so if you have role addresses on your account that you know should receive your email marketing, we make you manually input those addresses.

That’s because role addresses are built for functions, not people…

In other words, they’re often forwarded to multiple employees in a company, and they often change owners.  So it’s pretty obvious how sending your newsletter to a role address can lead to spam complaints that jeopardize the deliverability of our system. We even have a handy “tell me more” link to our knowledge base explaining all this, just in case. And manually inputting role addresses is a lot easier than manually begging to get off blacklists. Yet people still complain about having to manually input role addresses.

I think I know why. Even though we explain the reason for doing what we do, we offer no handy tips on how they can solve their problem quickly and easily.

So here’s a way you can deal with this. It’s not going to be super quick and easy, but if you really want those role addresses on your list, and if you really care about deliverability, it’s worth it.

After you import your list into MailChimp, and we provide you with a list of the rejected role addresses, download that list to your computer.

Next, go to the Lists page in MailChimp, and click on the “forms” link for that list you just created:

at the top of the next page, you’ll get a link to your MailChimp-hosted signup form:

Copy that URL.

Now go to your email program and BCC that link to the small handful of subscribers that you know are real human beings and that truly want your email marketing, but who insisted on using a role address when they originally subscribed to your list. I’m assuming it’s a handful. If it’s thousands of role addresses, (where BCC’ing is not a possibility), we’ve got a deeper problem here. Omnivore is likely to shut down your account, because a high percentage of role addresses pretty much smells like a purchased email list.

Anyway, send that handful of addresses a personal note from your own desktop email program, with your own email address as the reply-to, and using your own ISP or company mail server to distribute the message. If the prospect of dealing with the spam complaints and delivery issues that arise from mass-BCC’ing is bothering you now, then yeah—now you know why we feel the way we do about role addresses and preventing abuse complaints.

But if it’s just a handful of people you know, and who are already used to receiving emails from you, everything will be just fine.

Use a personal note like this:

Hello friends, customers, and subscribers.

I’m moving my email marketing to a product called MailChimp. Yeah, the name’s funny and all, but it’s actually a super powerful tool that will make my life a lot easier, and get useful content to you more efficiently and reliably.

Anyway, you signed up to my list a while back using your company’s role address. Something like “sales@” or “webmaster@”

Problem is, MailChimp won’t let me use that role address, because your company might be forwarding incoming mail to multiple people. Furthermore, those people will often change departments. It’s this philosophical thing they have. I dunno.

So this means that if you want to continue receiving my awesome content, please subscribe to my list using your own, individual  email address.

Here’s the link to sign up:

[link to your MailChimp signup form]

Regards,

__________

You might even consider customizing your welcome emails to include some kind of free prize, or free useful resource (like a whitepaper, PDF guide, whatever). That way, in the letter above, you can actually give people an incentive to go through “all that work” of signup up to your list again. Hopefully, your content’s so darn good, they’ll gladly go sign up, regardless of prize (but people still like those prizes!).

Again, we understand that this creates work for you, the publisher, and also work for that handful of recipients who signed up with role addresses. But over the years we’ve seen a lot of people get into a lot of trouble sending emails to role addresses that forward to someone who never signed up for anything.

It’s an unbelievable hassle proving your innocence to all the parties involved. You have to explain your situation to your ESP, the recipient who’s complaining, any ISP abuse desks that are blocking you, and that anti-spam organization that’s now globally blocking all emails that contain your company’s domain name (no matter where or who the emails are sent from).

Trust us. We know it’s an inconvenience, but when it comes to email marketing, an ounce of abuse prevention is worth a pound of role addresses.

In late 2008, MailChimp Labs began Project Omnivore. Our goal was to build a massively scalable tool for our abuse team that could predict bad behavior.

The experiment started with an nVidia Tesla supercomputer, then grew to a cluster of Amazon EC2 servers running a genetic optimization program for 2 weeks nonstop, running over 61 trillion email data comparisons.

This article shares some of the results of our experiment, and where the technology is taking us…

Why Is Omnivore Needed?

