Best Practices, Delivery Essentials

Zombies are everywhere…including your member database

WARNING: PLEASE DO NOT FEED THE ZOMBIESYesterday morning I received a bit of a surprise in the form of an email from Tumblr congratulating me on the 9th “birthday” of my blog. I checked and it seems I last posted on Tumblr just over 3 years ago…and only three times ever. In March 2013, I posted a photo from a photo sharing app called Streamzoo – an Instagram alternative that, apparently, wasn’t a good enough alternative and shuttered in 2014. In 2012 I posted a photo from Instagram, but from an account that no longer exists (it was deleted among the wave of privacy concerns about Instagram around that time.)

The fact that I got this notification is a good thing, as it means I’m still using the email address I used to create the Tumblr account – but what about all those accounts I created with previous addresses?

As I dug through websites I hadn’t thought of in years – MySpace, LiveJournal, even Angelfire! – it brought to mind a common issue for the association groups I work with: zombie members. While the use of zombie imagery in reference to old email addresses and web accounts isn’t new, paying attention to those undead records is more relevant than ever for organizations whose email program relies heavily on membership rolls.

Too often when troubleshooting delivery issues, membership organizations completely exclude their active member list from any sort of list hygiene initiatives. The reasoning makes sense on the surface: if someone is an active (often paying!) member of your organization, clearly they want your emails, right? Unfortunately, that often doesn’t take into account some of your most loyal members.

It’s an oft-quoted statistic that 20-30% of email account owners change their email address each year, often due to a change in internet provider or employer. Over the course of 5 years, that equates to a greater than 1 in 3 chance a recipient has changed their email address – but did they tell you? How would you know?

Let’s talk through some of the most common assumptions used to justify why an email address shouldn’t be subject to list hygiene practices and how they can lead to trouble.

1. “They logged into our website.”

This seems like a slam dunk: your website uses email address as username, and the member had to log into their account to renew (or you can see a record of their login.) That definitely means the address is good, right? Nope. Every web browser since Netscape Navigator (and probably before) has been able to save login information so you don’t have to remember those pesky passwords. If members aren’t required to confirm their email address regularly, they have little incentive to change their username (assuming they even realize they’re using the old address).

2. “They attended a conference.”

Like logging into your site, this is a great sign they’re engaged with your organizationbut not necessarily with your emails. If the registration for the event took place on your org’s website (that same one with the saved password, above), attendees may be using the same saved information to register. It may seem unlikely, but I’ve worked with many orgs who were unpleasantly surprised by the number of recent event registrants whose information was out of date.

3. “CAN-SPAM says we can send to members no matter what.”

It is true that CAN-SPAM has an exemption for messages deemed to be pertaining to a transaction or ongoing relationship. The FTC has issued some guidelines around this, but there’s still quite a bit of grey area. Sending a message announcing conference registration to your members? Maybe a promotion for a Continuing Ed course for industry professionals? Most experts would tell you these aren’t exempted messages.

Truth be told, whether they are or aren’t exempt is irrelevant to the discussion. CAN-SPAM allows you to send almost any sort of unsolicited email as long as you provide contact info and an unsubscribe method. This is the bare minimum required to comply with the law (and any reputable ESP will require permission.) However, every major email provider has implemented complex spam filtering systems designed to block or reject mail their recipients don’t want.  If their recipients don’t open your emails, or they mark them as spam or unwanted, your mail won’t get delivered. So yes, you may have legal permission to send them email, but that means absolutely zero when it comes to whether your message reaches the inbox.

How can you be sure your members’ information is valid?

While none of the above methods should be considered a reason to keep an email address in your list, there are a few options for confirming addresses that are a bit more reliable.

Send a reconfirmation email

The gold standard of email verification is the confirmation email. Once per year (often at the time of renewal), send an email to the address on file that requires a click on a confirmation link to stay on your list. If someone clicks, you know you’ve got the right person and the right address. If they open but don’t click? That’s a bit more of a grey area. Depending on the language in your email, you may want to keep them around but limit the emails they receive. Non-openers should be suppressed from your email campaigns going forward.

