I hear a lot of “Hey, ISPs! Tell us exactly what to do, and we will do it!” from ESPs and marketers. Then last week I read this excellent post by Jamie Tomasello over at Cloudmark, and it got me to mulling over the whole thing.

So, okay. Ask and ye shall receive. I think I can probably safely speak for every major ISP in business with the following list. In no particular order, we wish you would do the following things:

– Do a stellar job of adhering to best practices, keeping complaints low and engagement high.
– Vet prospective clients carefully. Consider the consequences to your reputation if you assume them as customers.
– Don’t obfuscate your identity, or allow your clients to do so.
– Keep a close eye on the quality of the lists they send to, how often they send, and what the response is to the mailing. Make adjustments accordingly.
– Shut a customer that is causing a problem down immediately, no matter who they are, and fix the issue before resuming the send, unless there is a legal reason why this should not happen (and such instances will take place once in a blue moon on a leap year on the planet Pluto).
– Send less mail, and content of higher quality, to people that want it and are expecting to get it, and ONLY to those people.
– Set recipient expectations clearly at the outset, and don’t change the rules mid-game.
– Never send to a suppression list by accident. Render such an accident impossible.
– Don’t buy mailing lists.
– Don’t let your clients use purchased mailing lists. Learn how to spot one.
– Co-reg is nearly impossible to do right. So is e-pending. Consider the implications.
– Don’t listwash, or waterfall. Have high quality lists to begin with.
– Don’t hit spam traps. This is not as hard as it may seem, especially at AOL.
– Don’t send a ton of seed emails with every single triggered email. This will hurt your IP reputation.
– Ensure a low percentage of unknown users in a given send.
– Learn what ISP rejection codes mean. Abide by them. If a user no longer exists today, he will not exist tomorrow either.
– Be sure you have the network and server capacity to accept all your complaints and bounces.
– Look at your logs regularly.
– Unsubscribe people immediately, and don’t make them wait, or have to ask more than once. CAN SPAM may say ten days, but human nature says Right Now. Little is more infuriating and will drive your brand’s reputation down faster than getting more mail after having been told that one has been unsubscribed. Consider what humans do when they get angry.
– Don’t send to people who unsubscribed, a couple years later. Permission, once revoked, remains revoked. Consider what humans do when they get angry.
– Realize that marketing mail is a lot more important to you than to the network and end-user you’re sending it to, 98% of the time. Really.
– Don’t try to game the systems. We will figure it out, and that window will get more foggy for everyone. And your specific network will find itself unable to send email to that ISP.
– Study what IP reputation means at each major ISP. Learn it, and live it.
– When you bring new IPs online, warm them up slowly. Be aware of what to expect from various ISPs in such a scenario, and work accordingly. New IPs get rate limited. It’s a reality.
– Use consistent domains and congruent IP ranges whenever possible. Snowshoeing is bad. – Looking like you’re snowshoeing is not great either.
– Sign with DKIM.
– Do your own investigation before you contact the ISPs. You should already have a good idea what client X did wrong.
– Be able to do basic SMTP troubleshooting, or have someone on your team that can. Involve that person before you go ask the ISP for help.
– If you do ask the ISP for help, include useful data like IPs, error messages, time/date stamps, log lines, etc.
– Use the appropriate channels when asking for help. Don’t bother Barry unless you really have to. He’s a busy guy, and his primary focus is not on your marketing mail emergency.
– If you need to, hire a deliverability specialist to help you. You could even hire me!

These are not rules: these are the things we want you to do, and that I personally believe will improve deliverability in most cases. What we will not do is tell you how to go about doing them, what the thresholds are, or what the secret sauce that allows us to measure your success is.

I get a lot of questions about feedback loops, and there seems to be a lot of fear, uncertainty, and doubt about them. I wrote up an explanation for the AOL Postmaster Blog today.

I read something Dr John Levine wrote about the ubiquity of advertising, and it tied into some thoughts I’ve been having regarding the parallels between marketing and swearwords.

There’s a word that starts with F and ends with K and we all know what it is. It used to be a very, very bad word. It was a shocking word, a word so bad that kids would get their mouth washed out with soap for using it. Carlin included it in his “words you can’t say on TV”. It was a word that you Just Did Not Say. These days, though, it’s been so overused, so ubiquitous, and is so very common that it has entirely lost its shock value. You hear it everywhere. Kids say it. Parents say it. You hear it at work, on the radio, and on TV. Jokes are made about it. It’s just not a big deal any more. Heck, I say it to my Dad. It’s gone the way of the dodo.

