Social networking site Tagged.com has agreed to pay $750,000 in penalties and costs to settle lawsuits alleging it engaged in deceptive email marketing practices. As part of the settlements, reached with New York and Texas, the San Francisco-based company also agreed to adopt reforms around its use of invitation emails. You can read more in this MediaPost Online Media Daily article.

The two states sued Tagged earlier this year for allegedly duping new members into providing their email addresses and passwords. Tagged then sent emails to members' contact lists that appeared to have been sent directly from the members themselves.

In addition to paying the fines, the agreement calls for Tagged to provide clear and conspicuous notice to users before accessing their email inboxes and to obtain users' explicit consent before sending email invitations to their contacts. On its blog, Tagged says it has overhauled its registration and invite-your-friends processes, and will soon be adding more new features to increase member privacy.

This is an interesting case on its merits, but what struck me is the potential implications for forward-to-a-friend and viral emails. While it's not the same thing, many marketers elect to have their viral emails appear to come from the friend who signed the person up rather than from the marketer. In this case, the friend had more knowledge about the resulting email(s), but I have to wonder if some future court will take this ruling and seek to apply it to the age-old forward-to-a-friend technique.

Posted by Bill at 8:53 AM | Permalink | Comments (0)

A colleague read my recent post and asked me how marketers could prevent spammers from spoofing their domains. In other words, it's pretty hard to fake an IP address, but isn't it easy to fake a "from" field and domain? (For example, Outlook Express easily allows me to put "bnussey@whitehouse.gov" in the from field.)

The solution lies in some recent technology advancements that come with easy-to-remember names like DKIM and Sender ID. These solutions provide a way for receiving email servers to validate that an incoming message is REALLY from the domain it claims to be. They are pretty foolproof and ensure that only the REAL whitehouse.gov can validate messages that purport to be from that domain. As long as the receiving email server goes through the trouble to check, it can always be sure that the sender is legitimate.

For those of you curious how this would work, read on. (For everyone else, thanks for checking in <grin>.)…

The authentication techniques work on top of one of the fundamental building blocks of the Internet—the domain name system (better known as DNS). You see, when Internet-connected computers talk to each other, they only do so using IP addresses—things like URLs are a convenience for we human beings. While it's invisible to users, every time you enter a Web URL or send an email to, say, whitehouse.gov, your browser quickly goes out and checks a DNS server to get the underlying IP address. DNS information is tightly controlled and is generally only updatable by the company that owns the domain. Email authentication solutions add an additional piece of information on the DNS record that can only be updated by the domain owner. When an email domain is being validated, the receiving email server simply checks out the DNS records for that domain and confirms that the authentication "key" matches the one in the email. That's it.

Posted by Bill at 10:43 AM | Permalink | Comments (0)

I recently had a chance to pick the brain of my esteemed industry colleague, Deirdre Baird. Deirdre is the CEO of Pivotal Veracity, Silverpop’s email deliverability partner, and one of the most knowledgeable people in the industry when it comes to getting your email successfully delivered to the inbox.

Specifically, I wanted to get her thoughts about an important and impending shift by ISPs away from IP-based to domain-based email reputation filtering.

Under the current IP-based reputation monitoring scheme, ISPs deliver or block your email based on the reputation of each individual IP address from which you send email. Under domain-based reputation monitoring, ISPs would assign the same reputation to all authenticated email from your company or domain, regardless of IP. (You can read more about it in this recent Direct magazine article.)

Can you describe that change and tell us when it will be in place?

"Currently, ISPs and spam filtering entities "attach” reputation to a particular email campaign—as is the case with "signature type filtering"—and/or a particular IP address. If, for example, a particular email creative is associated with high spam-complaint rates or a particular IP address is the source of high unknown-user rates, the ISP will then filter all mail like that particular creative or originating from that particular IP address.

"While both these methods are useful and will continue to be used, their efficacy is declining somewhat as spammers have learned to dramatically change the content and mail from thousands of hijacked IPs. The major ISPs are now moving toward a more holistic method of holding a mailer accountable for their actions. Specifically, ISPs are now moving to authenticated, domain-based reputation, whereby core filtering metrics such as spam-complaint rates, unknown user rates, and spam-trap rates will be computed at the domain level.

"This change is being tested now at AOL and Yahoo with DKIM-authenticated domains. It exists in some degree at Hotmail with Sender ID-authenticated domains, and is being considered by a number of other ISPs.

"While domain-based reputation will initially be used in addition to IP-based reputation at ISPs such as Yahoo, it will take a front-seat at AOL and, we suspect over time will become one of the most important methods ISPs will use to identify good mailers."

