Best Practices, Delivery Essentials

Fact or Fiction: Can you REALLY clean spam traps from your email list?

320px-busted_in_rustEarlier this month I spent a week in sunny Toronto for the Fall M³AAWG meeting, featuring a variety of sessions and conversations around all things anti-abuse. At any industry event like this, spam traps are usually a popular topic of discussion (check out this post for a primer on spam traps and why they matter). Senders want to know how to avoid or get rid of them, while many blacklist operators consider them a necessary evil to help identify poor sending practices. One of the most hotly-debated questions regarding spam traps surrounds how to remove them from your list. Many senders and solution vendors claim to be able to identify and remove spam traps, while trap operators go to great lengths to keep their traps anonymous. Let’s look at a couple of the most commonly-cited ways of identifying spam traps and how effective they really are.

List Validation & Hygiene Vendors

As mailbox providers have made it harder to reach the inbox, list hygiene services have become a booming segment of the industry. While some employ dubious methods, even prompting a warning from Spamhaus, there are a number of services that are considered reputable and are commonly used by legitimate marketers and even ESPs. For our discussion, let’s focus on these more reputable vendors.

As a basic rule, list validation services will take your file of contacts and provide a grade or score for each record. The data will indicate whether the email address is confirmed valid, confirmed invalid, or somewhere in between. Most of these vendors claim (some more prominently than others) to be able to identify spam trap addresses. Therefore, if you believe or know you have traps in your list, you should be able to purchase these services and solve your problem, right?

Not so fast, hot shot. Spam traps are secret by nature – if you know an address is a spam trap, then it has lost its effectiveness. As a result, trap operators make efforts to ensure traps are not identified by any outside party, including validation services. The traps identified by these services may have been actively used in the past, but at this point have likely been abandoned by their operator. Even those traps that are still in use would represent only a fraction of the spam traps that exist in the wild. So you may clean a few traps off your list, but you’re not going to solve any major spam trap issues using one of these services.

Effectiveness grade: F

Segmentation and isolation

Over the years I’ve run across many senders (and even some vendors) who believe that identifying spam traps in your list is as simple as pinpointing the time of the trap hits and/or the affected message(s) and/or the group that contains the traps. These senders will often slice up affected lists, sending to smaller and smaller segments of contacts until they have isolated a very small number of records that are, or may be, traps. They can then remove these bad apples from the list and go on sending willy-nilly to the rest of the recipients.

In reality, there are a couple of problems with this approach. First, most trap operators or blacklist admins aren’t going to provide you with the type of data that is required for this process. If you are considered a relatively trustworthy sender, you might get very limited data about trap hits – a date or a subject line, perhaps – but this is almost always just a sample of the full data set. If you get details on a single trap hit, there are likely 10 or 20 or 100 more hits that you can’t see. Trying to narrow down your list based on incomplete data is not likely to generate accurate results.

Effectiveness grade: D

Nullification

Similar to the previous method, this process involves using data provided by the trap operator to isolate and remove affected recipients. This is most often implemented by senders who use highly targeted segments and who may be sending to only a few dozen or hundred recipients at a time. Because of the small segment size, the sender often finds it more appealing to simply remove the entire list that was targeted on the specific day or with the specific message identified as hitting traps.

While removing the entire recipient list could be a slightly more effective solution, this method suffers from the same deficiency as the last: lack of data. This method is only effective if the trap operator provides the full list of trap hits with timestamps – which is extremely unlikely. So even if you suppress the list of recipients called out for one hit, you are likely to be missing the lists that contain additional traps. .

Effectiveness grade: C-

As you can see, none of these methods are especially effective at resolving spam trap issues, and it’s for a simple reason: they address the symptoms (spam traps) instead of the underlying problem (poor list acquisition or hygiene practices). Many trap operators will recommend reconfirming your contact database, the only truly effective method to remove spam traps from your database. However, you’re likely to lose some valid recipients in the process so most senders will only do this as a last resort. We’ve found that a better solution is a hybrid approach that includes both engagement and confirmation elements.

Engagement-based list cleanup

One fact we know about spam traps is that they don’t open email (with very few exceptions). As such, excluding recent openers and clickers from your confirmation efforts will help minimize potential losses to your list. Once you’ve identified those recipients who haven’t engaged in the past 6-12 months, you can temporarily suppress them from further mailings, then send them a confirmation request. Those who engage with the confirmation request can be returned to your active mailing list, and the rest should remain suppressed.

