Ask Al: Help prevent a bad thing!

Terry writes, "My manager wants to take all of our emails addresses in our "pending" list (ones that haven't clicked the link for the double opt-in confirmation) and convert all 10,000+ of those addresses to active and start mailing them. My problem is no matter what I say he feels that he has the right to do it. Is there anyway you can help convince him that this is bad of business, will get blacklisted which will then get us booted from our ESP and I believe that this could even affect our capabilities of sending emails through our company email accounts. What can I do to make him see the light?"

Since I'm on vacation for a few days, I turned to my good friend Mickey Chandler (of Spamtacular) for help with a response. Here's what Mickey has to say:

Okay, first take a deep breath. The world is not coming to a crashing halt because your boss insists on making a mistake. Second, remember that spamming is, in fact, legal in the United States. So, no one is going to jail no matter how this plays out.

Now that we've calmed down a little, let's consider the possible downsides to what is being proposed.

First of all, there is the potential for lawsuits. Your contract with your ESP may mandate that you use double opt-in exclusively (and yes, there are a few of those out there). What your boss is proposing to do would be to change the level of permission from double to single opt-in. That may put you in breach of contract with legal repercussions that need to be considered by your boss in conjunction with his attorneys.

If your company promised to only add addresses via a double opt-in practice and were obtaining emails while making that promise then there is also a possibility of a lawsuit to be considered if you break that promise. Someone, somewhere could decide to sue based on fraudulent misrepresentation. Would they win? Probably not. In fact, lawsuits based upon explicit promises in privacy policies have never won in court. But that hasn't kept people from trying. The question that I always ask clients when they start doing something that could get them sued is "Do you want to fund the lawsuit?" That's just a slick way of asking how much this practice is worth to them monetarily. In other words, does the money we hope to make from this strategy sufficiently offset the amount of money that we would have to pay an attorney to defend us against an angry user or two in court? While it's a bit off the wall, it should be a consideration.

You seem to already have a handle on the various normal ways that these things tend to go bad. Double opt-in is not the key to not spamming. It is one very good way to make certain that you have clean, responsive lists of people who really do want to receive your message. The people who are in that pending file should represent something to you. That something isn't "a list of potential prospects that we're missing out on" but rather "a list of people who now won't be complaining about our messages." That means lower complaint rates than you should otherwise see. If you add those people then some large percentage of them will complain about your messages because they didn't click the link in the confirmation message for a reason.

The biggest thing to be concerned with here, though, is that you're taking a list of potentially very bad addresses and adding them to your active file. The list of addresses in your pending file is likely going to include addresses that have bounced, that are spamtraps, or are people who were added for spite (like DNSBL operators) decided they didn't really want to receive your company's mail and will mark it as spam. These are all addresses that you really don't want on your list.

Of course, higher complaint rates, sending mail to spamtraps, or sending unsolicited mail to DNSBL operators will mean that blocks will increase. When discussing the possibilities of blocking, don't forget the magic of all three methods used to block spam. First and most obvious is the IP-based DNSBL, like Spamhaus. Depending on the aggressiveness of the list, they may list your ESP's IP, all of your ESP's IPs, or your business IPs, or some combination of all three. Then there is the Right Hand Side Blocking List (RHSBL) which looks at the part of the From: line to the right of the @. The RHSBL, of course, represents a bigger danger for catching corporate communication outside of the mail stream sent by your ESP, but it isn't as widely used as the DNSBL or the URIBL. The URIBL, of course, looks to block mail based upon the URIs or links in your email. This, again, represents a bigger danger of catching your corporate communications than the DNSBL.

Finally, there is your ESP to be concerned with. Your ESP may have set up some things which are dependent upon the type of mail flowing from that IP. A good example of this is ISIPP's IADB DNSBL-like information lists. They give certain responses for different levels of permission. When your IP is set-up with them, you have to say if the mail from that IP is double opt-in, single opt-in, or opt-out. And they will be (understandably) upset if you change the level of permission being used, especially if that level of permission is moving the wrong direction. ESPs tend to guard their relationships with outside companies fairly zealously. You don't want to make changes to the permission levels being used without closely working with your ESP and giving them time to make any adjustments needed to their representations to other groups who are helping to get your mail delivered. This will also give your ESP some time and an opportunity to step in and encourage your boss to do the right thing.

What your boss is proposing to do is far more serious than just dropping permission levels from double opt-in to single opt-in. It is damaging to your company's reputation because if people can't trust your company to do the right thing with their email addresses, how can they trust your company to do the right thing with their money and business? It is damaging to your company's reputation with your ESP and all of the ISPs you are sending mail to. And that reputation damage comes at a steep price.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.