The latest on email marketing delivery best practices & trends from
our resident guru, Al Iverson, Director of Privacy & Deliverability.
ExactTarget Blog - Email Marketing Delivery Guru

Did you know that Yahoo hosts email for over 127,179 domains? And the list of 127,179 domains comprises just the ones I know about. Those aren't all consumer domains. Yahoo has Yahoo.com, Rocketmail.com, Ymail.com, and all the various Yahoo domains for different countries, but they make up less than 600 of those domains. What else do they host? Sure, there are a lot of vanity (personal) domains. But, you'll also find that they host email for graphic arts companies, realty agents, investment bankers, sports teams, insurance agencies, online electronics retailers, medical clinics, and for many other companies big and small.

What does it all mean? It means that if you're a B2B sender, Yahoo is going to be significantly represented in your list.

This is yet another example of how B2C permission and sending requirements still apply to you if you're a B2B sender.

Occasionally I talk to somebody who opines that because they don't send to Yahoo, they don't need to follow Yahoo's rules. The point is rarely that simplistic, but it does usually boil down to this: "I'm a B2B sender. All of my lists are B2B recipients only. My lists are comprised of nobody but business professionals, for example. Yahoo or Hotmail's sender guidelines don't apply to me, do they?"

Yes, they do apply. And here is a great data point as to why:

Mark Brownlow of Email Marketing Reports checked his own B2B lists. What did he find? 11% were Gmail, 4.6% were Hotmail, and just about 8% were Yahoo. That's almost a quarter of his list. And they are all B2C providers, with the typical B2C rules and requirements that senders have come to know and love: Keep complaints low. Subscriber engagement matters. Opt-in permission rules.

Mark's list makeup is typical. There's nothing too surprising there. The take-away here? B2C rules matter, even in a B2B world.

Not everybody we talk to (especially in the sales process) shares our commitment to permission, our commitment to spam prevention.


It makes sense, right? There is a lot of spam out there. I get thousands (literally) of spam messages myself, every single day. Somewhere, somebody is sending those messages. Even though it’s not a good idea, somebody thinks it’s a good idea. Either because they’re bad guys and don’t care about best practices, the law, and overwhelming ISPs, or because they just don’t know any better yet. Most folks aren’t born with an innate understanding of how email works, or they don’t understand that email is not the same as “direct mail.”

 

So, every once in a while, we have a sales call that turns out to be a real bummer. Somebody wants permission to spam, and is upset that we’re not about to grant that permission. What do we do in these cases? We spend a lot of time explaining that spam doesn’t work. Spam doesn’t get delivered. It gets blocked. The senders get blacklisted. It’s the kind of things ISPs are actively looking to prevent their users from receiving. How successful do you think you can be, long term, if you’re sending something that ISPs are actively attacking?

 

Oh sure, you’ll get away with it for a while. That is until the feds show up at your door, and you start down a path that leads you to thirty years in prison. Or, you could deal with lawsuit after lawsuit after lawsuit.

 

But, set aside the legal aspects of it. You want people to open your emails, to buy from you, and to do that, you need to be able to get that email delivered. And that means not sending spam.

 

It seems simple, but not everyone sees it that way. As my boss Chip is fond of saying, “Hey, we're just trying to tell you what works. If we thought spam was successful, we'd be telling you to spam. It's not. That's why we're telling you otherwise.”


I get this question often: Why are my emails being reported as spam? I comply with CAN-SPAM, I send only to people who opt-in, and I think I'm doing everything right. What's going on? How can I possibly still be identified as a bad guy by the ISPs?

Well, here's why. Tamara Gielen capably summarizes the recent MarketingSherpa/Q Interactive survey that talks about why recipients report mail as spam. According to the survey, the top five reasons people report a message as spam are as follows:
  1. Didn't sign up to receive email from sender (52%).
  2. Email received was not of interest (41%).
  3. Receive too much email from the sender (25%).
  4. Receive too much email from senders in general (20%).
  5. Found email offensive (15%).
What does that all mean? It means that respecting subscriber permission is still the most important thing you can to do prevent spam complaints. But, it also means that permission alone isn't enough insurance against spam complaints. You need to ensure your emails are useful (#2 - speaks to subscriber engagement), ensure that your sending frequency is appropriate (#3), never buying or selling lists (#4, the tragedy of recipient dilution), and that you never send emails that are so far off the mark that you upset your subscriber base (#5).

