Recent Posts

New AOL Postmaster Pages

AOL has updated their Postmaster pages with a new design and new resources for senders who are sending to AOL. If you are sending to AOL, use the updated site to sign up for the feedback loop, request whitelisting, open a trouble ticket, or learn about the AOL error codes and bulk sending best practices.
AOL Postmaster Pages

June 2015: the Month in Email

Happy July! We are back from another wonderful M3AAWG conference and enjoyed seeing many of you in Dublin. It’s always so great for us to connect with our friends, colleagues, and readers in person. I took a few notes on Michel van Eeten’s keynote on botnets, and congratulated our friend Rodney Joffe on winning the prestigious Mary Litynski Award.
In anti-spam news, June brought announcements of three ISP-initiated CAN-SPAM cases, as well as a significant fine leveled by the Canadian Radio-television and Telecommunications Commission (CRTC) against Porter Airlines. In other legal news, a UK case against Spamhaus has been settled, which continues the precedent we’ve observed that documenting a company’s practice of sending unsolicited email does not constitute libel.
In industry news, AOL started using Sender Score Certification, and Yahoo announced (and then implemented) a change to how they handle their Complaint Feedback Loop (CFL). Anyone have anything to report on how that’s working? We also noted that Google has discontinued the Google Apps for ISPs program, so we expect we might see some migration challenges along the way. I wrote a bit about some trends I’m seeing in how email programs are starting to use filtering technologies for email organization as well as fighting spam.
Steve, Josh and I all contributed some “best practices” posts this month on both technical issues and program management issues. Steve reminded us that what might seem like a universal celebration might not be a happy time for everyone, and marketers should consider more thoughtful strategies to respect that. I wrote a bit about privacy protection (and pointed to Al Iverson’s post on the topic), and Josh wrote about when senders should include a physical address, what PTR (or Reverse DNS) records are and how to use them, testing your opt-out process (do it regularly!), and advice on how to use images when many recipients view email with images blocked.

Where can I mail a purchased list?

We’ve had a lot of comments over the last few weeks regarding our post on ESPs that don’t allow purchased lists. Most of them were companies adding their addresses to the list. But one comment needs a little more discussion, I think.

Unexpected break

Sorry for the unexpected break in blogging. Been dealing with some emergencies. Happy 4th to my fellow citizens. Happy late Canada day to all our northern friends. We’ll resume blogging next week.

Another CASL fine

The Canadian Radio-television and Telecommunications Commission (CRTC) announced today that Porter Airlines had agreed to pay a fine of $150,000 for violations of the Canadian Anti-Spam Law (CASL).
After investigating the airline, CRTC found multiple violations of the statute. These violations include no unsubscribe link or the unsubscribe link was not prominent enough.
Some of the messages at issue failed to have proper identification. Finally, Porter Airlines couldn’t prove consent for at least some subset of the subscribers.
This is another in a series of enforcement actions where CRTC fined companies for violations of CASL. But none of those enforcement actions really seem overly punitive. There were multiple people publicly concerned about CRTC aggressively fining companies and even driving them out of business. These concerns now appear to be unfounded. Certainly, CRTC is enforcing the law but in a way to help companies come into compliance with it.
Another major concern some individuals had was the private right of action under CASL. I recently attended a conference where one of the talks was related to CASL and enforcement. What was said there is that there are some constraints on bringing a case. For instance cases can’t be brought in lower courts, they have to be brought in the provincial (I think) courts. This puts an additional burden on plaintiffs. Reading between the lines, my impression was this was intended by the regulatory agency and lawmakers to stop nuisance type suits, but allow for real action when needed.
Finally, I have yet to hear about any enforcement action that resulted in fines for corporate officers rather than the corporation as an entity.
All in all, the chicken littles claiming that this law was going to drive email marketers out of business seem to have been wrong. In fact, when I asked a question during the session “have you heard of any companies stopping marketing in Canada due to CASL” the first response was a scoff. This was not the purpose or intent of the law, and it doesn’t appear to be enforced that way.

