Ow, Quit It!

Im certainly not a typical email user in general, but my personal mailbox is probably fairly typical in aspect. There are 9000 emails in my inbox, going back to 2002. It’s a mixture of a lot of spam, notification mails that I want but don’t need to do anything with, personal mail from family and friends, and some marketing mail that I asked for.

Some of it is seasonal, like the gardening mail I get. I don’t buy for the garden until late winter, so I ignore it most of the time. Most of the rest is stuff like specialty food shops, discount retail stores, veterinary supplies, jewelry supplies, and the like. I know what I signed up for, so I don’t really bother looking at it unless I’m ready to buy something. I do glance through on occasion and drool a little over the pretties.

(BTW, there’s one sure-fire way to make marketing mail totally desirable: have it be about bacon!)

Just the idea of sorting out that quantity of mail makes me tired and so I avoid it and the pile just keeps getting bigger. In short, my inbox is a huge mess that I am sick of and don’t want to deal with. I mention this by way of setting up what I’m about to say…

Given the backdrop of a pile of 9000 emails, getting my specific, irritated attention with marketing mail is difficult.

One of the discount retailers managed it, though. I’ve been on their mailing list for a long time, at least 6 years. I buy stuff now and then. I like their business, and I’ve been happy with them. Until the last two weeks or so – I’m accustomed to seeing one email a day from them, which is fine. This expectation was set long ago and has been maintained. Recently they’ve escalated to 2 emails a day, and today (Saturday) it is 3. Three emails before 2PM? Really? The third one announced COUPONS & FREE SHIPPING EXTENDED UNTIL MIDNIGHT! The implication is that this was a decision made by the company at the spur of the moment, and that they needed to inform their customer base of this unexpected thoughtfulness on their part. Except…that email and the one before it – Best of BLACK FRIDAY COUPONS & FREE SHIPPING!* – were sent at the exact same moment: 10:02AM. That’s a bit disingenuous. And really annoying.

Now, I get that Christmas is coming and the economy is terrifying and all, but seriously – this is the “one bite at the apple” thing all over again. If it were just one retailer doing this, it would be manageable, if irritating. But a lot of them are succumbing to the idea that more email is better, and pounding their customer lists with multiple emails a day will get them to buy. Nyet. Ow! Quit it! I unsubscribed. I may sign up again after the holiday insanity is over…if I remember to.

*If the ESP sending for them recognizes this and wants to discuss it with me, feel free to contact me, you have my work email already.

Consulting the Oracle aka The ISP Wishlist

I hear a lot of “Hey, ISPs! Tell us exactly what to do, and we will do it!” from ESPs and marketers. Then last week I read this excellent post by Jamie Tomasello over at Cloudmark, and it got me to mulling over the whole thing.

So, okay. Ask and ye shall receive. I think I can probably safely speak for every major ISP in business with the following list. In no particular order, we wish you would do the following things:

– Do a stellar job of adhering to best practices, keeping complaints low and engagement high.
– Vet prospective clients carefully. Consider the consequences to your reputation if you assume them as customers.
– Don’t obfuscate your identity, or allow your clients to do so.
– Keep a close eye on the quality of the lists they send to, how often they send, and what the response is to the mailing. Make adjustments accordingly.
– Shut a customer that is causing a problem down immediately, no matter who they are, and fix the issue before resuming the send, unless there is a legal reason why this should not happen (and such instances will take place once in a blue moon on a leap year on the planet Pluto).
– Send less mail, and content of higher quality, to people that want it and are expecting to get it, and ONLY to those people.
– Set recipient expectations clearly at the outset, and don’t change the rules mid-game.
– Never send to a suppression list by accident. Render such an accident impossible.
– Don’t buy mailing lists.
– Don’t let your clients use purchased mailing lists. Learn how to spot one.
– Co-reg is nearly impossible to do right. So is e-pending. Consider the implications.
– Don’t listwash, or waterfall. Have high quality lists to begin with.
– Don’t hit spam traps. This is not as hard as it may seem, especially at AOL.
– Don’t send a ton of seed emails with every single triggered email. This will hurt your IP reputation.
– Ensure a low percentage of unknown users in a given send.
– Learn what ISP rejection codes mean. Abide by them. If a user no longer exists today, he will not exist tomorrow either.
– Be sure you have the network and server capacity to accept all your complaints and bounces.
– Look at your logs regularly.
– Unsubscribe people immediately, and don’t make them wait, or have to ask more than once. CAN SPAM may say ten days, but human nature says Right Now. Little is more infuriating and will drive your brand’s reputation down faster than getting more mail after having been told that one has been unsubscribed. Consider what humans do when they get angry.
– Don’t send to people who unsubscribed, a couple years later. Permission, once revoked, remains revoked. Consider what humans do when they get angry.
– Realize that marketing mail is a lot more important to you than to the network and end-user you’re sending it to, 98% of the time. Really.
– Don’t try to game the systems. We will figure it out, and that window will get more foggy for everyone. And your specific network will find itself unable to send email to that ISP.
– Study what IP reputation means at each major ISP. Learn it, and live it.
– When you bring new IPs online, warm them up slowly. Be aware of what to expect from various ISPs in such a scenario, and work accordingly. New IPs get rate limited. It’s a reality.
– Use consistent domains and congruent IP ranges whenever possible. Snowshoeing is bad. – Looking like you’re snowshoeing is not great either.
– Sign with DKIM.
– Do your own investigation before you contact the ISPs. You should already have a good idea what client X did wrong.
– Be able to do basic SMTP troubleshooting, or have someone on your team that can. Involve that person before you go ask the ISP for help.
– If you do ask the ISP for help, include useful data like IPs, error messages, time/date stamps, log lines, etc.
– Use the appropriate channels when asking for help. Don’t bother Barry unless you really have to. He’s a busy guy, and his primary focus is not on your marketing mail emergency.
– If you need to, hire a deliverability specialist to help you. You could even hire me!

These are not rules: these are the things we want you to do, and that I personally believe will improve deliverability in most cases. What we will not do is tell you how to go about doing them, what the thresholds are, or what the secret sauce that allows us to measure your success is.

A Shell Game

There’s been a lot of talk lately about how ESPs need to step up – an excellent series of posts by Laura Atkins at Word to the Wise, Jamie Tomasello posting at Cloudmark, Al Iverson on Spamresource, and Karen Balle from ExactTarget to name a few. I am in absolute agreement with them. ESPs are now in the same position a lot of ISPs were in roughly a decade ago. It’s time for them to start taking responsibility for their own traffic. No argument from me. Putting the burden on the spam filtering vendors and on recipients to block their bad clients’ mail is not going to work much longer. What I haven’t heard much of anything about is hosting companies.

There are a number of them out there that have enormous IP allocations, and that blatantly cater to spammers, especially snowshoers (Return Path just posted a good explanation of the term). They don’t police the traffic coming from their networks, even if they do have feedback loops. They sell IP space, cash the checks, and turn a blind eye to what their customers are doing. If some ISP finally loses patience, they will terminate a spammer or two, wait a little while, and then re-assign the IPs to…say it with me now!…another spammer. This put the ISPs in a very untenable position, because they’re not ESPs, contracted to monitor and send client mail. They’re closer to ISPs in business model – they don’t send mail, they just rent out IP space, and they do have some very legitimate clientele. This essentially makes it so that it’s very difficult to justify outright blocking the Huge Tracts Of Land that the hosting companies control.

I don’t do much in the way of front-line spam fighting any more, but every now and then a circumstance comes up where I get to pick up my mallet again. Usually, it’s an executive escalation with words to the effect of “MAKE IT STOP”. The kind of mail they are talking about is rarely easily traceable, and from an ESP that I know – that would make it simple. I’d pick up the phone, tell my contact that one of their clients has done something Really Bad, and to please fix it. And they do.

No, the emails that I’m talking about are usually either from a botnet – in which case I regretfully tell the exec that there’s not a whole lot I can do – or from a snowshoer. Ah, I love hunting those down. It’s not easy. The moment I find a sending domain that is “privacy protected” – and in these situations, they nearly always are – my spidey sense starts tingling. I cant remember a single instance in which a domain with an obfuscated identity has proved to be legitimate. Chasing this stuff around through WHOIS, org handles, rDNS, our complaints database, asking questions, etc usually leads me to at least a few of their IP ranges. Then I do a little dance, get out the mallet, and whack a few /19s. Or entire hosting companies.

