MailChimp’s abuse desk runs Cloudmark to perform occasional “customer audits.” We basically scan for problem campaigns on our system that might jeopardize the deliverability of our servers. What’s Cloudmark, why do we use it, and how does it work?

Cloudmark is an advanced “message security” system that protects more than 300 million inboxes and works with more than 100 of the world’s largest ISPs and mobile operator networks such as EarthLink, Comcast, Cablevision, Charter Communications, Cox Communications, NTT Communications, Sprint Nextel, Virgin Media and Swisscom, as well as hosted messaging providers, including domainFACTORY and NuVox.

So if you send lots of email marketing, it’s kind of important to know who they are.

But how does their spam filtering technology (its fingerprinting algorithm) work?

Well, it’s a secret. Understandably so, because if they told everyone how they work, that would kind of defeat the purpose.

But here’s what they will tell you (from their website sales material):

Cloudmark’s Advanced Message Fingerprinting™ algorithms were designed to target sophisticated spamming and virus proliferation techniques. Unlike rules, Cloudmark fingerprinting algorithms are extremely lightweight, each optimized to perform only minimal processing on a message. As a result, message throughput is extremely fast and less processing CPU is required.

And here’s how they explain their Fingerprinting algorithm:

So they’re taking chunks of your message (which I assume could be content, senderscore reputation, and code), and taking it out of the context of your email campaign. I don’t know if this is done for speed, or as some kind of “double blind” methodology or what. Then they classify the chunks into “fingerprints.” Then, they compare those fingerprints from your campaign with other fingerprints in their database that have been classified as spam.

This is where I invite any geek out there who knows way better than me to please comment below. Please.

What to do if Cloudmark blocks you

If you get blocked by Cloudmark (and our abuse desk sent you to this page), our recommendation is to take a long, hard look at your content. There’s something in there that looks spammy. Given that Cloudmark is installed across 300 million inboxes and +100 ISPs around the world, it’s safe to say that your campaign looks spammy to a LOT of people.

If you’re not sure what “looks spammy” means, I’m not so sure you’re ready to be sending lots of email marketing.

Okay, maybe that was a bit out of line. I work at the abuse desk, so I get jaded sometimes. So here are a couple resources you need to read quick:

• Most common spam filters triggered by MailChimp users
• How spam filters think, and how to avoid them

If you’re looking for a simple, silver bullet kind of answer for “how to just get me past the spam filters” prepare to be frustrated. There is no single answer. The best answer I’ve been able to tell people is:

1. Open up your email program’s junk folder.
2. Look at what spammers do.
3. Then, don’t do that.

Cloudmark is everywhere

We’re members of the ESPC, and once sat in on a presentation that Cloudmark gave to the group. It was fascinating. Mostly because it was a “marketing guy” talking, who actually knew his stuff. No offense to marketing guys or anything. He knew about this stuff, and in the cases where he didn’t, he was smart enough to admit it. I distinctly remember a slide in his presentation where he showed almost every single major ISP in North America using Cloudmark. IIRC, the only ISP not on the list was AOL. They’re even partnered with ReturnPath (who we’re also partnered with) so that they can pull in sender reputation data.

If you run an ESP (and manage the abuse desk at an ESP), it’s the kind of slide that makes you gulp really loud. So I’m really glad we’ve got this in place for our abuse desk. I’ll post something later about how we’re using it to make better decisions about email abuse, who we warn, who we suspend, and who we shut down.

The backstory is a MailChimp customer sent a campaign to an email list that they collected at an event a long, long time ago (Related: How old lists will kill your deliverability). One of their recipients forgot who the @#%& the sender was, and reported the email to SpamCop.

Forget about the whole issue of whether or not the sender is an innocent victim here, because their list was ‘opt-in.’

What really matters is the sender’s domain name could be tainted, and all their emails (no matter where they send from) could be blocked all over the globe.

Here’s how that happens.

See the “spamvertized web site” links in the screenshot?