What will it mean to Silverpop’s customers and other email marketers?

"The impact for mailers can be summed up this way: You will be held accountable—good or bad—for everything you do under your brand, that is, your domain.

"This is great news for legitimate companies who have consistently followed good mailing practices across their enterprise and developed meaningful relationships with their customers. It is not so great news for folks who have relied on a change in IP to escape the fall-out of an email append program that went south, or a purchased list, or a leap in spam complaints due to over-mailing."

What percentage of an average B2C email marketer’s list will be impacted by this, and how will that change through the rest of 2009 and 2010?

"Yahoo is usually the first or second largest ISP on both B2C and B2B mailers' lists. AOL typically ranks in the top 5 or 10 for B2B. Their combined market share on a typical commercial mailer’s list ranges from a low of 30 percent to a high of 70 percent.

"Mailers will begin to see the impact of domain-based reputation at AOL as early as this fall, and at Yahoo in late 2009 into early 2010. Additionally, Hotmail already considers domain-based reputation, although historically they’ve placed more weight on IP-based reputation. Comcast and Road Runner are actively researching how to execute a domain-based reputation system, but are not likely to have anything in place until late 2010 at the earliest."

From a B2B perspective, do you foresee any of the popular corporate spam filters using this new approach?

"Absolutely. The large enterprise filters such as Brightmail, Cloudmark and Postini already attach a reputation of sorts to a piece of content. It is certainly plausible that the domain will play a role in their algorithms. However, as it is now, it will be a lot more difficult to isolate the impact of a domain’s mailing history from the impact of other factors—for example, content characteristics—used by the spam filters, whereas the ISPs tend to be more transparent in what caused a filtering issue. For instance, that the mailer has high spam complaint rates."

My thanks to Deirdre for sharing her thoughts and expertise with readers of this blog. If you have any questions or comments, please feel free to share them below.

Posted by Bill at 8:52 AM | Permalink | Comments (1)

There are a lot of ways to avoid spam, but our new president may have figured out the best approach of all: Never give out your email address.

Seriously, this New York Times article provides an interesting (non-marketing) view into how email has invaded the halls of power.

Posted by Bill at 10:58 AM | Permalink | Comments (1)

I find this surprising but also encouraging and exciting.

Score one for the good guys. Last week a major Web hosting service that Internet security experts say hosted organizations responsible for most of the world's spam was taken offline--and the volume of spam sent worldwide immediately plummeted by as much as 75 percent.

In addition to spam, U.S.-based McColo Corp., which has been operating out of a sleek office tower in San Jose, Calif., also hosted the activities of organizations involved in nefarious activities including online child pornography, counterfeit pharmaceuticals and stolen banking and credit card data.

Immediately after McColo's two Internet providers disconnected the firm, email security firm IronPort reported a 66-percent decline in global spam levels and Spamcop reported a similar decline of around 75 percent. (You can read about it in this Nov. 12 article appearing in the Washington Post. Note that a free account sign-up is required to view the content.)

This isn't the first time a major ISP for spammers has been shut down. And it probably won't be the last time spammers find a new way to get on the Internet. Spam rates will likely rise again.

In another article, this one appearing in eWeek, Internet security firm MX Logic notes that, although spam levels have remained relatively flat and even declined in 2008 compared to previous years, spam levels are expected to grow significantly during the final two months of the year. Even with the spam network shutdowns, MX Logic researchers say the spam trade remains way too lucrative to remain shuttered through the holidays. Let's enjoy the respite from spam while we can.

Posted by Bill at 8:57 AM | Permalink | Comments (0)

At a recent conference, one of the VPs at Epsilon (another email service provider) said something that really stuck with me.

"Irrelevance is the new spam."

Kinda' catchy ...

Posted by Bill at 1:56 PM | Permalink | Comments (2)

If you’re on the fence about double opt-in, here’s a reason to consider it.

A “spam your enemies” Web site recently sprung up that caused a stir in the email marketing community. The site, SpamZa.com, invited visitors to enter any email address into its Web form and then instantly subscribed the submitted address to hundreds of email newsletters. The intention was to overwhelm recipients with email they didn’t sign up for.

As a result, hundreds of legitimate email marketers could experience unusually high complaint rates and other reputation-related issues. If you use a single opt-in process—that is, people who sign up for your email get automatically added to your list—you could be vulnerable to this tactic.

