All About List Growth

Here it is; the definitive page at Spam Resource, where I line up everything I have to share about list growth. The next person that asks me how to grow their list will be directed to this post.

Venkat Balasubramani: Portrait of a Lawyer Turned Anti-Spammer

Let's talk about Dan Balsam, lawyer turned anti-spam crusader. I've been glibly telling friends and colleagues that this guy is my hero, but Venkat Balasubramani rightly asks some important questions: Is he actually collecting on judgments? And what about his recent loss in the 9th Circuit?

Spouse Can't Hack Your Email, says Michigan

As the Detroit Free Press reported, a Michigan resident faces felony hacking charges for accessing his wife's email account sans her consent. Is this a case of a good deed gone wrong, or a line that never should have been crossed? I'm potentially on the fence, but overall, I think you shouldn't be snooping in somebody else's email, period, full stop. After all, the government isn't allowed to do it without a warrant. (H/T: Consumerist)

Have you checked out NiX Spam?

Marcel Lohmann, one of the admins behind the NiX Spam DNSBL, reached out to me to ask me if I would review this DNSBL. I haven't published any new blacklist reviews in a couple of years (and that's not likely to change any time soon), but I am happy to link to his Spamhunter blog post that talks about why you should consider using the NiX Spam DNSBL.

What say you, good readers? Do any of you use this DNSBL? What do you think of it?

Quick Note: AOL Inbound Email Issues

AOL hasn't yet mentioned this on their Postmaster Blog, but multiple sources are reporting that AOL's MX records temporarily vanished overnight. It's not clear how long the issue lasted, but based on the TTL (time to live) cache set for the AOL domain, the error persisted for at least an hour. I saw one ESP notice the issue about 1:15 am central time.

While the issue was ongoing, your attempts to email AOL users would result in a hard bounce. No MX or A record was found in DNS for aol.com during that time.

The issue seems to be resolved as of this writing (10:45 am central).

Update: Annalivia Ford writes about this issue over on her blog, and Return Path's J.D. Falk covers it as well.

Backscatter from Microsoft Exchange

As I have talked about before, backscatter is an annoying menace. Backscatter messages are sort of "ghost" bounces that come back to you, from sites that you've never sent mail to. It typically happens because a spammer is forging your email address or domain in spam, and the receiving mailserver is configured in a way that allows it to accept all mail before validating whether or not that mail can be configured. I get thousands of these "backscatter" bounces everyday, and, to put it bluntly, they suck.

Spamhaus under DDOS from AnonOps (Wikileaks.info)

Steve Linford of well-respected anti-spam group Spamhaus reports that Spamhaus is currently under DDoS attack by a pro-Wikileaks group. He has asked that the following information be shared relating to this ongoing attack.

Newegg Continues to Spam, says Horwath

My old friend Mike Horwath updates us anew on unwanted mail from Newegg. Sadly, they seem to be continuing to send unsolicited email to Mike's coworkers. (Previously.)

Gov't Needs Warrant to Search Email

Engadget reports that "the Sixth Circuit Court of Appeals ruled [on Monday] that the government must have a search warrant before it can obtain email from your provider. Specifically, the court held in U.S. v Warshak that "it would defy common sense to afford emails lesser Fourth Amendment protection" than traditional communications like phone calls and postal mail."

I wonder, is there any concern here for spam filtering? Some ISPs can clearly see into end user mailboxes and occasionally pull that data out for spam filter troubleshooting. Do they need to be concerned about doing so?

Canada Passes Anti-Spam Legislation

CAUCE Reports: "It’s been a long time coming, but Canada has an anti-spam law, and one, which sets a new world standard, and a tough, but fair, opt-in protocol for everyone in North America who sends commercial email and other electronic messages."

FISA (Fighting Internet and Wireless Spam Act) is an opt-in law, but not arduously so. Marketers shouldn't be afraid. After all, you were already required to respect opt-in permission, if you wanted the best possible ability to get your emails delivered, right?

Don't be afraid of the private right of action, either. As Ken Magill previously reported, the barrier to entry for a lawsuit is fairly high, due to the "loser pays" provisions extant under Canadian law.

Wikileaks Mirror Malware Warning

Spamhaus is warning that Wikileaks is redirecting web visitors to a mirror site hosted in "blackhat" network space that is currently listed on the Spamhaus SBL, and, as a result, the mirror site in question may not be safe to browse. Read all about it here.

HolomaXx Dismisses Suits against Return Path, Cisco IronPort

Ken Magill reports that HolomaXx has dropped its suits against Return Path and Cisco IronPort. Read all about it here. (Previously.)

How To (or How Not To) Operate a Blacklist

Today, Return Path posted a short but very helpful set of guidelines that one should keep in mind when operating a DNSBL anti-spam blacklist. It's a must read.

All About Email Address Validation

If you're wondering what SMTP email address validation is, why it is a bad idea, and what your options are, check out my short series on the topic:
  1. SMTP Address Validation: Bad Idea. What is it? How does it work? Why do ISPs hate it?
  2. Email Address Validation: Options. In this followup, I share with you some address validation do's and don'ts. How to maximize list hygiene without running afoul of spam filters.
If you've got additional resources to share on the topic, I'd love to add to them here. Please drop me a line or post it in comments.

Feelin' Old

All these young kids with their new-fangled email marketing and deliverability blogs....it's making me feel old, especially having today stumbled across an archived version of this very website from almost exactly nine years ago.

More on Growing Your List

Last week I shared a number of excellent list building tips from Andrew Kordek of Trendline Interactive. (Thanks again for that insight, Andrew!) Today, I'd like to share with you some more great suggestions on how to grow your list.

Mark Brownlow on Permission

Mark Brownlow over on Email Marketing Reports: In addition to expertly recapping the recent discussions surrounding permission versus relevance, opt-in versus opt-out, Mark adds his own succinct commentary to the mix:

Ask Al: How do I grow my list?

Sharon writes, "How do I build a list from scratch as a new company? Should I get someone to harvest them by hand so they are super targeted? Yes, I understand that spamming is unacceptable. Okay, so then how do I get a list or rather grow my own list?"

What is bulletproof hosting?

A friend asked me the other day, what exactly is bulletproof hosting? Laura Atkins has complained before, on this very blog, that Google is a bulletproof hosting provider. Google doesn't exactly fit the criteria, but Laura's frustration was legitimate; stemming from Google's seeming unwillingness to follow up on certain types of spam complaints. So what is the accurate definition of a "bulletproof hosting" provider?

A "bulletproof hosting" provider is typically defined as a company that knowingly providers web hosting (or other services) to spammers, intending to ignore spam complaints and take no action against the spammer's use of their services.

Brian Krebs (Krebs on Security) explains in more detail on his blog. See: Body Armor for Bad Web Sites.

Netprospex: "Verified," really?

Peter Seebach reports on spam he received from Netprospex, and how their lists might not be as "verified" as claimed. (Also note my previous post on bad advice from Netprospex, and feedback and opinions from others.)

ESPs being targeted

Laura Atkins writes, "There has been an ongoing, concerted attack against ESPs recently. Today ReturnPath published some of what is known about the attack."

Gmail Priority Inbox?

So who IS using Gmail's priority inbox? I'm not. My wife is not. My friends are not. I know of many email industry people who have told me they are not using it. Are you using it? If so, why? If not, why?

More Spam from Newegg?

My old friend Mike Horwath previously shared with us his experience with Newegg sending him spam. Now he's letting us know that one of his employees is also receiving spam from Newegg. I'm bummed; Newegg always seemed to be a great place to buy computers and electronics; but hearing about them send spam sure gives me pause.