Those are some of the domains that SpamCop found in the reported email.

The 3 domains that you see in the screenshot above belong to MailChimp.

The domains listed below them (that you can’t see) are domains that belong to the sender of the email campaign (I’m protecting their privacy here).

There are 3 ways we can get our domains de-listed from SpamCop:

1. Shut down the sender (the fastest way to get delisted)
2. Respond to this report, and provide documentation that proves the sender obtained opt-in permission from the recipient, so “as you can see, this is all probably a simple misunderstanding.”
3. It behooves me not to tell you the third way.

One way or another, MailChimp’s Abuse Desk will get our domains delisted from SpamCop. But if we find out that someone has intentionally violated our terms of use, how hard do you think we’ll try to get the sender’s domain names delisted?

If we find out the sender purchased an email list, or they had an old email list and thought MailChimp would be a convenient way to “clean it,” we’re not exactly going to go out of our way to help their domains get delisted from SpamCop as we show them out the door.

The point I’m trying to make is that anti-spam systems “remember” domain names that they find inside of reported spam.

So if we end up deciding to shut down this MailChimp customer with extreme prejudice, and they move to some other email service provider (ESP), their domain will still be remembered as an abuser by SpamCop (and probably other email gateways and firewalls around the globe too).

If you have bad email management practices, you can run, but you can’t hide from your own email reputation.

How do you prevent this from happening to your company’s reputation?

• Never send unwanted email
• Don’t surprise anybody with emails they wouldn’t expect
• Don’t assume that people on your list remember who you are
• Don’t send to old email addresses
• Collect proof of opt-in, just in case you’re reported to SpamCop. Without it, ESPs have little recourse but to shut down your account.
• In your emails, always include some kind of reminder as to how you got the recipient’s email address (you’re receiving this email because…”). Bare minimum, put that in your footer. If it’s your first email campaign, consider making it your first paragraph.

We’re not planning to expose any secret formulas, or help customers “get around spam filters.” It’s more of a behind-the-scenes, “big brother” tool to help us catch exceptionally bad campaigns before they get sent. That’s the idea, at least, and we’re not sure when this’ll go live.

For now, we’re doing research. We’re currently scanning a few hundred thousand campaigns sent through MailChimp over the years, to see how many “false positives” we might trigger.

In the process, we’re uncovering a lot of innocent mistakes made by senders, plus a few surprises.

We’ve written about How Spam Filters Work in the past. Basically, spam filters look for certain “spammy criteria” in your messages. Each criteria gets a different score. Your message’s total score determines whether or not you’re blocked.

For example, putting the word “viagra” in your subject line is dangerous, for obvious reasons.

There are other, not-so-obvious criteria used by spam filters too. Like poorly coded HTML (spammers are notoriously bad coders). Or my personal favorite, using Microsoft Front Page. Ha. Also, simply using the word “Oprah” will get you a few points (for the record, the spam filters probably have nothing against Oprah—methinks her name is just used a lot by spammers).

If this is new and fascinating to you, I encourage you to read How Spam Filters Work.

Anyway, we’re looking at the most common triggers that MailChimp customers have been setting off.

Some of them are pretty surprising.

Top 10 Most Common Spam Filter Triggers

By far, the most common reason MailChimp customers have been flagged by spam filters is “too many images, not enough text.” This is a very common mistake (see: Stupid HTML Email Design Mistakes), and I’ve blogged about this in the past. Over and over. (See: How Your Email Designs Can Get You Blacklisted, and this and this).

Anyway, here’s the top 10 list of spam filter criteria that MailChimp users are most guilty of. I’ve included the corresponding number of detected matches (keep in mind the system is not done scanning—it might take another week to finish):

1. BODY: HTML has a low ratio of text to image area    (1,217 matches)
2. BODY: Message only has text/html MIME parts    (971)
3. BODY: HTML has a low ratio of text to image area    (729)
4. BODY: HTML and text parts are different    (625)
5. Subject is all capitals    (324)
6. BODY: HTML and text parts are different    (279)
7. BODY: HTML: images with 2400-2800 bytes of words    (211)
8. BODY: HTML: images with 2000-2400 bytes of words    (194)
9. BODY: HTML: images with 1200-1600 bytes of words    (178)
10. BODY: HTML: images with 1600-2000 bytes of words    (178)

Number 5 is just idiotic. TYPING IN ALL CAPS = SCREAMING AND IS RUDE. Don’t type in all caps in your emails, please. Who does that?

