looking for “partnerships” at ESPs and the ESPs turn them away during the sales cycles.
Affiliates
While not necessarily an ESP problem there are some large companies out there that hire spammers to send acquisition email for them. They also send their own mail, both marketing and transactional, through ESPs. The issue for ESPs come when the URL blocks happen and the bad reputation of their customer’s mail bleeds back to the ESPs IP addresses. The ESP becomes known as “one of those places that mails for X” and their reputation falls accordingly. In some cases, even if the mail through the ESP is clean and opt-in, the ESP finds itself blocklisted for just doing business with a company that hires spammers.
I’ve had a couple clients recommended to me by ESPs because the ESP was dealing with a persistent spam block around this particular customer. The mail the customer sent through the ESP was opt-in, but the client was using an extensive network of affiliates to send spam for them. I collected a lot of examples of their spam from various affiliates, even gave them a couple of examples from my own email addresses. One of those addresses has not been actively used in 6 years. My client tells me they talked to their affiliates and that the affiliate assured them I had signed up, I just forgot. The client chose to believe the affiliate over me, despite the fact that I had many other examples. That client lost their ESP (and good for the ESP) but is still sending spam. I just got one advertising their stuff yesterday, at the same address I gave to them years ago, all images, hashbusters, domain hidden behind proxy, coming from a snowshoer network.
All of the companies I’ve talked about here describe themselves as legitimate email marketers. Even the company telling me I opted in to their mail was defending themselves and their affiliates as legitimate email marketers.

Email related predictions for 2010

As my recent series of posts has indicated, I am seeing a lot of future changes in the email industry.

SpamAssassin Problems

The default SpamAssassin configuration considers any date far in the future to be extremely suspicious, which is pretty reasonable.
However, as @schampeo points out, it also seems to consider any date later than 2009 to be “far in the future”.
That means that until the SpamAssassin folks roll out a fix, and that gets deployed by SpamAssassin users pretty much all email will get an additional 2-3.5 spamminess points. That’s likely to cause a lot of content-based blocking over the next few weeks, until fixed rules are deployed both by SpamAssassin users and by all the various spam filtering appliances that use SpamAssassin rulesets.
(If you’re a SpamAssassin user, add “score FH_DATE_PAST_20XX 0.0” to your local.cf file to disable that rule).
EDIT: Mike has some more background on the bug.
EDIT: Fix it out on the spamassassin homepage.

News and links 12/31/09

We’re iced in here in DC so I’ve been catching up with some industry news while camped in front of a heater and the TV.
Best of the ESPs by Forrester Research. Congrats to ET and Responsys for coming out on top. The results, as reported by MediaPost, match reasonably well with my overall impressions of the industry (so they must be right!)
Return Path is rolling out a new version of SenderScore. A welcome change for those of us who regularly refer to an IP’s sender score and find it doesn’t match other data.
CAUCE has done a series of posts looking back at significant events in spam over the last decade.
Al has a retrospective on various data breaches affecting email addresses over the last few years.
Happy New Year, everyone!

Holiday Break

I did have the absolute best of intentions to finish the Ugly part of my series on “The Good, The Typical and the Ugly” while on the plane yesterday. But, as things sometimes go, it didn’t happen. Blogging will be light through Jan 4th as I’m actually taking some time to visit family, relax and recharge. When I get back I’ll have a post about the ugly end of senders and ESPs as well as some advice on how to join the ranks of the good. I’m also planning to have some new resources available and announced early in January.
May everyone traveling have safe journeys. Happy Christmas.

Typical ESPs

Yesterday, I gave examples of good ESPs and the benefits that their customers receive from their high standards and standards enforcement. Today I’ll be talking about typical ESPs and the things they say and do.
A few caveats before I get started. Most of these quotes are composite quotes. I am not quoting one particular person or ESP, rather, the statement is representative of a common view point. None of these quotes is a one off, all of these quotes have been said by more than one person. These where chosen as a representation of some of the attitudes and policies that leads ISPs and filtering companies to throw up their hands at the ESPs.

What makes a good ESP?