Regardless of why recipients report your mail as spam, ISPs still count those votes against you. That's why it's up to you to ensure that you're doing all the right things, if you want to remain a sender in good standing. Failure to observe these best practice guidelines means you're far more likely to find your email blocked, filtered, or delivered to the junk folder.

Box of Meat points us toward this tidbit of information on anti-spam law in Viet Nam: Under a new anti-spam decree in Viet Nam, "[s]enders of spam e-mails and text messages which aim to cheat, disturb people, diffuse viruses, or advertise will be fined."

Hey, do you read Chip House's blog? If not, you should. Not just because he's my boss here at ExactTarget, but because he talks about lots of good stuff, much of it deliverability rated. Chip's been involved in the email marketing space for more than ten years, and is the mastermind behind most of the deliverability processes and subsequent email delivery successes here at ExactTarget.

CAN-SPAM compliance is an important topic that Chip covers capably, as well as good stuff, like why spam trap addresses are bad.

We're always happy to answer your questions - they give us good ideas for future blog posts, and we enjoy sharing our expertise. Don't hesitate to drop us a line!

My coworker Melinda emailed me today. She said, "This company keeps spamming me! I thought I already blocked them. What is their deal?"

I looked at the email she forwarded. You should, too. Check it out:

Dear Melinda:

Are you looking to acquire or build an email list of IT Decision makers across USA? If YES, we have 150,000 plus contacts with emails.
 
Our list comes with contact name, business name, job title, mailing address, telephone number, fax number, website url and contact person deliverable optin email address.
 
The list would become an asset once you acquire from us. You can use this list in multiple channels like email campaigns, direct mail campaigns and also for your telemarketing initiatives.
 
We have a promotional offer this month for acquring complete 150,000 contacts.

If you have any other specifications, please let me know to work on it and get back to you with the counts.
 
Also, if every thing looks fine, let me know to send you few samples and the proposal for your review.

If there is some one else in your organization that I need to speak in this regard, please let me know the details. Thank you in advance for this.

Thank you and I look forward to hearing from you soon.

The email contains unsubscribe instructions and contact information. So, it was probably legally compliant. But was it smart? Was it wise? Is anybody really dumb enough to buy a list from somebody who sent you an unsolicited email?

Think about it. If this guy has to resort to spam to sell himself, then how good are his lists? What are the chances that his lists are spam lists, regardless of how "opt-in" they claim to be. He's already demonstrating a lack of respect for subscribers, a lack of respect for permission.

My guess is, there's probably around a 100% chance that the lists he's selling aren't quite as opt-in as he claims they are.

Yuck.

DMNews reports on ReturnPath's acquisition of competitor Habeas: "Under the terms of the agreement, Habeas will be absorbed into the Return Path brand and integrate its e-mail reputation management and deliverability services under the Return Path name. The companies began discussing the transaction in May."

Over here you'll find commentary on the acquisition from ReturnPath CEO Matt Blumberg. You may recall Ken Magill reporting that Habeas was for sale back in April, 2008.

And finally, Des Cahill, CEO of Habeas shares his thoughts, under the odd title of "More Cowbell."

Today, while doing some research to answer a client's questions, I found myself digging through various archives and asking colleagues for points to bits of info. What I'm looking for happens to be information surrounding best practices for subscriber re-engagement and reconfirmation. Turns out, way back in December, our own Morgan Stewart posted his findings over on his blog, the Email Research Center. (My bad for not noticing this sooner! Sorry, Morgan!)

Point #3 really jumps out at me: I've never really considered using both a "Yes" and a "No" button as possible responses. But, the data speaks for itself: Doing so gets your more opt-in reconfirmation clicks.