Look for recent opens or clicks

Most orgs are hesitant to require annual confirmation, which is understandable. It’s likely to shrink the size of the email database, a prospect that rarely elicits a thumbs-up from the executive team. In those cases, you can still look for recent activity from the recipient in the form of opens, clicks, and replies. If you have records indicating a recipient opened, clicked on, or replied to an email in the past 12 months, it’s generally a safe bet to keep them around. You may even want to use this in conjunction with the annual confirmation – only those records with no activity have to reconfirm. That will require a bit of additional work, but could pay off in spades if you avoid the loss of legitimate member email addresses.

Conduct an outreach campaign

If a member has no recorded interactions with an email, they’re not dead to you just yet. Many orgs conduct targeted outreach via phone, postcard, or even in-person meetings to get updated information from members. We’ve seen a number of associations have success driving traffic to their online information forms through these offline methods.

Once you’ve gone through these steps, you’ll likely have to decide to suppress some email addresses from your member list to maintain good deliverability. When this happens, remember that removing a member from your email list doesn’t negate their membership – they may still attend events, participate in forums, and engage with your organization. And each of those interactions is another opportunity for you to get updated information from them and bring them back into the email fold.

– BG

Industry Updates

Google Postmaster Tools Reputation data issues (UPDATE: Appears Resolved)

IP_Reputation_-_Postmaster_ToolsUPDATE: As of this morning (9/12) IP reputation data appears to be displaying correctly and domain reputation data is being provided.

If you’ve checked Google Postmaster Tools lately, don’t freak out just yet about your IP reputation. As first reported by Word to the Wise,  the IP reputation metrics appear to be broken at the moment, displaying a “Bad” reputation for all IP addresses since 9/9. I’ve seen this in my own Postmaster Tools account, along with a lack of data for domain reputation since 9/8. Authentication and Encryption metrics appear to be working correctly for me, but I can’t say for sure whether the Spam Rate, Feedback Loop, or Delivery Errors charts are correct – they all show zero since 9/8, but that’s not uncommon in my experience.

Like Laura, I’ve not seen any delivery problems associated with the change in metrics, with bounce and open rates at Gmail pretty consistent based on a few spot checks.

As of yet there doesn’t appear to be an official confirmation from Gmail, but clearly something is hosed with their data. Is it possible this is tied to the Postmaster Tools updates that were promised a few months back? I’d say it’s unlikely…but a guy can hope, right?

– BG

Best Practices, Industry Updates

Microsoft rejecting your mail? You may be suspected of email harvesting

www.volganet.ru [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL 1.3 (www.gnu.org/licenses/fdl-1.3.html)], via Wikimedia Commons
via Wikimedia Commons
If you’ve been noticing your mail is rejected by Microsoft lately, it’s a good idea to take a look at the Smart Network Data Solutions (SNDS) dashboard. If you’re not aware, SNDS is Microsoft’s tool to show senders how their mail performs to recipients at MS domains. You can sign up for free (assuming you own your IP addresses); if you use an ESP, they’ll have SNDS set up for your sending IP and generally monitor it regularly.

If you do have SNDS access, you can check the IP Status heading to see any blocks that are currently in place for the IPs you own. Over the past few weeks I’ve been seeing a lot of IP addresses listed there due to “E-mail address harvesting.” After working with the Postmaster team, it seems the issue occurs when too many RCPT commands are sent without valid recipients. In other words, the sending server attempted to validate the existence of a lot more email addresses than they actually sent mail to. These blocks are most commonly associated with dictionary attacks, or sending to many usernames at the same domain (aaa@domain.com, aab@domain.com, aac@domain.com) with the purpose of finding good addresses. This tactic is often used by spammers who are – you guessed it – harvesting email addresses for their mailing list.

However, the instances I’ve seen have all been legitimate senders, sending mail to people who have signed up to receive it. In one case, a human error led to sending mail to a list of unsubscribed addresses, but the rest appear to simply be senders whose list hygiene needs improvement. In addition to dictionary attacks, these blocks seem to be triggered by high rates of invalid recipients. These recipients are counted in the number of RCPT commands but not in the total delivered. In one case, the difference between the two was only around 10% – certainly not ideal, but also not indicative of a spammer harvesting addresses.

When working with the Postmaster team, they’ve been very helpful in getting the blocks resolved once we explain the circumstances around the sends and how we’ve taken steps to prevent a recurrence, but these blocks have stopped all mail to Outlook.com users for days in some cases before they are removed. For a sender, this could mean a substantial loss of revenue while the block is in place…so what can you do?

