A question about your practices.

Today I got mail from "Angela Brobst," with a subject line of "question about your site." She apparently works for "The Search Doctors," located in Aliso Viejo, CA.


"I can put your site at the top of a search engines listing. This is no joke and I can show proven results from all our past clients. If this is something you might be interested in, send me a reply with the web addresses you want to promote and the best way to contact you with some options."

Well, she's right. This truly is no joke, and I'm definitely not laughing. Why not? Because the mail is spam, and here's why. It was sent to a role account that has never signed up for anything. The website URL linked to has a different domain (seo-placement-services.com) than the from address domain (thesearchdoctors.com) in the mail. The mail came from a RoadRunner cable modem, and it has fake additional headers added in to try to fool spam tracking applications. (It claims the mail came from glenayre.com; it did not.)

I've done a lot of work in paid and organic search over the years. Search is important. You need to utilize it if you have a website and a business. It brings traffic. It brings leads. No question. It's just as important not to do it wrong. If you do things like set up link farms, add questionable tags, or hide behind rotating domains, eventually Google figures it out and blocks your site from showing up in their index. I've seen it happens to clients who tried to do it on their own. Watch your organic traffic dwindle down to nothing overnight! No joke!

Because it's so important to do correctly, would you really trust search to somebody who already obviously doesn't comply with email best practices? I wouldn't.

Europe hasn't caught up yet

Over on MediaPost's EmailInsider, Paul Beck talks about his experiences at an email marketing conference in Holland.

One thing that hit home for me was Paul's comment that lots of e-mail related issues are new to the Dutch. My experience isn't with Holland, but it does seem to me that Europe isn't yet to the same level as the US when it comes to spam/list management/deliverability issues. I'm not seeing a lot of process and policy in place on the ISP front with regard to blocking issues. In the US, the top ten ISPs pretty much govern your email practices. In the EU, policy is set (at a very general level) by privacy directives, and the laws they instruct member states to create. But there's quite a big gap when it comes to ISPs enforcing best practices, working with senders to reward the good ones and incent the bad ones to reform.

It's a model that I think is successful in the US. My gut instinct is that the EU will get there, but I wonder how long it will take.

Double Opt-in How To

Here's a link to a document I wrote back in February, 2006. It gives an overview of how to implement double opt-in. How does it work? What do you need to be careful about? How do you track opt-ins? How do you handle replies? Etc.

Multiple anti-spam groups and ISPs have contacted me over the years, asking for this type of overview. If you find it useful, please let me know!

My eventual goal is to build a free software library of double opt-in libraries and scripts, that would allow an individual or small company quickly and easily set up their own double opt-in name capture process.

Anybody want to write some perl code for me?

Sender Policy Framework (SPF) trick of the day

Since SPF records are DNS TXT records, they can only contain up to 255 characters of information. In some situations, you might not be able to fit all your sending networks in a small, 255-character text string.

So, what do you do?

Easy! Just use SPF's "include" functionality to link multiple SPF records together. Click on the string below to see the dnsstuff.com SPF lookup for a example domain:

Processing SPF string: v=spf1 include:spf-dc1.digitalriver.com include:spf-dc2.digitalriver.com include:spf-dc3.digitalriver.com include:spf-dc7.digitalriver.com include:spf-dc5.digitalriver.com include:spf-dc6.digitalriver.com ~all.

Notice where it says "include:xxxx1.domain.com"? That's instructing the SPF resolver to also look up the SPF record for xxxx1.domain.com and include it as part of the results for domain.com.

Not only does this help you when your networks won't fit, but it can help you make changes and updates easier.
  • Adding a second domain? The second domain's record would only have to contain an "include" statement that references your primary domain. When the primary domain's SPF record is updated, the one for the new domain is also updated, automatically.
  • Have multiple facilities on different networks? Utilize the "include" functionality to link to additional facility-specific SPF entries. Then when a single facility's network changes, you only have that one SPF record to update.
If you're looking for more information about SPF, Wikipedia is a good place to start.