Seems to me that advertising is following in its footsteps. Dr Levine said:

We are bombarded by ads from the moment we get up until the moment we go to sleep. There’s ads on the radio, ads on TV, ads in the newspaper, ads on billboards, ads on the bus, ads on the fricking steps in the NYC subway. In my physical mailbox, where I used to throw away about one worthless little newspaper full of ads a week, now it’s one or two a day.

It’s true. Advertising is so common and so overused that we just don’t see it any more. The more it is pushed at us, the more avenues are used to put it in front of us, the less we see it, the less we WANT to see it, out of sheer self-defense. I myself make extensive use of Ad-Block, my TiVo, and the Bayesian filters on my personal email. If I didn’t ask for a specific advertising mail, I mark it as spam, and ignore it henceforth unless it becomes annoying enough to trigger me into running the IPs for their stats. 99% of the time they’re awful, and you can guess what happens next.

People’s behavior with advertising reminds me of the self-defensive behavior people in seriously over-crowded cities exhibit: they rush along, looking at a fixed point in front of them, don’t look at other people, don’t deviate from their paths, and if something gets in their way they get *angry*. People are reaching the tipping point with advertising – over-saturation, overexposure, over-everything. They can’t escape the billboards and bus ads and subway ads, the ads over the air in the stores they shop in, and the billion other exposures they cannot control, so they get particularly agitated about the ads that encroach on space they feel is their private property: their email inboxes. They’re getting angry, and unlike me they have little to no recourse to do anything about it. So…they just get angrier.

Unless email marketing wants to go the way of the F word and the dodo, I think it is high time this phenomenon was given due consideration. The constant bombardment only makes people pay less attention and get more angry, and that isn’t what email marketers want.

So, folks, what’s the solution?

I get a lot of questions about the specifics of our anti-spam systems, and a fair amount of commentary and questions about other ISPs as well. These are generally expressed with a certain frustration, and often by ESPs who do a really good job but have run up against something they don’t understand. My frustration lies in the fact that I can’t helpfully answer those questions any more, because of the ESPs and hosting companies that don’t do a really good job. This trend is not exactly a secret. It has been openly discussed in the last couple years, at industry conferences, on industry mailing lists, and on industry blogs. In fact, Laura Atkins over on the Word to the Wise blog recently said something germane to the issue:

History says that the more information the ISPs share with senders the more the bad guys take advantage. (read more…)

And she’s right. That is precisely the reason that ISPs are no longer as transparent about their anti-spam processes as they used to be: a trend was noticed – if specific numbers and thresholds were published, then senders would aim to get as close to them as possible. In other words, they’d do the least amount they could get away with to still comply with the existing standards… and no more than that. Sometimes, they’d go to great lengths to attempt to game the systems. Naturally, this behavior was noticed, adjustments were made to counter-act these tricks, and transparency decreased to virtual opacity over time, thus ruining it for the good guys. (And for me. I like helping people. The fact my ability to do so has been significantly reduced makes me a sad panda.)

We want our customers to get the mail that they want to get, ranging from the family’s year-end-wrap-up newsletter, to college application results, to forum mail… and to marketing mail that they requested and have a continued interest in receiving. We want happy, engaged users who don’t dread opening their inboxes. Senders should want the same, since happy engaged users are the ones least likely to drive IP reputation down by complaining about their mail, and the most likely to purchase something!

This should be a strong incentive to not just do the bare minimum, but rather to do the very best job that can be done.

Can anyone explain to me why this is not the overwhelming reality?

This is only tangentially about spam. I read an article on Techdirt about an incipient crackdown on the so-called “loyalty programs” that many companies have used to with alarming success:

It’s no secret that there are a bunch of companies out there that trick users into signing up for a regular monthly subscription service that’s usually nothing more than an excuse to charge your credit card every month. […] The government is finally cracking down on some of these, but its latest investigation — into just three such services (and there are a bunch more) named Webloyalty, Vertrue and Affinion — found that those three alone brought in over $1.4 billion.

What really bothers me is that most of the companies that used these services are major companies that are considered to be legitimate. A full list of such companies are listed on a companion article on CNET. Go look. There are some very familiar names on that list, and at least two companies that have well-proven track records of intractable, horrible mailing practices.