What You Suggest Will Kill Email for Everyone

I had another thought today about Gretchen Scheiman's recent MediaPost article. (You can read my thoughts from yesterday here.)

The Truth about Permission

Gretchen Scheiman of OgilvyOne wrote a piece for MediaPost the other day, entitled, "Does Permission Need To Be Explicit?" It's an interesting read and she is most certainly entitled to her opinion. I'm not really going to debate the point with her; other readers have commented, attempting to do so, and I am happy to let them have that discussion without my participation. However, the implied advice given in the article is so far outside of best practices that I wanted to take a moment and tell you what I think, what I know, based on my many years of working with clients, trying to fix deliverability issues.

New Data Breach: Chili's

I've talked about email list data thefts in the past. Data was taken from Aweber back in 2009 (and then again in 2010, sadly), and companies like Lyris, DNSStuff, Ameritrade and AOL have had also found their subscriber lists and/or email data falling into the hands of unknown third parties. This time around, restaurant chain Chili's was affected.

Consumerist reports on the matter, quoting Chili's as saying the following in an email message to affected loyalty club members: "We are contacting you because the service provider (InterMundo Media) for the Chili's e-mail club experienced a breach of their server, which could compromise security of e-mail club information. Your information potentially at risk is limited to the following: first name, last name, e-mail address and birth date."

I wonder what kinds of unwanted spam Chili's loyalty club members are going to start to receive now. I'm guessing it won't be advertisements for Applebee's.

Please Help us Kill Zombies!

I never noticed this until now, but my friend Jess Henig wrote an article for FactCheck.org all the way back in 2008, talking about how forwarded emails filled with lies and balogna keep resurfacing. Crazy stuff, yet people keep forwarding it to each other. Obama is supposedly a muslim, Jay Leno or David Letterman supposedly talking about how the country is headed in the wrong direction, and of course, the old time favorite, the Vanishing Hitchhiker.

A horde of zombies, she says...incorrect email-delivered memes that just won't die. That's about right. Heck, I get some variation of one or more of these every few weeks, myself.

So I ask you, dear reader, to do your part and help us kill off the email zombie threat. Don't forward on chain letters and weird conspiracy theories! Don't allow them to resurface! Let's work together to stomp them out once and for all.

Does Facebook Mail Change Everything?

Three thoughts: No, probably not, and it's kinda sorta like email.

Email Address Validation: Options

In my previous post, I talked about why SMTP-based email address validation is a really bad idea. Today, I'll talk about what your options are. You want to validate email addresses properly, so what CAN you do? Here are my top five tips.

SMTP Address Validation: Bad Idea

Every once in a while, somebody asks me to help them with a project to do SMTP validation of a large number of email addresses, or help them build this functionality into some product or website.

SMTP address validation is a really bad idea, for many reasons. Allow me to explain.

Holomaxx Link Roundup

In addition to my own post mentioning the lawsuit, a number of other wise folks have commented on the Holomax lawsuit(s) against Microsoft and friends. None of whom seem to think Holomaxx has much of a chance of winning when going up against the ISPs.

Size isn’t the only metric

Laura Atkins beat me to it, writing about this new MarketingSherpa case study wherein a company decimated their list and actually grew revenue. Go read her taken on it over at the Word to the Wise blog.

Holomaxx suing Microsoft, Others

From TechEye.net: [Email sender Holomaxx is alleging that] “Microsoft knowingly relies on faulty automated filters and equally faulty third party information to identify purported spam emails,” said the suit. “Even after Holomaxx informed Microsoft that it was not sending spam – and then took the initiative to review all of of Microsoft’s technical standards and suggested ‘best practices’, and then changed its mailing practices to address the only potential issue that it found there, Microsoft informed Holomaxx that due to its ‘negative reputation’, Microsoft is not able to override its own automatic spam filters.”

Javascript in emails: Bad idea? (Updated)

I asked on Twitter on October 26th if people thought it was a bad idea to include Javascript in email. The response was universally that it was a "really bad idea." As Unica's Len Shneyder put it, "Terrible idea! [It's a] potential security hole and like a .44 magnum to your toe." He goes on to point out that lots of places will block your mail based on javascript content. I've run into this myself; spam filterers find javascript in email to be a security risk.

Top 4 CAN-SPAM Myths

Here are quick links to all four posts in my past three part series (uh, what?) on CAN-SPAM Myths.
If you're looking for more guidance on CAN-SPAM, consider that CAN-SPAM non-compliance can have a negative impact on your deliverability. Looking for a helpful checklist to confirm CAN-SPAM compliance? Mickey Chandler has that for you.

If you're an average joe user trying to deal with a sender who's not respecting the CAN-SPAM law, here are my tips on what to do about that.

And finally, here's a link to my older CAN-SPAM information roundup.

Rendering & CAN-SPAM Compliance

Chad White, Research Director for Smith-Harmon, published a great post yesterday on why image rendering is important for CAN-SPAM compliance. In it, he highlights an example email, where some sort of rendering issue results in the unsubscribe links and sender information to be white text on a white background. This makes the unsubscribe link totally unreadable, not legally compliant, and will probably cause an increase in spam complaints. YUCK.

I'm sure it wasn't intentional, but the company mentioned in the example email is doing something that bad guys have been doing for a long time: Obfuscating unsubscribe links and sender info. Hiding it in difficult to read colors or using images to try to encode it in a way to bypass certain kinds of spam filters. This is yet another example of, "if you don't want to be perceived as a bad guy, you need to stop doing what bad guys do."

Changes to DNSWL.org

I just posted information on changes to DNSWL.org over on DNSBL Resource. Looks like they're moving to a for-pay model, for at least large volume queries. Can't say that I blame them; if it is costing them money to keep their project alive, at some point it seems inevitable to turn to users to help provide financial support. Do any of you use DNSWL.org? I'm not overly familiar with them.

Godaddy blacklisted by AHBL

The outbound mail servers used by Godaddy hosting customers appear to be blacklisted by the Abusive Hosts Blocking List (AHBL). Over in this Godaddy Community Forums thread, a Godaddy representative named ChrisG seems to be implying to complaining clients that AHBL is unreliable: "We strongly recommend using consistently reliable block listing services such as Spamhaus.org. You would want to contact the ISP/Email provider and insist that they do not use AHBL's listings as legitimate emails being sent to you are being denied because of their listing."

Friday Funny: I Need Your Legal Advice

Warning: This clip has a tiny bit of NSFW language in it.




When consulting, you want to give good advice. But sometimes, just sometimes, you're confronted with a client utilizing some completely non-salvageable bad practice, and they fight and fight and fight you on it and just don't want to listen. They always want to know what ELSE can be done to fix the issue, short of actually fixing the issue. Here is the best advice a consultant can give in those situations.

Selling Customer Data: Good idea?

What does Scott Adams think?

Selling customer data like email addresses to third parties is like selling expired, rotting milk to a foreign country that has no laws against that sort of thing. It may be totally legal, but you're setting up the buyer for a future failure. Buyer beware.

Mediacom Outbound Mail Servers

If you're the type who likes to whitelist IP addresses used for ISP outbound email traffic, here's an update for you, courtesy of the Mailop mailing list. Cable internet provider Mediacom has announced that they've brought two new mail server IP addresses live: 97.64.187.22, 97.64.187.23. This is in addition to their existing outbound mail servers located at 97.64.187.16, 97.64.187.17, 97.64.187.18, 97.64.187.19, 97.64.187.20 and 97.64.187.21.

Payday Loan Marketer Settles with FTC

If you ask me, payday loans are a permission challenged industry, when it comes to email marketing. Companies are buying leads, selling leads, working with multiple data partners, emailing at a high frequency, always pushing to get more mail out, find new signup streams, etc.