You know what the hardest part of running an Email Service Provider (ESP) is? Detecting ignorant spammers. They’re very different from evil spammers. See, it’s pretty easy to detect “evil” spam. You know, the pharmaceutical appendage enhancing stuff, phishing scams, and Nigerian prince (419) junk. Spam filters actually do a really good job of catching the evil stuff nowadays (not perfect, but pretty darn good, all things considered). And most ESPs employ some kind of spam filter (usually a variation of SpamAssassin) to scan outgoing emails in their queue. Either to prevent evil spam from tainting our reputation, or to “grade” the spamminess of a message.

But those spam filters aren’t designed to detect when an ignorant marketer doesn’t realize he’s spamming, and sends a mass email without permission (remember, the definition of spam is “unsolicited bulk email“).

Lack of permission, in an otherwise perfectly legitimate looking business email, is very subtle and much harder to detect.

I’m talking about when a well-meaning small business owner just wants to get the word out about his new store, and “blasts” an unsolicited email to a list he obtained from his local chamber or from a tradeshow. He didn’t mean harm, and he thinks he’s “just doing business,” but he’s actually spamming. While it’s a different flavor of spam, it’s still spam (again, see: definition of spam). This kind of spam is hard to detect because the content is often perfectly fine and doesn’t contain the normal keywords or traits that spam filters are trained to look for. But this flavor of spam can cost an ESP dearly, because they tend to generate the bad kind of engagement (high complaints, high bounces, high unsubs) that can get our IPs blacklisted by email gateways and ISPs.

How exactly does one detect the lack of permission in someone’s account? Across over 230,000 accounts? Sure, we’ve got a well-trained compliance team who can review a new user’s account, and in the blink of an eye, judge whether or not they’re going to cause trouble for us. But as good as we are, a human review team is just not scalable enough to deal with hundreds of thousands of senders. Not to mention that someone we might approve as a “good sender” can eventually become a “bad” sender. Rigorous, 24/7 account review becomes a necessity.

So our abuse desk decided long ago that we had to change the way we think about handling abuse. We began experimenting and analyzing massive amounts of data in 2008, which led to our list activity score feature. The idea here was to stop classifying customers as good or bad (and giving them access to special IP ranges for better deliverability), and start looking at their list management practices instead.

This then led to even more granular analysis: subscriber engagement tracking. We now treat email delivery differently, depending on the engagement level of your subscribers. Which is nice, considering ISPs are also looking at engagement to decide whose emails show up in the inbox or not. As a sender, you can segment your campaigns based on subscriber engagement, or clean out the inactive members.

But it was when we came up with the idea for our freemium plan that we knew we needed a completely automated, intelligent abuse detection system in place. Without a scalable abuse prevention system, there’d be no (scalable) way to protect the deliverability of our servers from the abuse that comes with free. So we stepped up our research and created Omnivore.

What Omnivore Does

Omnivore is a program that runs in the background and analyzes email campaign and user account data. Non-stop.

When it finds anything suspicious about a MailChimp user or his campaigns, it’ll do one of two things:

1. Send the user a warning for something that looks problematic.
2. Suspend a user’s account for something bad, send them a warning, and alert our abuse team to investigate the account.

What Omnivore Doesn’t Do

Most important of all, Omnivore doesn’t replace or reduce our human abuse desk team. And despite what some angry people out there might think (or tweet), Omnivore doesn’t shut down “totally innocent, opt-in users” with “absolutely no warning.” Humans review reports from Omnivore. If an account’s been suspended or flagged by Omnivore for problems, our team investigates. So long as the user is not obviously an evil spammer, we attempt to contact the sender with some advice or instructions for account reinstatement. If you’re curious about how our abuse team makes its decisions, check out these compliance tips.

How Omnivore Works

Chad, our lead engineer, headed up the Omnivore Project. I’ve asked him to provide some technical insight into how it all works.

Ben: Without revealing too much of the secret sauce, how does Omnivore work? I heard the team discussing something about “genetic optimization?”