Effectiveness grade: A

It’s nearly impossible to isolate and remove spam traps from your database, so it’s best to stop them from getting there in the first place. Getting clear permission for all new recipients and using an engagement-based list hygiene process can all but eliminate the risk of spam traps in your list and make sure you never need to put these methods to the test.

– BG

 

Best Practices, Delivery Essentials

Zombies are everywhere…including your member database

WARNING: PLEASE DO NOT FEED THE ZOMBIESYesterday morning I received a bit of a surprise in the form of an email from Tumblr congratulating me on the 9th “birthday” of my blog. I checked and it seems I last posted on Tumblr just over 3 years ago…and only three times ever. In March 2013, I posted a photo from a photo sharing app called Streamzoo – an Instagram alternative that, apparently, wasn’t a good enough alternative and shuttered in 2014. In 2012 I posted a photo from Instagram, but from an account that no longer exists (it was deleted among the wave of privacy concerns about Instagram around that time.)

The fact that I got this notification is a good thing, as it means I’m still using the email address I used to create the Tumblr account – but what about all those accounts I created with previous addresses?

As I dug through websites I hadn’t thought of in years – MySpace, LiveJournal, even Angelfire! – it brought to mind a common issue for the association groups I work with: zombie members. While the use of zombie imagery in reference to old email addresses and web accounts isn’t new, paying attention to those undead records is more relevant than ever for organizations whose email program relies heavily on membership rolls.

Too often when troubleshooting delivery issues, membership organizations completely exclude their active member list from any sort of list hygiene initiatives. The reasoning makes sense on the surface: if someone is an active (often paying!) member of your organization, clearly they want your emails, right? Unfortunately, that often doesn’t take into account some of your most loyal members.

It’s an oft-quoted statistic that 20-30% of email account owners change their email address each year, often due to a change in internet provider or employer. Over the course of 5 years, that equates to a greater than 1 in 3 chance a recipient has changed their email address – but did they tell you? How would you know?

Let’s talk through some of the most common assumptions used to justify why an email address shouldn’t be subject to list hygiene practices and how they can lead to trouble.

1. “They logged into our website.”

This seems like a slam dunk: your website uses email address as username, and the member had to log into their account to renew (or you can see a record of their login.) That definitely means the address is good, right? Nope. Every web browser since Netscape Navigator (and probably before) has been able to save login information so you don’t have to remember those pesky passwords. If members aren’t required to confirm their email address regularly, they have little incentive to change their username (assuming they even realize they’re using the old address).

2. “They attended a conference.”

Like logging into your site, this is a great sign they’re engaged with your organizationbut not necessarily with your emails. If the registration for the event took place on your org’s website (that same one with the saved password, above), attendees may be using the same saved information to register. It may seem unlikely, but I’ve worked with many orgs who were unpleasantly surprised by the number of recent event registrants whose information was out of date.

3. “CAN-SPAM says we can send to members no matter what.”

It is true that CAN-SPAM has an exemption for messages deemed to be pertaining to a transaction or ongoing relationship. The FTC has issued some guidelines around this, but there’s still quite a bit of grey area. Sending a message announcing conference registration to your members? Maybe a promotion for a Continuing Ed course for industry professionals? Most experts would tell you these aren’t exempted messages.

Truth be told, whether they are or aren’t exempt is irrelevant to the discussion. CAN-SPAM allows you to send almost any sort of unsolicited email as long as you provide contact info and an unsubscribe method. This is the bare minimum required to comply with the law (and any reputable ESP will require permission.) However, every major email provider has implemented complex spam filtering systems designed to block or reject mail their recipients don’t want.  If their recipients don’t open your emails, or they mark them as spam or unwanted, your mail won’t get delivered. So yes, you may have legal permission to send them email, but that means absolutely zero when it comes to whether your message reaches the inbox.

How can you be sure your members’ information is valid?

While none of the above methods should be considered a reason to keep an email address in your list, there are a few options for confirming addresses that are a bit more reliable.