Ask Al: Senderbase.org?

A reader wrote in with the following question/complaint about Senderbase.org. I'm going to post this one anonymously. The reader wrote, "I would like to request a review of senderbase.org. I would like to know if I am the only one that has communication problems with them. Their delisting instructions are basically non-existent, and my last attempts to communicate with them have takes upwards of two weeks to even get a response. I believe the listings last an incredibly long time and that their communication and delisting process is extremely poor. I would like to know what your opinion of them as a reputable RBL would be. Perhaps it is just me with the problem."

Magill Has Questions

Ken Magill has questions about my prior post. And yes, you do have to move to Holland.

Magill-Meat Love Fest

Ken Magill, over on The Magill Report, had this to say about link blog Box of Meat: "I get a lot of story ideas from Box of Meat. It is No. 1 on my “favorites” list. It is the first blog I check every day because it always leads me in new, informative, unexpected directions. Box of Meat’s…contributors will probably be appalled to learn I’m such a fan—let’s just say they are not marketing’s biggest cheerleaders—but I wanted to take this opportunity to extend a hat tip to them anyway."

Box of Meat then returned the love by posting this to their own blog, and letting the world know that if they could, they'd send Ken a tchotchke in return.

As for me, I'm a big fan of both Box of Meat and the Magill Report.

HR2221: Data Accountability and Trust Act

In light of the various ESP-related data breaches we've seen, exposing various email lists to spammers and the world over the past couple of years, it seems this is something the email service industry ought to be keeping an eye on. A friend tipped me that Bill HR2221, the Data Accountability and Trust Act, has passed the House and is now in a Senate subcommittee.

What is Hashbusting?

If you've ever received a spam email that had a bunch of random text at the bottom, text that didn't make sense or didn't relate to the rest of the email, you've seen hashbusting in action.

WHOIS Wasn't Hacked

SOPHOS.COM.FELL.FOR.A.VERY.OLD.HACK.TODAY.

I guess if you haven't been around for a while, you've never noticed that there are instances in WHOIS where you might look up a domain result and get a wacky hostname result back, too, because somebody on the internet thought it would be funny to register MICROSOFT.COM.ISN'T.WEARING.PANTS or whatever. D'oh.

Rich Kulawiec Booted from SPAM-L

The current owner of SPAM-L, a long-time anti-spam discussion mailing list, announced on September 3rd that long-time subscriber Rich Kulawiec's ability to participate in the list has been terminated.

ARF: Now a Proposed Standard

ARF (Abuse Reporting Format), a simple specification that enables senders of email abuse reports (like, spam complaints and feedback loop reports, for example) to easily and appropriately encapsulate those reports in a way that ensures the receiving site will have all the information it needs to properly parse the report and identify the responsible party or process.

ARF was already on track to become a standard, as multiple ISPs' feedback loops were already in ARF format. Now, that process has taken a more formal step forward, as RFC5965 was just published by the IETF: An Extensible Format for Email Feedback Reports.

Stupid Search-Trick Watch: Content Thieves Strike!

Here's Ken Magill's take on Co-RegData.com theft of my blog content.

(xx301yz89901112aaaah33q3q3qbw)

Newegg.com: How not to handle a spam complaint

My old friend Mike Horwath relates his tale of Newegg.com doing just about everything wrong in response to a spam complaint. Spamming him again after he contacted you, then holding up the phrase "you've been removed" as if it means you've really resolved the issue, implying that the mail must be OK because it "is CAN-SPAM compliant," implying that the spam reporter is lying about the mail being spam, etc.

The smarter among us already know that mail is not spam just because it is CAN-SPAM compliant. Mike doesn't care that the mail was CAN-SPAM compliant, and neither do ISPs. They care about permission and relevancy -- two areas in which Newegg.com has let Mike down with this issue.

Co-RegData.com: Content Thieves

Co-regdata.com seem to be pirating content from my own site here at Spam Resource dot com.

Example stolen content: http://www.co-regdata.com/2010/08/27/ken-magill-returns-45th-edition/

That seems to be a duplicate copy of my post about Ken Magill's new website. Oddly, they removed Ken's website URL and replaced it with their own.

If you're looking for a reputable co-reg data provider or lead generation partner, co-regdata.com might be a poor choice. If they're taking my content and using it in an unethical manner, without my consent, that doesn't give me high confidence about their ethics when it comes to lead generation.

(Thanks for reporter Ken Magill for giving me a heads up about these guys.)

Ken Magill Returns

Number one (in my personal estimation) industry reporter Ken Magill has returned, and in his first newsletter, he drops a interesting tid-bit: apparently Goodmail is for sale. Read it here.

Don't forget to visit Ken's website and sign up for his newsletter -- you can find it over at www.magillreport.com.

Spammer Claims that he is a Victim

Laura Atkins reports on an article from the SJ Mercury News, where, for some odd reason, a spammer is given a platform to cry about how Spamhaus hates him. I don't quite understand, as it is Godaddy who suspended the guy's service. Maybe Spamhaus isn't the only organization out there that hates spam? Most internet service providers and email service providers would shut this guy's access off in a heartbeat, after learning that he's purchasing lists. Why? Because it's spam. But it's legal? OK, it's legal, but irrelevant. It's still spam.

Google: Bulletproof Hosting Provider

Today's post is from Laura Atkins of Word to the Wise. She relates a frustration that I personally share: Google's seeming lack of caring about abuse emanating from their own networks and services. She writes:

What of SRV?

So, SRV records help you publish data for your domain, helping for easy (or auto) configuration of an email client for using mail at that domain. Should I implement SRV records for my domain? Is it widely used by MUAs or mobile devices like iPhones and Android Phones? Is it a security risk to tell people where my IMAP/POP3 servers live? What do you think?

Does the First Amendment forbid spam filtering?

I asked fellow blogger (and email expert) John Levine the following: "The Supreme Court overturned the Jaynes conviction on First Amendment grounds, yes? I'm wondering what that could mean from the spam filtering perspective." Find his very detailed answer here.

Is it OK to block political speech?

I've been talking to folks a lot these past couple of days about the potential legalities around blocking unwanted spam from non-profit, political or advocacy senders. From what I understand, this is pretty likely to be legal. The first amendment limits government action as it relates to restricting speech. But the first amendment doesn't apply to private parties; there is no constitutional "right" that private party number one must accept a message from private party number two. That seems cut and dry. CAN-SPAM certainly doesn't touch on it; it doesn't say a spam filterer can't block certain kinds of messages.

First Amendment Restrictions on DNSBLs

Yesterday on Twitter, somebody asked about how DNSBLs are restricted by the First Amendment to the United States Constitution. Apparently there's some advocacy group somewhere who is upset that they're listed on a blacklist, and they seem to be investigating potential opportunities for legal recourse.

How to avoid getting swindled on your email lists

Yeah, you could do everything Sallie Severns recommends, or you could do this instead: Don't buy lists. There's a simple reason why: Buying lists and getting solid inbox delivery are entirely incompatible. Period. End of story.

(And a tip of the hat to John Caldwell, Chad White, and Scott Cohen. I wouldn't have seen this article if they hadn't taken a moment to point and laugh at it.)

Update: Check out the comments-- the author holds up Datran Media and Hydra Media as examples of whom to work with.

Update #2: History has been revised: The post has been taken down. Apparently, we were never at war with Eurasia. My bad.

The view from a blacklist operator

Steve Atkins from Word to the Wise explains why it's so important to make sure you're querying a blacklist correctly. Get it wrong, you end up blocking no spam at all, or worse, you end up blocking all of your inbound mail accidentally.

