Harvesting
July 2016: The Month in Email
We got to slow down — and even take a brief vacation — in July, but we still managed to do a bit of blogging here and there, which I’ll recap below in case you missed anything.
At the beginning of the month, I wrote about email address harvesting from LinkedIn. As you might imagine, I’m not a fan. A permissioned relationship on social media does not equate to permission to email. Check out the post for more on mailing social media contacts.
Even people who are collecting addresses responsibly can face challenges. One of the most important challenges to address is paying attention to your existing subscription processes, testing them regularly, evaluating effectiveness and optimizing as needed.
Our most commented-upon post this month was a pointer to a smart writeup about Hillary Clinton’s email server issues. Commenters were pretty evenly split between those who agreed that they see this kind of workaround frequently, and those who felt like regulatory processes do a good job managing against this kind of “shadow IT” behavior. I wrote a followup post on why we see this kind of workaround frequently in email environments, even in regulated industries, and some trends we’re seeing as things improve.
In other election-related email news, we saw the challenges of campaign email being flagged as spam. As I pointed out, this happens to all campaigns, and is nothing unique to the Trump campaign. Still, there are important lessons for marketers here, too, in terms of list management, email content, frequency, and engagement — all of which are inextricably linked to deliverability.
Speaking of spam and engagement, Steve took a look at some clickthrough tracking revealed through a recent spam message I received — and why legitimate marketers should avoid using these sorts of URL referrers.
On the topic of authentication, I wrote a quick post about how seeing ?all in the SPF record tells me one thing: the person managing the record isn’t doing things properly. Need a refresher on authentication? Our most-read blog post of all time can help you out.
And as always, send me your interesting questions and I’ll be happy to consider them as I resume my Ask Laura column in August.
Harvesting Addresses from LinkedIn
There seems to have been an uptick in the number of folks harvesting addresses from their LinkedIn contacts and adding them to mailing lists. I’ve been seeing this in my own mailbox. I’m getting added to different lists and because I used a tagged address I know these folks are harvesting from LinkedIn.
This behavior is really rude. Just because someone accepted your contact request on LinkedIn, doesn’t mean they want to be added to any mailing lists you may have. Let’s be honest, some people have hundreds or thousands of LinkedIn contacts. They’re not going to want to get mail from all of them.
This behavior risks your ESP account. I know of ESPs who have disconnected customers for importing all their LinkedIn contacts.
Of course, there are ways to effectively use your LinkedIn contacts. The short version is think about what you’re doing and how your mail will be received. Don’t grab all your contacts, be selective about who you choose. Have too many contacts to go through manually? That’s not an excuse, in fact, it’s an even bigger argument for not becoming a spammer.
I’ve previously written things you must consider when sending bulk mail to people who have connected with you on social networks.
About that permission thing
I wrote a few days ago about permission and how it was the key to getting into the inbox. It’s another one of those “necessary but not sufficient” parts of delivery. There are, however, a lot of companies who are using email without the recipient permission. These companies often contact me to help them solve their delivery problems. Often these are new companies who are trying to jumpstart their business on the cheap by using email.
The calls have a consistent pattern.
Spammers, eh?
I’m back from a fun and successful trip to the APSIS Email Marketing Evolved conference. Of course, this means I’m digging out my mailboxes and going through mail I’ve ignored for the past week. It’s amazing how the spam builds up when I’m not tending to it every day.
Is harvesting illegal under CAN SPAM
This issue comes up repeatedly, as many people have read the CAN SPAM act and believe that CAN SPAM specifically prohibits sending mail to harvested address. This is not how I read the law.
The FTC publishes a CAN SPAM Compliance Guide for Businesses that only mentions harvesting in the context of criminal penalties for violations. They list the following 7 main requirements of CAN SPAM.