I grabbed out some of the ones that I personally have done business with over the years. I guess I’d better take a closer look at my credit card statements, eh?

Buy.com
Expedia
Half.com
Hotwire
Orbitz
US Airways
The names of the retailers that partnered with Affinion, Webloyalty, or Vertrue.
(Credit: U.S. Senate Commerce Committee)

I will leave you, Dear Reader, to consider the implications.

I was reading Mickey Chandler’s Spamtacular today, and one of the comments to the post by a gentleman by the name of Tom Caldwell, self-proclaimed former spammer, caught my attention. I have edited out the self-promotional bits of the comment, but he says:

The more important question here is what have any anti-spam product or technology leaders done to lower spam levels or drive spammers away. […] Being a former spammer and having driven spam levels down with our IP and URL reputation products (cut off the sending/money spammers need to survive), I see no support in the industry for this because high spam levels are justifying the sale of additional appliances, hosted SaaS services,

This makes no sense. ISPs are laying people off right and left. The premise of allowing spam to flow just to justify the purchase of expensive new toys is nonsense. It takes money to buy additional appliances to handle the overhead of unwanted email. ISPs don’t *have* that money. Mickey’s original post was all about the reasons why email is sometimes delayed. One of those reasons is the lack of sufficient resources to handle the flow. Why are those resources lacking? NO MONEY. There’s a major economic crisis going on, or hasn’t he noticed?

…and of course the back-end loss management to handle missed malicious messages and time spent sorting through pending authorization quarantines.

I have no idea what this means. Does anyone else know? Perhaps something to do with leveraging market synergies?

Technology is supposed to make our life easier and more secure, so why are all the approaches doing nothing to ‘spammers’?

I’m uncertain where the idea came from that “all the approaches involve doing nothing to spammers”, but then again I’m also uncertain what that assertion actually means. Several spammers have been sued, fined, and jailed. It hasn’t really done much to slow the spam industry down, that I’ve noticed. One notable “high volume email deployer” who likens his services to something like “a garbage truck, only in reverse” has been successfully sued to the tune of millions, a number of times, and he’s still in business.

The real spam gangs are exactly that – major criminal enterprises, often international, which requires multinational LEO cooperation, which is very hard to organize…and the very specialized know-how and tech required to track these gangs isn’t cheap.

It takes a non-trivial amount of money to build a legal case, it takes money to prosecute such a case. The various governments (who don’t have any money either!) don’t really care about bloodless crimes that have no individual victims – they’re more interested in actual crimes, like identity and information theft and terrorism – so the spam problem is pretty much up to the ISPs, and most ISPs dont *have* that kind of money. There’s a major economic crisis going on, or hasn’t he noticed?

By combining 100 percent guaranteed organization shut downs with non-probability blocking, e-forensics, and law enforcement spammers can be taken down. […] but why hasn’t a deterrent or source fix of the problem approach been spread, rather than the self-justified fighting of the growing problems symptoms?

I have been trying to puzzle out what “non-probability blocking” means, but I cannot imagine. I’m also not sure what the “source fix” of the problem might be, since every ISP I know is doing their level best to reduce the influx of unwanted mail. The big ISPs have their own homegrown systems that are constantly being tested, expanded, and refined. They use reputation systems, content blocking, spam signatures, customer feedback, and quite a few other methods. The smaller ISPs use reputable third-party reputation and anti-spam systems, which are also constantly being updated, expanded and refined. Why? Because it costs a lot of money to transport the volume of unwanted mail, and it costs ISPs in terms of losing users who get fed up with the amount of spam delivered to them…which translates into lost dollars. These are both significant issues because the ISPs have no extra money, and there’s a major….say it with me now, Dear Reader: “economic crisis going on, or hasn’t he noticed?”

It appears to me that anti-spam and e-mail is almost a racket. I challenge responses to refute what I’ve proven since it has and can be performed, to dozens or hundreds of spam gangs. We have statistics, testimony, and e-forensic evidence to prove so.

Yup. So do we. What we haven’t collectively got is the actual resources. My own personal magic wand ran out of fairy dust several years ago. If someone out there would like to donate the gazllion dollars that would be required to implement the solution suggested above, please let the Barrys know. We’d be delighted to have it.

In summary: it’s clearly a racket! That explains why I spend about 10-12 hours a day doing absolutely nothing about the spam problem, and that would also explain why all of the anti-spam programming teams spend their whole working lives playing foosball in the breakroom…..right?

Oy, vey.