Confirmed (Double) Opt-In

Schroedinger’s email

The riskiest email to send is that very first email. It’s a blank slate. Even if you’re sending confirmation messages, you don’t really know anything about how this email is going to affect your reputation.

October 2017: The Month in Email

October was a busy month. In addition to on boarding multiple new clients, we got new desks, I went to Toronto to see M³AAWG colleagues for a few days, and had oral surgery. Happily, we’re finally getting closer to having the full office setup.

What is an office without a Grover Cat? (he was so pleased he figured out how to get onto it at standing height).

All of this means that blogging was pretty light this month.
One of the most interesting bits of news this month is that the US National Cybersecurity Assessments & Technical Services Team issued a mandate on web and email security, which Steve reviewed here.
In best practices, I made a brief mention about the importance of using subdomains rather than entirely new domain names in links and emails and even DKIM keys.
We’ve talked about engagement-based filters before, but it’s interesting to note how they’re being used in business environments as well as consumer environments.
We also put together a survey looking at how people use Google Postmaster Tools. The survey is now closed, and I’ll be doing a full analysis over the next couple of weeks, as well as talking about next steps. I did a quick preview of some of the highlights earlier this week.
Finally, a lot of industry news this month: Most notably, Mailchimp has changed its default signup process from double opt-in to single opt-in. This caused quite a bit of sturm und drang from all ends of the industry. And, in fact, a few days later they announced the default double-opt-in would stay in place for .eu senders. I didn’t get a chance to blog about that as it happened. In other news, the Road Runner FBL is permanently shuttered, and Edison Software has acquired Return Path’s Consumer Insight division. Also worth noting: Microsoft is rolling out new mail servers, and you’ll likely see some new — and potentially confusing — error codes.
My October themed photo is behind a cut, for those of you who have problems with spiders.

Mailchimp changes signup process

As of October 31, 2017 signup forms and popup boxes provided by Mailchimp will no longer default to a double / confirmed opt-in process.

Active buttons in the subject line

This morning I waded into a twitter discussion with a bunch of folks about some issues they were having with delivery to gmail. The discussion started with a blog post at detailed.com describing how some senders are seeing significant drops in open rates. I thought I’d take a look and see if I can help, because, hey, this is an interesting problem.
I signed up for a bunch of the mail that was seeing gmail problems and discovered that one of them had the confirmation link in the subject line. How cool is that?

I’ve known about the Gmail subscription line functionality for a while, but this is the first time I’ve seen it in the wild.
The action is in a <div> tag at the bottom of the email. Gmail has been allowing actions in subject lines for a while, this is just the first time I’ve seen it used for subscriptions. It’s so cool.
Want to add one to your post? Instructions are available from Google on their Email Markup pages.

Truth of Consequences

“If you want to use another means that violates the law, and every common definition of “spam”, then by all means, go ahead. You can enjoy fines and being added to the ROKSO database,” says a comment on my recent COI blog post. It’s both disconcerting and entirely predictable.