One way to protect yourself from this and malicious sign-ups in general is to use a double opt-in process—one in which new recipients must respond to a confirmation message before they get added to your list. If you’re not using double opt-in, it may be worthwhile to consider whether switching is an appropriate alternative for your email marketing program. Although it won’t stop malicious sign-ups from occurring, it can help protect the integrity of your list by preventing those unwitting and unwilling recipients and bad addresses from being added.

SpamZa.com was recently shut down but is searching for a new Web host. You can read more on the issue by Laura Atkins on the anti-spam blog Word to the Wise.

Posted by Bill at 5:45 PM | Permalink | Comments (1)

If you had to guess which country in the world is the most targeted by spammers, the results might surprise you. According to figures recently released by Web security firm MessageLabs and reported by TG Daily, Swiss users receive 10 percent more spam than the average Internet user, and 23 percent more than U.S. users.

MessageLabs found that 84.8 percent of emails in Switzerland in June were spam, edging out the traditional leader in this category, Hong Kong, (82.6 percent). France (82.1 percent), Israel (80.1 percent) and Austria (79.6 percent) round out the top five. Canada received 77.8 percent spam; the United Kingdom 74.3 percent and the United States 68.8 percent. Spam levels in Australia were the lowest, at 66.9 percent.

Globally, MessageLabs found 76.5 percent of all emails to be spam, representing a 2 percent increase over the last six months.

Posted by Bill at 8:30 AM | Permalink | Comments (0)

A colleague of mine recently received complaints from friends claiming she'd posted comments on their MySpace pages sharing a bogus coupon that was really a phishing attack. The problem was, she never posted the comments.

Now, I need to point out that my colleague is about as technical as it gets, so it was unlikely that she'd used a weak password or let her computer get trojaned. In fact, her MySpace account showed that no messages had been sent from it. Nonetheless, the people she heard from were part of her MySpace friend list and the messages came from MySpace.

It's very unclear how this could have been perpetrated other than MySpace, itself, getting hacked. Regardless, this kind of phishing may be the most insidious kind to ever exist and definitely something for all of us to keep an eye out for.

Posted by Bill at 11:24 AM | Permalink | Comments (1)

File this under the category, “I never thought I’d read this.”

A recent pronouncement from Google states that the volume of spam is actually dropping for the first time.

A lot of people may disagree with Google, but I suspect that there are many ways to measure spam volume and that Google’s take may not represent the overall Internet. Nonetheless, it’s an early and positive indicator that the battle lines against spam can shift back toward the good guys.

Posted by Bill at 10:28 AM | Permalink | Comments (0)

My colleague Elaine O'Gorman, Silverpop's vice president of strategy, recently authored an article for our clients on an emerging term in the email world called BACN. In the event you find yourself at a cocktail party with a bunch of email geeks, I wanted to make sure you were up to speed and not left out of the conversation should this new term get bandied about. Here's the article:

What's the Buzz About Bacn?

There's all sorts of buzz about the newly coined term “bacn”--email messages recipients want but typically don’t read immediately. It's email a cut above spam, and is quickly becoming a hot topic of conversation among bloggers.

The recognition of such messages is indeed valid. Many of us do receive information on a daily basis that we want to read, just not the very minute it arrives in our inbox. That doesn’t mean we're not interested in these messages; simply that we don’t have time to process or consider the information or offer immediately.

For email marketers, making "bacn" isn't necessarily bad. You're sending messages that are relevant enough to keep around for awhile. MarketingSherpa reports that half of emails are opened within nine hours of receipt, and another 25 percent are opened in 28 hours. The average campaign achieves nearly all the opens it will generate in just under two weeks. Will the messages you send still be relevant two weeks from now?

Whether your messages are opened immediately or days or even weeks after a send, the content must still matter to the recipient. If what you send is interesting enough to keep around for a couple of weeks, pat yourself on the back. You're delivering something of interest. Something worth hanging on to.

Posted by Bill at 9:28 AM | Permalink | Comments (0)

Under the "too funny not to share" category, email industry veteran, Joshua Baer, the CTO of Datran Media, shared a funny story with a group recently, and I asked him if I could pass it along.

Joshua received an unsolicited commercial email the other day with the following footer:

"ADDENDUM- If you don't know or remember me, HHH complies with the Federal Canned Spam Act of 2003, so your contact information will NOT be sold or shared with anyone. You can unsubscribe at anytime with no questions asked."

Of course, lacking a postal address and clear opt-out instructions, this message wasn't remotely compliant with CAN SPAM. Fortunately, and as the gentleman pointed out, it is compliant with the somewhat lesser known, but more culinary oriented Canned Spam Act.

