Spamcop Blacklisting: Should you care?

I was asked today if Spamcop should be "trusted." After all, even the Spamcop Wikipedia page says that their blocking list is "controversial." Though, is it truly more controversial than any other blacklist out there? Let me tell you what I know.

The last time I looked at Spamcop from a receiver's perspective was back in 2007. Back then, I found it to be pretty accurate. A Spamcop listing truly seemed to be indicative of a sending IP address sending unwanted mail. That data is from a long time ago, but I haven't seen anything since then that would make me think they've changed for the worse by any significant measure.

Long, long ago, when Spamcop was a one-man show (created and run by a guy named Julian Haight), I did find the blocking list to be controversial. I regularly saw listings of IP addresses sending very clearly only opt-in email, with nothing funny or weird going on. Even confirmed opt-in email. But since that time, Spamcop has been sold to Ironport, who has since been sold to Cisco. So nowadays, Spamcop is a tiny little part of Cisco. With that transition to corporate ownership, came new hands and new policies, which (in my opinion) seemed to significantly improve the reliability of Spamcop.

From a sender's perspective, I regularly help clients monitor for and address Spamcop listings. Because my prior testing of Spamcop led me to trust that it was typically correct, I typically think that a Spamcop blacklisting of a client's sending IP address is probably "correct" -- I suspect it is properly indicative that there is a problem that needs to be addressed. I think if a sender is regularly finding themselves listed on Spamcop's blacklist, then their list is probably outdated, poorly permissioned, or otherwise flawed. In these cases, I do think it's appropriate to run a permission pass to clean up the list and resolve any list hygiene issues. At the same time, discard any list segments that contain anything other than opt-in subscribers. Bought list? It's time to throw it out.

That's my opinion, provided with my alternating "sender" and "receiver" hats. What's your opinion?

Is this permission?

I received an email the other day that went something like this: "Hello, A media site you recently visited would like you to participate in their user-survey. Your input will be combined with other users' across the country to improve their site. To encourage your participation, we are offering a chance to win one of two Apple iPads. Two participants will receive an Apple iPad 2 (valued at $499). To access the survey, simply click on the hyperlink below. We estimate that it will take approximately 15 minutes to complete."

Well, I know which media site it was, because I gave them a tagged (unique) address. When you send me an email to COMPANYNAME@example.com, it's not exactly a secret. Regardless, I'm peeved -- why is this media site giving my email address to a third party? Why is this third party emailing me? Where is the permission? Where is the informed consent?

Keep in mind, when emailing a subscriber, it is EXTREMELY bad from to try to be coy about where you got the recipient's email address from. Seriously-- only spammers do this. And this email is in fact spam. I didn't give permission to this survey company to email me. The mail was not transactional; this notification was not a necessary part of my subscription to the online media site. It was probably quite legal, due to some clause or other in the media site's privacy policy. But that doesn't make it right, and it doesn't change the fact that this is a very poor practice.

I would have mentioned this all to the survey company themselves, but the email address they emailed me from doesn't seem to work.

Survey companies, I challenge you to get with the modern age. I understand the desire to do surveying a certain way, but whatever this model is, it conflicts with email best practices and permission. It's time to modify the model.