My post was a discussion of what to do with addresses that don’t confirm. Data tells us that there is some value in those addresses – that there are people who won’t confirm for some reason but will end up purchasing from an email. Using COI leaves some fraction of revenue on the table as it were. My post was a short risk analysis of things to think about when making decisions about continuing to mail to people who don’t confirm.
Mentioning COI often brings the only-COI-mail-is-not-spam zealots out of the woodwork, as it did in this case. In this case, we have the commenter first asserting that failure to do COI is a violation of CAN SPAM (it’s not). When this was pointed out, he started arguing with two people who have been actively fighting spam for 20 years (including running a widely used blocklist). Finally, he ends up with the comment asserting that anyone not using COI will end up on ROKSO. It’s as if he thinks that statement will fear other commenters into not having opinions. It can’t because everyone in the discussion, except possibly him, knows that it’s not true.
The worst problem with folks like the commenter is that they think asserting horrible consequences will make people cower. First off, people don’t react well to threats. Secondly, this is a hollow threat and most people reading this blog know it.
There are millions of mailing lists not using COI and have zero risk of ever getting on ROKSO. The only thing hollow threats do is make people not pay attention to what you have to say. Well, OK, and have me write a blog post about how those threats are bad because they’re completely removed from reality.
Exaggerating or lying about consequences is not just wrong, it’s stupid. “Do this or else BAD THING,” is awesome, up until someone decides they’re not going to do this and the bad thing never happens. It makes people less likely or pay any attention to you in the future. It certainly means your opinions and recommendations are not going to be listened to in the future.
I probably go too far the other direction. I can spend too much time contextualizing a recommendation. It’s one of the things I’m trying to get better about. No, client doesn’t need a 4 page discussion of the history of whatever, they just need 2 lines of what they should do. If they need the context, I can provide it later.
In order to effectively modify behavior consequences have to be real. Threats of consequences are meaningless. Any toddler knows this, and can quite accurately model when mom means it and when she’s just threatening.
Risk analysis is not about modifying behavior. It’s about analyzing a particular issue and providing necessary information so the company action understands potential consequences and the chance those risks will happen. The blog post about COI was not intended to modify anyone’s behavior. I know there are companies out there successfully maintaining two mail streams: one COI and one not. I know there are other companies out there successfully mailing only single opt-in mail. I know there are companies with complex strategies to verify identity and address ownership. And I smile every time I walk into a retail store and they ask me if my email address is still X and if I want to make any changes to it.
Lying about consequences does nothing to modify behavior. All it does is diminish the standing and audience of the liar. Be truthful about the consequences of an action or lack of action. Don’t make up threats in order to bully people into doing what you think is right. Sooner or later they’re going to realize that you don’t know what you’re talking about and start to ignore you.

Confirmed Opt-In: An Old Topic Resurrected

Looking back through my archives it’s been about 4 years or so since I wrote about confirmed opt in. The last post was how COI wasn’t important, but making sure you were reaching the right person was important. Of course, I’ve also written about confirmed opt-in in general and how it was a tool somewhat akin to a sledgehammer. I’m inspired to write about it today because it’s been a topic of discussion on multiple mailing lists today and I’ve already written a bunch about it (cut-n-paste-n-edit blog post! win!).
Confirmed opt-in is the process where you send an email to a recipient and ask them to click on a link to confirm they want the mail. It’s also called double opt-in, although there are some folks who think that’s “spammer” terminology. It’s not, but that’s a story for another day. The question we were discussing was what to do with the addresses that don’t click. Can you email them? Should you email them? Is there still value in them?

We have to treat the addresses as a non-homogenous pool. There are a lot of reasons confirmation links don’t get clicked.

Tumblr Confirming Usernames

Today I received an email from Tumblr asking to confirm I still wanted the username I have there. I’ve not really been using Tumblr, I contributed a few things to the now-defunct Box of Meat, but I don’t really post there much.

I think this kind of engagement is great. Confirming user names will do a whole lot to allow Tumblr to release some claimed but unused names back into the pool. It will also actually help their deliverability and their engagement. If people do want to keep their tumblr names, then they have to click on the message. This means more clicks and better engagement and an overall reputation boost for Tumblr mail.

Best practices: A Gmail Perspective

At M³AAWG 30 in San Francisco, Gmail representatives presented a session about best practices and what they wanted to see from senders.
I came out of the session with a few takeaways.

This month in email: February 2014

After a few months of hiatus, I’m resurrecting the this month in email feature. So what did we talk about in February?
Industry News
There was quite a bit of industry news. M³AAWG was in mid-February and there were actually a few sessions we were allowed to blog about. Gmail announced their new pilot FBL program. Ladar Levinson gave the keynote talking about the Lavabit shutdown and his new darkmail program. Brian Krebs won the Mary Litynski award for his work in investigating online security issues. The 4 major mailbox providers talked about their spam filters and spam filtering philosophy.
February was also the month where different companies evaluated their success or failure of products. LinkedIn announced the shutdown of their Intro product and Facebook announced the shutdown of their Facebook.com email service.
Security Issues
Cloudmark published their 2013 report on the Global Spam Threat and we discovered that the massive Target breach started through phishing. I also noticed a serious uptick in the amount of phishing mails in my own mailbox. There is new round of denial of service attacks using NTP amplification. We provided information on how to secure your NTP servers.
Address Collection
The Hip Hop group De La Soul released their entire catalog for free, online, using a confirmed opt-in email process. On the flip side, the M³AAWG hotel required anyone logging into the wifi network to give an email address and agree to receive marketing mail. We also discovered that some political mailing lists were being used in ways the politicians and recipients didn’t expect.
Email Practices
I talked about how to go about contacting an ISP that doesn’t have a postmaster page or a published method of contact. Much of that information is actually relevant for contacting ISPs that do have a contact method, too. Finally, I talked about how ISPs measure engagement and how that’s significantly different from how ESPs think it is.