Posted by Bill at 9:19 AM | Permalink | Comments (0)

It turns out Hawaiians have a very different view of spam than most of us here on the mainland. It's true. First and foremost, Spam is something you eat in Hawaii, not something you filter. Check out the latest news on the "war on spam" <grin>.

Posted by Bill at 1:19 PM | Permalink | Comments (2)

Legitimate email marketers, anti-spam groups and beleaguered recipients got a bit of good news with the arrest last week of a man described as one of the world’s most prolific spammers.

Robert Alan Soloway, 27, dubbed “the Seattle Spammer” by federal officials, was indicted on 35 charges related to fraudulent Internet activities. Soloway pleaded not guilty to all charges at his May 30 arraignment. You can read more here.

Although it’s always great when a notorious spammer gets put out of business, such actions probably won’t result in a drop in the amount of spam that gets sent. Illicit spam rings have sprung up across the globe, and more and more spammers are delivering more and more spam than ever into people’s inboxes.

According to this Online Times article, email security firm IronPort said there hasn’t been any notable drop in the volume of spam since Soloway’s arrest, with 70 billion messages in a 24-hour period, unchanged from two weeks earlier. The company also said the volume of global spam has doubled from about 36 billion a day since last May.

Hopefully, highly publicized arrests and increasingly stiffer penalties will send a message to spammers that they face very real consequences for their actions. But in the end, as long as people continue to buy things from spam, there will be people to send it. And as long as spam is profitable, there will be more of it, not less.

Posted by Bill at 8:58 AM | Permalink | Comments (0)

In a recent conversation with an anti-spam advocate over the best way to stop unwanted messages, he suggested to me that all the challenges in his industry and mine would go away if emailers would only double opt-in all their recipients.

It has been a while since I've heard this argument, but it's not surprising that it came up again. It's a very logical point of view, and it would seem almost foolproof. The problem is that it doesn't always work.

In my book, "The Quiet Revolution In Email Marketing," I cited a ClickZ article that suggested double opt-in failure rates upward of 50 percent. In other words, for every 10 people who sign up for a double opt-in based permission email newsletter (or promotion), only five will actually complete the process. This kind of drop-off can undermine even the most successful email programs and begs the question: Why do so many people fail to complete the process? Here are some possibilities:

• The actual confirmation email isn't sent out immediately. By the time someone receives a confirmation, the person has forgotten all about signing up or has decided he or she no longer wants to be on the newsletter list.

• The recipient doesn't recognize the "From" field. In the past especially, a lot of double opt-ins would come from auto-responder systems that didn't allow the brand of the actual marketer to be displayed. So recipients would get a strange message and be unsure of what to do with it.

• Recipients have been trained never to click on anything in a message. I've spoken to people who are so concerned about phishing and Internet security that they won't click on anything in an email--not even a link to verify their permission.

Posted by Bill at 8:32 AM | Permalink | Comments (2)

Internet security site Dark Reading has a great article about seven common mistakes legitimate companies make when sending marketing email that can lead to their messages being falsely labeled as spam. Whether you’re a new or experienced sender, I encourage you to check it out. How is your company doing?

Posted by Bill at 10:45 AM | Permalink | Comments (0)

If you send email in the United Kingdom take note. In an effort to fight spam, the U.K. recently put new laws into effect that require companies to disclose sender information in their transactional and other commercial email messages.

Extending a law covering traditional business communications to include email, the UK Companies Act Amendments of 2006, which took effect January 1, require companies incorporated in Great Britain and overseas companies that operate in Great Britain to disclose the company name, where the company is registered, the registration number (if applicable) and registered address in their transactional emails. The amendments also require senders of non-transactional commercial messages, such as marketing messages or e-newsletters, to include the company name and a valid physical postal address in each message.

The new rules could prove challenging for the significant percentage of British companies still struggling to comply with the 2003 E.U. Directive on Privacy and Electronic Communications. While there is some ambiguity regarding exactly what's covered by the new regulations, the Email Sender and Provider Coalition is counseling in favor of including the required information for all email-based marketing and transactional material. You can read more in this BizReport article, and in this ESPC member briefing (PDF).

Posted by Bill at 7:24 AM | Permalink | Comments (0)

By all accounts, spam is on the rise again. You can hear it in the numbers being quoted by the well-known anti-spam companies (they seem to agree that it has almost doubled over a year ago) and you can see it just by looking at your inbox. Spammers have found a few new tricks that have proven particularly successful at getting past even the most modern filter.