Chad: Yes, in a nutshell, genetic optimization is a method of determining the best option from a large set of possible choices.  When the universe of possibilities is large enough, it isn’t practical to just try all of them and pick the best – you have to use an optimization algorithm to narrow down on the best choices.  Genetic optimization uses a process that roughly mirrors how natural selection processes can incrementally produce the fittest candidate over many generations, hence the name.  You create a population of possible options, then breed and mutate the top performers until you get a good enough solution to stop. Assuming that choices that are similar to each other will perform similarly, this can get you to a good answer relatively efficiently.

Ben: So how’d you apply that to email marketing and spam?

Chad: We took every bad campaign that had ever been shut down by our human reviewers as well as every bad campaign that managed to get through, and started looking for common patterns.  We know a lot about every campaign that goes through our systems, as well as every list we manage and customer we sign up.  Our human experts had a laundry list of the traits that scream “bad campaign”, but for this thing to scale we needed to be absolutely, mathematically certain.  So we used a series of large scale genetic optimization tests running against every campaign we’ve ever sent to confirm which traits were predictive, and how predictive they were.

We did this for both negative reactions (bounces, unsubscribes, abuse complaints) and signs of engagement (opens, clicks) to give our team a complete picture of the likely results of any campaign, before the campaign is ever sent.  If Omnivore sees something that it’s certain will be bad, it alerts the abuse desk to review the campaign before it’s let through the system.

Ben: I hear you tried this on the machines at the office and they were too slow?

Chad: Right – even early small-scale tests would run for weeks before giving good results. The full tests would have taken years to complete. We ended up getting an nVidia Tesla and writing the process in highly-optimized C code, which was able to give us our preliminary results in a couple of hours. After we knew our algorithm was pretty close to what we wanted, we converted the process to a giant Hadoop Map/Reduce program running on a cluster of Amazon EC2 servers for about 20 days to get the final results for the first version.  Smaller optimization processes still run continuously to test new ideas and refine the model.

Ben: So this is totally different than just checking all outgoing campaigns with a spam filter?

Chad: Yes. It’s using the detailed sender information that we have as an ESP to look for that permission “gray area” mentioned above.

More importantly, we needed to be sure that Omnivore would continue to be efficient and predictive as our customer base grew and morphed after the free program was put into place.  Unlike static rules or blacklist-based methods of detecting spam, all of the major Omnivore systems are learning algorithms that keep up with changing user behavior without losing their predictive power.

Ben: After all is said and done, any fun or surprising observations to share?

Chad: Some traits and keywords that we thought we should focus on were actually poor predictors of bad behavior. For example, highly-targeted campaigns don’t do much better than other campaigns when it comes to abuse or unsubscribe rates.  Other things that you’d think are totally irrelevant at first glance turned out to be effective predictors, like the length of the subject line.

Ben: So a subject line that’s too short, or um — too long — would be a sign of trouble?

Chad: Something like that. Keep in mind it takes a combination of traits that add up in order for Omnivore to determine “this looks like lack of permission.”

Ben: Any other interesting observations?

Chad: When we started this process, we went straight to our team of human reviewers to show us the patterns that they were looking at when evaluating a new customer.  A lot of it was right on the money – particular industries definitely have a profile, and the language used when describing where permission came from is crucially important. However, some of the patterns turned out to be less predictive, like having a mailing address displayed prominently in the content and some of the other details of CAN-SPAM compliance.  It was also a bit surprising to discover exactly how bad most spam filters are at predicting permission issues.  Whether or not a campaign passes any of the free or commercial spam filters generally has little impact on its predicted outcomes.

Results So Far

As MailChimp scales and sends more campaigns, Omnivore will collect more data and adapt. It’s by no means complete. There are switches and knobs we haven’t even turned on yet. We’re currently running some of Omnivore’s scanning in “observation mode,” and not letting it act on anything. As it gets smarter, we’ll gradually activate more functionality and grant it more decision-making power.