Using confirmation to get good email addresses

For 25 hours the group De La Soul is releasing their entire catalog for free online. What none of the articles are mentioning is that they’re using this to build their database of email addresses in a way that’s going to result in a clean database of high value email addresses.
How are they doing that? By making sure the addresses belong to their fans before they actually give fans access to the catalog. Yes, they are using confirmation as part of their signup process.
If you go to their website: wearedelasoul.com you’re asked for an email address so they can send the downloads to you.

The fine print is the interesting bit:

Update on Herman Cain advertising male enhancement drugs

Shawn Studer from newsmax.com contacted me today with a statement about the Herman Cain mailing list.

Spamhaus answers marketer questions

A few months ago, Ken Magill asked marketers, including the folks at Only Influencers to provide him with questions to pass along to Spamhaus. Spamhaus answered the first set in March, but then were hit with the Stophaus attack and put answering further questions on hold. Last week, they provided a second set of answers and this week they provided a third.
Nothing in there is surprising, but it’s worth folks heading over and reading.
There are a couple useful things that I think are worth highlighting.
When discussing spamtraps and how Spamhaus handles the traps.

Confirmation is too hard…

One of the biggest arguments against confirmation is that it’s too hard and that there is too much drop off from subscribers. In other words, recipients don’t want to confirm because it’s too much work on their part.
I don’t actually think it’s too much work for recipients. In fact, when a sender has something the recipient wants then they will confirm.
A couple years ago I was troubleshooting a problem. One of my client’s customer was seeing a huge percentage of 550 errors and I was tasked with finding out what they were doing. The first step was identifying the source of the email addresses. Turns out the customer was a Facebook app developer and all the addresses (so he told me) were from users who had installed his apps on Facebook. I did my own tests and couldn’t install any applications without confirming my email address.
Every Facebook user that has installed an application has clicked on an email to confirm they can receive email at the address they supplied Facebook. There are over 1 billion users on Facebook.
Clicking a link isn’t too hard for people who want your content. I hear naysayers who talk about “too hard” and “too much drop off” but what they’re really saying is “what I’m doing isn’t compelling enough for users to go find the confirmation email.”
This isn’t to say everyone who has a high drop off of confirmations is sending poor content. There are some senders that have a lot of fake, poor or otherwise fraudulent addresses entered into their forms. In many cases this is the driving factor for them using COI: to stop people from using their email to harass third parties. Using COI in these cases is a matter of self protection. If they didn’t use COI, they’d have a lot of complaints, traps and delivery problems.
The next time you hear confirmation is too hard, remember that over 1 billion people, including grandparents and the technologically challenged, managed to click that link to confirm their Facebook account. Sure, they wanted what Facebook was offering, but that just tells us that if they want it bad enough they’ll figure out how to confirm.
HT: Spamresource

Don't leave that money sitting there

The idea of confirming permission to send mail to an email address gets a lot of bad press among many marketers. It seems that every few weeks some new person decides that they’re going to write an article or a whitepaper or a blog and destroy the idea behind confirming an email address. And, of course, that triggers a bunch of people to publish rebuttal articles and blog posts.
I’m probably the first to admit that confirmed opt-in isn’t the solution to all your delivery problems. There are situations where it’s a good idea, there are times when it’s not. There are situations where you absolutely need that extra step involved and there are times when that extra step is just superfluous.
But whether a sender uses confirmed opt in or not they must do something to confirm that the email address actually belongs to their customer. It’s so easy to have data errors in email addresses that there needs to be some sort of error correction process involved.
Senders that don’t do this are leaving money on the table. They’re not taking that extra step to make sure the data they were given is correct. They don’t make any effort to draw a direct line between the email address entered into their web form or given to them at the register or used for a receipt, and their actual customer.
It does happen, it happens enough to make the non-tech press. Consumerist has multiple articles a month on some email address holder that can’t get a giant company to stop mailing them information about someone else’s account.
Just this week, the New Yorker published an article about a long abandoned gmail address that received over 4000 “legitimate” commercial and transactional emails.