If you want to spam, don't be stupid
Some random UK email marketing company that I’ve never heard of harvested my address off of LinkedIn (yes, it’s my LinkedIn specific address) and is now spamming me advertising their cheap email marketing services. There were a lot of things about this particular mail that really annoyed me. The annoyance wasn’t just spam in a folder that shouldn’t have spam, it’s that the spam itself was badly done.
The thing is, they could have done this in a way that didn’t annoy me enough to blog about them being spammers. A teeny, tiny amount of effort and an ounce of empathy for their recipients and I wouldn’t have anything to blog about today.
If you want to spam, don’t be stupid. How can you avoid being stupid?
1) Send only one email and make it clear in the message this is a one time (or limited time) email. Don’t just randomly harvest addresses off a website, like Submission Technology did today, and add all those addresses to your marketing list. Spam is an interruption and an annoyance. And if spammers had any sense they’d limit the amount of time they spent annoying and interrupting recipients.
2) Target your email correctly and don’t be lazy. This morning’s mail from Submission Technology was advertising their UK specific marketing programs. They have my LinkedIn profile, they know I’m on the other side of the US from the UK.
3) Don’t lie about where you got my name. In this case, I know Submission Technology harvested it off LinkedIn because that’s the address they are sending it to. And, in fact, in the email they sent they mention they are sending this to me because we’re connected on LinkedIn. The problem is, I can find no trace of a connection between us on LinkedIn. And, yes, I did look because I generally drop connections that add me to their mailing lists.
One part of my anger at this particular spam is that they’ve appropriated a tagged email address of mine and added it to their marketing lists. That’s breaking my filtering.
After doing a little research into their company and their practices, though, I have to wonder if they’re going to sell my address. It seems that Submission Technology sells addresses to their customers, among other product offerings. Is this address that I’ve dedicated to handling LinkedIn specific emails really now going to end up getting spam from UK companies?
Based on multiple online reports (Andy Merrett and Ben Park) it doesn’t even look like unsubscribing will be sufficient to get this mail to stop.
One of the most amusing bits links that showed up was a comment on a post here from 2008. It seems that they spammed Steve Linford and were SBLed for it. I’m only guessing that since they’re not still listed they’ve figured out how to suppress Steve’s address at least.
Sending unsolicited email can be a problem for bulk senders; you risk alienating your potential customers, getting blocked and developing a poor reputation. Some of those problems can be mitigated by not being stupid.
Leads, leads, leads!
There are a number of places that will sell business leads from data they’ve compiled, crawled or crowd-sourced. How great is that? Anyone can buy a list of targeted business information to use to further their business goals! Awesome! Great! Step right up and get your lead here!
But how accurate is that information really?
One of the bigger companies, which allows for public searches, is Zoominfo. I did some lookups recently just to see what their data is like. My conclusion? If the data they have on me is any indication of the overall accuracy of their data, companies are way better off just setting light to a pile of money in their parking lot instead of giving it to Zoominfo.
Let’s look at the data they have on me. When you go to their homepage and enter my name in, you get about 2 dozen profiles. Looking through them, there are a number that describe me.
Laura Atkins; MCRS rep. Fair enough, I do mention MCRS on a few of my webpages and was recently on their board of directors. What I can’t figure out is why they think the Minnesota Companion Rabbit Society is run out the Chesterfield County Business Development office. The MCRS is neither a business nor is it located in the state of Virginia. It’s not even located in the same time zone as Virginia. Strike 1 for Zoominfo.
Laura T. Atkins; Founding Partner. This one is the reference that is most clearly me. Zoominfo claims this information was “community contributed.” OK, so someone uploaded their address book and my name and contact info was in it. But they have my company listed as simply “Word.” Sure, Zoominfo went and scraped a bunch of info off our website, but that isn’t reflected in the actual listing. Strike 2 for Zoominfo.