But so far, here are some of the results:

• As of January 6, 2010, Omnivore has automatically sent 19,581 warnings to 9,349 users for exhibiting bad behavior. Of course, we also include tips and pointers on how they can change their ways.
• Omnivore has automatically suspended 2,249 users since September 1st 2009.
• 861 of those users ultimately had to be shut down. We hate losing customers (because we love money), but no customer is worth jeopardizing the deliverability and reputation of our entire system.

Looking ahead (literally)

The reason we built Omnivore was because we wanted to change the way we think about abuse. The project involved so much data crunching that it resulted in some interesting byproducts. Our subject line suggester is one example, as well as the engagement ranking and segmenting tools we mentioned earlier.

But Omnivore is learning more every day, and is actually getting good at predicting not just bad behavior, but good behavior too. Here’s a snapshot from our internal dashboard:

As you can see, Omnivore’s predicting open and click rates for this particular campaign, along with the “bad” stuff. As we feed it more data, the margin of error narrows, making it a powerful new feature we could be offering to our customers one day.

Omnivore’s predictive reporting is changing the way we deal with abuse, but might end up changing the way we think about email marketing in general.

MailChimp’s abuse desk runs Cloudmark to perform occasional “customer audits.” We basically scan for problem campaigns on our system that might jeopardize the deliverability of our servers. What’s Cloudmark, why do we use it, and how does it work?

Cloudmark is an advanced “message security” system that protects more than 300 million inboxes and works with more than 100 of the world’s largest ISPs and mobile operator networks such as EarthLink, Comcast, Cablevision, Charter Communications, Cox Communications, NTT Communications, Sprint Nextel, Virgin Media and Swisscom, as well as hosted messaging providers, including domainFACTORY and NuVox.

So if you send lots of email marketing, it’s kind of important to know who they are.

But how does their spam filtering technology (its fingerprinting algorithm) work?

Well, it’s a secret. Understandably so, because if they told everyone how they work, that would kind of defeat the purpose.

But here’s what they will tell you (from their website sales material):

Cloudmark’s Advanced Message Fingerprinting™ algorithms were designed to target sophisticated spamming and virus proliferation techniques. Unlike rules, Cloudmark fingerprinting algorithms are extremely lightweight, each optimized to perform only minimal processing on a message. As a result, message throughput is extremely fast and less processing CPU is required.

And here’s how they explain their Fingerprinting algorithm:

So they’re taking chunks of your message (which I assume could be content, senderscore reputation, and code), and taking it out of the context of your email campaign. I don’t know if this is done for speed, or as some kind of “double blind” methodology or what. Then they classify the chunks into “fingerprints.” Then, they compare those fingerprints from your campaign with other fingerprints in their database that have been classified as spam.

This is where I invite any geek out there who knows way better than me to please comment below. Please.

What to do if Cloudmark blocks you

If you get blocked by Cloudmark (and our abuse desk sent you to this page), our recommendation is to take a long, hard look at your content. There’s something in there that looks spammy. Given that Cloudmark is installed across 300 million inboxes and +100 ISPs around the world, it’s safe to say that your campaign looks spammy to a LOT of people.

If you’re not sure what “looks spammy” means, I’m not so sure you’re ready to be sending lots of email marketing.

Okay, maybe that was a bit out of line. I work at the abuse desk, so I get jaded sometimes. So here are a couple resources you need to read quick:

• Most common spam filters triggered by MailChimp users
• How spam filters think, and how to avoid them

If you’re looking for a simple, silver bullet kind of answer for “how to just get me past the spam filters” prepare to be frustrated. There is no single answer. The best answer I’ve been able to tell people is:

1. Open up your email program’s junk folder.
2. Look at what spammers do.
3. Then, don’t do that.

Cloudmark is everywhere

We’re members of the ESPC, and once sat in on a presentation that Cloudmark gave to the group. It was fascinating. Mostly because it was a “marketing guy” talking, who actually knew his stuff. No offense to marketing guys or anything. He knew about this stuff, and in the cases where he didn’t, he was smart enough to admit it. I distinctly remember a slide in his presentation where he showed almost every single major ISP in North America using Cloudmark. IIRC, the only ISP not on the list was AOL. They’re even partnered with ReturnPath (who we’re also partnered with) so that they can pull in sender reputation data.