Number 2 means somebody was lazy, and only included the HTML or the plain-text version of their emails, instead of both. I think that’s what it means. Spam filter rules can be cryptic sometimes (intentionally, perhaps).

But the rest of the detections on that list basically mean that the senders sent way, way too many images, and not enough readable text. Spam filters can’t read images. Spammers know that, so they often send spam that’s nothing but a big, ginormous image. And spam filters know that, so they in turn block email that they can’t read.

The battle between spam filters and spammers is brutal and never ending, and sometimes legit marketers get caught in the crossfire. Understand how both sides work, and do your best to cope.

But don’t try too hard to appease the spam filters. They don’t like that either (looks needy).

Not-So-Common Spam Filter Triggers

During our user research, we found some surprising spam filter triggers. Here are some examples:

• The phrase, “extra inches” will get you a score of 3.1 by spam assassin. The phrase sounds like it came from some kind of “appendage enhancement” pharma-spam, right? Turns out it popped up 4 times in MailChimp, from relaxation & beauty spas. As in, “if your new years resolution is to shed some extra inches off your waistline, come in and…“
• Dear FNAME, = “not very dear at all!” Do you merge the recipient’s FNAME into your messages? If so, don’t use the d-word. Turns out “Dear” will get you 2.7 spam points. That’s about halfway to getting your email blocked. Use something else, like “Howdy.” At MailChimp, we use “dear” in just about all our demo videos and tutorials, because it’s the easiest way to explain mail merge tags. When we say, “Dear *|FNAME|*,” people just get it. We might stop using this example. I’ve written about how  salutations can waste valuable space anyway.
• “Stop Further Distribution” – In your footer, when you give people that unsubscribe link, don’t try to be all official and corporate sounding. The phrase, “stop further distribution” will get you 3.1 spammy points. By the way—”distribution?” Nobody says that.
• “You registered with a partner” – If the body of your email contains that phrase, chances are very good that your email list is not permission-based. This actually sets off a few red flags in MailChimp’s list setup process,  (we get alerted when people enter that into their permission reminder), and I was pleasantly surprised to see that spam filters look for it too.

As you can see, your emails can get flagged as spam, even if you’re not a spammer. Your email delivery can suffer, even from an innocent mistake. If enough innocent mistakes happen, MailChimp’s overall deliverability can suffer. So we’re working on preventing that. Hopefully, you won’t be hearing from us soon.

So we created this: http://caniuseapurchasedemaillist.com/

If you run an abuse desk somewhere, and you’re tired of answering that stupid question over and over, feel free to link people to it. If you’re not sure why importing a purchased email list into a 3rd party ESP is a bad thing, then promptly turn off your computer and unplug it from the wall. Thanks.

He gave me some tips that I could pass on to our readers. So here you go:

• Comcast really, really hates it when you send to an old list (with lots of undeliverable email addresses). If you’ve got too many emails on your list that no longer exist, Comcast will block your IP address. This is a very strong argument for cleaning old, inactive members from your lists. Yes, I know it feels safer to keep old members on the list, because the number of recipients looks so much bigger. Yes, I know your boss keeps telling you not to clean your list, because they don’t want to lose any prospects. But those bad addresses are just holding back your overall deliverability and keeping the good addresses on your list from getting your message. Yes, I have numbers to prove it. In a later post.
• Comcast doesn’t like it if you send too many emails all at once to them (this one’s kind of a no-brainer). Here’s what makes them different: they’ll actually TELL you how many you’re allowed to send at once.
• As you can see from this chart, the rate of emails you’re allowed to send to Comcast at once depends on your IP’s “reputation.”
• Your IP reputation is based on at least two factors: Authentication (a technology standard that’s used to prove an email is not a forgery), and the IP’s “Sender Score” (Your IP’s Sender Score is kind of like a credit rating, and it’s the folks at ReturnPath who issue the score). MailChimp customers – Authentication is free with every MailChimp account, and through our relationship with ReturnPath we monitor our senderscore closely.