Send a reconfirmation email

The gold standard of email verification is the confirmation email. Once per year (often at the time of renewal), send an email to the address on file that requires a click on a confirmation link to stay on your list. If someone clicks, you know you’ve got the right person and the right address. If they open but don’t click? That’s a bit more of a grey area. Depending on the language in your email, you may want to keep them around but limit the emails they receive. Non-openers should be suppressed from your email campaigns going forward.

Look for recent opens or clicks

Most orgs are hesitant to require annual confirmation, which is understandable. It’s likely to shrink the size of the email database, a prospect that rarely elicits a thumbs-up from the executive team. In those cases, you can still look for recent activity from the recipient in the form of opens, clicks, and replies. If you have records indicating a recipient opened, clicked on, or replied to an email in the past 12 months, it’s generally a safe bet to keep them around. You may even want to use this in conjunction with the annual confirmation – only those records with no activity have to reconfirm. That will require a bit of additional work, but could pay off in spades if you avoid the loss of legitimate member email addresses.

Conduct an outreach campaign

If a member has no recorded interactions with an email, they’re not dead to you just yet. Many orgs conduct targeted outreach via phone, postcard, or even in-person meetings to get updated information from members. We’ve seen a number of associations have success driving traffic to their online information forms through these offline methods.

Once you’ve gone through these steps, you’ll likely have to decide to suppress some email addresses from your member list to maintain good deliverability. When this happens, remember that removing a member from your email list doesn’t negate their membership – they may still attend events, participate in forums, and engage with your organization. And each of those interactions is another opportunity for you to get updated information from them and bring them back into the email fold.

– BG

Industry Updates

Google Postmaster Tools Reputation data issues (UPDATE: Appears Resolved)

IP_Reputation_-_Postmaster_ToolsUPDATE: As of this morning (9/12) IP reputation data appears to be displaying correctly and domain reputation data is being provided.

If you’ve checked Google Postmaster Tools lately, don’t freak out just yet about your IP reputation. As first reported by Word to the Wise,  the IP reputation metrics appear to be broken at the moment, displaying a “Bad” reputation for all IP addresses since 9/9. I’ve seen this in my own Postmaster Tools account, along with a lack of data for domain reputation since 9/8. Authentication and Encryption metrics appear to be working correctly for me, but I can’t say for sure whether the Spam Rate, Feedback Loop, or Delivery Errors charts are correct – they all show zero since 9/8, but that’s not uncommon in my experience.

Like Laura, I’ve not seen any delivery problems associated with the change in metrics, with bounce and open rates at Gmail pretty consistent based on a few spot checks.

As of yet there doesn’t appear to be an official confirmation from Gmail, but clearly something is hosed with their data. Is it possible this is tied to the Postmaster Tools updates that were promised a few months back? I’d say it’s unlikely…but a guy can hope, right?

– BG

Industry Updates

US, Global inbox delivery rates increase slightly

2017-Deliverability-Benchmark_pdf2This time of year is a little like email Christmas, between the recent State of Email Deliverability from Litmus and now the Return Path 2017 Deliverability Benchmark Report landing on our proverbial doorstep. Last week Laura at Word to the Wise provided some great insight from the Litmus report, pointing to just how important list acquisition really is. I’d recommend checking it out in addition to downloading the report.

This week’s Return Path report also provides some interesting data as usual, but few surprises. Of note, the global inbox delivery rate rose 1% to an average of 80% for the year ending June 2017. This stat has remained fairly consistent since Return Path started generating this report a few years back, with fluctuations being fairly minor. What is a bit surprising is that with all the changes in the industry around user engagement and email filtering, this number remains so constant. However, while email marketing as a whole has seen inbox delivery rates hover around 80% the past few years, individual countries, industries, and specific senders typically see much wider swings depending on a number of factors.

In the US we still manage to lag behind the global average, managing a 77% inbox delivery rate. On the positive side, this is an increase of 4% over last year’s numbers but still comes in at the bottom of the list of countries referenced in the report (Canada and Australia tied for best with 90% inbox delivery). It’s also down 10 points from the high of 87% back in 2014. It also continues to be concerning that in the US, 16% of the mail that failed to reach the inbox was categorized as “Missing,” indicating it wasn’t delivered to either the inbox or the spam folder. Typically this means the message was rejected at the server gateway and bounced back to the sender.

