|
| Email Addresses |
|
The Golden Rule is: Never buy email addresses from anyone.
No legitimate company will ever sell you a list of 'opt-in' email addresses. Anyone selling you lists of 'opt-in' email addresses is very simply a spam outfit. If you have been sold a list of email addresses which the seller promises are "opt-in", you have been conned.
Sending any bulk email to an address list purchased from a third party is guaranteed to get you in trouble for spamming, since none of the owners of the addresses on the purchased list gave you consent to subscribe them to your list.
All advertisements for lists of "opt-in email addresses" are fraudulent. No matter how legitimate the seller's web site looks, or how much the seller 'guarantees' or promises you the addresses are 'opt-in', never get suckered into buying any email address list.
Many spam outifts offer lists of 'opt-in' email addresses for sale and tell naive buyers that it is 'safe' to send bulk email to them. It never is. Inevitably purchased lists contain Spamtraps or generate complaints and the buyers find themselves blacklisted for spamming, then only after ruining their company names and losing their internet accounts they discover that the list seller's 'guarantee' was not worth a dime.
The Exception Which Proves The Rule is when a legitimate COI list is transfered from one owner to another owner, exclusively, such as in a company buyout, with all the subscription agreements retained including the topic of the list. COI records should be transfered as part of the agreement. That is obviously a special case, and very different from buying generic lists which are repeatedly resold to multiple buyers. |
| If the recipient is given the choice to opt-out, is it still spam? |
|
Spam is Unsolicited Bulk Email. If you send any bulk email to a recipient who did not request it from you or did not give their prior and informed consent to be subscribed to your list, you are spamming that recipient. Whether you offer an opt-out option in the message or not does not change the fact that the recipient has been sent Unsolicited Bulk Email, spam.
Nobody must ever be required to opt-out of anything they did not opt-in to in the first place. Given all the nasty and infectious material circulated by spammers, the endless tricks spammers employ to get users to click links to websites which on arrival infect their computers with Trojans, it can never be recommended that anyone click on any links in any unknown e-mail. |
| What is "confirmed opt-in"? |
|
Confirmed opt-in (COI) is a process by which a mailing list owner verifies that an opt-in request did in fact come from the owner of the email address and was therefore not spoofed, forged, typo'd or otherwise fraudulently subscribed. The essence of COI is that the subscriber MUST respond affirmatively to the initial message sent to their e-mail address or else they are NOT added to the list. COI ensures that all addresses are added to the list legitimately and only with the owner's permission. Note that simply sending a "welcome" message where the e-mail address owner is subscribed unless they take specific action in order to stop the mail is a form of "opt out" and does not fulfill the "opt in" standard required by Spamhaus' users.
For the user subscribing to a mailing list, COI is as simple as replying to an automated confirmation e-mail or clicking a link in an automated confirmation e-mail. In professional list management software, COI utilizes a unique token (sort of like a single-use password) passed from the list software to the would-be subscriber, and the subscriber returns the token to confirm their permission. Such "closed-loop confirmation" has been Best Current Practice in mailing list management software since about 1996. Software handles all the token transactions and maintains logs to document each and every subscription.
All professional mailing list management products support COI, some proprietary and some open-source (free). Communigate Pro, MajorDomo, EZMLM, MailMan, and Lyris are a few of the names of such products.
|
| What is the right way to send bulk e-mail? |
|
This is intended only as a basic outline of what it takes to manage a legitimate bulk e-mail list. Seek expert advice from appropriate companies and consultants for a more complete understanding of the complicated issues of legitimate bulk e-mail. Remember, all bulk e-mail must be opt in, otherwise it is unsolicited. And Unsolicited Bulk E-mail (UBE) is spam!
1. Address acquisition - Make sure it's Opt In. If the recipient didn't ask for it in the first place, the rest of the list management processes are irrelevant. While various transactions and business relationships can infer permission, if there's any doubt, or for any on-going bulk e-mail relationship, closed-loop Confirmed Opt In (COI) is the gold standard for verifying permission, in use since about 1996. Some examples of software which use COI include Majordomo-2, EZMLM, Mailman, and Lyris.
For more on COI, see:
2. Truth in advertising - State your policies and the nature of the bulk e-mail at the point of subscription. Tell the subscriber what to expect: how often, how big, what kind, what topics and content, etc. Don't hide information about the subscription on remote pages, behind hyperlinks, or buried in jargon, legalese, and obfuscation.
3. Identify your company properly in the message itself and in Internet records. Use properly registered domains with working mail and web addresses. Every domain you use should identify your company and lead to a website identifying your company. Don't hide behind ever-changing mazes of domains (snowshoe spamming). Anonymized whois records just shout "hey, I'm trying to hide something!" So does using only an image for your name and address in the mail. Use proper SPF records and DKIM signatures. Stand behind every message you send saying "we sent that mail and we accept responsibility for sending it." Make your online identity as solid as a brick-and-mortar business.
4. Maintenance - Keep your list current! Remove unsubscription requests and bounces promptly, as close to real-time as possible, no later than the same day. Mail the list at regular intervals. Unmailed lists provoke high complaint rates when they reactivate, even from truly opt-in addresses. Addresses "churn" over time, that is, they are abandoned or re-used. For most commercial lists, mail at least once per week and remove any address with three sequential bounces, or with sequential bounces for more than two weeks.
5. Bounce processing - Respect what the recipient's server tells you. SMTP "5xy" codes mean "No!" Bouncing your mail off the filters but showing up in the logs, or resuming spamming after filter rules come down, is a sure-fire way to really annoy server operators and mailbox owners alike. Addresses being converted to spamtraps will typically reject (5xy) all deliveries for about six months...you certainly don't want those on your list so make sure they bounce off!