For those of you familiar with ISPs and abuse desks in general, none of this is all that new. The interesting stuff is how forthcoming and helpful Comcast is with their error codes and rate limiting charts. Overall, their new Postmaster site is one of the best I’ve ever seen (look at all the handy RSS feeds):

http://postmaster.comcast.net/

If you’re new to all this, and wonder how this applies to you:

• Don’t send to old email addresses. You’ll get yourself (and other innocent senders) blocked.
• At some ISPs, old email addresses get turned into spam traps. You send an email to a spamtrap, and you are instantly blocked. We had a case of a MailChimp user who sent to a 10-yr old email list (totally opt-in, and the guy luckily had IP/timestamps on all subscribers) and one of the addresses had been turned into a spam trap. The impact on his deliverability from a spamtrap hit was instantaneous and dramatic. Keeping his proof of opt-in for so long saved his behind.
• If you’re sending your emails from an ESP (like MailChimp, Constant Contact, etc) that has shared IP ranges, then one bad apple can truly spoil the whole IP range. So it’s important to go with an ESP that closely monitors their deliverability, and punishes bad senders (it’s for the greater good). Quality over quantity.
• Don’t export your entire email address book and assume they all want to receive email newsletters from you. Address book dumps are full of old email addresses, and are one of the most common reasons I see senders get blocked. Other reasons include: Fish bowls, sharing lists, and buying lists.
• If you have an old list of people who opted-in to receive emails from you, but you haven’t sent them an email in a really long time (or ever), then you need to delete any emails older than 1yr, then send the remaining subscribers a “remember me?” welcome email. Here’s a good example.
• If you send emails on a regular basis, and you think your system is cleaning the list for you, you still might want to segment your list by actives vs. inactives.

Comcast isn’t the only ISP that hates it when you send to old/dead lists.  AOL’s postmaster talks about IP reputation and undeliverables here. ReturnPath, the experts on email deliverability, mentions undeliverables here and offers some tips. Laura Atkins from WordtotheWise talks about “Letting Go” of old members.

In general, there’s a shift (again) in the way ISPs and email receivers judge emails as spam or not. Instead of relying on blacklists or focusing on bad content, they’re looking at your overall reputation as a sender. And list cleanliness (undeliverables, hard bounces, spam complaints) are huge factors in determining how clean your list is.

Here’s a good permission reminder:

And here’s a bad one from a campaign that received 300+ abuse complaints:

I wouldn’t go so far as to say this “bad” permission reminder is what caused hundreds of abuse complaints. It’s more of a symptom of a much larger problem. But that’s a topic for another blog post.

Back to the original question: What makes a good permission reminder?

For the most part, if you send true permission-based email marketing, your recipients don’t need permission reminders. They already know how they got on your list. They signed up for it (See Mark Brownlow’s: You’re receiving this email because…yeah I know).

But the permission reminder isn’t just for your recipients’ sake. You see, sometimes email gets reported as spam, even if it’s not. ReturnPath did a survey where 14% of people said they always hit the “report spam” button, even if they signed up for the email. People forget. People are lazy. People are mean.

Inevitably, if you send enough email campaigns, you’ll get reported for spamming. It just happens.

When you get reported for spamming, your email campaign is no longer just a newsletter or promotion. It’s a piece of EVIDENCE.

This evidence will be reviewed by a judge. That “judge” can be an email admin at a major ISP, or an abuse desk manager at a spam firewall company, an IT person at a large corporation, or an angry recipient who just likes to publicly accuse companies of spamming by posting their emails on NANAE.

