Guest Post: Gmail Political Pilot Program: Sometimes it feels good to be wrong
URL Copied
Yesterday, a colleague shared a link, a much anticipated link, a link that adds clarity to a topic that caused some hair to catch on fire (mine in particular), some ire and anger, much speculation, and little support. That topic: Gmail’s Political Pilot Program or as Gmail has coined it Gmail Verified Sender Program Pilot (some speculate there are reasons for this, but let me learn my lesson and not talk about that just yet).
I was hot on the topic when I first read about it and quick to comment judge. I was also quick to jump right into this newly shared link, filled with (what I hoped was) answers to some lingering questions.
And what an enjoyable read it was. Not because it was written with humor (although it did make me chuckle) or was infused with creative writing elements, or that it laid out an in-depth insight into the email landscape, but because of the complex simplicity of it. The ‘simple’ list of requirements informed by the layers of deep knowledge about political mail (heck any type of spam). That knowledge is clear in the specific wording used and requirements listed.
It’s a glorious read for a number of reasons that I’ll get into. However, I would be remiss not to call out how turned around my reaction is now compared to my view just a few months ago. In July, I wrote about how I thought we were essentially being betrayed and that as an end user, my mailbox and my trust that crud would stay out of it would be broken.
To add some additional context, there’s been a lot of change in the US of late and to say the outside environment wasn’t weighing on my mind, would be untrue. Although my hope was that this program would prove political mail was bad, I thought (to myself and maybe out loud to a few others) this was one defeat where politics overcomes reason and was forcing its hand onto yet another topic near and dear to my heart.
And sometimes when something is uncomfortable, it’s easier to be filled with dislike and join the bandwagon of naysayers than to be patient, thoughtful, and open to something new. Although, there are a number of others experts that will post about this topic soon and they were much more measured in their approach and patient. And when they do write, do not miss those articles. One of which, Gmail Program for Election Mail, is already published by Laura Atkins there and it's a fantastic summary as well as a great view on how the filtering may be adjusting, and more.
After reading Gmail’s pilot requirements, it quickly became apparent that the process to register isn’t that easy to game (you have to be a registered committee with the FEC) and that Gmail isn’t out to posthumously prove sending behaviors for political mail are bad, but to lay the groundwork of what is acceptable. If political mailers want the best chance of success, they too have to play by the same rules as other good senders, plus a little extra effort to make sure the system doesn’t get compromised or abused. This program is definitely not a red carpet walk.
Are there still a few things that I’m unsure of or could be taken advantage of? Absolutely. (Like what about those using IMAP or another application to read mail, how will Gmail confirm consent? Will the requirement to confirm consent create fatigue if an email address is on multiple lists? How long will it take email recipients to react to this change and the system to subsequently adjust with the timespan really being only a matter of weeks? Will it be fast enough to put a stop to abuse?)
However there is so much good in these requirements. And unlike my initial, heated thoughts, these requirements are not enabling the type of political spammers we’re seeing today. Mostly Gmail is detailing how to be a good sender and they are setting a high bar to meet, both technically and strategically. Although there are a number of them, I will call out 8 of my favorites (via direct quotes from the site) and some commentary.
Domain alignment, the foundation to getting DMARC set up “SPF and DKIM must be implemented, and the SPF/DKIM authentication domains must match and be aligned with the sending domain that's verified in the program.”
In short, you can’t hide behind services that try to spread the mail out in order to try to fly under the radar. Your mail must be tied to you.
DMARC at enforcement “p=reject or p=quarantine sp=reject or sp=quarantine”
Again, services that try to send on your behalf have to do the work to get authentication right otherwise, you must tell the receivers to bulk or block the mail. My favorite part about this is DMARC is not Gmail specific so enforcement will help everywhere.
Limitations on number of domains “Domains to be included in the pilot. Each Committee can submit up to 5 domains for the Program Pilot. These must be domains that the Committee owns in whole or part and has control over.”
This is tied in closely with the requirement that the domain must be “active for 30 days prior to applying to the Program Pilot,” “regularly send bulk emails from the domain,” and “send email campaigns at least every 14 days.” Basically, you can’t just spin up domains, which is what spammers do and swap them out when there is an issue. Nor can you use a domain that has no history as it’s harder to identify if the seen activity is compromised or abused in some other way. Nor can you use a service to sit on the reputation of their domains, you need to own your mail.
Account-focused status standing “Email address associated with each domain's Postmaster Tools account.”