Spam filter authors -- it's time for your software to start rejecting DNSBLs that don't have a properly formatted test record, confirming that they're alive and that the filter in question is properly configured.

Spamhaus Case: e360 Award Slashed to $27k

Venkat Balasubramani has the story over on Circle ID. Once upon a time, e360 was able to convince a judge that $11 million was accurately reflective of their actual losses. Spamhaus challenged, and David Lindhardt apparently wasn't up to that challenge, being slow to respond to discovery requests, providing wildly varying figured, etc. At the end of the day, the judge gave up and called e360's figures "unreliable." They claimed  many millions in damages, yet the company only seemed to take in $332,000. The pie was apparently a bit smaller than claimed, and when the judge sliced that pie, it sounds like he decided that e360 only deserved a twenty seven thousand dollar slice.

As Venkat puts it, $27,002 final judgment "doesn't sound like a particularly good outcome for the plaintiff." D'oh.

NY AG Taking Legal Action Against Tagged.com

Tagged.com, famously called "The World's Most Annoying Website" by Time Magazine, seems to be in trouble again. Tagged previously settled with the San Francisco District Attorney's office for $650,000 over allegations of email-related "deceptive practices." And Tagged.com's CEO Greg Tseng was a co-founder and CEO of Jumpstart Technologies, the company with the dubious distinction of having paid the largest CAN-SPAM settlement ever, from what I can tell.

This time around, the trouble relates to child pornography. The office of the Attorney General of the State of New York alleges that "Tagged.com repeatedly looks the other way when sexually explicit material is sent to its underage users." Ouch. But wait, there's more. "After receiving a consumer complaint that Tagged was non-responsive to user alerts about graphic images of children being sexually abused, sexual solicitation of minors by adults, and pedophilia, Cuomo’s investigators created undercover Tagged.com accounts and made over 100 reports about 80 users regarding inappropriate sexual content and contact. The undercover accounts were then used to report this content and contact to Tagged using the mechanisms described on the company’s Web site. Despite these alerts, the vast majority of the reported users still have active Tagged accounts and most of the reported content remains on the Web site. In sum, of 80 users that were reported to Tagged by undercover investigators for various misdeeds, 51 users still have active accounts." Click here to read the full press release.

Does CAN-SPAM Cover Affiliate Spam?

Over on his blog, John Levine expertly dissects what went wrong in ASIS vs. Azoogle, an anti-spam lawsuit where, yet again, a judge doesn't find for the plaintiff. At the heart of the matter? Three issues; a sloppy plaintiff, a judge who believes (or was led to believe) things about email that might be at a right angle to reality, and that damn Gordon vs. Virtumundo ruling, which just won't die. Read all about it here.

Who's Sharing Your Personal Info?

I recently got a new electronic gadget, which had a cool program on it, a program that requires registering with the company behind the program. I did that, and then later on I got mail from partners of this company. Even though, when I log in to my account with that company, the opt-in/opt-out privacy checkboxes all say "opt-out," meaning my personal information shouldn't have been shared with that other company.

So I email the company, and the partner's ESP. I ask them, exactly why/how am I receiving this valuable email communication that I don't seem to have opted-in for?

That was just about a month ago, and nobody's telling me anything. It feels like everybody is more interested in passing the buck and telling me that they are taking it seriously and they're looking into it. I don't know why it takes a month to just admit that somebody made a mistake, or that I am wrong and I did consent to this. I'm not going to be all that mad if it was done in error; stuff happens. Maybe this helps them find a programming error, maybe a SQL select statement that doesn't properly respect the opt-in flag. I've been there, trust me.

But the lack of answers is uncool. I guess all I can do is warn all my friends to be sure not to give their personal information to this program or this company.

What would you do if you were in my shoes?

Twitter Blacklisted by Spamhaus

SBL84807 tells the story: Spamhaus has observed Twitter invitations more-or-less being used by spammers. According to Spamhaus, Twitter does not appear to have controls in place that prevent spammers from issuing invitations to imported lists of email addresses, and also, Twitter invitations have a broken unsubscribe link.

Let's hope Twitter works quickly to address this issue to Spamhaus's satisfaction.

I personally am not a big fan of "import your address book and we'll send everybody you've ever talked to an invitation to our fabulous new social network," as address books are invariably filled with crap. Even if the intent isn't nefarious, if I did this, I'd end up sending invites to the Apple store, all the mailing lists I'm on, the various abuse desks I talk to, including Twitter's own Del Harvey.

Also, people seem way to willing to hand their email passwords over to third parties. I'm sure Twitter isn't planning on stealing your address book, but what of the next site? And the site after that? Eventually a bad guy will figure out that this is a great way to harvest your contacts.

Let's Talk About the Rules

Over on Word to the Wise, Laura Atkins blogs about THE RULES. As I keep complaining about, a lot of "not so great" senders keep saying JUST TELL US WHAT THE RULES ARE. Okay, she'll lay out the rules for you. Thank you, Laura!

I've been thinking about this, and I've got a few rules of my own. Here are my top five:

Groan: .co TLD to be opened to the public

Wired reports that the country of Colombia is about to open things up, allowing anybody who wants to buy a domain under the TLD (top level domain) .co.

You know what's great about this? Nothing at all. Count the seconds until phishers set up websites at hotmail.co and yahoo.co. What an opportunity to inappropriately monetize misdirected traffic! I'm sure the big webmailers will do their best to snap up every domain they can think of, to try to prevent stuff like this. But they won't get them all, and there will be other ones that (good) people won't think of but other (bad) people will.

In Memoriam: Stefan Pollard

It is with sadness that I pass along that email marketing expert Stefan Pollard passed away recently. He was a really good guy. I had only met him a few times in person, but we traded emails regularly, and anything he wrote was always on my "must read" list. (My favorite column of his was probably "Get Over Getting Blocked," and I've linked to his excellent explanation of what spamtraps are in a previous post here on Spam Resource.) He was intelligent, witty and kind and I am sure I am far from the only one that benefited greatly from interacting with him.

Ours is an industry filled with disagreement; there are a lot of folks with questionable motives pretending to wave the flag of best practices while secretly supporting spam (or just being completely ineffective at stopping spam) on the side. It cheers me up to see so many folks step up and have kind things to say about Stefan over on ClickZ. I think that speaks very positively to his reputation and ethics and personality that so many from a fragmented industry have so many good things to say about him.

ClickZ reports that Stefan's employer, Responsys has set up a fund to benefit Stefan's children; those interested can make contributions to the Pollard Memorial Fund by logging in to their personal Paypal account and clicking on the "Send Money" tab. Donations should be sent to pollardmemorial@responsys.com e-mail address.

Recommended Reading: Fatal System Error

Back in January, I saw author Joseph Menn speak at a conference, telling us tails of tracking cybercrime from the US to Russia and everywhere in-between.  I found the topic (and his telling of these tales) very compelling, scary and amazing.

In his book "Fatal System Error," he shares stories from various good guys chasing after the bad guys (people like Andy Crocker and Barrett Lyon) and the history of the underground cybercrime economy. Crime is big business and international cybercrime is no exception.

I found it very interesting, and a bit depressing. Specifically, how hard it is to successfully bring the worst offenders to justice, due to jurisdictional issues, the ease of which criminals (and internet traffic) can cross international borders, and the (not too surprising) allegations of police/government protection in some countries.

If It’s Not Permission-Based Email Marketing, It’s Just Not Worth it

Following up on my recent post, "How Not to Respond to Public Spam Allegations," wherein I detail a few of the useless responses I receive whenever I mention somebody's spam issue publicly, Blue Sky Factory's Ken Pfeiffer shares his similar frustrations, stuff he hears in his role as deliverability director. Great post, Ken!