When your email campaign gets turned into evidence, the permission reminder can become a critical factor in determining whether or not you are a “good guy” a “bad guy” or “an idiot” (idiots are the same as bad guys, for all intents and purposes).

3 Elements of a Good Email Permission Reminder:

1. It’s specific

Your permission reminder should be very thorough in explaining exactly how your recipient got on your email list. This is not the time to be terse. At the same time, you don’t want to list all possible ways someone might’ve been added. For example, if your permission reminder says, “You received this email because you purchased something from our stores, signed up online, dropped a business card in a fish bowl at a tradeshow, or signed up with  a distributor/partner/affiliate sometime in the past” then it’s obvious that you’re a lazy jerk who just exported all your different databases, combined them into one list, and “blasted” an email out. Don’t be a lazy jerk. Setup differnet lists, and send very different welcome emails to them, each with different permission reminders.

Instead of writing, “You’re receiving this email because you’re a customer” try something more like, “You’re receiving this email because you’re a customer who opted-in for emails when you purchased something from our online store.” Or, “You’re receiving this email because you signed up for email specials while making a purchase at one of our stores.”

2. It’s polite

Your permission reminder should be written in a way that shows you genuinely care about your recipients’ privacy, and you know that emailing them is a privilege, not a right. Don’t get me wrong. Your permission reminders don’t need to be full of apologies. Groveling is pathetic, and a waste of time. Just show some genuine concern. Sometimes, “concern” just means “details.”

I’ve seen permission reminders written like, “This is not spam, as defined by U.S. Legislation ID Code 23298.2342.L32 Docket #ABC123.” You know who quotes spam laws? Spammers.

I’ve seen permission reminders like, “This is just a one-time promotion, so there’s no need to report us for spamming.” Just because it’s one time doesn’t mean it’s not spam. It just means I only have to report you for spamming one time. Jerk.

I’ve seen permission reminders like:  “You’re receiving this email from Acme Widgets. If you don’t want them anymore, unsubscribe.” Okay, but I already know I got this email from Acme Widgets, because you said it in the from: line, and your hideous logo is ginormous. The question is, “how the *&%$ did Acme Widgets get my email address?”

Show people that you took the time to write the permission reminder. Because they’re taking the time to read your permission reminder.

3. It’s provable

This is where the “evidence” part comes into play the most. A good permission reminder will include some sort of indisputable proof that the recipient actually gave you permission to email them.

For example, “You are receiving our newsletter because you opted-in for it when you downloaded one of our whitepapers on software engineering.”

With this kind of permission reminder, someone (such as an abuse desk admin at an ISP) can ask the complainer, “The permission reminder says you opted in when you downloaded their whitepaper. Well, did you opt-in, or not?”

Sure, people can lie and say they never heard of you. But any time I’ve ever investigated an abuse report, and had a permission reminder like this, the complainer is usually very honest. I get responses like, “Yes, I signed up for their newsletter, but good grief, they keep sending me the same friggin’ email offers over and over. I just want them to stop.”

In that case, I don’t have to shut down the sender’s account. I can just tell them to stop being sloppy, and try to send more relevant, updated content.

I’ve also received responses from complainers, like, “Yes, the last guy who had this job downloaded that whitepaper, and signed up for those emails, but that idiot used the sales@ email address here, so now I’m getting these emails. Every time I try to call the sender, nobody answers. I just want the emails to stop.” In that case, I can advise the complainer to click the unsubscribe link (or I do it for them).

If possible, you can merge customer information into your permission reminders.

For example, for some of our own MailChimp system alerts, we tell people, “You are receiving this email because you are a registered customer of MailChimp. Your username is ____ and your last login was on ___. ”

I still get complaints from people, but at least they know why they got the email. They’ll write and say things like, “I don’t use MailChimp anymore. Please delete my account.”