Now more than ever, list hygiene is paramount. Be sure you aren’t sending to old or stale contact lists and target recipients with recent open or purchase activity. Keeping your bounce rates as low as possible will minimize the chances you run into one of these MS blocks.

Been flagged as a harvester yourself? Just having trouble getting delivered to Outlook? Let me know in the comments or via email!

– BG

Best Practices

Don’t give a damn ’bout my reputation

Chances are, you’re reading this on the internet right now. And if so, you’ve probably heard the word “reputation” thrown around a lot this week thanks to Taylor Swift and her new album announcement (I prefer Joan Jett, thanks). While reputation may be seeing a moment in the pop culture space, its place in email has been long established. A good sender reputation is paramount for a successful email program, and a bad reputation can lose you thousands in revenue on a single campaign. So why, then, do so many organizations treat it so carelessly?

Taylor Swift's Reputation album cover
Mert & Marcus

Case in point: I’ve worked with marketers who have partnerships with other organizations in which they cross-promote each other’s products. A common arrangement, no doubt, and in most cases mutually beneficial. Often one party reaches out to me or another consultant asking how they can protect their domain reputation from any damage caused by the cross-promotion.

When I get this question, I typically first ask if they believe there is a legitimate risk of damage to their sender reputation, If so, why? Are they partnering with an organization with poor email practices? And if they are that concerned about the reputation of this partner “bleeding over” into their own domain, why do they continue to do business with them?

Many senders seem to feel they can overcome these risks with some technical sleight-of-hand: using a different IP address or domain, redirecting links through different servers, etc. While these tricks may work temporarily, mailbox providers have become extremely advanced in their filtering. These practices are often associated with spammers and malicious senders, so using them can cause even more damage to your reputation when the providers start to associate them with your brand.

In email, just as in life, the parties with whom you associate can tarnish your good name. Doing business with disreputable email senders will start to impact your deliverability and brand reputation. In fact, Google even uses factors like web and search reputation as part of their mail filtering algorithms. Technology has led to the increasing intersection of our public and private lives – we’ve all heard the stories of folks who got fired after an inflammatory social media post was discovered. In the same way, every aspect of your brand’s digital presence is connected and has the potential to impact your email program.

If you have a high level of concern that your actions or partnerships will cause damage to your sender reputation, you’re probably right. Instead of looking for ways around it and causing more damage, explore ways you can generate additional traffic and revenue without the additional risk. Vet your partners carefully – make sure their practices don’t sink the hard work you’ve put in to establish your own good reputation.

– BG

Industry Updates

US, Global inbox delivery rates increase slightly

2017-Deliverability-Benchmark_pdf2This time of year is a little like email Christmas, between the recent State of Email Deliverability from Litmus and now the Return Path 2017 Deliverability Benchmark Report landing on our proverbial doorstep. Last week Laura at Word to the Wise provided some great insight from the Litmus report, pointing to just how important list acquisition really is. I’d recommend checking it out in addition to downloading the report.

This week’s Return Path report also provides some interesting data as usual, but few surprises. Of note, the global inbox delivery rate rose 1% to an average of 80% for the year ending June 2017. This stat has remained fairly consistent since Return Path started generating this report a few years back, with fluctuations being fairly minor. What is a bit surprising is that with all the changes in the industry around user engagement and email filtering, this number remains so constant. However, while email marketing as a whole has seen inbox delivery rates hover around 80% the past few years, individual countries, industries, and specific senders typically see much wider swings depending on a number of factors.

In the US we still manage to lag behind the global average, managing a 77% inbox delivery rate. On the positive side, this is an increase of 4% over last year’s numbers but still comes in at the bottom of the list of countries referenced in the report (Canada and Australia tied for best with 90% inbox delivery). It’s also down 10 points from the high of 87% back in 2014. It also continues to be concerning that in the US, 16% of the mail that failed to reach the inbox was categorized as “Missing,” indicating it wasn’t delivered to either the inbox or the spam folder. Typically this means the message was rejected at the server gateway and bounced back to the sender.

If you’re in the Automotive, Insurance, or Technology industry, take heart! These three industries, typically among the worst in inbox delivery, all saw double-digit increases over the past year, with Insurance jumping 13 points to 89%. The question here: did the insurance industry really clean up its act, or did the current state of affairs prompt more people to start assessing their risk?