DNSStuff Leaking Addresses?

I've talked about my issues with DNSStuff previously, but today, I've run across a new issue. It looks to me as though somehow, email addresses given to DNSStuff are ending up in the hands of a spammer.

How Not to Respond to Public Spam Allegations

I admit it. I'm loud. I have opinions. And I'm not shy about sharing them.

Sometimes, I highlight bad actions taken by bad actors. I also highlight bad choices made by good guys. Sometimes people spam out of malice, but certainly, sometimes people spam out of ignorance. Sometimes companies have a long history of bad practices, or a long history of combative relationships with anti-spam groups and ISPs. Sometimes people are just new to email marketing. Sometimes there's even a language barrier involved that makes somebody sound like they're promising to keep spamming, when that's not really what they mean. Sometimes a company has an overzealous marketing manager that needs to be reigned in (or jettisoned).

Bad idea: Sending from the Cloud

MailChimp's Ben Chestnut talks about why it's a really bad idea to send emails from the cloud. He highlights Reddit's own public statements of frustration over being blacklisted by Trend Micro and struggling to get confirmation mails delivered. I couldn't agree more with Ben's take on things. The cloud is a neat place to compute, but for a multitude of reasons, it's not a great place from which to serve email.

CAN-SPAM Myth #4: Doesn't Apply to Non-Profits

Fourth in a three-part series (uh, what?), today I'm going to offer up a quick link to a blog post by Microsoft spamfighter Terry Zink, where he quotes his friend talking about the applicability of CAN-SPAM to non-profits (net: it applies) and some general guidance to consider. I don't agree 100%, as it seems to focus a little too much on "unsolicited," which I think misses the point. But still, remember, CAN-SPAM applies to non-profit senders, not just for-profit marketers.

CAN-SPAM Myth #3: Password Protecting the Unsub Page is OK

Three CAN-SPAM Myths: CAN-SPAM is the US Federal Anti-spam law. If you're sending commercial email in the US, or you're a savvy spam filterer, you probably already know a bit about the law. But, did you know these specific points? Here are three common myths that I have run into, where people misunderstand what CAN-SPAM does or doesn't do.

CAN-SPAM Myth #2: This Law Makes it OK to Spam

Three CAN-SPAM Myths: CAN-SPAM is the US Federal Anti-spam law. If you're sending commercial email in the US, or you're a savvy spam filterer, you probably already know a bit about the law. But, did you know these specific points? Here are three common myths that I have run into, where people misunderstand what CAN-SPAM does or doesn't do.

Keep in mind I'm not a lawyer, and this is not legal advice.

Today in my second of three posts in the series, I'll address CAN-SPAM Myth #2: That the law makes it OK to send spam.

CAN-SPAM has been derided by various anti-spam groups as a license to spam. Their complaints are legitimate, but that's not the entire story. It's true that CAN-SPAM doesn't prohibit spam, and I personally find that to be a huge disappointment. But CAN-SPAM does include requirements that can be a helpful tool to encourage best practice permission compliance.

CAN-SPAM Myth #1: Applies Only to Spam

Three CAN-SPAM Myths: CAN-SPAM is the US Federal Anti-spam law. If you're sending commercial email in the US, or you're a savvy spam filterer, you probably already know a bit about the law. But, did you know these specific points? Here are three common myths that I have run into, where people misunderstand what CAN-SPAM does or doesn't do.

Keep in mind I'm not a lawyer, and this is not legal advice.

Today in my first of three posts in the series, I'll address CAN-SPAM Myth #1: That the law applies only to spam.

The truth of the matter is CAN-SPAM's requirements apply to any commercial or transactional messaging you send. Today, I'm going to focus specifically on commercial messaging. What is a commercial message? The law itself explains. "The term 'commercial electronic mail message' means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)."

Example Double Opt-In Process

If you're wondering why my blogging schedule has been light lately, it's because I've been working on a project; building a mailing list manager to handle discussion lists and broadcast lists from my own server.

As a part of that project, I'd like to share with you my test double opt-in script. Feel free to poke at it, test it, share it with folks whom you'd like to nudge to make the change to confirmed on in.

It's a test list that you can't actually receive mail from, so it's safe to sign up, to see how double opt-in works.

I'd love your feedback, feel free to email me or leave a comment letting me know your questions or concerns.

Recent Spam Litigation Activity in California Courts

Click here to read a nice little overview from Venkat Balasubramani, published on his Spam Notes blog.

Alleged Spammers Using Google Apps: Bad Idea

If you are alleged to have sent spam, alleged to have created thousands of webmail accounts in order to shovel spam selling Acai berry-related products, maybe storing details of your alleged crimes "in the cloud" isn't such a great idea.

Why does the name Pulse Marketing ring a bell? I can't recall for sure. But, I've certainly dealt with marketers that I consider to be similar in that they often have somewhat generic company names, unfinished or very information-free websites, never listing principals behind the company, use UPS Stores or other "dropbox" mailing addresses, etc. Probably all legal practices, but red flags when trying to assess likelihood of best practice compliance by way of looking at the transparency of their business practices and contact information.

(H/T: @PrivacyLaw)

The Pernicious Effect of Gordon vs. Virtumundo

This is an interesting one. John Levine writes: "Bennett Haselton, who runs the Peacefire anti-censorship site, is one of the more successful anti-spam litigants. He says he's filed about 140 suits, mostly in small claims court, and has won the majority of the suits that got far enough to be decided on the merits. But last month, in Federal court in Seattle, he lost a suit against Quicken Loans that he should have won, partly because of his own mistakes, but largely because of the pernicious effect of Gordon vs. Virtumundo."Read more...

Speaking of Tagged.com

Tagged.com, who previously won their own anti-spam lawsuit, has yet again had to deal with spam allegations leveled against them.

The Contra Costa Times reports that "Tagged.com has agreed to pay a $650,000 settlement and halt deceptive practices in which millions of people unknowingly gave the site access to their entire e-mail contact list, the San Francisco District Attorney's Office said Monday."

SFGate Blogger Zennie62 writes, "Tagged.com, started in 2004, may claim a membership based of 80 million and be the third largest social network, but after this let's see how many people stick around. At a tech lunch event held in 2006 in Downtown San Francisco, one of the founders bragged to this blogger that Tagged.com was worth $700 million."

And let's not forget, Time Magazine called Tagged.com "The World's Most Annoying Website" last year.

CAN-SPAM Compliance Impacts Deliverability?

This morning I spent a few minutes going through my Gmail spam folder, looking for legitimate mails that might have been accidentally marked as spam by the Gmail system. It's rare, but it happens.

I found a message from 3GStore.com, a company I purchased an antenna from, once upon a time. I really don't want to receive emails from them. I'm not likely to be a repeat customer, and I'm eager to get "edge case spam" - things that might be considered spam or not, maybe from companies that I signed up for, out of my mail stream, so that I can trust my spam folder to contain "true" spam, because I'm a bit of a data geek and want to be able to write a script that parses that information and logs it.

Beware: Free Gift Card Ads

Watch out for those ads offering you free gift cards, free iPads, MacBooks, whatever. Invariably the goal of the person behind the ad is to get as much personal information out of you as possible, so that they can sell that data to various marketers. Who will then sell that data to other marketers. Who then market to you repeatedly. And sell the data to even more marketers, who also market to you repeatedly. Lather, rinse, repeat.