He also talks about emailing a second request. This is also wise. Morgan says that he found "that these second requests consistently get nearly the same number of opt-ins as the first, so failing to do so could have a material impact on the success of your campaign."

Here's a quick hit from Chip House with good info about spamtraps, why list hygiene still matters, and links to good info from ReturnPath.

Chip House and I, along with Julie Katz of Forrester Research, presented "Subscribers Rule Deliverability! How to Optimize ROI via Reputation Management" via webinar on July 23rd. It was a packed (virtual) house, and a lot of fun. We were able to share a lot of our wisdom as far as sending reputation, how it governs your email deliverability, and how to build and maintain a good reputation. We answered a lot of questions during the webinar. Ones we weren't able to get to, we took offline, wrote up answers to, and shared them with all participants. You can find a copy of that Q&A here. I hope you find our answers insightful!

Morrison and Foerster reports that Japan has just updated its anti-spam law. They write:

Japan has made several substantial changes to the 2005 Anti-Spam Law:
  1. Previously, the law provided for substantial categories of commercial email that were exempt from its rules. These exemptions no longer exist.
  2. Before the amendments, the law established an "opt-out" regime, much like the U.S.'s CAN-SPAM Act.  Japan has decided that this framework is insufficient to curtail unwanted spam and has switched to an "opt-in" regime where recipients must affirmatively agree to receive commercial email before Senders can send it.
  3. Fines for violating the law or relevant regulations have been substantially increased.
They add: Under the New Anti-Spam Law, a Sender may only distribute commercial email if the recipient falls into one of the following categories: Individuals who have notified the Sender in advance that they request or agree to receive commercial email; Individuals who have provided the Sender with their own email addresses; Individuals who have a preexisting business relationship with the Sender; and Individuals (limited to those engaged in for-profit activities) or groups that publicly announce their own email addresses.

That last bit is a little tricky; it sounds like they could be announcing that it would be OK to send somebody commercial email as long as the recipient has "announced" their email address publicly, and if they are engaged in for-profit activities. That's quite a grey area, and it's one I'd recommend avoiding, unless you wanted to be perceived as a spammer.

In short: Opt-in rules!

When’s the last time you trimmed the fat from your email list? If you’re wondering what that means, and how you do that, read on.

Maybe you’re noticing that not everybody reads your email messages every time you send. In fact, some of those people never read your email messages. They never load images, they never click on a link. Some of these addresses could be old, invalid, going nowhere addresses. The ET system will cull out invalid (bouncing) addresses, but not every type of invalid address is going to return a bounce. You could be keeping addresses on your list that are never result in clicks or sales. You could be keeping on addresses that are being repurposed into spamtraps.
 
Perhaps you’re running into a blacklist issue with Spamcop, Spamhaus, or some other spamtrap-driven blacklist. If you want to be able to continue to send email to people at sites that use those blacklists, you’ve got to do what those blacklists want, and that means cleaning up your list your list through re-engagement (also called reconfirmation or a permission pass).
 
Maybe you’re running into a problem getting to the inbox at Gmail or Yahoo or AOL. Is your mail going to the bulk folder? In a scenario where you have a big (or biggish) list, one that you’ve been mailing for a while, and all the people did actually opt-in, but you can’t seem to get any deliverability traction – can’t seem to get to the inbox. How do you climb out of the spam folder?
 
In any of these scenarios, the solution is actually pretty straight forward: It’s time to re-engage your email list. Here’s what you do and how you do it:
 
First, use the ExactTarget reporting to pull together a list of anybody who has opened or clicked on any email you’ve sent in the past six to twelve months. Set these aside; you don’t need to re-engage these people. They’re actively interested in your emails. (In a blacklisting scenario, you’ll probably have to re-engage these addresses as well, per blacklist requirements. But in other scenarios, you shouldn’t have to.)
 
Next, take all the rest of the people on your list. Send them an email. In that email, ask them to click to stay on your list. Tell them what value they’ll find by staying on their list. If you want, offer them a coupon code, discount link, or freebie, if they choose to opt-in.
 