There are a number of things that make a responsible ESP, including setting and enforcing standards higher than those set by the ISPs.
One of the responsible ESPs is Mailchimp. (Full disclaimer, I do consult for Mailchimp.) This ESP focuses on businesses with small to medium sized lists. They screen new customers for source of permission as well as mail content.
As well as putting a human in the loop and identifying problem customers manually, they have also developed an automated process that predicts the likelihood that a certain customer will violate their standards. This process is very similar to the reputation process in place at many ISPs. Customers that are flagged as potential problems are reviewed by staff members who contact the customer for further clarification.
What’s the benefit of this process? A good reputation, a clean customer base and positive notice by the ISPs. In fact, just recently I was contacted by one of the very large consumer ISPs, confirming that Mailchimp is one of my clients. He informed me that he’d noticed a few of the Mailchimp IPs had a really high reputation but weren’t whitelisted. He asked me to send him all of their IPs so he could make sure all their IPs were whitelisted.
Proactive auditing of customers and predictive modeling of mailing results is working for Mailchimp and their customers.
Some ESPs have aggressive cancellation policies, which helps them police their networks and their customers. I often encounter former customers of these ESPs, either as direct clients or as customers of my ESP clients. In one case, I was asking around about a new client at their old ESP. “They tell me they left you under their own power and there was no spam issue involved, can you comment?” The policy person would not comment specifically about that client, but did comment that “95% of our former customers were disconnected for cause.”
These are two examples of ESPs that are working hard to minimize the amount of unwanted mail going through their network. They have invested time and energy into tools and staff to monitor the network. Staff is empowered to make decisions about customers and management believes no customer is “to big to disconnect.”
Tomorrow we’ll look at typical ESPs and their normal practices.

The good, the typical and the ugly

In the theme of the ongoing discussions about ESPs and their role in the email ecosystem, I thought I’d present some examples of how different ESPs work.
The good ESPs are those that set and enforce higher standards than the ISPs. They invest money and time in both proactive and reactive policy enforcement. On Monday I’ll talk about these standards, and the benefits of implementing these policies.
The typical ESPs are those that have standards equivalent to those of the ISPs. They suspend or disconnect customers when the customers generate problems at the ISPs. They have some proactive policy enforcement, but most of their enforcement is reactive. On Tuesday I’ll talk about these standards and how they’re perceived by the ISPs and spam filtering companies.
The ugly ESPs are those that have low standards and few enforcement policies. They let customers send mail without permission. Some of the ugly ESPs even abuse other ESPs to send some of their mail, thus sharing their bad reputations across the industry. On Wednesday I’ll look at some of their practices and discuss how they affect other players in the industry.