Confirming addresses for transactional mail

A colleague was asking about confirming transactional mail today. It seems a couple of big retailers got SBLed today for sending receipts to spamtraps. I talked a few weeks ago about why it’s important to let people unsubscribe from transactional email, and many of those same things apply to confirming receipts.

Confirmation Fails

Yesterday I talked about registration confirmations. Today I’m going to talk about a couple recent experiences with websites and their registration failures.
The first experience was with Yelp. One of my readers decided I needed a Yelp account and created one using my laura-questions email address. Yelp understands that people will be jerks and so sent me an email to confirm the account.

Confirming website registrations

Confirming email addresses during a website registration process is a good practice. It stops people from creating fake accounts, abusing resources and using that site as a mechanism for harassment. But simply sending out a confirmation mail is not sufficient to prevent problems, particularly when everything about the process assumes that unconfirmed registrations are actually valid and not problem accounts.
I’ve had a couple recent experiences with companies attempting to use email confirmation, but failing pretty miserably. In each case a website set up a process where a user could register an account on the site. Both sites required confirmation of the registration email addresses as part of the process. But in each case there were some major failures that result in non-customers getting email.
Tomorrow I’ll talk about those two specific cases. I’ll also provide specific suggestions on how not to fall into the same trap and actually send opt-in email.

Evil weasels and random monkeys

I’m doing testing on a new release of Abacus at the moment, so I’m in a software QA (Quality Assurance) frame of mind.
One of the tenets of software QA is “Assume users are malicious”. That’s also one of the tenets of security engineering, but in a completely different way.
A security engineer treats users as malicious, as the users he or she is most concerned about are crackers trying to compromise their system, so they really are malicious. A QA engineer knows that if you have enough users in the field, making enough different mistakes or trying to do enough unusual things, they’ll find all the buggy little corners of your application eventually – and crash it or corrupt data more reliably than a genuinely malicious user.
As a QA engineer it’s easier to personify the forces of chaos you’re defending against as a single evil weasel than a million random monkeys.
In the bulk email world the main points where you interact with your users are signup, confirmation, unsubscription and click-throughs. Always think about what the evil weasel will do at that point.
Signup

The sledgehammer of confirmed opt-in

We focused Monday on Trend/MAPS blocking fully confirmed opt-in (COI) mail, because that is the Gold Standard for opt-in. It is also Trend/MAPS stated policy that all mail should be COI. There are some problems with this approach. The biggest is that Trend/MAPS is confirming some of the email they receive and then listing COI senders.
The other problem is that typos happen by real people signing up for mail they want. Because MAPS is using typo domains to drive listings, they’re going to see a lot of mail from companies that are doing single opt-in. I realize that there are problems with single opt-in mail, but the problems depends on a lot of factors. Not all single opt-in lists are full of traps and spam and bad data.
In fact, one ESP has a customer with a list of more than 50 million single opt-in email addresses. This sender mails extremely heavily, and yet sees little to no blocking by public or private blocklists.
Trend/MAPS policy is singling out senders that are sending mail people signed up to receive. We know for sure that hard core spammers spend a lot of time and money to identify spamtraps. The typo traps that Trend/MAPS use are pretty easy to find and I have no doubt that the real, problematic spammers are pulling traps out of their lists. Legitimate senders, particularly the ESPs, aren’t going to do that. As one ESP rep commented on yesterday’s post:

Some thoughts on permission

A lot of email marketing best practices center around getting permission to send email to recipients. A lot of anti-spammers argue that the issue is consent not content. Both groups seem to agree that permission is important, but more often than not they disagree about what constitutes permission.
For some the only acceptable permission is round trip confirmation, also known as confirmed opt-in or double opt-in.
For others making a purchase constitutes permission to send mail.
For still others checking or unchecking a box on a signup page is sufficient permission.
I don’t think there is a global, over arching, single form of permission. I think context and agreement matters. I think permission is really about both sides of the transaction knowing what the transaction is. Double opt-in, single opt-in, check the box to opt-out area all valid ways to collect permission. Dishonest marketers can, and do, use all of these ways to collect email addresses.
But while dishonest marketers may adhere to all of the letters of the best practice recommendations, they purposely make the wording and explanation of check boxes and what happens when confusing. I do believe some people make the choices deliberately confusing to increase the number of addresses that have opted in. Does everyone? Of course not. But there are certainly marketers who deliberately set out to make their opt-ins as confusing as possible.
This is why I think permission is meaningless without the context of the transaction. What did the address collector tell the recipient would happen with their email address? What did the address giver understand would happen with their email address? Do these two things match? If the two perceptions agree then I am satisfied there is permission. If the expectations don’t match, then I’m not sure there is permission involved.
What are your thoughts on permission?

Would you buy a used car from that guy?

There are dozens of people and companies standing up and offering suggestions on best practices in email marketing. Unfortunately, many of those companies don’t actually practice what they preach in managing their own email accounts.
I got email today to an old work email address of mine from Strongmail. To be fair it was a technically correct email. Everything one would expect from a company handling large volumes of emails. It’s clear that time and energy was put into the technical setup of the send. If only they had put even half that effort into deciding who to send the email to. Sadly, they didn’t.
My first thought, upon receiving the mail, was that some new, eager employee bought a very old and crufty list somewhere. Because Strongmail has a reputation for being responsible mailers, I sent them a copy of the email to abuse@. I figured they’d want to know that they had a new sales / marketing person who was doing some bad stuff.
I know how frustrating handling abuse@ can be, so I try to be short and sweet in my complaints. For this one, I simply said, “Someone at Strongmail has appended, harvested or otherwise acquired an old email address of mine. This has been added to your mailing list and I’m now receiving spam from you. ”
They respond with an email that starts with:
“Thank you for your thoughtful response to our opt-in request. On occasion, we provide members of our database with the opportunity to opt-in to receive email marketing communications from us.”
Wait. What? Members of our database? How did this address get into your database?
“I can’t be sure from our records but it looks like someone from StrongMail reached out to you several years ago. It’s helpful that you let us know to unsubscribe you. Thank you again.”
There you have it. According to the person answering email at abuse@ Strongmail they sent me a message because they had sent mail to me in the past. Is that really what you did? Send mail to very old email addresses because someone, at some point in the past, sent mail to that address? And you don’t know when, don’t know where the address came from, don’t know how it was acquired, but decided to reach out to me?
How many bad practices can you mix into a single send, Strongmail? Sending mail to addresses where you don’t know how you got them? Sending mail to addresses that you got at least 6 years ago? Sending mail to addresses that were never opted-in to any of your mail? And when people point out, gently and subtly, that maybe this is a bad idea, you just add them to your global suppression list?
Oh. Wait. I know what you’re going to tell me. All of your bad practices don’t count because this was an ‘opt-in’ request. People who didn’t want the mail didn’t have to do anything, therefore there is no reason not to spam them! They ignore it and they are dropped from your list. Except it doesn’t work that way. Double opt-in requests to someone has asked to be subscribed or is an active customer or prospect is one thing. Requests sent to addresses of unknown provenance are still spam.
Just for the record, I have a good idea of where they got my address. Many years ago Strongmail approached Word to the Wise to explore a potential partnership. We would work with and through Strongmail to provide delivery consulting and best practices advice for their customers. As part of this process we did exchange business cards with a number of Strongmail employees. I suspect those cards were left in a desk when the employees moved on. Whoever got that desk, or cleaned it out, found those cards and added them to the ‘member database.’
But wait! It gets even better. Strongmail was sending me this mail, so that they could get permission to send me email about Email and Social Media Marketing Best Practices. I’m almost tempted to sign up to provide me unending blog fodder for my new series entitled “Don’t do this!”