First, they are using very, very short text-based messages that make it nearly impossible for a computer-based filter to differentiate from a human-originated message. Second, they are using more image-based spam. Again, computers can't read images, and inbox providers are reluctant to start filtering images wholesale from email. Third, many of the spam emails are simply pump-and-dump stock messages that don't require any click-throughs to achieve their goals. Fourth, and most challenging of all, spammers have now enlisted tens of millions of zombie computers to send their messages. No longer can bad email be pinned to a few IP addresses. Instead, messages are coming from countless home and work-based computers that have been compromised by Trojan software and silently been put to use in a massive, distributed spam sending engine. You can read more about these issues in this blog post by MSNBC's Bob Sullivan.

While this resurgence of spam may seem like just a new round of annoying inbox clutter, it is possible that it will drive the next set of lock-downs from ISPs and even the government. While we need to get on top of the growing spam problem, it is possible that the next set of anti-spam moves may go beyond image-blocking and potentially could put a real dent in the email marketing business. I recommend we all keep our ears to the ground on this and work through organizations like the Email Sender and Provider Coalition to help find balanced solutions that stop spam, but allow businesses to continue to use the email medium for legitimate, permission-based communications.

Posted by Bill at 9:21 AM | Permalink | Comments (0)

At the Email Insider Summit, I had the opportunity to ask AOL Postmaster Charles Stiles about one of my favorite topics: an opt-out button. The problem is that the "spam" button is used indiscriminately by recipients for both reporting spam and for simply removing themselves from a list. If a second button were added for opting out, it would allow recipients to make that critical distinction, and thus improve the ability of AOL's spam filters to tell the good email from the bad.

Charles jumped on the question. Apparently, AOL really likes the idea, but can't implement it as quickly as it would like. He said the AOL email application currently lacks room for another button. He also pointed out that an opt-out button only makes sense for quality senders. (Of course, the ability to know whether a sender is legitimate, and thus whether an opt-out button should be enabled, is already in place with its white-listing and reputation system.) He really likes the idea and indicated it's something we'll see in a few years.

Posted by Bill at 11:15 AM | Permalink | Comments (1)

You can't have an email conference without discussing the scourge of our industry, spam, and the Email Insider Summit was no exception. The topic came up a few different times. Here are some of the notes I took:

• Procter & Gamble found that 80 percent of its recipients who hit the "spam" button did not recall ever having done so.

• Cisco found that the biggest reason its BtoB customers clicked the spam button was because their roles had changed and the messages they had signed up for were no longer relevant.

• Habeas tracks 200 million email-sending IP addresses across the world. It estimates that 99.95 percent of those are sending spam. That means that the good guys like us account for only .05 percent of the IP addresses in the world. Wow.

• IP address is no longer the sole mechanism by which spam filters judge a sender. The domain address is once again being used in many cases when spam filters weigh the spamminess of your email. This has big implications for companies that use affiliate marketers or whose email programs lack any central control. All it takes is one rogue affiliate marketer to get your domain name thrown into the spam bucket and you could find your otherwise pristine corporate email program getting bulk-foldered.

  Posted by Bill at 4:07 PM | Permalink | Comments (0)
  
  

Remember the Gevalia Coffee issue back in April 2005, when Kraft Foods was sued by a small California ISP for allegedly spamming its Gevalia coffee brand in violation of CAN-SPAM? I blogged about it at the time, feeling what I imagined to be Kraft's pain over a hard lesson learned.

Well, apparently Kraft hasn't learned its lesson. I received an email from Gevalia this week. It was sent to an address I have never provided for any list or opt-in (although the top of the email says that I opted in through one of the sender's sites). It had all the necessary language at the bottom, but guess what? The opt-out link failed. Despite several tries, I couldn't opt out. The least I can say is that the link was reported to be working later the next day.

C'mon guys, get with the program. You are undermining the credibility of this industry and doing yourself more damage than you realize.

Posted by Bill at 9:24 AM | Permalink | Comments (0)

During one of my presentations at DMA06 in San Francisco last week, an altogether common question was raised: Can words like "free" cause email messages to be unduly filtered as spam?

In my experience, content filters don't affect deliverability as much as they used to.

In the early days of spam filtering, increasingly intelligent content filters were used to look for patterns that could predict whether email messages were spam. Words like "free" or "spam" or "XXX" would flag a message and block its delivery. And, while this is still true today, the content part of spam filtering has taken a back seat to the more accurate and relevant reputation metrics.