Here’s an example of a permission reminder that lacks trackability (I’ve seen this one a lot): “You have received this email because you expressed interest in our product in the past.” Okay, when? How? With whom did I express interest? All this means to me is that you purchased my email address from some affiliate who did the dirty list-aggregation work for you.

Better would be, “You have received this email because you requested more product information from Acme Widgets when you registered your ABC Widget.” Ok, I don’t remember signing up for emails, but I do remember buying an ABC Widget, and I do remember filling out lots of forms for rebates and warranty registration. I’ll give them the benefit of the doubt and just unsubscribe, instead of reporting Acme Widgets for spamming me.

Note: In the above example, it would require Acme Widgets to actually segment their customer lists. Sure, it’s a little extra work, and it would be so much easier to blast out a big campaign to “everyone” instead. But remember #2 above? Showing genuine concern for the recipient? Who’s more important here? What’s a few more clicks in your email marketing system?

The point is, you want to write your permission reminder so that if/when it is turned into evidence, it can boil a dispute down to a simple yes-or-no scenario. Either you have opt-in proof, or not. Done. You don’t necessarily have to merge in the proof, but you should at least imply that you have the proof, if needed. If you can’t do that, the only implication for any judge is that you’re probably sending spam.

Re-cap

So let’s go back to that bad permission reminder, and review why it’s so bad.

To set the stage, the email was sent to members of a non-profit organization. It was a special offer coupon from one of the organization’s largest sponsors (who happens to be a pharmaceutical company). So the only thing recipients saw in the email was a big giant graphic for a pharmaceutical product (assuming the image wasn’t automatically blocked by their email program). No organization logo in the header. No branding of any sort (colors, fonts, graphics, etc). Just a big coupon. Kinda sounds like spam, huh?

Worst of all, the permission reminder did nothing to help. Here’s what I mean:

1. It explains nothing.  It says I received it because of my relationship with a certain organization. Okay, what’s the relationship? Can you be more specific? Why not? Probably because you don’t actually know my relationship, do you? In fact, how do I know you’re not just some 3rd party who purchased my email address from the non-profit? Now I’m angry at two organizations.

2. It shows no concern for my time and privacy. They put together an email that doesn’t even include a company logo. Just a giant coupon for a pharmaceutical product (assuming I can even see that graphic in the first place). How much effort do they devote to respecting my privacy? Ten words. And directly below that, they offer a link to view the email online. That’s like knocking on someone’s door and telling them, “Hi there, I just ran over your dog while pulling into your driveway. Anyways, I’ve got these cool encyclopedias to sell you…”

3. It lacks proof. How does one define a “relationship” with a non-profit? Am I a member? Someone who’s donated something? A volunteer? Employee? The word “relationship” seems deliberately vague, as if to cover all possible bases in case they’re questioned.

A better way of doing this would be:

1. First and foremost, spend some time on the design of this template, for God’s sake. Put the organization’s logo at the top somewhere. Use the organization’s colors. Customize it to show you care.
2. If the email is just going to consist of a big coupon image from a 3rd party, then put some intro text above it. Something like, “Hello ____ members, we’ve got a very special offer from one of our biggest sponsors, ____. We thought you might be able to use this for ________. Or, make up a bogus (but fun) story, like Simple Shoes did here.
3. In the footer, include a permission reminder like, “From time to time, we send special offers from our sponsors to all members of ____. We hope you find them useful. If not, you can unsubscribe from our special offers list here.”

Most people who send true permission-based email marketing have no trouble writing good permission reminders. It’s not rocket science. It should just come naturally. If you find yourself struggling with your permission reminder, it’s probably a sign that you don’t actually have permission. Perhaps you need to re-introduce yourself. Perhaps you need to segment your list to only include those who did give permission.