Consumerist and MacWorld warn readers about these kind of ads, specifically ones found on Facebook. They call them scams. I'm not sure if that term is accurate or not. It might be. But what I do know for sure is that they are email avalanches in the making. You remember my Co-reg tracking project? The 11,000+ email marketing messages I've received in response to me signing up on just a handful of websites? Well, most of those websites are exactly the kind of ones that Consumerist and MacWorld are warning you about.

These "free gift" sites take the data from the one or two forms you fill out, and sell it all over hell and gone. That's why I've got individual addresses that have received 200+, 500+ or even 1000+ "fabulous offers."

This is the exactly the kind of co-registration or lead generation thing that gives email marketing a black eye. Email marketers, put yourself in the consumer's shoes. Do you really want to do that to your email account?

Do you track your opt-in data?

Hey, if you're running a marketing program, if you manage a marketing list, I have to ask: Are you tracking where and when and how each recipient signs up for your email list?

Surprisingly, I'm finding that many marketing managers aren't tracking this. This is sad, because sometimes this data is the last line of defense against you getting sanctioned over allegations of sending spam.

Harvard Business Review Is DEAD Wrong About Opt-Out

Blue Sky Factory's DJ Waldow has posted an excellent rebuttal to this awful Harvard Business Review article pining for opt-out email marketing. I think DJ's response is spot on; the HBR article was written by somebody seemingly out of touch, someone who is suggesting that practices need to change without providing any compelling reason or data as to why opt-out is supposedly better.

Your Help Needed: Sign me Up!

Hey, I created this Gmail account -- shipplingnine@gmail.com -- and I'd love to see what you can get it signed up for. Spam, non-spam, edge case stuff, what have you. Could you do me a favor and sign it up for various things? I'm not quite sure what I'll do with the mail that comes through; maybe check the sender scores on all the IPs that send the mail, look for some non-CAN-SPAM compliant senders, maybe build some summary reporting to share with the internets, who knows what. Regardless, I'm thinking it might be fun to see what comes through. So, would you be willing to help me out?

Again, that address is shipplingnine@gmail.com. Thanks in advance!

A Note on Dutch "Tell-A-Friend" Regulation

Remember how I mentioned SPAM-L the other day? Sometimes you learn useful stuff there. After reading a recent discussion there about "forward to a friend" functionality and whether or not it might be legal in different jurisdictions, I saw Vincent Schönau offer up some useful advice. Vincent is a former postmaster who helps ISPs build anti-abuse platforms for an anti-spam vendor. I've asked him to clarify his thoughts for a post here on Spam Resource, and he as graciously agreed to do so. Keep in mind that neither he nor I are lawyers, and this is not legal advice -- just a smart person's interpretation. And now, Vincent Schönau: 

Interview Day at Spam Resource

Scott Cohen interviewed me for the "Email Snob" series on his cool "Scott Writes Everything" blog, and here it is.

Also, Annalivia Ford, ex-AOL postmaster, now at Unica, was interviewed by Len Schneyder for Unica's blog. You can find part one of that interview here: 8 Years in the Spam Trenches | Part 1

Spam from Image Factory

Today I got a spam from a company called "Image Factory" or "Web Image Factory" -- www.webimagefactory.com -- (773) 315-9014, sending from IP address 64.92.112.127. This Chicago enterprise aims to want to help me grow my business. I'm not interested, but good for them for trying. Except -- I didn't sign up for this email. It's spam.

Why did they send me this spam? I've never heard of them before and I have never done business with them or had a conversation with them.

I emailed them, and we'll see if I get a response. In the mean time, I did a little poking around. A-ha! I did business with a client of theirs. A property rental company that rents out apartments for very short amounts of time, like a hotel room. I've used it to book a place to stay for friends when they have come to visit.

Apparently, when I give my email address to this company to reserve an apartment, it somehow also ends up in the hands of Image Factory. Does that strike you as a best practice? What other information is shared or otherwise ends up in the hands of third parties?

I dug through my saved email and found that I have received mail from this company before, and I reported it as spam every time. This time around, somebody from their ISP responded. Sadly, James from NetFronts Technical Support thinks the mail "does not look like spam" because it is an "opt-in mailing list that allows you to unsubscribe."

Are you on SPAM-L?

A few different folks have heard me mention the SPAM-L mailing list in conversation these past few months, and expressed surprise; thinking it had been retired. The old SPAM-L mailing list was indeed shut down back in May, 2009, but the list was almost immediately resurrected by J.A. Terranson and a few other kind folks. It now lives over at spam-l.com, click here to learn more about the list or to subscribe.

ISPs: Preventing Outbound Spam?

Kris writes, "Hi Al, I am contacting you because I would like to receive some feedback (advice, tips) on how an ISP can help to prevent outbound spam.

Virgin Mobile Settles Spam Allegations for 22,000 AUD

The Sydney Morning Herald reports that Virgin Mobile was found to have been sending email messages to recipients who had previously opted-out of email advertisements from the mobile carrier. "'To make sure you're still certain about this choice, we just wanted to quickly show you some examples of recent offers that we've sent to customers,' the text of the message read."

Yikes. C'mon, what kind of master marketer thought up this? "Let's take the opt-outs and send them a reminder about all the fabulous offers they're missing out on." Do you think that guy got a promotion? People who unsubscribe don't want any more email from you. Duh.

(Hat tip: The Delicious Box of Meat)

Classmates.com Settles Lawsuit over Deceptive Emails

TechFlash reports: "Seattle-based Classmates.com has agreed to pay up to $9.5 million to its users to settle a lawsuit that accused the social network of sending emails that made people believe their old friends from high school were reaching out to connect -- only to discover, after paying for a membership, that their long-lost buddies were nowhere to be found."

On Defending Jigsaw & Similar...

This morning, an anonymous commenter attempted to drop a truth bomb on my post about how Jigsaw was blacklisted by Spamhaus. (They still are, by the way.)

In his comment, he points out that postal junk mail sucks (which I agree with), but he doesn't make it clear why it was important to share that tidbit with us. That spam is a suitable substitute for junk mail? I'm not buying it.

Twitter Has Spammers, Too

I'm a pretty heavy user of Twitter. I've got a few followers, I pay attention to what a lot of people say, and I know a number of people that follow what I say. I enjoy this new method of interacting with people-- it's been a lot of fun. But, like every other way of electronic communication, spammers were bound to discover it and attempt to exploit it eventually. In the Twitter-sphere, the way spam works might be a bit different than in email, but I'll be darned if it doesn't just jump right out at me, with my background in spam fighting and email best practices.

Spamhaus: Waledac Botnet Culling Had Little Effect

Tom Espiner of ZDNet UK Reports. "The throttling of Waledac, which Microsoft claimed to have achieved by means of legal action last week, has led to no appreciable reduction of junk mail coming from the botnet, anti-spam organisation Spamhaus told ZDNet UK on Tuesday.

"'The amount of spam coming from Waledac [before the takedown] was less than one percent [of all spam], and that hasn't changed much,' said Spamhaus chief information officer Richard Cox. 'There's been a slight change, nothing major, and we would expect it to be a lot different.'"

Alan Ralsky Goes to Jail, Does Not Pass Go

Spamhaus reports: "Leaving a wake of over 12-years of criminal spamming and trillions of sent junk emails behind him, long time ROKSO listed spammer Alan Ralsky is finally behind the walls of a US Federal Prison. After pleading guilty to multiple federal criminal charges, and after time extensions to "get his affairs in order", Ralsky reported to FCI Morgantown in north-central West Virginia on March 1st to start serving his 4-year, 3-month sentence."

Ralsky was the guy who complained when angry spam recipients figured out his home address and signed him up for tons of junk mail, magazines, and catalogs. I wonder if he's wishing for that reading material now, to help pass the time for the next four years or so.