Why? Because no matter how smart programmers made their content filters, human spammers could always find a way around them. This cat-and-mouse game shifted the focus toward IP-based reputation systems. This meant that ISPs and spam filters started paying far more attention to users' "spam button" complaints, thus pushing the spam filter function back onto humans rather than computers. And, over the years, this approach has proven effective. The problem of spam in the inbox has been alleviated, and users' perception of spam has softened somewhat.

My view on this was bolstered by a recent study released by ReturnPath that placed a specific metric on the weight of reputation vs. content. The figure ReturnPath came up with was 83 percent. You can read more about it in this article.

Even if content filters today only account for 17 percent of a spam score, they still matter, and can't be ignored. That's why companies like mine include built-in content checking systems that you can use to test your messages before they go out into the real world.

Posted by Bill at 9:04 AM | Permalink | Comments (0)

Spamhaus, a volunteer anti-spam organization based in the United Kingdom, is known in the email community as one of the toughest but most widely recognized spam fighters in the world. In a nutshell, it provides a daily list of IP addresses it believes belong to spammers. This list is downloaded by thousands of spam filter programs (including tools by companies like Microsoft) and, according to the Spamhaus site, protects 625 million email users against billions of spam emails a day.

The organization is unique for several reasons. First, you generally have to be a very bad emailer (e.g. spammer) to get on its block list. But, because the block list is so widely used, being listed can be devastating to an emailer's deliverability.

Second, the organization is based outside the United States and has been able to avoid a lot of lawsuits by U.S.-based emailers -- until now.

Earlier this year, one of the emailers on Spamhaus' block list filed a suit in Illinois claiming that Spamhaus unfairly blocked its emails. The court case escalated, and a judgment was entered against Spamhaus for $11.7 million. Claiming that the U.S. court had no jurisdiction over its activities, Spamhaus said it wouldn't pay. I thought this was the end of it, but the U.S. judge decided to take it a step further. The judge reportedly is now considering whether to issue an order for ICANN, the U.S.-based group charged with assigning domain names (e.g. www.spamhaus.org) to turn off Spamhaus' URL.

In the long run, the anti-spam implications of this aren't too significant. It would be easy enough for spam filters to simply download the block lists using IP addresses and avoid the need for a domain name. The larger issue at stake here is the ever-sensitive issue of whether the U.S controls the worldwide Internet traffic system. If this fact ends up allowing a U.S. judge to "punish" a company based outside the U.S., we could see some serious fracturing of the current Internet structure as non U.S.-based companies attempt to move their Internet management outside U.S. control.

Posted by Bill at 2:02 PM | Permalink | Comments (0)

In the latest on the ongoing battle between ISPs and spammers, AOL reportedly is planning on sending in bulldozers to dig for gold and platinum it believes a spammer buried on his parents property in order to evade seizure in a lawsuit.

AOL last year won a $12.8 million judgment against Davis Wolfgang Hawke for sending millions of illegal emails to its customers. But Hawke, whose enterprise at one time took in a reported $600,000 a month, disappeared, leaving the ISP empty-handed. AOL has since uncovered several receipts for large purchases of gold and platinum bullion made by Hawke, and gotten a judge's permission to search the two-acre Massachusetts property where it believes Hawke buried his ill-gotten gains with a shovel.

Hawke's family said it will fight AOL's plans in court. In the meantime, if you are contacted via email by someone in a far-off land purporting to be in urgent need of your help in retrieving a cache of treasure hidden in the U.S., and promising you a generous share of the fortune, check the signature. If it's signed Davis Hawke, it just might be genuine <grin>.

Posted by Bill at 8:57 AM | Permalink | Comments (0)

Apparently, a young lady who lives in Ivory Coast is a fan of my recent column in iMediaConnection. She went to the iMediaConnection site and selected the "contact the author" feature. In the tiny text box provided, she shared with me a long and horrific personal story and asked for my help.

Her name is Susan Billy and she has been deaf since birth. Her only parent, her father, was recently poisoned at the hands of his unscrupulous business partners in their ongoing attempts to steal his wealth. Fortunately for Ms. Billy, she was able to reach her father on his deathbed where he told her about his secret stash of $28 million. She has contacted me with the hopes that I am a truly honest person and that I can help her move that money into the United Stated where it will be safe. For my efforts, she has offered me 25 percent of the money.

Obviously, I'm flattered at her interest. To quote my colleague, "There are a lot of unscrupulous people out there. It's a miracle she found you!"