• Don’t send to a really old list. If you do, ISPs will say, “Siiiigh. Looks like this sucker bought an old email list from a spammer, and is trying to contact a bunch of email addresses that have expired, or never existed in the first place. So let’s block him.” People ditch or change or lose their email addresses after about a year (see this post on address-abandonment from Word To The Wise.). If you haven’t been sending regular email campaigns to your customer list, you’ll need to clean that list out before you begin emailing them any serious campaigns. Note that “clean your list before sending” does not mean, “blast an email, and see who bounces.” Remove emails that are too old, remove “role” email addresses (webmaster@, sales@, info@, etc), and remove anyone that did not specifically request email marketing from you. We’ve heard that there are companies who can clean your list for you, but we’ve never used them ourselves.
• Never, ever, ever purchase an email list. If you want to grow your list, partner with a company that has the same audience that you target, and have them send an email on your behalf in order to get those people to subscribe to your list. Here’s an excellent example of how to do that, and here’s an article with mistakes to avoid.
• Use the confirmed opt-in method on your email signup forms. This method sends a confirmation email that the subscriber has to click in order to complete the subscriber process. If you just use the “single opt-in” method, your list is vulnerable to prank submissions, typos, and spambots that plug in spam trap addresses.
• Never scrape lists from websites, or assume that you can just add “sales@” or “info@” onto the front of a company’s domain name in order to reach its “decision maker.” Yes, I’ve had to shut down accounts for doing such idiotic things with their lists. It only takes one or two spam complaints from these “role addresses” to get yourself blocked. Some websites actually are setup to track email scraping.
• Educate your sales team on email marketing laws and best practices. Tell them they can’t just export a giant email list from your CRM of “prospects I’ve met over the last 10 years at various tradeshows” and “blast an email to ‘em.” It’s possible your sales people don’t care one bit about email etiquette. They just want to make their commissions (which is the way it should be) but there are laws that can land them in jail, or get them fined by the FTC. And jail time and fines can really eat into their commissions. If that doesn’t work, you’ll need to learn how sales people talk. Hint: try some profanity (and here’s a slightly-safer-for-work version).
• If you’re an agency that’s helping a client send email marketing for the first time, here’s a guide on how to tell if your client might be a spammer.
• Don’t just email all the contacts in your Outlook Address Book. There are email addresses in your address book that you probably don’t know are in there, like: tech support contacts from companies you’ve requested help from (techies get really mad when they receive emails from people they don’t recognize, and they know how to report you for it, fast), and companies who’ve sent you email order receipts; friends and family (who may enjoy personal emails from you, but not necessarily your company)
• Tradeshow lists can be dangerous. Here are some tips for dealing with tradeshow email lists.