2017-Deliverability-Benchmark_pdf

As a reminder, all of this data came from Return Path clients – over 2 billion messages sent during the past year. These are marketers who are paying for RP services to help optimize delivery, so the data obviously excludes off-the-grid spammers and botnet operators. This means that for well-known brands and organizations, typically running opt-in campaigns, 1 out of every 5 emails still doesn’t reach the inbox. Could you use 20% more revenue, donations, or members? If you haven’t already, it’s time to start paying attention to deliverability.

– BG

Deliverability 101, Delivery Essentials

Deliverability 101: IP address and domain reputation

Reputation can be very important in all walks of life, and email is no different. For senders with a good reputation, mail is more likely to be delivered to the inbox, giving your recipients more chances to read and interact. On the other hand, if your reputation is “not so hot,” you’ll be more likely to see your messages end up in the spam folder or even rejected altogether. So what exactly is this mystical “reputation,” and how is it determined?

15313888764_975c5f0c67_z

IP Address Reputation

Before we address (no pun intended) the reputation aspect, let’s have a brief refresher on the nature of IP addresses. Every device connected to the internet – computer, router, even your smart thermostat – is assigned a numeric value known as the Internet Protocol address. This IP address is how your mail server is identified on the internet. When you send mail to a recipient, their mail provider will see where the message originated, identified by that IP address.

Most inbound mail servers will also attempt to use that IP address to determine whether the sender of the mail is trustworthy. If mail from that IP address is often sent to invalid addresses, or the mail generates too many complaints, the inbound server may choose to route incoming messages from that server to spam, or block them outright. Many mailbox providers also use third-party IP address blacklists like Spamhaus or Spamcop, choosing to filter or reject mail from IPs that appear on those lists.

A few years ago, IP address was the gold standard for sender reputation. As content filters that looked for “spam words” became less effective (MILLI0NS OF DOLLAR$ IN VI4GRA, anyone?), IP reputation helped receivers identify habitual bad senders. The receivers could then act on all mail sent from those servers instead of chasing down ever-morphing content to filter inbound mail. This often caused issues for ESPs with smaller clients, because many clients were often sending from the same IP address (This is one of the reasons many ESPs tend to be more strict with shared-IP clients – because mail you send can impact delivery for many other senders on your IP).

A fact that is not widely known outside tech circles is that the internet is running out of IP addresses. As a result, a new standard for IP addresses was created: IPv6. This standard allows for a seemingly infinite number of IP addresses – theoretically 340,282,366,920,938,463,463,374,607,431,768,211,456 to be exact. With that many IP addresses, anyone whose IP is blocked can simply start using a different IP address, essentially bypassing IP address-based filtering.

Domain Reputation

There are times that an IP address alone doesn’t give the whole picture. The shared IP pools used by some ESPs, as mentioned above, are a prime example. Another example might occur when multiple divisions of a single company or organization use the same IP addresses to send mail. Because of this, and the onset of the IPv6 standard, domain reputation has become increasingly important in mail delivery.

How domain reputation is checked can vary depending on the mail server. Some providers check only the domain the mail is actually sent from, while others look at all the domains in the message headers. Some providers, including Google, check every domain in the body of the message as well. So if you send your mail from example@example.com, you can bet the reputation of example.com will be checked, but other domains in your message could be checked as well. If you are using an ESP or other hosted mail solution, there may be domains in the header that belong to your host that will also be checked (another reason authentication is so important). And don’t forget those links in the body! Many filters will block a message if it contains links to domains that have been flagged as spam or dangerous. If you’re linking to a domain you don’t own, it’s a good idea to check its reputation using one of the handful of free online tools available (we’ve compiled a few on our Resources page).

Not surprisingly, a domain’s reputation is typically impacted by mail sent from that domain or using that domain in the body. However, it can also be affected by the reputation of that domain on the web as a whole. If a specific website has gotten a bad reputation for, say, gaming Google’s search engines or potentially scamming customers, that can also impact mail delivery.

The ‘Secret Sauce’ of Sender Reputation

When it comes to actually filtering inbound email, every mailbox provider uses a unique combination of factors to determine whether mail reaches the inbox. For many providers, IP address reputation still ranks at or near the top of the list of these factors. Domain reputation is typically very close behind, if not in the top spot. After that, there are typically various ingredients that make up the proprietary methods used by each organization. Trying to figure out the secret sauce for each ISP is a fruitless effort – even if you do manage to find a trick that bypasses or overcomes a specific filter for a time, it will invariably change and you’ll be left looking for another backdoor.