My advice to Ms. Billy is to read my article on targeting a little more carefully. As a marketer herself, she needs to think about her target audience very carefully. For instance, people who write articles on effective email marketing are unlikely to fall for the oldest email scam in the book. Perhaps with better targeting, Ms. Billy will be able to increase her response rates for future scams. On the other hand, if she continues to target so poorly, perhaps she will motivate the Federal Trade Commission and other government agencies to prosecute her for attempted fraud, which may be the best outcome for everyone.

Posted by Bill at 2:18 PM | Permalink | Comments (0)

On a lighter note, a colleague forwarded me this blog entry by the news editor for NetworkWorld. It's a humorous account of a public relations firm that spammed journalists on behalf of its client -- an anti-spam solutions provider. My favorite part of the article is the punch line: the message begins: "Hello [RecipientFirstName]:"

Posted by Bill at 1:56 PM | Permalink | Comments (1)

I read a great MediaPost article (requires free sign-in) by David Atlas, an executive from Goodmail systems. David outlines the ideal spam/complaint feedback system, and I think he has hit the nail on the head.

David contends that the current email complaint system lacks accuracy, granularity and security. For instance, one person clicking the spam button 10 times generates the same number of complaints as 10 people who each click once; recipients can't register the nature of their complaints, which accrue to IP addresses rather than senders; and the system doesn't protect against falsely-generated complaints.

He says the ideal system would be sender-based rather than IP-based. People would only be allowed to complain once per message, and frequency would be accounted for. The system also would also differentiate between complaints for commercial vs. transactional messages, by domain, and allow recipients to specify why they are complaining and what they would like to do about it. Both recipients and senders also would be protected against abuses of the system.

A reputation system based on this kind of complaint mechanism would benefit everyone. Senders would get better feedback and a more equitable allocation of emailing privileges, and consumers would get more relevant messages.

Sort of like Babe Ruth's fabled finger pointing out his home run before he hit it, perhaps David's article will point ISPs and ESPs in a direction of more accurate and more accountable complaint management.

Posted by Bill at 11:56 AM | Permalink | Comments (1)

People usually don't think "spammer" when they hear the word Kodak. But the photography giant recently earned the dubious honor of being the first name-brand, legitimate player to be charged by the Federal Trade Commission for violating the CAN-SPAM Act. (You can read the details in this FTC news release.)

What did Kodak do wrong? For several months in 2004, Kodak Imaging Network sent email marketing messages that were missing an opt-out, a notice of the right to opt-out and a valid physical postal address. The company said the violation was due to a computer error, and that the emails were sent to recipients who had given permission. But the FTC was unmoved.

To settle the case, the Kodak subsidiary agreed to pay civil penalties amounting to the campaign's gross proceeds and to submit to monitoring to ensure compliance with the FTC's order prohibiting future violations.

In pursuing a strict interpretation of the law despite Kodak's otherwise good intentions, the FTC appears to be sending a message: CAN-SPAM isn't just for the bad guys. Mainstream businesses are also subject to enforcement -- even when violations are unintentional or seem relatively minor.

Posted by Bill at 8:53 AM | Permalink | Comments (0)

The AOL Goodmail announcement exploded onto the national landscape today. I am pleasantly surprised to see the mainstream media paying attention to this issue. Check out the articles in the NY Times and USA Today. It seems that the outcry over this is much stronger than I would have guessed.

In fact, the concern over pay-for-delivery is so great that MarketingSherpa's Anne Holland has changed her anti-RSS position and now sees RSS as a potential savior as ISPs start charging for delivery. As my blog readers know, I am a big advocate of RSS - in particular, Individualized RSS products (like Silverpop's RSSDirect) not only have all the functionality inherent in targeted email but they can't be taxed by ISPs, they most likely fall outside the recent state email laws and they most certainly prevent spam and phishing.

So, in the end, consumers will get what they want, the way they want it and on whatever terms they demand - that is the magic of the internet. Even in the unlikely world where email becomes too cumbersome, new technologies like IRSS will pop up to fill the need. Long live the Internet.

Posted by Bill at 8:40 PM | Permalink | Comments (0)

Whether it's a case of poor planning or being highly responsive to customer feedback, AOL is quietly pulling back on their earlier intent to shut down the Enhanced White List.

This means that email marketers with highly relevant and targeted emails will still have the ability to get their links and images enabled without paying for Goodmail. Frankly, the combination of EWL and pay-for-delivery is probably the best solution overall. Obviously, I wish all email delivery were free but, for some kinds of messaging (e.g., transactional), guaranteed delivery can have a very high ROI.