How not to build a mailing list

I mentioned yesterday one of the major political blogs launched their mailing list yesterday. I pointed out a number of things they did that may cause problems. Today, I discovered another problem.
This particular blog has been around for a long time, probably close to 10 years. It allows anyone to join and create their own blogs and comment with registered users. As part of their new mailing list, they added everyone who has ever registered to their mailing list. They did not send a “we have a new list, want to join it?” email, they added every registered user to the list and said “you can opt out if you want.”
This is such a bad idea. My own account was used once, to make one comment, back in 2005. Yes, 2005. It’s been almost 5 years since I last logged into the site. Sure, I have email addresses that go back that far, but not everyone does. That list is going to be full of problems: dead addresses, spamtraps, duplicates, unengaged and uninterested.
Seriously, they’re adding people who’ve not logged into their site in 5 years to a mailing list. How can this NOT go horribly wrong?
My initial thought was this was going to blow up in a week. I’m now guessing they’ll start seeing delivery problems a lot sooner than that.

Email and politics

I occasionally consult for activists using email. Their needs and requirements are a little different from email marketers. Sure, the requirements for email delivery are the same: relevant and engaging mail to people who requested it. But there are complicating issues that most marketers don’t necessarily have to deal with.
Activist groups are attractive targets for forged signups. Think about it, when people get deeply involved in arguments on the internet, they often look for ways to harass the person on the other end of the disagreement. They will often signup the people they’re disagreeing with for mailing lists. When the disagreements are political, the logical target is a group on the other side of the political divide.
People also sign up spamtraps and bad addresses as a way to cause problems or harass the political group itself. Often this results in the activist group getting blocked. This never ends well, as instead of fixing the problem, the group goes yelling about how their voice is being silenced and their politics are being censored!!
No, they’re not being silenced, they’re running an open mailing list and a lot of people are on it who never asked to be on it. They’re complaining and the mail is getting blocked.
With that as background, I noticed one of the major political blogs announced their brand new mailing list today. Based on their announcement it seemed they that they may have talked to someone who knew about managing a mailing list.

Troubleshooting Yahoo delivery

Last week Jon left a comment on my post Following the Script. He gives a familiar story about how he’s having problems contacting Yahoo.

Confirmed opt-in

I spent the morning in multiple venues correcting mis-understandings of confirmed opt-in. The misunderstandings weren’t so much that people didn’t understand how COI works, but more they didn’t understand all the implications.
In one venue, the conversation centered around how small a portion of deliverability the initial subscription process affects. Sure, sending unwanted, unexpected email can and does cause reputation problems, but merely using COI as a subscription methodolgy doesn’t automatically give a sender a good reputation or good delivery. Senders using COI as a subscription practice need to also need to send relevant and engaging mail that their recipients expect to receive. They need to handle their bounces well and purge or re-engage inactive subscribers. They need to keep their complaints low and their responses high.
How you manage subscriptions is only one factor in reputation schemes, and even if the subscription method is COI other factors can negate any bonus involved.
The second conversation involved Ken challenging me on the comment I left on his quiz yesterday. I said COI wasn’t foolproof and he challenged me to explain how. I did, and he’ll be following up next week.

The great debate

While surfing around last night, I discovered that the email experience council is running a poll. “The Great Email Debate Topic #2 – Single Opt-In or Double Opt-In?”
The email blogs have been discussing the question for a few weeks now, since one ClickZ columnist decided to stir controversy by claiming that “it is impossible to grow a list using double opt-in.” The original column inspired many other people to comment on the issue.
This is really a tempest in a teapot. There are situations where no address should be added to a mailing list without some sort of confirmation or verification step. Senders must protect themselves from bad subscription requests and double opt-in is one way to do this. Likewise, there are situations where a single opt-in with good list management will create a very clean list. Double opt-in isn’t necessary to stop spam.
Senders who think that they can’t grow their list with double opt-in are already behind the 8-ball in terms of list management. Yes, lists will grow slower. In the present environment, many users are very used to submitting a registration to a web page and then looking in their mailbox for an email to complete the process. No longer is “double opt-in” a foreign concept. Social networking sites, web forums and mailing lists commonly use double opt-in.
The challenge is for marketers to construct a signup process that is engaging enough to convince users to check their mailbox and click on the link. Senders with good marketing strategy will be able to do this, when it’s necessary.
Not every mailing list has to be double opt-in, but every engaging list could be without decreasing the number of subscribers.

