If it's good enough for the cops...?

I was pleased to discover today that even the Chicago Police Department utilizes double opt-in for their newsletters signup. I wonder what led them to implement their signup form in this fashion? I've dropped them a line asking for more info, we'll see if they respond. If they do, I'll mention it here.

Sending an attachment with your email campaign?

It seems pretty basic, but I often get asked how to attach a file to an email campaign. Maybe it's just going to a handful of folks, but you don't always want the hassle of sending it to each person individually from Outlook. The problem is, you'll find that most email service providers decline to provide functionality that would allow you to embed or attach a file to your email message.

Security is the primary reason why. Thank the creators of viruses for screwing everything up for the rest of us. If you sent out any sort of big email attachment, nearly any corporate anti-virus/anti-spam filter is going to reject it, or remove the attachment. That's because there are so many different kinds of viruses and worms out there that try to propagate themselves via email. Those emails started out with simple attachments, trying to entice the gullible to click-to-open an attached application. As filtering evolved and that became harder, they eventually evolved to locking the virus payload up in a password-protected ZIP file, with instructions and password email written out in the body of the email message. You might think that people wouldn't be dumb enough to open something like that, but you'd be wrong. Actually, some of the deceptions are quite complicated. They look like emails from somebody you know, and you might even think that your friend is sending you something you want.

Even if the attachment doesn't get blocked, smarter recipients are wary of big attachments. Some will suspect the email is a virus delivery attempt. They'll question the email, ignore it, or report it as spam.

Also, email size is a concern. Big email messages can choke the recipient. That big attachment would take up a lot more space on the email servers between the sender and recipient. If the recipient was on a slow connection, it will take a lot longer for them to download the email message. They could be stuck downloading the attachment, even if they didn't want to. Not everybody has broadband yet, so you would not assume that your recipients can handle a giant-sized email.

Think of how HTML email messages work: When a legitimate email service provider serves a rich graphical email with HTML and images, they're not really sending all those images directly inside of the email. None of the images are actually embedded in the email. The HTML source code just links to them, usually back to the email service provider's website. If all the images were embedded, the email would be pretty large - but this way, the email itself is only a few kilobytes in size.

Do the same thing when you need to share a file with recipients on your list. Instead of attaching the file, link to it in your email. You do that by hosting it on a website, then pasting the link into your email message.

Don't have a website to host it on? Try Google Pages. This probably isn't the best way to share a file with hundreds of recipients, but if you're sharing it with just a few folks, it's very easy to set up. Creating a Google Pages account gives you a website at (your handle).googlepages.com, and you can upload and host files, and create webpages, up to a hundred megabytes worth. After you create a Google Pages account, just click on the "browse" button on the right hand side of the Google Pages screen. Locate your file and hit the "OK" button. It'll upload, and show up in your list of files along the right edge of the screen. You can copy and paste the shortcut to the link from that list, and drop it into your email message. Include that shortcut link in your email message, and recipients will be able to click on, or cut-and-paste, the URL, and they'll be able to download your file. It's pretty easy to do, and it works with just about any kind of file.

A question about your practices.

Today I got mail from "Angela Brobst," with a subject line of "question about your site." She apparently works for "The Search Doctors," located in Aliso Viejo, CA.


"I can put your site at the top of a search engines listing. This is no joke and I can show proven results from all our past clients. If this is something you might be interested in, send me a reply with the web addresses you want to promote and the best way to contact you with some options."

Well, she's right. This truly is no joke, and I'm definitely not laughing. Why not? Because the mail is spam, and here's why. It was sent to a role account that has never signed up for anything. The website URL linked to has a different domain (seo-placement-services.com) than the from address domain (thesearchdoctors.com) in the mail. The mail came from a RoadRunner cable modem, and it has fake additional headers added in to try to fool spam tracking applications. (It claims the mail came from glenayre.com; it did not.)

I've done a lot of work in paid and organic search over the years. Search is important. You need to utilize it if you have a website and a business. It brings traffic. It brings leads. No question. It's just as important not to do it wrong. If you do things like set up link farms, add questionable tags, or hide behind rotating domains, eventually Google figures it out and blocks your site from showing up in their index. I've seen it happens to clients who tried to do it on their own. Watch your organic traffic dwindle down to nothing overnight! No joke!

Because it's so important to do correctly, would you really trust search to somebody who already obviously doesn't comply with email best practices? I wouldn't.

Europe hasn't caught up yet

Over on MediaPost's EmailInsider, Paul Beck talks about his experiences at an email marketing conference in Holland.

One thing that hit home for me was Paul's comment that lots of e-mail related issues are new to the Dutch. My experience isn't with Holland, but it does seem to me that Europe isn't yet to the same level as the US when it comes to spam/list management/deliverability issues. I'm not seeing a lot of process and policy in place on the ISP front with regard to blocking issues. In the US, the top ten ISPs pretty much govern your email practices. In the EU, policy is set (at a very general level) by privacy directives, and the laws they instruct member states to create. But there's quite a big gap when it comes to ISPs enforcing best practices, working with senders to reward the good ones and incent the bad ones to reform.

It's a model that I think is successful in the US. My gut instinct is that the EU will get there, but I wonder how long it will take.

Double Opt-in How To

Here's a link to a document I wrote back in February, 2006. It gives an overview of how to implement double opt-in. How does it work? What do you need to be careful about? How do you track opt-ins? How do you handle replies? Etc.

Multiple anti-spam groups and ISPs have contacted me over the years, asking for this type of overview. If you find it useful, please let me know!

My eventual goal is to build a free software library of double opt-in libraries and scripts, that would allow an individual or small company quickly and easily set up their own double opt-in name capture process.

Anybody want to write some perl code for me?

Sender Policy Framework (SPF) trick of the day

Since SPF records are DNS TXT records, they can only contain up to 255 characters of information. In some situations, you might not be able to fit all your sending networks in a small, 255-character text string.

So, what do you do?

Easy! Just use SPF's "include" functionality to link multiple SPF records together. Click on the string below to see the dnsstuff.com SPF lookup for a example domain:

Processing SPF string: v=spf1 include:spf-dc1.digitalriver.com include:spf-dc2.digitalriver.com include:spf-dc3.digitalriver.com include:spf-dc7.digitalriver.com include:spf-dc5.digitalriver.com include:spf-dc6.digitalriver.com ~all.

Notice where it says "include:xxxx1.domain.com"? That's instructing the SPF resolver to also look up the SPF record for xxxx1.domain.com and include it as part of the results for domain.com.

Not only does this help you when your networks won't fit, but it can help you make changes and updates easier.
  • Adding a second domain? The second domain's record would only have to contain an "include" statement that references your primary domain. When the primary domain's SPF record is updated, the one for the new domain is also updated, automatically.
  • Have multiple facilities on different networks? Utilize the "include" functionality to link to additional facility-specific SPF entries. Then when a single facility's network changes, you only have that one SPF record to update.
If you're looking for more information about SPF, Wikipedia is a good place to start.