Similarly, a receiver's TEMP FAIL response (4xy) should be respected by your server. All standards-compliant servers will automatically retry such deferred deliveries at increasing time intervals. Generally retries cease and the message is considered undeliverable after 5 days. The interval before pruning a deferred address from your list is usually longer and takes more bounces than a hard "5xy" rejection, but eventually such addresses should also be retired from your list.
6. Unsubscription must work! Promptly. And for all the bulk mail you're sending to that address. It must work via e-mail (include correct info in headers) and many subscribers also appreciate a web link included in message body. Sign up for feedback loops, and consider that abuse reports may indicate more serious problems than can be fixed by simply unsubscribing the reporting address. Some jurisdictions also require unsubscription via snail-mail. Basically, if someone wants off your list, help them with their request no matter how they ask.
7. Concurrency - Respect the receiving server's SMTP dialogue. If it says pipelining allowed, give it what it wants. If it says "try again later" (4xy), don't despair, let your server queue the message and do what good servers are supposed to do. If it accepts a bit slowly, throttle back your server so as not to flood smaller sites. Opening up lots of threads to a slow server is an excellent way to get tarpitted and blocked. (Good servers do all that stuff by default, automatically.)
8. Seek expert advice! There are highly qualified delivery consultants and some who aren't so qualified; buyer beware. Ask your ISP for advice. Consider using a reputable E-mail Service Provider (ESP) to send your mail and manage your lists. If any delivery consultant is not aware of the terms and problems in this very brief outline, or if they make promises that they can get you "whitelisted" at ISPs, well, again, caveat emptor! (No one but Spamhaus decides what IPs we list or remove from our lists. The only way to be removed is to fix the spam problem that caused the listing.)
|
| Spam is no worse than postal junk mail, is it? |
|
Sending postal mail costs money to the sender, both to print and to deliver, so there is a monetary threshold that keeps every company in the country from sending lots of it. That threshold ensures that, while you may receive what you think is an irritating amount of junk, your postal mailbox is not completely flooded with it.
Email, on the other hand, costs nothing to the sender therefore there is no monetary barrier or incremental cost to deter how much email spam can be sent. With this in mind, here's the problem:
There are over 30,000,000 businesses in North America alone. If sending postal junk mail cost nothing to print or to deliver and therefore each North American business could freely send you one item of postal junk mail per month, you personally would receive 1,000,000 items of postal junk mail each day. Obviously your post mailbox would not cope even with a tiny fraction of that. Luckily, print and postal delivery costs prevent that ever occurring. But not so with junk email.
Very simply, spam does not scale. There is no way for a recipient to say "I will accept only 10 items of spam per day and no more" since there is no mechanism to force millions of junk senders to stop sending after the recipient's daily quota has been reached. Nor is there any mechanism to force spam senders to not send more than one spam per month to each recipient. Nor is there any mechanism to limit who can send spam to your email address. The Internet is international -- can only North American businesses send you spam? How about South American businesses? And European businesses? What about businesses in Asia or Africa, are they not allowed to send spam to you as well?.
If you agree to accept spam as an advertising medium, then you automatically agree that every business in the world can send spam to your email addresses. As you have no way to limit who can send you spam, you are therefore agreeing to receive bulk email advertisements from a potential 200,000,000 businesses worldwide. Assuming each only sends you one spam per month you would receive 6,600,000 spams per day... meaning 4,500 spams per minute, or 150 spams per second, into your email mailbox. Many businesses would like to send you much more than one advert per month, possibly more than one per day! So how do you solve this problem?
The obvious solution is to limit who can send bulk email advertisements to you, so that you only receive the bulk email you actually want to receive.
Instead of agreeing to receive millions of unsolicited bulk emails from millions of senders, the solution is to instead opt to receive only bulk emails from specific lists you decide and consent to subscribe to. That, is what Spamhaus advocates and works to lobby world governments to legislate. |
| The Direct Marketing Association (DMA) says spamming is OK. |
|
Unfortunately the US Direct Marketing Association wrongly advises DMA members that the sending of unsolicited bulk email (AKA spam) is an 'acceptable marketing practice'. This extremely bad advice by the DMA has tricked many DMA members into spamming and consequentially damaged the communications and reputations of companies who believed they were following correct advice.
Sending unsolicited bulk email is never acceptable. It is against the Terms of Business (Acceptable Use Policy, "AUP") of all Internet Service Providers worldwide, therefore the DMA's advice to their members is to break their ISP's Terms of Conditions (legal contracts which say the customer's account will be terminated if they send UBE).
Sending unsolicited bulk email is also against the well-published policies of all of the Internet's anti-spam systems worldwide, including Spamhaus. It gets the sender immediately listed on spam list databases (such as the Spamhaus SBL) used by the vast majority of internet networks and spam filter systems.
The long-term damage to a business' reputation caused by following the DMA's bad advice is serious. Following the DMA's advice causes businesses to be blacklisted for spamming which also means disruption of the businesses' email communications.
As well as being in conflict with international spam laws, the DMA's advice to its members is in direct conflict with Spamhaus's advice and coincides with the Spamhaus Block List (SBL) listing policy which states that anyone knowingly sending unsolicited bulk email will be listed on the SBL for spamming.
It must be stressed that this bad and irresponsible advice is given out only by the American DMA and is contrary to the correct advice of other international DMA organizations including the Australian, Canadian and European DMAs, all of which endorse opt-in policies only. |
|