That usually gets their attention.

But mostly, I get fed a line. “Yes, yes, we will do a better job of vetting prospective clients. Yes, we will get a feedback loop monitor and action it. Yes, we are sorry and it won’t happen again”. But they don’t do what they say they’ll do, and it does happen again. Over and over. And over. It becomes a lather, rinse, repeat game that I am very tired of. A couple of the blacklists I work with are also very tired of it.

In a couple of instances, I have had some luck over the course of a couple of years in getting a hosting company like this to change its policies a bit by way of using a big carrot and stick. Mostly, though, I’m just washing that gray right into my hair.

Anyone have any ideas on how to confront this particular aspect of the problem, as an industry?


Remember Fried Green Tomatoes? One of the best scenes is where Evelyn loses the plot over a parking space – two younger women zip in and steal it from her. After trying to be polite and getting nothing but lip in return, she flips out and rams their car with her own a few times.

Evelyn: Excuse me. I was waiting for that space.
Girl #1
: Yeah, tough!
Girl #2
: Face it, lady, we’re younger and faster.
: … Towanda! (screams and smashes into the car again and again) Towaaaaanda!! Yes ma’am!
Girl #2
: what are you doing? Are you crazy?
: Face it, girls. I’m older and I have more insurance.

You can see something like this developing around a desk with a computer on it, can’t you? Guy has a really bad day at work, fight with the wife, intractable teenagers, burned dinner, and now his dog just bit him too. This dude is in a dark, bad mood, and he decides to get away from his insane family and work day, and go read his email. He powers up the machine, clicks Get Mail and then sits there aghast as his inbox floods with email. (The little deliverability angel on his shoulder could, with clucking disapproval, tell him that his email had been “shared”, and he is now enjoying what is called “co-registration” but he can’t hear her.) Hundreds of junk emails: complete this offer to win a laptop, try this free product, win an iPod, refinance your house, fix your credit, lose weight, acai berry! Somewhere, lost in the deluge of spam, are some emails he actually needs to read, and he can’t find them. He feels like his personal space has been violated, he feels powerless, and he’s really angry.

So he pulls a Towanda – calls his ISP, leaves a screamingly enraged voicemail, and then reports as spam his entire mail box content, ham along with spam. Metaphorically he just rammed that snarky girl’s car, didn’t he? He damaged his own car, yeah, but he got the brief satisfaction of having Done Something, however useless and expensive that thing ultimately turns out to be – and it was entirely useless, which means that the next time it happens to him, he’s going to get even more angry. And you know it will happen again.

Frustrated, angry people who feel powerless tend to do intemperate things, like calling ISPs and leaving mp3-worthy voicemails, reporting their entire inbox as spam, and doing blanket boycotts of the senders of the offending emails – Gevalia may be good coffee, but I will never buy any to find out! They tell their friends about it, too, and at enraged length! Never under-estimate the power of word-of-mouth, especially when fueled by outrage. They have very little control over the situation, so they will exert what they do have to the best of their ability in order to feel like they’re Doing Something, up to and including abandoning their mailboxes. ISPs don’t like it when that happens.

I try to avoid the “so what do you do for a living?” conversation, but inevitably it happens…and when people find out what I do, I am often treated to a frothing diatribe about spam, and frequently also get desperate pleas for help even if they don’t use the ISP I work for.

The only way I can truly help them is to do my job to the very best of my ability, and that means finding new and better ways of separating the spam from the ham in the streams of commercial mail, and blocking more of it. The ISPs have spent the last few years focusing heavily on botnet spam, and things of that nature. I wouldn’t presume to say that the problem is solved, but we do have a pretty solid handle on mitigation, and now we can look around at what else is happening. What I see happening are myriad permutations of the scene I described to you just now – there are so many other ways other than co-reg to abuse a recipient.

Do you think that man has warm fuzzy feelings about his inbox? About his ISP, or the people that sent him the mail? I’d say the answer is a resounding NO on all three counts.

