Opt-in Censorship?

As I said to Ken Magill for his recent article regarding Truthout: From what I know of how spam blocking works, and how ISPs make the determination regarding what mail to block, I don't think Truthout's issues (being blocked at Hotmail and AOL) relate to their politics. I think they relate to their opt-in procedures, bounce handling, feedback loops, and whitelisting. The issues are technical, not political.

However, there's another case of this in the news, and it sure sounds a lot more political: Verizon blocking opt-in SMS messages because they relate to the topic of abortion.

Regardless of Verizon's incorrect initial stance to the contrary, it's about consent, not content. Those of us working in the email realms have known this for many years. You should be free to talk about whatever controversial topic with whomever you want. If somebody wants emails from you examining the abortion debate, you should be free to send those emails. ISP spam filtering policies generally agree with this. Truthout complains that it doesn't work that way, but it does. If people want your mail, they don't complain, and you don't get blocked.

Can you imagine the outrage if Verizon installed a filter on your cell phone (or your email) that made it disconnect every time you tried to say the word “abortion”? It would never be allowed. They'd lose millions of customers. There would be screaming and lawsuits. But somebody at Verizon apparently decided that it was okay to do something similar with SMS.

I have no clue about the legality of doing this, but ethically, it's offensive.

From the article: Verizon Wireless is quick to point out that their prohibition had been based on the topic of abortion itself, not on any particular side within that debate. That is, the company does not want to look as though it was taking sides in the abortion debate itself.

When you curtail that debate, when you prevent that discussion, you're taking a side, and you're telling your customers that if they disagree, they're not welcome to use your services. Yuck.

Thankfully, cooler heads prevailed. "The decision not to allow text messaging on an important, though sensitive, public policy issue was incorrect, and we have fixed the process that led to this isolated incident," said Verizon Wireless spokesman Jeffrey Nelson in a press statement.

Why was this even open for discussion? Why was this not a simple, clear-cut question of permission?

Getting it Half Right

I'm now utilizing “second stage” filtering, using the primary Spamhaus blacklist, the SBL. For me, it's an experiment. I just wanted to see how well it works and what kind of mail it catches. I know that a large number of email addresses are now behind this kind of filtering – at least one domain registrar (who hosts mail for a zillion different domains) has been using this type of filtering for at least the past few months. So I wanted to see what kind of senders are getting tripped up in this kind of filtering, and how well it works as a spam-blocking methodology.

Here's how it works. For every URL in the email message, the following process takes place, automatically:

1. Find all the URL links in the email message.

2. For each, look up the IP address of the host name or domain used in the URL.

3. Check the blacklist (usually the SBL) to see if that IP address is blacklisted.

4. If that IP address is blacklisted, then that email message is rejected or filtered.

It's a bit like SURBL or URIBL “URI/URL” filtering. SURBL and URIBL are blacklists that help you block spam based on the “spammishness” of a URL link in an email message. They work on host names or domains. A domain is on SURBL as text, not as an IP address. Spamhaus still works off of IP addresses, so a spam filter, to use this new “second stage” filtering, has to be smart enough to convert that host name or domain to an IP address to perform the lookup. This is new, and not everybody's using the SBL this way. But, already, enough people are checking a blacklist or two in this manner, that this type of issue is going to significantly impact a sender's ability to send email.

Anyway, after running this for a couple of weeks, I've been watching the data for anything interesting. So far, nothing has jumped out at me. I haven't seen any significant false positive issues. Until today.

It looks to me that a rather large hotel chain (and the rather large company they've outsourced their email sends to) doesn't know about this kind of filtering. Because, while they were careful to send from an IP address that wasn't on a Spamhaus blacklist, the message contains URLs that map to Spamhaus-blacklisted IP addresses. That means that any receiving site that uses second-stage filtering is blocking their mail.

The sad thing was, the email might have been a misguided attempt to “go straight” and clean up their sending reputation. The email explained what kind of emails I'd be getting from this company if I chose not to opt-out. Oops, what? It's (kind of) like a Permission Pass, only backwards.

A permission pass, also called a re opt-in email, or a re-engagement campaign, is a process a sender uses when having deliverability issues. It helps them re-confirm the addresses on their list. Doing so weeds out spam complainers and spamtrap addresses that were likely causing the sender problems. If you do it right, your spam complaints and spamtrap hits nearly evaporate overnight, and you're left with a smaller (but solid) list of recipients who really want your mail.

There are a few different ways you can do it, but the successful ways all boil down to: First, you send an opt-in request (“click here to stay on the list”) to the people on the list. Then you track people who click on the link, safely considering them interested recipients. People who don't click, you don't mail again. The reason you do it that way is because a spamtrap or an invalid address can't click on a link.

If you do it the opposite of that, telling people, “Hi, we're going to keep mailing you unless you opt-out,” you don't lose those spamtrap addresses or invalid addresses. As I said, spamtrap addresses can't click a link. So you can't tell if one of those non-responders is a spamtrap or an actual, interested recipient, and your list will continue to have both. If you do it the “opt-out” way, you don't lose the spam complainers, either. A few might choose to opt-out -- but many won't. They might not have noticed your email – this time. But they will next time, and they will report it as spam.