Cultural Bias

Guest post by Chris Wheeler
After reading Laura’s and Steve’s posts on the gap between the “senders” and “receivers” (both excellent reads I recommend if you haven’t already done so), it really made me think about why I do what I do and why I think (hopefully not being too narcissistic here) that I’m reasonably good at it.
I was formally educated and then broken in after school with the technology world but have never considered myself a technology purist (I will never author a C# book or program my own killer app). However, I also enjoy people and working with (almost) all of them. Traditionally, these two skillsets have not meshed well in the technology industry to a nontrivial level. So, when I went into deliverability, I was intrigued by the fact that it is as much of a technology, business, marketing and people facing genre as any. And, one of the things I am highly grateful for was that I worked for a sender who really seemed to get it. Of course there were marketing jerks and revenue driven bullies there as well, but my management supported me in really trying to do the right thing by the end email recipient (and in this case, customer).
This helped me shape my view of my role in deliverability and decide which type I wanted to be. Mind you, I have never worked at an ISP. So, my bias is towards the senders. If you have a management team that understands that deliverability is not just a flashy word to throw around, push in prospects’ faces or otherwise excuse away as another service to potentially charge for when not necessarily needed, you’re in a good place. But, you also have to decide what you value as important and ethical for yourself. Unfortunately, there are a lot of folks who are in the deliverability space not because they like the work and are truly looking out for recipients, but rather (and as Steve’s post touches) out there to make money doing anything they can to drive revenue from their perspective without much respect or empathy for the person on the other end of the mailbox. ESPs have been given a bad name in the industry as the aggressors, those who are willing to use and abuse the email ecosystem to get money with no respect to the common rules of “best practices” or recipient perspective. Unfortunately, a lot of folks in the email receiving world have adopted this as their stereotype and dismiss anyone trying to triage a deliverability problem as one who is just wanting to get more emails in an inbox..to generate more opens…to garner more clicks…and ultimately put more cash in their pocket.
This is simply untrue. But, there are a lot of senders who do fit into this category, unfortunately.
The same can be said of ISPs, who seem to be on the defensive all the time and take every piece of incoming mail as having a negative relevancy score attached to the intended recipient and make the sender pay (literally in terms of some accreditation methods) to move towards what they perceive as a positive and user wanted email. The sloppy ISPs rely heavily on using highly automated systems to either do binary blocking outright on certain arbitrary indicators in mail or simply throw their hands up and call anyone not sending a one to one message from someone’s relative or friend spam. Again, though, this is an unfair stereotype that doesn’t apply across the board. I work with many ISPs that do take the time, effort and examination to help recipients get mail they want instead of just outright declaring jihad on mass senders altogether. If you pay close attention, these are also usually those who are very technicallly savvy (and thus breed a desire to keep the internet a free and open exchange for ideas to be messaged, including those that are marketing related and wanted). I enjoy reading the information they post. Our conversations. Listening to what they have to say. And in turn, I believe they do the same of me since they know I’m more about letting numbers and actions speak for themselves as opposed to trying to circumvent any process or “game” them. Numbers and actions, for me, are about spam complaints being driven down, email engagement being up, and benefit being gleaned from the messages sent via whatever method is most appropriate. CNN, for example, sends me transactional breaking news alerts. I may not read every one. And I certainly am not driven to purchase or pay into a service as a result. But, I do enjoy getting these and would be upset if that stream of information stopped. A lot of ISPs get this – the implied and real value I have as a result of knowing what’s going on in any facet of email communication when I don’t have a chance to proactively find out myself.
The rub is that ESPs are paid money to send email (with their hue changing based on types of email they send, the clients they onboard, adherence to their own rules, etc.). But, we are paid to send email (notice “quantity” is intentionally excluded from this sentence). It’s the core product of our systems…deliver communication via electronic mail. ISPs are not paid to receive email. Some ISPs are paid for the images or impressions they drop in which are driven by the mail a user gets being the catalyst for the times they check their mail. Or, some ISPs charge money for email (so in a sense, they are paid to deliver within their own confines of what is spam or not to the customer). Other ISPs just have email as an extension of their existing services (think cable providers or cellular companies) which ultimately can be ear marked for revenue.
So, not all senders are bad; neither are all ISPs good (and vice versa). But, at the end of the day, I can honestly say I don’t have that many problems when dealing with receivers since I tend to only really have a relationship with those I believe are trying to do the right thing, like me, in ensuring recipients get mail they want, need, or otherwise are just glad to have around.I don’t need to be yelled at as an abuser of the internet because I’ve found a living in sending email, as much as a mechanic does for contributing to global warming for putting gasoline burning cars back on the road. Nor, do the ISPs deserve to have fingers waved in their face either when, usually, they’re trying to keep their recipients happy and not melt under the deluge of true spam that technology has brought with it. I’m sure this will inspire some nasty comments, or at the least, a nonplussed double take, but ISPs are businesses as well. They are not run on cookies and rainbows. Same with ESPs. Finding a balance between the two with corporate management pushing down and reinforcing an intermediary relationship that doesn’t engage in an antagonistic or adversarial role is what will win every time.
It’s about the people, the personalities, and a new industry that’s evolved in the aftermath of the advent of spam and marketing mail. But, if your culture is one which doesn’t fit what makes you feel you’re successful or back your mores you’ve developed or adopted over the years, you must realize you’re empowered to make yourself respected and happy. No one else, though. And, at the end of the day, I think the issues between ISPs and ESPs not communicating effectively is more about what the company culture is and how well (or not) they respect and encourage their employees to drive for whatever measurement of success you both share (be it money, recipient satisfaction, client satisfaction, just putting in an honest day’s work, or the fact you get to work from Punxsutawney).

Time to step up

Neil Schwartzman reacts to yesterday’s link post.