My job as I perceive it, is to fix the first two counts. We want happy users. Hm.

Guest Post: An End-User’s Musings On Effective Marketing

I was discussing the ideas behind my last post with a friend of mine: M. Shirley Chong is a very well known dog-trainer, big into crafts, half-blind, and as non-geeky as they come. If she wants something changed on her machine, she gets her husband to do it. In short, she’s a reasonably typical end-user. I wanted her perspective on advertising, especially as it pertains to email, which she has to expend extra effort to read due to her sight issues. She had this to say:

I read Anna’s column about the decreasing impact of advertising. I agreed with it and then started thinking about “what is effective advertising?”

Oddly enough, the answer was easy to come up with because I’d just switched to my email program to check email. Right there in my inbox was one of my favourite advertisers, someone whose daily email I always read. Fire Mountain Gems sends a daily email that is colourful, attractive and even if I’m not interested in the specials that day, they include something I want to read such as a tip, a Q&A session or a seasonal forecast.

I had to sign up to get the Fire Mountain Gems daily updates (there’s three of them and I signed up for all three after I’d gotten the first category for a few weeks).

I have a particular dislike for businesses that share my information with other businesses, so I use a combination of three email addresses and permutations of my legal name to come up with unique combinations that lets me know if that happened. All too often, it does – but Fire Mountain Gems has never shared my information with anyone. This may seem like a petty thing but to me it’s important. If I am considering buying something online, one of my first questions is “will this site keep my financial information safe?” Sharing my information says to me that they are not as careful as I would prefer, and it makes me angry.

If I know I won’t be checking email for awhile, then I want to be able to unsubscribe to as many things as possible so I don’t build up an impossible load. Fire Mountain Gems has the unsubscribe information in each email they send. Just click on a link, click a button and it’s a done deal.

So for me, effective advertising is that which:

a) I wanted in the first place;
b) I can turn on and off easily whenever I want to;
c) has interesting content;
d) does not lead to a deluge of email from other businesses.

To me, the take-aways here are: Permission, Respect of Privacy, Ease of Use, Interesting/Valuable Content, and Keeping Promises.

Fire Mountain has continued to live up to her expectations, and the win for them is that they’ve created a loyal, engaged customer that reads their marketing mail, looks forward to next email, and buys things from them. I suspect that if she didn’t get her daily email from them, she would go looking for the reason why. I asked her about the frequency – she asked for that, right? “Oh, yes,” she says, “and it’s a different email every day! It’s not an imposition on my time or my inbox, it’s a very welcome addition…I absolutely cannot say that of any of the purveyors of the free-thingy-just-complete-an-offer, fix-yer-credit, or mortgage re-financers!”*

This is a perfect snapshot of what “engagement” is all about. Question for senders with problem clients: what’s the difference between how Fire Mountain does things, and how your client does things?

*Thank you, Shirley, for taking the time to share your views!


Overexposure that can’t be fixed with Photoshop

I read something Dr John Levine wrote about the ubiquity of advertising, and it tied into some thoughts I’ve been having regarding the parallels between marketing and swearwords.

There’s a word that starts with F and ends with K and we all know what it is. It used to be a very, very bad word. It was a shocking word, a word so bad that kids would get their mouth washed out with soap for using it. Carlin included it in his “words you can’t say on TV”. It was a word that you Just Did Not Say. These days, though, it’s been so overused, so ubiquitous, and is so very common that it has entirely lost its shock value. You hear it everywhere. Kids say it. Parents say it. You hear it at work, on the radio, and on TV. Jokes are made about it. It’s just not a big deal any more. Heck, I say it to my Dad. It’s gone the way of the dodo.

Seems to me that advertising is following in its footsteps. Dr Levine said:

We are bombarded by ads from the moment we get up until the moment we go to sleep. There’s ads on the radio, ads on TV, ads in the newspaper, ads on billboards, ads on the bus, ads on the fricking steps in the NYC subway. In my physical mailbox, where I used to throw away about one worthless little newspaper full of ads a week, now it’s one or two a day.