In short, sending an “opt-out” email like this is just sending another email. It doesn't clean your list, and it doesn't clean up any problems you're having.

Sending me an opt-out email like this is probably well meant, but at best, it's only half right. But similarly, sending from a non-blacklisted IP, while using blacklisted URLs, means their understanding of blacklists is probably just about half right as well.

Does that make them half blacklisted?

Monkeys!

MailChimp is looking for a few good....monkeys. Ha.

Oh, please.

Another political group is complaining about the big meanies at AOL and Hotmail not accepting their mail.

This is nothing new, but I'll mention yet again what I mentioned then: Delivering mail to Hotmail and AOL is hard only when you don't know what you're doing. When you're driving spam complaints and garnering a poor sending reputation, then yeah, you get blocked. Politics have nothing to do with it.

Carl Hutzler agrees. In case you don't know who Carl is, he is the guy who used to be in charge of all that spam filtering stuff at AOL.

Sad to see Truthout wasting their time playing the blame game, instead of fixing their practices.

More on this topic from Mark Brownlow.

Spam, the Documentary

You can catch anti-spam professional (and Internet for Dummies author) John Levine on TV tomorrow. He writes:

Last year I helped some Canadian film makers do a TV show called "Spam, the Documentary". Now US viewers can see it on Court TV tomorrow Sept 18th at 11pm EDT or the 19th at 3am EDT. (Well, at least the insomniacs or the ones with TiVo can see it.)

It came out quite well; they start by interviewing Terry Jones about the original Monty Python spam skit, then you can see Dave buy a genuine fake Rolex, try a weight reduction wrap, and discuss the likely effects of enlargement products with an actual doctor (ewww). You also see quite a lot of me doing narration from a cybercafe in Toronto.

The CBC's web page at http://www.cbc.ca/thelens/program_171006.html has more info and a promo clip.

I got to see this when it first came out last year. Good stuff!

The Real Spam Has Stood Up

In "Will the Real Spam Please Stand Up?," Kevin Stirtz disagrees with the statement, "until a user has opted-in to your email list, you are sending spam."

All fine and good. Nothing wrong with a bit of disagreement. I'll prove it: I disagree!

Do any of the following apply to what you're doing?

• You add people to an email list and start mailing them without their prior knowledge.
• Recipients on your list aren't expecting your mail.
• You bought an email list.
• You found one or more email addresses on the web and added them to your list.
  

If any of those apply to what you're doing: You're a spammer, dummy.

Forget about Web Marketing 101, let's talk about Email Marketing 101, and how to get your email delivered.

Target it all you want, avoid including a sales pitch, whatever. But if you build a list of people who didn't ask to hear from you, and are not expecting to hear from you, you're not going to have the ability to successfully deliver to that list. It's that simple.

Forget what Kevin thinks. Forget what I think. What do ISPs think? Let me clue you in: ISPs hate spam, because their users hate spam. When you send unwanted and unexpected email, recipients report it as spam in overwhelming numbers. Those spam reports significantly damage your sending reputation. Hotmail, Yahoo, and AOL will filter or reject your mail as a result. You're likely to get blacklisted by Barracuda, Spamcop, Brightmail, and Spamhaus, as a result.

In spite of a cheekily-written blog post containing a clever redefinition of what constitutes spam, permission remains key to getting your email delivered. Sure, you can get away with bypassing permission -- for a little while. Until your sending reputation catches up to you. Just because it hasn't caught up with Kevin (yet), doesn't mean it makes for a sustainable marketing model or best practice.

It seems that I'm not the only one with this viewpoint, either.

Zombie Pfizer Computers Spew Viagra Spam

Look, it happens to everyone. Run a large network some time. Put a Windows box, or two, or a thousand, on it. Eventually somebody will find a way to bypass the Anti-Virus, and there'll be an infection.

I've had to call a big company here or there, having traced a spam source back to an infected desktop on their network. Usually their response is, "Ugh, we know! Thanks for the report, you're one of thousands who let us know. We're in the midst of a security audit to clean it all up."

Unless you're Pfizer. Then what do you do? If this article is to be believed, you stick your head in the sand and hope it all goes away. Hopefully this wake up call from Support Intelligence can get them to clean up their network.

How much of your spam came from an IP address on Pfizer's network? I smell a project for the weekend.

More on the Spamhaus Ruling

From noted anti-spam professional and "Internet for Dummies" author John Levine:

By my reading this is as close to a complete victory as Spamhaus could have hoped for. There was no chance the appeals court would throw out the default, since that would have been an invitation to every losing defendant in the midwest to tell their lawyers to withdraw so they could start the case over again. Beyond that, E360 now has no damages and no injunction, and a steep hill to climb to get either of them back.

[...] As I read the decision, the only injunction that E360 is entitled to at this point is one forbidding Spamhaus from saying that E360 was spamming in September 2006. (Well, OK.) If they have been spamming since then, which I happen to know they have since they've sent quite a lot of it to users on my network, Spamhaus is free to re-list them, and any plausible injunction forbidding that would fail as prior restraint. (emphasis added)

Read John's full commentary here.