Another opt-in in the wild

The EEC has an article today about a poorly done opt-in email that DJ Waldo received. How close is that to what you send?

Opt-in Reconfirmation in the Wild

What’s an opt-in reconfirmation email? Also called, as fellow blogger Al
Iverson mentioned lately, a re-engagement email, or a permission pass email.
Al links to DJ Waldow’s write up on Shop.org’s recent re-engagement
strategy, and today I see that Janine Popick, CEO of VerticalResponse,
talking about Coach’s turn at culling their list through this process. What’s interesting here is that, according to Janine, Coach didn’t target this reconfirmation email only at recipients who never open or click. She says she does both, regularly, and received this email message anyway. Another friend of mine, who is also a Coach subscriber, reports to me that she receives regular emails from them (most recently as just about
ten days ago), but that she did not receive this reconfirmation email message.

Garbage in… garbage out

Ken Magill (hereafter known as Mr. Stupid Poopypants) has a follow up article today on his article from last week about the Obama campaign’s mailing practices. While poking Dylan a bit, his message is that marketers really need to look harder at double opt-in.

Yet more data verification

Friday Al posted about data verification, building on discussions last week about Mr. Poopyhead’s article on open signup forms. He has a very insightful analogy, that I like and I am going to steal (emphasis from the original).

Data Integrity, part 2

Yesterday I blogged about eROIs contention that consumers should not be wasting the time of lead gen companies by filling in fake data. There were lots of good comments on the post, and I strongly encourage you to go read them if you are interested in different perspectives on the data issue.
One of the arguments I was making is that people are only going to give accurate information if they trust the website that is collecting information. I do, strongly, believe this. I also believe very strongly that websites collecting information need to do so defensively. It is the only way you can get good information.
This ties in with an earlier post about a website that collects email addresses from any visitor, then turns around and submits those addresses to webforms. Hundreds of mailing lists have already been corrupted by this group. They are a prime reason companies must design address collection process defensively. There are people who do bad things, who will take an opportunity to harass senders and recipients. This company is not the first, nor will they be the last to commit such abuses.
Taking a stand against abusive companies and people may be useful, but that will not stop the abuse. It is much easier to design process that limits the amount of abuse. For lead gen, in particular, confirmed opt-in is one way to limit the amount of bad data collected. As a side effect, it also results in less blocked mail, fewer complaints and better delivery.

SpamZa: corrupting opt-in lists, one list at a time

A number of ESPs have been tracking problematic signups over the last few days. These signups appear to be coming from an abusive service called SpamZa.
SpamZa allows anyone to sign up any address on their website, or they did before they were unceremoniously shut down by their webhost earlier this week, and then submits that address to hundreds of opt-in lists. This is a website designed to harass innocent recipients using open mailing lists as the harassment vehicle.
Geektech tested the signup and received almost a hundred emails 10 minutes after signing up.
SpamZa was hosted on GoDaddy, but were shut down early this week. SpamZa appears to be looking for new webhosting, based on the information they have posted on their website.
What does this mean for senders?
It means that senders are at greater risk for bad signups than ever before. If you are targeted by SpamZa, you will have addresses on your list that do not want your mail. Some of those addresses could be turned into spam traps.

Spamfilters are stupid

Ben over at MailChimp writes about spamfilters that are following links in emails resulting in people being unsubscribed from lists without their knowledge. I strongly suggest clients use a 2 step unsubscribe system, that does not require any passwords or information. The recipient clicks on a link in the email and confirms that they do want to be unsubscribed once they get to the unsubscribe webpage.
Even more concerning for me is the idea that people could be subscribed to emails without their knowledge. For some subset of lists, using confirmed (double) opt-in is the best way to make sure that the sender really has permission from the recipient. Now we have a spam filter that is rendering “click here to opt-in” completely useless. I am sure there are ways to compensate for the stupidity of filters. As usual, though, the spammers are doing things which push more work off onto the end user and the legitimate mailers.