The key here is OPT-IN, not opt-out. Sending a re-engagement email, but telling your subscribers “just opt-out if you don’t want to receive any more messages” is useless. The purpose of this entire process is to weed your list of invalid and useless subscribers by getting people who care about your emails to stand up and be counted. If you do it backwards, you never stop mailing people who are ignoring you, and you miss out on the opportunity to improve your email deliverability.
 
If you want, you can even send a second email in 7-10 days, allowing more people to choose to re opt-in, and continue on in your email list. (I wouldn’t send more than one follow-up email; the point here is to stop mailing the rest of your list. If you keep sending opt-in requests over and over, you’re just hitting the same old list, and you’re missing the point.)
 
At the end of the process, stop mailing people who didn’t respond. Take all the people who did respond, and count those people as your new email list. Your open rates are going to go up, your delivery rates are going to go up, and you’re probably going to clear up any issues with bulk foldering or blocking.

This process is easy to execute on, and the results are usually amazing. Your list gets smaller – meaning you send less emails through ExactTarget, but your list responds better. In multiple instances, gross revenue per mailing (not just per address) has even gone up. Meaning you’re mailing less people, but making more money from your email list.
 
Why? It seems pretty simple to me. You’re getting rid of people who aren’t interested in your email. Those people are a drag on your email deliverability. ISPs note subscriber engagement (or lack thereof) and grade your sending reputation accordingly. Paring your list down just to those who care fixes this. ISPs note that your subscriber engagement percentages go up, and your sending reputation is raised accordingly. If you had bulk folder problems, you end up going to the inbox more often. Then, since less of your mail is getting blocked, people who actually want your mail, and/or want to buy something from you, are able to do so.

If you want to remain a sender in good standing, if you want to avoid blocking and bulking issues, why not do this proactively? Why wait until you're under the gun, trying to dig yourself out of a hole?

It seems like every few weeks we're helping another client or two through this process. If you'd like our guidance on how best to do this, or if you'd like to talk more about things you can do to help improve your email deliverability, don't hesitate to contact our Deliverability Services team.

I received this question today: "We interpret CAN-SPAM to mean that we must include a statement that says, 'This is a promotional email.' Is that correct?"

Since I spend so much time training clients on how to do the right thing (including how to comply with CAN-SPAM), I felt that it was a pretty basic question. But, clearly, not everybody is knowledgeable about CAN-SPAM. Not everybody has the experience of dealing with it to the degree that I have had. So, I though it would be good to make this into a quick blog post, with the hope that it will help others who may be wondering the same thing.

IF you're sending spam, then YES, you need to label your email as a promotional message (advertisement).

BUT: If you're sending email to people who didn't sign up to receive emails from you, then you're sending spam. You should never import an address into ExactTarget if the owner of that email address didn't choose to hand you their email address, didn't choose to sign up for your list. That's not the only definition of spam, but it's a very common one, and it's something that you must avoid, if you want your email to get delivered.

If you're NOT sending spam, then NO, you don't have to label your email as a promotional message (advertisement).

If you're sending email only to people who signed up to receive emails from you, then you're not spamming. What you need is "affirmative consent," meaning that "the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient's own initiative."

If you have that affirmative consent, then under CAN-SPAM, you are exempt from the labeling requirement, and you don't have to include a notice about your email message being an advertisement.

That's just one of the many reasons why it is important that you do not send spam, and it's a very practical one. If you are forced to label your messages as advertising, ISPs are more likely to filter out the messages, because the people who label their messages that way tend to be spammers.

This goes without saying, but I figured it best to include it explicitly: ExactTarget doesn't allow spam. ISPs don't want it, and neither do we want to allow clients to send it. If a client tries to use our service to send spam, we have a number of ways we pick up on that fact, and suspend the accounts of the offenders. Spammers tend to have short, unhappy tenures on the ExactTarget platform.