If you’re in the Automotive, Insurance, or Technology industry, take heart! These three industries, typically among the worst in inbox delivery, all saw double-digit increases over the past year, with Insurance jumping 13 points to 89%. The question here: did the insurance industry really clean up its act, or did the current state of affairs prompt more people to start assessing their risk?

2017-Deliverability-Benchmark_pdf

As a reminder, all of this data came from Return Path clients – over 2 billion messages sent during the past year. These are marketers who are paying for RP services to help optimize delivery, so the data obviously excludes off-the-grid spammers and botnet operators. This means that for well-known brands and organizations, typically running opt-in campaigns, 1 out of every 5 emails still doesn’t reach the inbox. Could you use 20% more revenue, donations, or members? If you haven’t already, it’s time to start paying attention to deliverability.

– BG

Best Practices

Spammers Anonymous, or How I Learned to Stop Worrying and Send Email

anonymous

Hi, my name is Brad, and I’m a spammer. 

Recently I discussed how the perception of consent often varies pretty widely from sender to recipient, and asserted that sending any unsolicited mail (no matter how innocuous) makes one a spammer. In retrospect, and in light of a rousing debate currently occurring in a popular industry forum, it may be helpful to expand a bit on that statement.

Much like politics, most of the voices you hear in the email industry tend to vary between two extremes. One one hand, there are the anti-abuse crusaders, those who propose hefty penalties for anyone who sends even a single unsolicited email. On the other, you have those who believe that because someone provided their email address somewhere public (i.e. on their employer’s webpage), they are giving free reign for marketers to send them anything they want. Most of us, thankfully, are somewhere in between. Those of us who send email on behalf of others (email service providers, particularly) generally have to be closest to the median as we balance the needs of senders who want to keep their business growing with the ability to reach recipients (more accurately, their mail providers) who don’t want to receive spam.

To that end, I say this: unsolicited mail is spam. Unless your intended recipient asked you directly to receive what you’re sending, you’re sending spam. The thing is, we’ve almost all done it – even those of us on the anti-abuse side of things. If we haven’t sent spam directly, we’ve been party to it. Maybe it was the marketing team at our company. Maybe it was a salesperson, contractor, or vendor. No one likes spam, but very few of us can say we are completely removed from it.

Go ahead, let it out. It’s cathartic.

Does that excuse sending sending spam? Not even close. Just because we’ve all likely done it doesn’t mean it’s okay. What it does mean is that the damage can be fixed – but how? In Spammers Anonymous, there are just 3 steps on your path to email enlightenment:

Get permission.

This one is the simplest, but often causes the most problems. Don’t send to addresses that were found on a website or forum. Don’t purchase lists or use any list generated by a third party (including government lists obtained via the Freedom of Information Act – those are some of the worst). If someone makes a purchase from you or joins your organization, give them the option to receive your marketing emails. In some jurisdictions (I’m looking at you, Canada) it’s a requirement that you provide separate consent options.

Set expectations.

When someone provides you their email address they’re trusting you to send them the information they’ve requested, and not to send them other, unwanted mailings. Honoring that trust helps build loyalty and keeps your recipients happy. One of the best ways to ensure your trustworthiness is to set clear expectations at sign-up. At the point of email collection, make clear designations of the type and frequency of mailings you’ll be sending. It doesn’t have to be hyper-specific; something like “weekly informative newsletters” does the trick without excessive wording. Bonus upside: when your recipients expect your email, they’re ready to engage when it shows up and often tell you when it doesn’t (which helps identify potential delivery issues).

Acknowledge there is a higher power.

OK, so this one may sound familiar – but in this case we’re talking about mailbox providers. Google, Microsoft, Yahoo, and AOL, among others, provide mailboxes to millions of recipients and their primary focus is ensuring those recipients get only the mail they want. One of the biggest ways they do this is through engagement monitoring. Recipients who read and reply to your messages are more likely to see them front and center in their inbox. This means that your job is not only to get the initial opt-in, but to ensure your recipients continue to want your mailings. One of the best ways to do this is through re-engagement campaigns. Every 6-18 months (depending on your sending frequency), reach out to recipients who haven’t engaged and ask if they still want your mailings. For those that don’t, purge them from your list and look at other ways to market to them, such as phone outreach or snail mail.