While the specific components of spam filters change constantly, your sender reputation – both IP and domain – will continue to play the largest role in getting your mail to the inbox. Manage that reputation well, and you’ll save yourself a lot of delivery headaches.

For more information on IP addresses or the IPv6 standard, check out these resources:
What is an IP Address? on HowStuffWorks
Word to the Wise – IPv6 archives
IPv6.com – A Beginner’s Look

– BG

Best Practices

Spammers Anonymous, or How I Learned to Stop Worrying and Send Email

anonymous

Hi, my name is Brad, and I’m a spammer. 

Recently I discussed how the perception of consent often varies pretty widely from sender to recipient, and asserted that sending any unsolicited mail (no matter how innocuous) makes one a spammer. In retrospect, and in light of a rousing debate currently occurring in a popular industry forum, it may be helpful to expand a bit on that statement.

Much like politics, most of the voices you hear in the email industry tend to vary between two extremes. One one hand, there are the anti-abuse crusaders, those who propose hefty penalties for anyone who sends even a single unsolicited email. On the other, you have those who believe that because someone provided their email address somewhere public (i.e. on their employer’s webpage), they are giving free reign for marketers to send them anything they want. Most of us, thankfully, are somewhere in between. Those of us who send email on behalf of others (email service providers, particularly) generally have to be closest to the median as we balance the needs of senders who want to keep their business growing with the ability to reach recipients (more accurately, their mail providers) who don’t want to receive spam.

To that end, I say this: unsolicited mail is spam. Unless your intended recipient asked you directly to receive what you’re sending, you’re sending spam. The thing is, we’ve almost all done it – even those of us on the anti-abuse side of things. If we haven’t sent spam directly, we’ve been party to it. Maybe it was the marketing team at our company. Maybe it was a salesperson, contractor, or vendor. No one likes spam, but very few of us can say we are completely removed from it.

Go ahead, let it out. It’s cathartic.

Does that excuse sending sending spam? Not even close. Just because we’ve all likely done it doesn’t mean it’s okay. What it does mean is that the damage can be fixed – but how? In Spammers Anonymous, there are just 3 steps on your path to email enlightenment:

Get permission.

This one is the simplest, but often causes the most problems. Don’t send to addresses that were found on a website or forum. Don’t purchase lists or use any list generated by a third party (including government lists obtained via the Freedom of Information Act – those are some of the worst). If someone makes a purchase from you or joins your organization, give them the option to receive your marketing emails. In some jurisdictions (I’m looking at you, Canada) it’s a requirement that you provide separate consent options.

Set expectations.

When someone provides you their email address they’re trusting you to send them the information they’ve requested, and not to send them other, unwanted mailings. Honoring that trust helps build loyalty and keeps your recipients happy. One of the best ways to ensure your trustworthiness is to set clear expectations at sign-up. At the point of email collection, make clear designations of the type and frequency of mailings you’ll be sending. It doesn’t have to be hyper-specific; something like “weekly informative newsletters” does the trick without excessive wording. Bonus upside: when your recipients expect your email, they’re ready to engage when it shows up and often tell you when it doesn’t (which helps identify potential delivery issues).

Acknowledge there is a higher power.

OK, so this one may sound familiar – but in this case we’re talking about mailbox providers. Google, Microsoft, Yahoo, and AOL, among others, provide mailboxes to millions of recipients and their primary focus is ensuring those recipients get only the mail they want. One of the biggest ways they do this is through engagement monitoring. Recipients who read and reply to your messages are more likely to see them front and center in their inbox. This means that your job is not only to get the initial opt-in, but to ensure your recipients continue to want your mailings. One of the best ways to do this is through re-engagement campaigns. Every 6-18 months (depending on your sending frequency), reach out to recipients who haven’t engaged and ask if they still want your mailings. For those that don’t, purge them from your list and look at other ways to market to them, such as phone outreach or snail mail.

If you’re sending unsolicited email, attempting to justify your practices won’t matter to the mailbox providers who are routing your mail to Spam, or to the blacklist admins who have flagged your IP address for hitting spam traps. Instead of hiding behind the “everyone’s doing it” mantra, take action and make your program better than everyone else’s. It takes some work to follow best practices, but taking these steps will help ensure your mail gets delivered and boost your business in the long run.

– BG