(Josh Fruchter raises a good point: He reminds us that "certain professional service providers such as law firms may be subject to additional restrictions imposed by regulatory bodies. For instance, some bar associations require law firms to add disclaimers to their mass emails such as 'This is an Advertisement.' So law firms also need to check their local bar rules for any further labeling requirements." Thanks, Josh!)

In my previous post, I highlighted how authentication is moving forward, and talked about recent changes at Gmail and their utilization of authentication technologies.

Reader Nancy left a very insightful comment. She writes: “This is kind of a step backwards in technology to me...... Pretty soon we will only be able to get email from people we know and will have to go back to the Post Office to communicate otherwise..... I would rather check my spam folder than restrict who can send mail to me at all. For example, if the rules get too restrictive, there is no sense putting email addresses on business cards or resumes. Better idea...why not prosecute spammers to make spamming less desirable.”

It got me thinking….will it restrict “regular joes” from sending mail?

I think it will, in some edge cases. But I also think those edge cases are pretty rare, and pretty geek-specific. Me, with my home Linux box? Perhaps it will take some skill on my part, to continue to be able to successfully send mail. I’ll have to learn how to add an authentication module for Postfix. I’ll have to master setting up keys and selectors.

But, I think, for the average user, I don’t think there's really going to be any negative impact. Nancy, who is using a Gmail account, shouldn’t have to change anything. Gmail is authenticating her mail for her. Other ISPs, if not doing so already, will eventually do the same.

Nancy should still be able to mail me, even if she doesn’t know me. And there’s the potential for her email messages to be more likely to reach me. Spam filters are pretty aggressive nowadays. They have to guess and try to figure out, without help, if an email message from Yahoo or Gmail really came from Yahoo or Gmail. But, with authentication, my spam filter will have more, better data to help tell that make that determination. I think it’s logical to assume that it will help let more of the good mail through, from folks like Nancy.

Now, as far as prosecuting spammers? I’m all for it. They waste my time, your time, everybody’s time. They steal resources; they ignore permission, bounces, and best practices. But, I’m not going to wait for the government to take the lead here. (I think I’ll be waiting a long time.) Instead, I’m going to do everything I can to make sure I’m not a spammer, our clients don’t send spam, and that we utilize technologies like email authentication to ensure that our client’s non-spam mail is easy to discern from spam.


If you and I have ever talked on the topic of authentication, then I know you’ve heard me talk about how I think you should authenticate now, even though not many ISPs are currently doing very much with that data. What you’re doing, I’ve explained, is setting the stage so that ISPs have authentication data at their fingertips, WHEN they decide to do more with authentication, down the road.

Just about any ISP of significant size is going to do something with authentication data, eventually. It takes time, but slowly, ISPs are starting to look at authentication data. Hotmail looks for Sender ID or SPF records. Yahoo requires DomainKeys for feedback loop participation.

And now, Gmail’s starting to utilize authentication in a new, and very significant, way. Last week, Gmail announced that they are working with eBay and Paypal to help combat phishing and spoofing. They’ll be rejecting messages that purport to be from eBay or Paypal, if those messages are not properly signed with DomainKeys Identified Mail (DKIM).

Google’s Brad Taylor explains: “Now any email that claims to come from "paypal.com" or "ebay.com" (and their international versions) is authenticated by Gmail and -- here comes the important part -- rejected if it fails to verify as actually coming from PayPal or eBay. That's right: you won't even see the phishing message in your spam folder. Gmail just won't accept it at all. Conversely, if you get a message in Gmail where the "From" says "@paypal.com" or "@ebay.com," then you'll know it actually came from PayPal or eBay.”

This is great news for Gmail users, as it helps keep certain types of phishing and spoof emails away from them. What you do not receive, you cannot fall victim to.

But, this means quite a bit to you and I, as well. This signifies a huge step forward in how receiving sites are using authentication to make a determination as to whether or not to accept or reject mail. Today, it’s individual agreements with eBay and Paypal. Tomorrow, who knows.