Laura Atkins; Spamtacular. This one is one of my favorites. I’m listed as associated with Spamtacular. Spamtacular is a blog run by my former co-worker Mickey Chandler. Mickey’s currently working for a major ESP, but he blogs about email, spam and delivery under the Spamtacular.com domain. And, in fact, the “association” is that he lists me as part of the Spamtacular blogroll. But Zoominfo claims they have an email address and phone number for me associated with Spamtacular. According to Mickey, Zoominfo have repeatedly attempted to mail laura at spamtacular. It’s not just my email address they’ve pulled out of nether orifices, though. The Spamtacular corporate information is, if anything, more inaccurate than the MCRS data. Spamtacular is not and has never been registered anywhere near the state of California. Strike 3 for Zoominfo.
But wait! Just because they’ve struck out doesn’t mean they’re going to stop swinging or walk off the field.
Laura Atkins; Context Magazine. I did an interview with Context Magazine back in 2002, and Zoominfo claims they have a phone number for me. I suspect this is not my phone number, but, rather, is the main number for Context Magazine.
There are a couple of other, less interesting profiles for me: Spamcon Foundation, Deliverability.com. All are demonstrably me, but with no real contact information it’s not going to help anyone get in touch with me.
I have to admit, I’m actually surprised at just how totally inaccurate the data about me is. I’m not that hard to find. Zoominfo has 6 listings I can clearly identify as me. In those 6 listings:
Information sharing and the Internet
Many years ago I was working at the UW-Madison. Madison is a great town, I loved it a lot. One of the good bits was this local satire paper called The Onion. This paper would show up around campus on Wednesdays. Our lab, like many university employees and students, looked forward to Wednesday and the new humor The Onion would bring to us.
At the same time, I was internet friends with an employee of JPL. I’d met him, like I met many of my online acquaintances, through a pet related mailing list.
One Wednesday, The Onion published an article Mir Scientists Study Effects of Weightlessness on Mortal Terror. As this was the time when the Internet consisted of people banging rocks together, there was not an online link to Onion articles. But I was sure my friend at JPL, and all his friends, would appreciate the joke. That night I stayed late at the lab and typed the article into an email (with full credit to the Onion) and mailed it off to him.
As expected, the article garnered quite a few chuckles and was passed around to various folks inside JPL. What wasn’t expected was another friend, from totally different circles, sending me a copy of that same article 3 days later. Yes, in 1997 it took three days for information to be shared full circle on the Internet.
Information sharing is a whole lot quicker now, with things coming full circle in mere seconds. But that doesn’t make the information any more reliable and true. Take a recent article in ZDNet Research: Spammers actively harvesting emails from Twitter in real-time.
ZDNet links to a study published by Websense, claiming that email addresses on Twitter were available for harvesting.
That’s all well and good, but all ZDNet and Websense are saying is that email addresses are available for harvesting. I’ve not seen any evidence, yet, that spammers are harvesting and sending to them. This doesn’t, of course, mean they’re not, but it would be nice to see the spam email received at an address only shared on twitter.
Well, I have unique addresses and an un-spamfiltered domain. I went ahead and seeded a tagged address onto twitter. We’ll see if it gets harvested and spammers start sending to it. I’ll be sure to keep you updated.
No one harvests email addresses any more
There are a lot of people who assert that “no one” actually scrapes websites for email addresses any longer. My experience indicates this isn’t exactly true.
We have a rotating set of email addresses on our contact page. Every day we push out a new email address. Every day we expire addresses that were pushed out 7 days ago.
I can say, with 100% certainty, that there are people harvesting addresses off websites. The ads are reasonably “targeted.” Most of them are offering increased traffic, or the ability to monetize the website. Some are offering work from home.
I suppose you could call these targeted mails. After all, what website owner doesn’t want more traffic? Who wouldn’t want to make hundreds of dollars a day from the comfort of their own couch? What website owner doesn’t want their site submitted to 2700 different search engines?
Targeted spam is still spam. And having a rotating, expiring contact address has kept the amount of spam coming into our contact address low enough that the contact address is actually useable. 10 spams a month (for a 7 day old email address) is much more manageable than 1000 emails a month (for a 4 year old email address).