• If you operate a booth at a tradeshow, and you collect business cards from people who visit the booth, send them a personal, one-to-one email ASAP! (use your Crackberry or laptop) with whatever sales pitch you want to give them, and provide a link to your email subscriber form, so you can stay in regular contact. Actually, don’t just give them a link to your email signup form. You know they won’t subscribe (what’s in it for them?). Give them a link to a landing page on your website with a valuable whitepaper, which also contains a link to “receive our newsletter, which contains even more valuable research.” Even better, insert full page advertisements in your whitepaper, that point back to your newsletter signup form.
• Keep those contacts, but categorize them appropriately. A “lead” that you met at a tradeshow is someone you can keep in your CRM to contact some day (”Hi Bob, we met at the Acme Widgets Show back in ‘05. If you’ve still got a need for enterprise Acme monitoring services, our company just introduced…”). But that “lead” is NOT someone you can add to a big marketing mailing list. If they receive mass email from you out of the blue, they’ll report you for spamming.
• If you operate a tradeshow booth, and the tradeshow host offers to give you an email list of all attendees, that is NOT a list that you can import into your mass marketing list. At best, you can only send them personal, one-to-one messages before the event (from your own email program, not en masse from an email marketing service), inviting them to your booth. Yes, that’s a royal pain in the you-know-what. Which is why the tradeshow organizer should be doing this emailing for you (because recipients will more likely recognize them than you).
• On rare occasions, we’ve seen tradeshow organizers include opt-in checkboxes, where attendees can request emails from exhibitors at the show. If you can confirm this, then the list may be okay to send a mass email to. But you have to do it soon, and it should be in the context of the tradeshow. Your subject line and intro paragraph of the email should be something like, “See you at the Acme Tradeshow” If you just add this “opt-in list” to your general marketing list, and these attendees get your Quarterly Newsletter out of the blue, they’ll have no idea who you are, or that you got their email from the tradeshow. They’ll report you for spamming.
• If you collect email addresses while exhibiting at a tradeshow, consider keeping that as a separate list, or flagging them in your master database as “From Acme Show 2008″ or something. That way, you can see who came from where, and isolate any email delivery problems by “source of list” if you need to. I’ve seen cases of responsible email marketers with huge, clean lists, that randomly decide to import a list of people their sales team met at a tradeshow. Those tradeshow attendees forget who you are, or receive an email they don’t think is relevant, and report the company for spamming. If they can’t delete all those tradeshow attendees from their list, their entire list is basically tainted.
• Fish bowls are a bad, bad idea. For adding emails to your list, that is. If you’re collecting business cards in a fishbowl at your booth (such as for a prize drawing), you can’t just subscribe all the email addresses from those cards to your email marketing list. You can crack-berry those people and ask them if they want to subscribe for email marketing (see the first tip above for specifics). Or, if your fish bowl has a giant sign on it that says, “Enter to win a prize, AND subscribe for email marketing” then you’re probably okay. Just make sure you send your first email marketing campaign to these people soon after the event, and be sure to refer to the tradeshow in that first email to them (”Hi Jane, thanks for visiting our booth at the Acme Tradeshow…”).

It’s written from an abuse-desk point of view, not a legal or “email marketing strateg-ery” point of view. I’ve had to shut down quite a few MailChimp customer accounts who grew their email lists from contests. Not that contests are bad. There are just a few pointers to keep in mind.

Speaking of Practical eCommerce, they just went through a huge website revamp, and it’s really impressive. If you’re a freelancer, web-developer, or vendor, you might want to try  their new online directory.

We’ve been frustrated and bewildered by random Postini blocks ourselves (see here and here). We gave up on trying to contact Postini a while ago.

But just recently, we had a customer sending tests to their VERY large client, and consistently getting blocked by their Postini filters.

We eventually got (real, live) people from Postini on the phone.

It went back and forth for a few days via phone and email. At first, it was the typical Postini situation. They said, “nothing we can do, it’s probably the sender.” So the IT folks at the client said, “it’s not our problem, it’s MailChimp. They’re known spammers” (Sigh. They always assume this, so they can get back to whatever they’re doing).

Then Dan, co-founder here at MailChimp, finally got sick and tired of the blame game and suggested there was a bug in Postini. He did this after thoroughly analyzing the bounce headers with our lead engineer. They discovered our headers were being slightly altered.

The “bug” word escalated things to almighty Google (who had recently acquired Postini). It wasn’t a “spammer or not” issue anymore. Bugs are technical things that can be solved. Not ethical things that are hard to define.

The outcome was that Postini discovered they were slightly altering email headers in a way that was causing false spam filtering by another system (Trend Micro) at the client:

“After investigation from our Engineering group, we have in fact determined this to be a bug with the way our system handles the escaping of characters in e-mail addresses. It seems that we are improperly escaping both the ‘=’ and ‘~’ symbols with a backslash, which your Trend Micro system is rejecting. This has been documented as a bug and out Engineering group is actively working to resolve the problem. Unfortunately I do not have a specific ETA as to when this will be resolved in production.”

The Trend Micro connection explains why some of our clients get past Postini just fine, but others don’t.

If other ESPs are having problems with Postini, we hope this helps in some way. Mysterious Postini issues can make you pull your hair out of your head and kick your dog out of anger. Knowing it’s a bug might make you feel better. You might also investigate whether or not your client is using Trend Micro, or if the bug is causing problems with other systems too. Ahem, feel free to post updates here for the greater good (of balding ESP engineers).