In other words, the application is tied to a Google Postmaster account via an email address which will list out the sending domains. This helps tie together domains that may be sent from different platforms and those that may appear vastly different within one committee. And that committee is responsible for their actions across all domains. In other words, don’t reserve your bad activity for one domain and rely on the rest. If one domain fails, they all fail.
Don’t spam. “Spam: Do not send spam, including unsolicited, repetitive, nonsensical, or unrelated commercial content. Follow guidelines for sending messages to Gmail users. Please keep in mind that your definition of "unsolicited" mail may differ from your email recipients' perception. Exercise judgment when sending email to a large number of recipients, even if the recipients elected to receive emails from you in the past. See more about bulk email best practices. In the Program Pilot, having more than 5% of emails in a day "Marked as spam" by users will be a violation of the Program Pilot’s Spam policy.”
This entire bullet made me laugh, but the “your definition of "unsolicited" mail may differ from your email recipients' perception” was icing on the cake! This is very in line with what deliverability folks and providers have been saying for years. Spam isn’t just the traditional spam from the past, but is any unwanted mail.
Protection of personal information “Personal and Confidential Information: Do not distribute other people's or entities' personal or confidential information. This includes other people's sensitive information, such as U.S. Social Security numbers, bank account numbers, credit card numbers, images of signatures, personal health documents, or privileged communications. Do not disclose personal information to incite others to harass, threaten, or physically harm.”
Specifically highlighting that last sentence. As mentioned, the US has seen some interesting times as of late. Even if some of these statements are in Google’s TOS, it’s an important note that this is called out in order to participate in this pilot program.
Prohibits promotion of illegal activity “Illegal Activity: Do not distribute content that promotes, organizes, or engages in unlawful activities.”
Again, the world is strange in the US and it’s notable that the landscape is such that this has to be called out.
Termination and suspension “If your Committee is suspended from the Program Pilot, it can be reinstated after a 1 week period.”
1 week suspension is a long time when you only have a couple months to get your election emails out there. This isn’t to say you can’t mail to Gmail, but you won’t get the benefits of the pilot program.
It’s possible that not everyone feels this way. Maybe some folks out there think that the program is still questionable or still could result in a lot of unwanted mail. I asked my colleague Al Iverson for his opinion, and he told me that he’s still quite skeptical. So, on that note, I will leave you with his thoughts as a final note to think about as we continue to watch how this pilot pans out.
“I think for it to be the success you’re hoping for, Google will have to be good at handling the policy compliance aspects of this. That means implementing both people power and new automation to review practices and policies and stats and taking action based on that data.
Historically Gmail’s “reputation engine” has been entirely automated (we think) – not having anything like “policy compliance” people like an email service provider might have – and I think that these aspects of registration and review are new territory for the big G. I hope they get it right, and I am curious to see what comes next. I am not quite ready to declare all concerns assuaged just yet, though!” - Al Iverson
I was hot on the topic when I first read about it and quick to
commentjudge. I was also quick to jump right into this newly shared link, filled with (what I hoped was) answers to some lingering questions.And what an enjoyable read it was. Not because it was written with humor (although it did make me chuckle) or was infused with creative writing elements, or that it laid out an in-depth insight into the email landscape, but because of the complex simplicity of it. The ‘simple’ list of requirements informed by the layers of deep knowledge about political mail (heck any type of spam). That knowledge is clear in the specific wording used and requirements listed.
What is this link, you say? It’s the requirements to participate in the program, direct from Gmail.
It’s a glorious read for a number of reasons that I’ll get into. However, I would be remiss not to call out how turned around my reaction is now compared to my view just a few months ago. In July, I wrote about how I thought we were essentially being betrayed and that as an end user, my mailbox and my trust that crud would stay out of it would be broken.
To add some additional context, there’s been a lot of change in the US of late and to say the outside environment wasn’t weighing on my mind, would be untrue. Although my hope was that this program would prove political mail was bad, I thought (to myself and maybe out loud to a few others) this was one defeat where politics overcomes reason and was forcing its hand onto yet another topic near and dear to my heart.
And sometimes when something is uncomfortable, it’s easier to be filled with dislike and join the bandwagon of naysayers than to be patient, thoughtful, and open to something new. Although, there are a number of others experts that will post about this topic soon and they were much more measured in their approach and patient. And when they do write, do not miss those articles. One of which, Gmail Program for Election Mail, is already published by Laura Atkins there and it's a fantastic summary as well as a great view on how the filtering may be adjusting, and more.