Is Online Anonymity a Bad Thing?

My previous post talking about the Anonwhois.org project (of which I have no connection with whatsoever-- I just think it's neat) generated a lot of comments and feedback both in comments and in email. I thought I would take a few minutes here and answer a few of the more popular the comments and questions that were posed.

Arrests made in "Mariposa" botnet that infected 13 million PCs

Boing Boing says: "AP reports that authorities in Spain have cracked one of the biggest botnet rings in history, with three arrests made and more coming. The so-called Mariposa botnet appeared in December, 2008." Read more...

Quick Hits

Annalivia Ford, the AOL employee most senders interacted with if they had deliverability issues at that particular provider of mailboxes, has indicated that she's moving on; leaving AOL. A sad day, of sorts, but maybe not -- with AOL's recent layoffs and the world being a different place than it was ten years ago, it's been clear for a while now that mailboxes may no longer be one of AOL's primary points of focus. Her last day at AOL is March 5th. You'll be able to continue to keep up with whatever she's working on over at her blog, www.annaliviaford.com.

On March 1st, Spamhaus launched a new domain blacklist called the DBL. It sounds great, and I trust that the folks at Spamhaus know what they're doing. It's too new for me to have done any testing, so I haven't yet personally observed it being great at catching spam or not. They recommend using it both for from address (sender) and content (URI/URL) filtering. They also recommend continuing the previous practice of changing URI/URL FQDNs into IP addresses and checking those against the SBL as well, in a two-stage filtering process.

Identify anonymous domains with anonwhois.org

Check out this neat new project at anonwhois.org: It's domain data, published in a format similar to a URI DNSBL or RHSBL (right-hand side BL). Meaning, in short, it's a DNS-based list that you can check domains against. What does it tell you? Whether or not a domain is registered anonymously; that is to say, whether or not a domain is registered behind a "privacy protect"-like service. Like many other spam fighters, I've long considered it a bad idea to hide ownership of your domain in this manner. And now, if you, like me, think it's a bad idea, you could use the ANONWHOIS data to help score or otherwise identify messages that come from such domains or use such domains in images or links.

More on Netprospex

I thought I would take a moment to follow-up on my recent post (Bad Advice in the B2B Space) covering Netprospex's suggestion that "opt-out" is good enough. It seems as though more and more folks have been expressing opinions on Netprospex's advice and even the company's business model. Here's what they had to say.

Ask Al: Additional Received Headers?

Jeremy writes, "Hey, Al! I was wondering if you could help me make a case for adding additional received headers to outbound messages. At the company I work for, one of our technologists convinced the head guy that we should try adding additional unique received headers to every message, rotating through unique IP addresses and host names. Do you have any insight on whether or not this would be a good or bad practice? Thanks in advance."

ClickZ: Goodmail CEO Steps Down

ClickZ reported on February 18th that "Peter Horan's two-year run as Goodmail's CEO came to an end on Feb. 12, though the Internet marketing veteran will stay on as chairman for the certified e-mail service provider. Speaking with ClickZ late Thursday afternoon, Horan confirmed an Internet rumor that he had stepped down." Read the rest here.

Bad Advice in the B2B Space

"B to B Online" shares some really awful advice from Gary Halliwell and Mark Feldman of NetProspex about how opt-out is supposedly the way to go in the B2B (business to business) email marketing realm. They start out by banging the CAN-SPAM drum (make sure you're compliant!! yawn) and then get side tracked into targeting and content.

Don't Spam the Judge

Kevin Trudeau, infomercial peddler of miracle cures (and who knows what else), narrowly avoided jail on Thursday after being cited for contempt over his recent attempt to incite friends and followers to harass the judge presiding over his trial.

SpamResource/XNND Co-Reg Dashboard

I've just completed my first-ever co-registration/lead generation signup tracking dashboard. You can find it at http://xnnd.com/cr/ and it will update daily. As time permits, I'll add additional information and detail to the dashboard.

Tagged.com Wins Spam Lawsuit

Laura Atkins hipped me to this report from SPAMFighter about Tagged.com winning a lawsuit against a spammer, somebody who was "victimizing members of Tagged.com by dispatching spam e-mails that contained web-links directing users to a dating site." Blah blah blah, spam is bad, etc. Enough about that.

Surprise! Internet filled with Junk

Websense reports that in the latter half of 2009:
  • 13.7 percent of searches for trending news/buzz words (as defined by Yahoo Buzz & Google Trends) lead to malware,
  • 95 percent of user-generated comments to blogs, chat rooms and message boards are spam or malicious,
  • 35 percent of malicious Web attacks included data-stealing code,
  • 58 percent of data-stealing attacks are conducted over the Web, and
  • 85.8 percent of all emails were spam.
Read more about it here.

WHOIS Privacy Protect -- What Spamfighters Think

As others have mentioned, a recent court ruling suggests that when accompanied with "intentional spamming," hiding who owns a domain behind a "privacy protect" service (such as Domains by Proxy) could mean that the sender is in violation of the CAN-SPAM law. But let's set that aside for a moment. Even if there wasn't a potential legal issue, do recipient systems and anti-spam groups find privacy protect to be a reputable practice? Let's ask a few smart anti-spam experts what they think.

What is this thing?

If you're viewing this on www.spamresource.com, or if you click through to the site from your RSS reader, you'll now notice a "Co-reg Mail Received" section just to the right of the post on the site. This highlights IP addresses that have recently sent mail to the mailboxes that I use to track mail sent by "co-registration" or "lead generation" senders. Companies in this space often buy "feeds" or "feed paths" from other companies, and there is much data sharing back and forth. I just wanted to start tracking who's actively sending mail to my accounts, and this was a quick and easy way to do it. Keep an eye out as I update this section with more information over time. Might be neat to see how many emails this mailbox has received, how many times an IP address has been seen, etc.

I'm not alleging that this mail is spam, and most of the mail I see seems to comply with US federal law. That's not to say that senders in this space don't engage in practices that can cause significant deliverability issues. If you and a thousand other senders are all mailing to the same email lists, it seems as though a "tragedy of the commons" effect could apply, wherein ISPs find none of the senders to be sending desirable, wanted mail.
 
As always, your feedback is welcome.

Word to the Wise Delivery Wiki

Laura Atkins just announced the Word to the Wise Delivery Wiki, a cool new deliverability resource. Very cool!

My Delicious links account isn't anywhere near as awesome as the WTTW Wiki, but it's still out there and it's something that I use every day. Looking for information about Comcast? Just add "comcast" to the URL. International ISP and legal links? Add the word "international." Etc.

Who is this Ken Magill guy anyway?

A client asked me the other day, "Who is this Ken Magill guy anyway? Who reads his stuff? Does it matter?" I guess the answer to that is yeah, I've found what Ken has written to be highly insightful. After all, I've blogged about or linked to his articles more than two dozen times here on Spam Resource. Go see for yourself.

Engagement: Best Practice for Years

I just stumbled across this link to an Email Diva column from early 2007, talking about how to improve your list hygiene through re-confirmation and dumping people that never open and click. In other words, keep your list engaged, and dump un-engaged segments, after salvaging what you can from them. I guess that means that the engagement train has apparently been heading toward us for quite a long time!

Ken Magill Leaves Penton

Long-time chronicler of the email marketing space Ken Magill has just announced that he is leaving Penton Media.

Spam Complainants Are Sometimes Angry

People are, on occasion, very angry in response to spam. They sometimes send flaming emails filled with invective, questioning the parentage and every other possible quality of the sender and the product being advertised. To some, this is is considered a new brand of annoyance, specific to the innertubes.