It’s true. Advertising is so common and so overused that we just don’t see it any more. The more it is pushed at us, the more avenues are used to put it in front of us, the less we see it, the less we WANT to see it, out of sheer self-defense. I myself make extensive use of Ad-Block, my TiVo, and the Bayesian filters on my personal email. If I didn’t ask for a specific advertising mail, I mark it as spam, and ignore it henceforth unless it becomes annoying enough to trigger me into running the IPs for their stats. 99% of the time they’re awful, and you can guess what happens next.

People’s behavior with advertising reminds me of the self-defensive behavior people in seriously over-crowded cities exhibit: they rush along, looking at a fixed point in front of them, don’t look at other people, don’t deviate from their paths, and if something gets in their way they get *angry*. People are reaching the tipping point with advertising – over-saturation, overexposure, over-everything. They can’t escape the billboards and bus ads and subway ads, the ads over the air in the stores they shop in, and the billion other exposures they cannot control, so they get particularly agitated about the ads that encroach on space they feel is their private property: their email inboxes. They’re getting angry, and unlike me they have little to no recourse to do anything about it. So…they just get angrier.

Unless email marketing wants to go the way of the F word and the dodo, I think it is high time this phenomenon was given due consideration. The constant bombardment only makes people pay less attention and get more angry, and that isn’t what email marketers want.

So, folks, what’s the solution?

Why is my window fogged up?

I get a lot of questions about the specifics of our anti-spam systems, and a fair amount of commentary and questions about other ISPs as well. These are generally expressed with a certain frustration, and often by ESPs who do a really good job but have run up against something they don’t understand. My frustration lies in the fact that I can’t helpfully answer those questions any more, because of the ESPs and hosting companies that don’t do a really good job. This trend is not exactly a secret. It has been openly discussed in the last couple years, at industry conferences, on industry mailing lists, and on industry blogs. In fact, Laura Atkins over on the Word to the Wise blog recently said something germane to the issue:

History says that the more information the ISPs share with senders the more the bad guys take advantage. (read more…)

And she’s right. That is precisely the reason that ISPs are no longer as transparent about their anti-spam processes as they used to be: a trend was noticed – if specific numbers and thresholds were published, then senders would aim to get as close to them as possible. In other words, they’d do the least amount they could get away with to still comply with the existing standards… and no more than that. Sometimes, they’d go to great lengths to attempt to game the systems. Naturally, this behavior was noticed, adjustments were made to counter-act these tricks, and transparency decreased to virtual opacity over time, thus ruining it for the good guys. (And for me. I like helping people. The fact my ability to do so has been significantly reduced makes me a sad panda.)

We want our customers to get the mail that they want to get, ranging from the family’s year-end-wrap-up newsletter, to college application results, to forum mail… and to marketing mail that they requested and have a continued interest in receiving. We want happy, engaged users who don’t dread opening their inboxes. Senders should want the same, since happy engaged users are the ones least likely to drive IP reputation down by complaining about their mail, and the most likely to purchase something!

This should be a strong incentive to not just do the bare minimum, but rather to do the very best job that can be done.

Can anyone explain to me why this is not the overwhelming reality?

Things that make you go “hmmm…”

This is only tangentially about spam. I read an article on Techdirt about an incipient crackdown on the so-called “loyalty programs” that many companies have used to with alarming success:

It’s no secret that there are a bunch of companies out there that trick users into signing up for a regular monthly subscription service that’s usually nothing more than an excuse to charge your credit card every month. […] The government is finally cracking down on some of these, but its latest investigation — into just three such services (and there are a bunch more) named Webloyalty, Vertrue and Affinion — found that those three alone brought in over $1.4 billion.

What really bothers me is that most of the companies that used these services are major companies that are considered to be legitimate. A full list of such companies are listed on a companion article on CNET. Go look. There are some very familiar names on that list, and at least two companies that have well-proven track records of intractable, horrible mailing practices.

I grabbed out some of the ones that I personally have done business with over the years. I guess I’d better take a closer look at my credit card statements, eh?

US Airways
The names of the retailers that partnered with Affinion, Webloyalty, or Vertrue.
(Credit: U.S. Senate Commerce Committee)

I will leave you, Dear Reader, to consider the implications.


