Here's how it works. For every URL in the email message, the following process takes place, automatically:
- Find all the URL links in the email message.
- For each, look up the IP address of the host name or domain used in the URL.
- Check the blacklist (usually the SBL) to see if that IP address is blacklisted.
- If that IP address is blacklisted, then that email message is rejected or filtered.
Anyway, after running this for a couple of weeks, I've been watching the data for anything interesting. So far, nothing has jumped out at me. I haven't seen any significant false positive issues. Until today.
It looks to me that a rather large hotel chain (and the rather large company they've outsourced their email sends to) doesn't know about this kind of filtering. Because, while they were careful to send from an IP address that wasn't on a Spamhaus blacklist, the message contains URLs that map to Spamhaus-blacklisted IP addresses. That means that any receiving site that uses second-stage filtering is blocking their mail.
The sad thing was, the email might have been a misguided attempt to “go straight” and clean up their sending reputation. The email explained what kind of emails I'd be getting from this company if I chose not to opt-out. Oops, what? It's (kind of) like a Permission Pass, only backwards.
A permission pass, also called a re opt-in email, or a re-engagement campaign, is a process a sender uses when having deliverability issues. It helps them re-confirm the addresses on their list. Doing so weeds out spam complainers and spamtrap addresses that were likely causing the sender problems. If you do it right, your spam complaints and spamtrap hits nearly evaporate overnight, and you're left with a smaller (but solid) list of recipients who really want your mail.
There are a few different ways you can do it, but the successful ways all boil down to: First, you send an opt-in request (“click here to stay on the list”) to the people on the list. Then you track people who click on the link, safely considering them interested recipients. People who don't click, you don't mail again. The reason you do it that way is because a spamtrap or an invalid address can't click on a link.
If you do it the opposite of that, telling people, “Hi, we're going to keep mailing you unless you opt-out,” you don't lose those spamtrap addresses or invalid addresses. As I said, spamtrap addresses can't click a link. So you can't tell if one of those non-responders is a spamtrap or an actual, interested recipient, and your list will continue to have both. If you do it the “opt-out” way, you don't lose the spam complainers, either. A few might choose to opt-out -- but many won't. They might not have noticed your email – this time. But they will next time, and they will report it as spam.
In short, sending an “opt-out” email like this is just sending another email. It doesn't clean your list, and it doesn't clean up any problems you're having.
Sending me an opt-out email like this is probably well meant, but at best, it's only half right. But similarly, sending from a non-blacklisted IP, while using blacklisted URLs, means their understanding of blacklists is probably just about half right as well.
Does that make them half blacklisted?