Those people are wrong, as it turns out. This is not a new phenomenon. Don't believe me?

Check out this letter sent by Mark Twain, in response to a patent medicine advertisement, more than a hundred years ago. He writes, "[You are] without doubt the most ignorant person now alive on the planet; also without doubt [you are] an idiot, an idiot of the 33rd degree, and scion of an ancestral procession of idiots stretching back to the Missing Link."

Mark Twain, you're my hero. You can read the whole letter over on the awesome Letters of Note blog.

Bad News in 2010, if You Suck

In the MediaPost article "Why 2010 Could Be A Bad Year For 'Worst-Practice' Marketers," ReturnPath's George Bilbrey talks about what's driving ISPs nuts lately: legitimate companies with bad email practices. He writes: "The good news is that the ISPs (and their technology providers) are doing a much better job at preventing much of the truly criminal spam. With the worst mail out of the way, what are they finding? Of the mail that is not criminal spam, the mail streams that are causing the most noise from ISP subscribers (high "this is spam" rates, high spam ratings from spam rating panels, low "this is not spam" rates) is mail coming from legitimate companies with very poor practices. These mailers are now front and center on the ISPs' radar screens, which will result in widespread, critical delivery problems for this class of mailer in 2010."

This is something I've witnessed first hand, and I've also seen what happens next when ISPs denote that these mail streams aren't all that kosher: They block. Hard block, permanent block, spam block. The anvil drops right on the sender's head, and it takes months to clean things up and get unblocked. I've seen at least one really big ISP say to heck with this, don't ask us to unblock it until six months have passed AND you've cleaned up your act.

This is all yet another data point on why an ounce of prevention is much better than a pound of cure. Clean your act up now, so you keep getting to the inbox, instead of waiting until you get blocked and suddenly have to scramble to try to rescue your email program.

The E360 Pantsing Continues

Laura Atkins writes today about the newly discovered settlement between 'email marketer' E360 and Comcast: "Today, only weeks before the trial date, a settlement agreement was filed. The settlement agreement prohibits the defendants and any group associated with them from transmitting email to any domain owned by Comcast without affirmative consent (as defined by CAN SPAM). All mail sent by the defendants must comply with the Comcast Terms of Use or AUP. The defendants must not attempt to circumvent Comcast’s spam filters, must comply with CAN SPAM and must not help anyone else violate any of the provisions of the agreement."

Mickey Chandler provides some additional commentary and some MOST AWESOME opinion: "As I see it, Linhardt was so desperate to get out of this case he became willing to sign (in the Affidavit of Confession of Judgment) what’s basically a blank check to Comcast worth a quarter of a million dollars, and waive the usual niceties, like not having to allow the whole world to see what he agreed to I’ll also point out here, even though I don’t at Spamsuite, that Comcast basically agrees to nothing. This is all give on Linhardt’s part, with no take."

Work-at-Home Spam, Scam or both?

Check out this wonderful story from the Minneapolis Star Tribune, wherein a dupe robocalls a reporter for the paper. The consumer watchdog reporter -- aka "The Whistleblower." Oops.

From the story:
  • The product he was pitching was something called an “extractor.” It has nothing to do with your teeth. “What it does, is it extracts phone numbers and emails from businesses off the Internet,” he said.
  • Kitchen paid $249 for the extractor, and he’ll get a cut of any new extractor business he steers to Bayne.
  • [Kitchen] he hasn’t made any money yet, but he’s just getting started.
  • So far, Kitchen said, his phone blasts have resulted in one callback. [The reporter's.]
To recap: Guy buys a $250 program to allow him to harvest email addresses and phone numbers from the internet. He illegally robocalls various phone numbers, including the reporter's number. The only response he's received from his phone spam was....a call back from the reporter.

Might be time to consider a new line of work, Rodney Kitchen.

In-Application Email Signup: Ew, Really?

Yesterday, Campaign Monitor posted a helpful hint on how you can add an email list signup form to your Macintosh application. I would strongly recommend against this, unless it's both clearly optional, and tied to a confirmed opt-in (double opt-in) process. This is a mine field if you don't know what you're doing.

Once upon a time, I worked for an e-commerce service provider, a company whose original core business was hosting online stores for downloadable software. Online registrations and in-application registrations were two very popular ways of driving list growth, and it led us to learn a few lessons the hard way.
  • If you force a signup form in front of somebody's face, they're going to fill the form with crap.
  • If the form isn't very clearly optional, they're going to fill the form with crap.
  • If the form pops up without any clear initiation from the end consumer, they're going to fill the form with crap.
  • If you make registration a condition of anything at all, they're going to fill the form with crap.
Been there, done that. I observed people putting in email addresses of people at Spamhaus, AOL's anti-spam team, various US presidents, etc. And lots and lots and lots of spamtraps. Deliverability was very poor; clients got blacklisted, the signup server got blacklisted, emails went to the bulk folder, and AOL even very angrily called me directly once (how often has that happened to you?).

What we learned is that the only way this works at all is if you make any sort of registration process like this confirmed opt-in (double opt-in), making it so that the registration is not complete until the consumer receives an email message and clicks on the link to validate their address and confirm their desire to be on the mailing list. It got so bad with people putting crap in the forms that we ended up creating a dedicated system, explicitly for handling software registrations, and no address was ever considered to have opted-in until and unless the double opt-in process was completed.

The net result is that our deliverability woes went away. We still had issues from time to time, clients that needed remediation, but it was never due to software registrations handled by the system we built.

What is Zeusmail.org?

A whole bunch of sites have noticed seemingly bogus signups from email addresses in the zeusmail.org domain. Does anybody know who or what this is? Of course, the domain owner's WHOIS information is hidden by way of Privacy Protect (barf).

Pivotal Veracity Acquired by Unica Corp.

Multiple sources are reporting today that provider of email delivery tracking and email rendering test tools Pivotal Veracity has been acquired by online marketer Unica.

Ken Magill Sucks

That is all.

Brazil Overtakes US as Spam Leader

Ed Falk points out that multiple sources explain that Brazil has overtaken the US as the source of the most spam. However, Ed goes on to point out a very important point. "Vietnam, China, and Brazil may be the places where most of the spam is delivered from, but I think if you follow the trails (and follow the money), you'll find that it all leads back to the U.S." Follow the money, and it probably all points back to....us.

How Tradeshow Email Lists Can Get You Blacklisted

The other day, Mark Brownlow tweeted a link to an older MailChimp blog post, touching on the perils of trade show email lists. In that post, MailChimp's Ben Chestnut touches on the do's and don'ts of email best practices when it comes to trade shows.

The Beatings Will Continue...Forever

It seems to me that there are a few different reasons why you'd want to list an IP address on a blacklist.

10 Deliverability Tips for 2010

My friend Mickey Chandler, newly freed deliverability consultant, has just posted his Top 10 Delivery Tips for 2010 whitepaper. Useful stuff about IP reputation, authentication, message stream diversity, and much more. And if you need deliverability guidance, don't forget, Mickey is now for hire!

Email to Die in 2010

No, not really. But, "there will be at least 39 more articles in the mainstream announcing the 'death of email,'" says ReturnPath's Matt Blumberg. I suspect Matt is right.

AOOGAH!! DIVE! DIVE!

Have you ever told an ISP's postmaster, "The contents of the email follow all of the CAN-SPAM guidelines!" or "Why are you targeting my 100% opt-in emails?" You might want to reconsider that.

SpamAssassin 2010 bug

If you use SpamAssassin and today it's suddenly scoring every email you receive with at least 3.2 points, and it says that "the date is grossly in the future," then you should read this.