I was reading Mickey Chandler’s Spamtacular today, and one of the comments to the post by a gentleman by the name of Tom Caldwell, self-proclaimed former spammer, caught my attention. I have edited out the self-promotional bits of the comment, but he says:

The more important question here is what have any anti-spam product or technology leaders done to lower spam levels or drive spammers away. […] Being a former spammer and having driven spam levels down with our IP and URL reputation products (cut off the sending/money spammers need to survive), I see no support in the industry for this because high spam levels are justifying the sale of additional appliances, hosted SaaS services,

This makes no sense. ISPs are laying people off right and left. The premise of allowing spam to flow just to justify the purchase of expensive new toys is nonsense. It takes money to buy additional appliances to handle the overhead of unwanted email. ISPs don’t *have* that money. Mickey’s original post was all about the reasons why email is sometimes delayed. One of those reasons is the lack of sufficient resources to handle the flow. Why are those resources lacking? NO MONEY. There’s a major economic crisis going on, or hasn’t he noticed?

…and of course the back-end loss management to handle missed malicious messages and time spent sorting through pending authorization quarantines.

I have no idea what this means. Does anyone else know? Perhaps something to do with leveraging market synergies?

Technology is supposed to make our life easier and more secure, so why are all the approaches doing nothing to ‘spammers’?

I’m uncertain where the idea came from that “all the approaches involve doing nothing to spammers”, but then again I’m also uncertain what that assertion actually means. Several spammers have been sued, fined, and jailed. It hasn’t really done much to slow the spam industry down, that I’ve noticed. One notable “high volume email deployer” who likens his services to something like “a garbage truck, only in reverse” has been successfully sued to the tune of millions, a number of times, and he’s still in business.

The real spam gangs are exactly that – major criminal enterprises, often international, which requires multinational LEO cooperation, which is very hard to organize…and the very specialized know-how and tech required to track these gangs isn’t cheap.

It takes a non-trivial amount of money to build a legal case, it takes money to prosecute such a case. The various governments (who don’t have any money either!) don’t really care about bloodless crimes that have no individual victims – they’re more interested in actual crimes, like identity and information theft and terrorism – so the spam problem is pretty much up to the ISPs, and most ISPs dont *have* that kind of money. There’s a major economic crisis going on, or hasn’t he noticed?

By combining 100 percent guaranteed organization shut downs with non-probability blocking, e-forensics, and law enforcement spammers can be taken down. […] but why hasn’t a deterrent or source fix of the problem approach been spread, rather than the self-justified fighting of the growing problems symptoms?

I have been trying to puzzle out what “non-probability blocking” means, but I cannot imagine. I’m also not sure what the “source fix” of the problem might be, since every ISP I know is doing their level best to reduce the influx of unwanted mail. The big ISPs have their own homegrown systems that are constantly being tested, expanded, and refined. They use reputation systems, content blocking, spam signatures, customer feedback, and quite a few other methods. The smaller ISPs use reputable third-party reputation and anti-spam systems, which are also constantly being updated, expanded and refined. Why? Because it costs a lot of money to transport the volume of unwanted mail, and it costs ISPs in terms of losing users who get fed up with the amount of spam delivered to them…which translates into lost dollars. These are both significant issues because the ISPs have no extra money, and there’s a major….say it with me now, Dear Reader: “economic crisis going on, or hasn’t he noticed?”

It appears to me that anti-spam and e-mail is almost a racket. I challenge responses to refute what I’ve proven since it has and can be performed, to dozens or hundreds of spam gangs. We have statistics, testimony, and e-forensic evidence to prove so.

Yup. So do we. What we haven’t collectively got is the actual resources. My own personal magic wand ran out of fairy dust several years ago. If someone out there would like to donate the gazllion dollars that would be required to implement the solution suggested above, please let the Barrys know. We’d be delighted to have it.

In summary: it’s clearly a racket! That explains why I spend about 10-12 hours a day doing absolutely nothing about the spam problem, and that would also explain why all of the anti-spam programming teams spend their whole working lives playing foosball in the breakroom…..right?

Oy, vey.