If you’re sending unsolicited email, attempting to justify your practices won’t matter to the mailbox providers who are routing your mail to Spam, or to the blacklist admins who have flagged your IP address for hitting spam traps. Instead of hiding behind the “everyone’s doing it” mantra, take action and make your program better than everyone else’s. It takes some work to follow best practices, but taking these steps will help ensure your mail gets delivered and boost your business in the long run.

– BG

Best Practices, Delivery Essentials

Recipients (and their mail providers) don’t care if you think they want your mail

There, I said it (and so did Laura at Word to the Wise, among others).

tumblr_mslx9kwdn11rkumvuo1_400

During my years in the email industry, I’ve heard countless senders try to explain to me and others why their messages really aren’t spam. Usually it involves the fact that the messages are personalized, the recipients have been highly targeted, and the products or services advertised aren’t illegal or inherently spammy (you know, like male enhancement and Nigerian princes). If I had a nickel for every time I’ve heard “We’re sending email people want to receive,” I’d probably be swimming in nickels Scrooge McDuck-style. I’d have to think that phrase is probably right behind “Let me tell you about my business model” in the lexicon of things spam fighters and anti-abuse staff never want to hear.

Many of the senders making these arguments fall into the B2B market Laura mentions in the above-referenced WttW article. They are often sending to companies or individuals in a specific industry or who they believe are in the market for certain products or services, who are just waiting for some shrewd marketer to find their email address and send them an unrequested solicitation for a product they didn’t even know they wanted.

If your recipients didn’t ask for your emails, they’re spam. You are sending spam and are, by definition, a spammer. That doesn’t make you a bad person, or mean that your business is illegitimate. It also doesn’t (necessarily) mean your mail will get filtered or blocked, but it does mean you’re at a higher risk of your mail being rejected or sent to the spam folder because technically it is spam. It means the major mailbox providers are working to prevent mail like yours from reaching their users’ inboxes. And if you’re sending in certain jurisdictions, it may even mean you’re committing a crime.

All the major mail providers are using engagement metrics to determine how to route mail. Mail that consistently gets opens, replies, and other positive engagement is going to end up in the inbox. And consistently, the mail that gets that type of interaction is permission-based. All the subject line optimization, flashy promotional content, and discount offers in the world can’t give you the kind of consistent engagement you’ll find from sending to people who asked for your emails. It’s an extremely simple concept – but one that many marketers seem to not quite grasp.

– BG

Industry Updates

Is Canada’s eleventh-hour CASL PRA halt good for senders?

canada-2026425_640You’ve probably already heard the news.Maybe it was in your Twitter feed, or on LinkedIn, or even gossip around the water cooler this morning: CASL’s Private Right of Action is (temporarily) dead.

The announcement triggered a collective sigh of relief from marketers in North America and beyond, even eliciting a happy dance or two.

But what does this announcement actually mean? Matt Vernhout of EmailKarma details the next steps, which include a parliamentary review of the CASL provisions and a pronouncement of the new effective date.

It’s possible the legislation could remain unchanged and simply take effect at a later date, but that seems unlikely given the concerns raised by the industry in response to the pending provisions. Per Return Path, some of the key concerns included:

  1. potentially bankrupting small and medium-sized businesses (due to the legal costs of defending a class action)
  2. inordinate court time and court resources being devoted to frivolous claims
  3. litigation counsel receiving a disproportionate share of damage awards (or settlements), and
  4. negative impact to consumers where businesses (both foreign and domestic) avoid electronic communication, delay the introduction of software technologies, and pass along the cost of PRAsettlements or rulings in the pricing of consumer goods

For the past 3 years, we’ve been hearing opponents of CASL voice many of these concerns, and it appears their cries have finally made it to the ears of the Canadian government. Unfortunately it’s still too early to tell if this is a full-on reprieve or merely a temporary stay of execution.

With the deadline looming so closely, it’s likely most senders have already double- or triple-checked their compliance processes. If you fall into that camp, stay the course. Even without the PRA, the CRTC can and has levied hefty fines against CASL violators, so making sure your processes are airtight can only help minimize your risk.

Based on my interactions with senders, there are many who haven’t completed their compliance efforts. If you’re one of those who was still scrambling to beat the deadline, don’t lose that head of steam. The delay of the PRA provides a bit of breathing room, but if you’re not 100% sure you’re compliant the risk of complaints and fines isn’t going away anytime soon.

– BG