I can guess, though. And my guess is that eventually, Gmail will expand their use of DKIM, and other ISPs will follow suit. There will come a time when unauthenticated mail will be subject to much stronger spam filtering, or will be much more likely to be rejected.

That’s why it’s important for you to give ISPs the important data they need to tell good mail from bad mail. Email authentication is an important part of that process.

That’s why you should be authenticating today.


Here’s a quick update with information on new domains in use at a couple of large internet services providers.

Apple’s .mac service is transitioning to .me: Users with an email address @mac.com will now have that same address @me.com. Both addresses will continue to work, from what we understand at this time.

Yahoo India has added the domain yahoo.in. Users who sign up for new email accounts at Yahoo India will be given an email address in the domain yahoo.in. Older addresses have a domain of yahoo.co.in. It’s not clear if these are interchangeable, and I wouldn’t assume that they are.

Yahoo US also recently added two new domains: ymail.com and rocketmail.com. New Yahoo users can choose an email address in either of these domains if desired, in addition to the current yahoo.com domain. Consider mail to any of these domains “sending to Yahoo.”

If you have any questions, please feel free to contact the Deliverability Services team at deliverability@exacttarget.com.


One of the more important bits of guidance from the recent FTC CAN-SPAM rule updates relates to unsubscribing. As of July 7th, 2008, senders have to ensure that their unsubscribe process is easy and uncomplicated. Read on for details.

Specifically, senders cannot put any sort of road block in front of the unsubscribe process. The process cannot require a password before allowing a user to unsusbcribe. It can’t require that a recipient interact with more than a single Internet web page (if using a web-based mechanism, which just about everybody does). A sender may not charge a fee or display an advertisement as a requirement as a condition of accepting or honoring a recipient’s opt-out request.

Senders are also forbidden from requiring the subscriber from providing any information beyond their email address and their subscription preferences. This means you can’t require them to provide their username, an association code, or any other bits of data.

It is acceptable to link a user to a single internet web page, and on that page, have an unsubscribe button and checkboxes allowing the user to choose which lists they wish to unsubscribe from. And you can link to other pages, if you want, but those links can’t be required as part of the unsubscribe process. 

Some of the comments the FTC received from various companies and industry groups raised concerns that this sets a very loose standard for unsubscribing. Multiple reasons were identified --  the risk of typographical errors, computer security issues, online identity theft, and sabotage by competitors. The FTC rejected these concerns, indicating that they are “not persuaded that imposing additional requirements on consumers who are attempting to opt out would do anything to minimize the risk of these problems.”

If you’re using ExactTarget’s unsubscribe center and profile center links in your email, you’re all set. Your emails comply with this new rule. However, if you link to your own unsubscribe center or profile center, you should review how its processes work, and make sure that they are in compliance. If you’re not sure, please contact the Deliverability Services team for assistance.


I received the following question today in email: “I viewed the recent presentation on CAN-SPAM updates and opt-out handling. What rules govern the ability to say a contact has ‘opted-in’?”

CAN-SPAM doesn’t define the term “opt-in.” But it does define affirmative consent. For what you’re looking for, consider them equal.

The CAN-SPAM Act defines affirmative consent thusly:

AFFIRMATIVE CONSENT -- The term "affirmative consent", when used with respect to a commercial electronic mail message, means that— (A) the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient's own initiative; and (B) if the message is from a party other than the party to which the recipient communicated such consent, the recipient was given clear and conspicuous notice at the time the consent was communicated that the recipient's electronic mail address could be transferred to such other party for the purpose of initiating commercial electronic mail messages.

Additionally, ExactTarget requires that any use of our systems comply with our anti-spam policies, which further describe what we consider to be opt-in. This information can be found here.

What does all of this mean? It means they're opt-in when they choose to sign up to receive emails from you of their own accord, or when you ask them for permission (as an example, by way of an opt-in/opt-out checkbox during an online registration or online store check-out form). People who didn't choose to receive emails from you are not opt-in.

If you have any questions about whether or not a specific process is opt-in, please contact the Deliverability Services team, and we will be happy to assist.