When to include a physical address

One of the requirements to be CAN-SPAM compliant is to include a physical address within every promotional email that is sent. If your company hires a third party to send email on your behalf, your physical address should be clearly visible within the message when the message is selling your products and services. There is a stipulation that if your message is transactional or a relationship message, then it does not need to adhere to the CAN-SPAM requirements by including your physical address or unsubscribe link.
Examples of transactional mail would be welcome emails, password resets, auto-responders, shipment notifications, or account alerts. While you and I may know that these emails aren’t required to include this information most users would not know.
street-signs The CAN-SPAM Act has been in effect going on 12 years and recipients look for unsubscribe links and physical addresses within the messages. Emails that are missing this bit of information leads the recipient to believing the message is spam. While including the physical address and unsubscribe link are not required for your transactional emails, it’s better to be safe than sorry and include them anyways.
The recipient may have recently received a series of marketing emails from you and when they receive a transactional mail message, they may want to adjust the frequency of the mail they are receiving. By not including an unsubscribe link and physical address, the user may resort to marking the message as spam.
When sending marketing and transactional emails, you want to adhere to the law and then take the user behavior and expectations into consideration. There is no harm in including your physical address in both your marketing emails and transactional emails.

3 new CAN SPAM cases

Xmission, a Utah ISP, has filed suit against 3 companies alleging violations of CAN SPAM. The cases were filed in the Utah District Court in April and June. I’ve downloaded some of the documents and complaints and they are now in RECAP. I’ve also included the complaints here (and the links from here on out are almost all .pdfs of the court documents).
Xmission v. Adknowledge (Case 2:15-cv-00277).
Xmission v. Clickbooth (Case 2:15-cv-00420).
Xmission v. Thompson and Company (Case 2:15-cv-00385).
In all the cases Xmission is alleging similar violations of CAN SPAM.
Falsified header information: part 1
Xmission asserts that the domains in the headers were spoofed, unregistered or belonged to an unrelated 3rd party. One of the complaints listed subject lines of the emails sent, so I dug through my spam folder for similar emails. I found a few examples of what I suspect are the spams mentioned in the suit.

Whois privacy protection

I’ve talked about using privacy protection on domains in the past (here, here, here, here, and here). Short version (if you don’t want to check all the old links) is that privacy protection for commercial domains is bad, that’s what spammers do and legitimate email marketers should not hide domains behind privacy protection services. I still believe all of these things.
What I’ve never really addressed is that I think privacy protection services are appropriate in some cases and are a reasonable protective measure for individuals. Over on Spamresource, Al wrote up a great post today about whois privacy protection.
Sometimes people do need anonymity and privacy online. Trusting a registrar’s privacy protection service is probably not your best bet for that. Like Al, we’ve stood in as a “privacy service” for friends and colleagues. It was our name on the domain registrations, and we could contact the appropriate people as needed. They trusted us to forward only the important stuff and we trusted them not to do bad things. This trust doesn’t scale.
Privacy protection services are used by a lot of bad actors to hide their involvement. Companies and commercial entities are tarring their own reputations using privacy protection services.
No real pull quote here, all of Al’s points are too good. So go read the whole thing.

AOL starts using Sender Score Certification

Good news for Sender Score Certified IPs. Return Path recently announced that AOL has joined the list of ISPs offering preferential treatment to certified IPs.

Filtering more than spam

The obvious application of machine learning for email is to send spam to the junk/bulk folder. Most services use some level of machine learning for filters. Places like Gmail have extensive machine learning filters to filter spam and unwanted mail away from their users.
Some organizations are taking the filtering process a step further. Almost every mail client more advanced than PINE has the ability for users to create rules to sort mail into folders. Late last year, Office 365 rolled out a feature, Clutter that tracks how a user interacts with mail and filters unimportant mail. This allows each user to have their own filters, but without the overhead of having to create the filters.
The Clutter engine looks at both how the user interacts with mail and things it knows about the organization. For example, if Exchange is tied into Active Directory, then mail from a manager will be prioritized while mail from a co-worker may end up in the clutter folder.
Email is a critical business tool. A significant number of companies rely on email for internal and external communication. Many users treat their inbox as a todo list, prioritizing what they work on based on what’s in their mail box. Despite the needs of users, the mail client hasn’t really changed.
Over the last few years, we’ve seen different online services attempt to build a more effective email client. Some of these features were things like tabs and priority inbox at Gmail. Microsoft created the “sweep” feature for Outlook/Hotmail users to manage inbox clutter. Third parties have created services to try and improve the mailbox experience for their users.
Many of the email filters, up to this point, have really been focused on protecting users from spam and malicious emails. Applying that filtering knowledge to more than just spam, but to the different kinds of emails makes sense to me. I’ve always had a fairly extensive set of filters, initially procmail but now sieve, to process and organize incoming mail. But I kinda like the idea that my mail client learns how I filter messages and do the right thing on its own.
I’d love to see some improvements in the mail client, that make it easier to manage and organize incoming email. It remains to be seen if this is a feature that takes off and makes its way to other clients or not.