I doubt if AOL will make a formal public retraction but I've heard about the decision from three different sources so I am confident that EWL will be with us for a long time to come. In any event, you heard it here first...

Posted by Bill at 3:52 PM | Permalink | Comments (0)

Postini, one of the top anti-spam and anti-phishing technology companies, announced last week the first ever major drop in phishing attacks, a 45% reduction in attacks from the previous month.

Obviously, it's too early to declare any kind of victory but I continue to think that phishing as a material threat will fade over time. Unlike spam and viruses, phishing can't continue to thrive as consumers wise up to the threat. Time will tell...

Posted by Bill at 7:51 PM | Permalink

As I look back on the first year of CAN-SPAM, I have ask, "did the law make a difference?"

Remember in the first month or two of 2004 when the media was declaring the law a failure because spam continued to rise. Well, with a full year behind us, many folks continue to believe it was a failure. Should we have actually called the law "You CAN SPAM"?

Unfortunately, for the critics, a real assessment isn't that simple. Any review of the effectiveness of legislation must take into consideration that laws, by themselves, are rarely a complete solution to a problem. Nonetheless, as a law, how does CAN-SPAM stack up?

First, it's given the good guys a much larger stick with which to go after the spammers. In fact, the number of lawsuits based on CAN-SPAM is pretty large and growing. I take this as a good sign.

Second, CAN-SPAM has raised the cost of spamming - that's a fact. Being compliant means adding far more hardware to sending systems to manage those pesky opt-outs and suppressions. It also raises the cost for the criminals by forcing them off-shore (with the associated costs of operating their systems long distance). And the biggest cost of all will only be clear when we see just how far the FTC and the ISPs are willing to go to track down and prosecute the bad guys.

As much as our frustrations make us want to think that spammers are immoral zealots out to ruin our inboxes, the fact is, they are in it for the money. If legislation raises the cost a bit more with every lawsuit filed, the economics of spam get worse. As filters get better and consumers get smarter, spammers will continue to see their response rates drop and the cost of their technology increase (it's not easy to get millions of messages through modern spam filters). Maybe, just maybe, we'll start to view spammers as an endangered species in the next few years.

Posted by Bill at 9:02 PM | Permalink

As we start the New Year, there has been a flurry of announcements around the volume of spam. Is it getting better? Is it getting worse?

It has been pointed out many times that nearly all the statistics on spam volumes comes from companies that make spam filtering software. Therefore, it is significant that Brightmail (purchased by Symantec last year), arguably the most pervasive filter technology company, announced last week that they have seen spam growth finally level out. And even though they decided not to make a major announcement, MessageLabs, also saw spam drop from a reported 94.5% of all email in July 2004 down to 73% in November 2004.

This, on top of AOL's announcement Dec 27 (see my blog on this) saying they'd seen a big drop in both inbound spam volumes and spam complaints in their customers' inboxes, suggests that the war on spam may finally be turning.

Just to be clear, there really are two questions here, not one: First, is the volume of spam being sent going up or down? And, second, is the volume of spam received into users' inboxes going up or down?

Presumably, a stream of constant upgrades and improvements in filtering technology can only improve the inbox spam problem. As the overall spam numbers level out, the level of spam into inboxes should go down with every upgrade.

These early indicators are a positive sign that spam may be less of a problem in 2006 than it was in 2004 - 2005 will be probably be seen as the year that the war on spam took a turn for the better. As technology and legislation (more on legislation later) continue to target illegitimate email, it will start to chase away 'part time' spammers. They will be left with three choices: get out of the business, go legitimate (I think most lack the skills) or push beyond the gray areas into being clearly illegal. Given that the overall spam volumes are leveling out, I think some spammers are in the process of exiting the business. Unfortunately, a few of the more nefarious ones are switching from Viagra ads to trying to steal your credit card info by posing as eBay (phishing attacks are skyrocketing). 2005 will also be the year that phishing took on a whole new level of prominence.

However, even with an increase in phishing attacks, any reduction or slow down in traditional spam is good news for email marketers. As the percentage of promotions in an inbox shifts back towards legitimate, permission-based messages, email users will regain the control they feel they've lost. They will once again be more willing to opt-out rather than delete; they will have a bit more time to read what they do get; and they will have to sift through fewer questionable promotions and therefore have more confidence with the legitimate promotions they continue to receive.

As I've said many times, spam will never go away. However, email marketing continues to thrive in a world of spam - I think it can only get better as the battle lines start to shift in favor of the good guys.

Posted by Bill at 6:52 PM | Permalink