After reading Gmail’s pilot requirements, it quickly became apparent that the process to register isn’t that easy to game (you have to be a registered committee with the FEC) and that Gmail isn’t out to posthumously prove sending behaviors for political mail are bad, but to lay the groundwork of what is acceptable. If political mailers want the best chance of success, they too have to play by the same rules as other good senders, plus a little extra effort to make sure the system doesn’t get compromised or abused. This program is definitely not a red carpet walk.
Are there still a few things that I’m unsure of or could be taken advantage of? Absolutely. (Like what about those using IMAP or another application to read mail, how will Gmail confirm consent? Will the requirement to confirm consent create fatigue if an email address is on multiple lists? How long will it take email recipients to react to this change and the system to subsequently adjust with the timespan really being only a matter of weeks? Will it be fast enough to put a stop to abuse?)
However there is so much good in these requirements. And unlike my initial, heated thoughts, these requirements are not enabling the type of political spammers we’re seeing today. Mostly Gmail is detailing how to be a good sender and they are setting a high bar to meet, both technically and strategically. Although there are a number of them, I will call out 8 of my favorites (via direct quotes from the site) and some commentary.
“SPF and DKIM must be implemented, and the SPF/DKIM authentication domains must match and be aligned with the sending domain that's verified in the program.”
In short, you can’t hide behind services that try to spread the mail out in order to try to fly under the radar. Your mail must be tied to you.
“p=reject or p=quarantine
sp=reject or sp=quarantine”
Again, services that try to send on your behalf have to do the work to get authentication right otherwise, you must tell the receivers to bulk or block the mail. My favorite part about this is DMARC is not Gmail specific so enforcement will help everywhere.
“Domains to be included in the pilot. Each Committee can submit up to 5 domains for the Program Pilot. These must be domains that the Committee owns in whole or part and has control over.”
This is tied in closely with the requirement that the domain must be “active for 30 days prior to applying to the Program Pilot,” “regularly send bulk emails from the domain,” and “send email campaigns at least every 14 days.” Basically, you can’t just spin up domains, which is what spammers do and swap them out when there is an issue. Nor can you use a domain that has no history as it’s harder to identify if the seen activity is compromised or abused in some other way. Nor can you use a service to sit on the reputation of their domains, you need to own your mail.
“Email address associated with each domain's Postmaster Tools account.”
In other words, the application is tied to a Google Postmaster account via an email address which will list out the sending domains. This helps tie together domains that may be sent from different platforms and those that may appear vastly different within one committee. And that committee is responsible for their actions across all domains. In other words, don’t reserve your bad activity for one domain and rely on the rest. If one domain fails, they all fail.
“Spam: Do not send spam, including unsolicited, repetitive, nonsensical, or unrelated commercial content. Follow guidelines for sending messages to Gmail users. Please keep in mind that your definition of "unsolicited" mail may differ from your email recipients' perception. Exercise judgment when sending email to a large number of recipients, even if the recipients elected to receive emails from you in the past. See more about bulk email best practices. In the Program Pilot, having more than 5% of emails in a day "Marked as spam" by users will be a violation of the Program Pilot’s Spam policy.”
This entire bullet made me laugh, but the “your definition of "unsolicited" mail may differ from your email recipients' perception” was icing on the cake! This is very in line with what deliverability folks and providers have been saying for years. Spam isn’t just the traditional spam from the past, but is any unwanted mail.
“Personal and Confidential Information: Do not distribute other people's or entities' personal or confidential information. This includes other people's sensitive information, such as U.S. Social Security numbers, bank account numbers, credit card numbers, images of signatures, personal health documents, or privileged communications. Do not disclose personal information to incite others to harass, threaten, or physically harm.”
Specifically highlighting that last sentence. As mentioned, the US has seen some interesting times as of late. Even if some of these statements are in Google’s TOS, it’s an important note that this is called out in order to participate in this pilot program.
“Illegal Activity: Do not distribute content that promotes, organizes, or engages in unlawful activities.”
Again, the world is strange in the US and it’s notable that the landscape is such that this has to be called out.
“If your Committee is suspended from the Program Pilot, it can be reinstated after a 1 week period.”
1 week suspension is a long time when you only have a couple months to get your election emails out there. This isn’t to say you can’t mail to Gmail, but you won’t get the benefits of the pilot program.
It’s possible that not everyone feels this way. Maybe some folks out there think that the program is still questionable or still could result in a lot of unwanted mail. I asked my colleague Al Iverson for his opinion, and he told me that he’s still quite skeptical. So, on that note, I will leave you with his thoughts as a final note to think about as we continue to watch how this pilot pans out.
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.