If you run an ESP (and manage the abuse desk at an ESP), it’s the kind of slide that makes you gulp really loud. So I’m really glad we’ve got this in place for our abuse desk. I’ll post something later about how we’re using it to make better decisions about email abuse, who we warn, who we suspend, and who we shut down.

The backstory is a MailChimp customer sent a campaign to an email list that they collected at an event a long, long time ago (Related: How old lists will kill your deliverability). One of their recipients forgot who the @#%& the sender was, and reported the email to SpamCop.

Forget about the whole issue of whether or not the sender is an innocent victim here, because their list was ‘opt-in.’

What really matters is the sender’s domain name could be tainted, and all their emails (no matter where they send from) could be blocked all over the globe.

Here’s how that happens.

See the “spamvertized web site” links in the screenshot?

Those are some of the domains that SpamCop found in the reported email.

The 3 domains that you see in the screenshot above belong to MailChimp.

The domains listed below them (that you can’t see) are domains that belong to the sender of the email campaign (I’m protecting their privacy here).

There are 3 ways we can get our domains de-listed from SpamCop:

1. Shut down the sender (the fastest way to get delisted)
2. Respond to this report, and provide documentation that proves the sender obtained opt-in permission from the recipient, so “as you can see, this is all probably a simple misunderstanding.”
3. It behooves me not to tell you the third way.

One way or another, MailChimp’s Abuse Desk will get our domains delisted from SpamCop. But if we find out that someone has intentionally violated our terms of use, how hard do you think we’ll try to get the sender’s domain names delisted?

If we find out the sender purchased an email list, or they had an old email list and thought MailChimp would be a convenient way to “clean it,” we’re not exactly going to go out of our way to help their domains get delisted from SpamCop as we show them out the door.

The point I’m trying to make is that anti-spam systems “remember” domain names that they find inside of reported spam.

So if we end up deciding to shut down this MailChimp customer with extreme prejudice, and they move to some other email service provider (ESP), their domain will still be remembered as an abuser by SpamCop (and probably other email gateways and firewalls around the globe too).

If you have bad email management practices, you can run, but you can’t hide from your own email reputation.

How do you prevent this from happening to your company’s reputation?

• Never send unwanted email
• Don’t surprise anybody with emails they wouldn’t expect
• Don’t assume that people on your list remember who you are
• Don’t send to old email addresses
• Collect proof of opt-in, just in case you’re reported to SpamCop. Without it, ESPs have little recourse but to shut down your account.
• In your emails, always include some kind of reminder as to how you got the recipient’s email address (you’re receiving this email because…”). Bare minimum, put that in your footer. If it’s your first email campaign, consider making it your first paragraph.

We’re not planning to expose any secret formulas, or help customers “get around spam filters.” It’s more of a behind-the-scenes, “big brother” tool to help us catch exceptionally bad campaigns before they get sent. That’s the idea, at least, and we’re not sure when this’ll go live.

For now, we’re doing research. We’re currently scanning a few hundred thousand campaigns sent through MailChimp over the years, to see how many “false positives” we might trigger.

In the process, we’re uncovering a lot of innocent mistakes made by senders, plus a few surprises.

We’ve written about How Spam Filters Work in the past. Basically, spam filters look for certain “spammy criteria” in your messages. Each criteria gets a different score. Your message’s total score determines whether or not you’re blocked.

For example, putting the word “viagra” in your subject line is dangerous, for obvious reasons.

There are other, not-so-obvious criteria used by spam filters too. Like poorly coded HTML (spammers are notoriously bad coders). Or my personal favorite, using Microsoft Front Page. Ha. Also, simply using the word “Oprah” will get you a few points (for the record, the spam filters probably have nothing against Oprah—methinks her name is just used a lot by spammers).

If this is new and fascinating to you, I encourage you to read How Spam Filters Work.

Anyway, we’re looking at the most common triggers that MailChimp customers have been setting off.

Some of them are pretty surprising.

Top 10 Most Common Spam Filter Triggers

By far, the most common reason MailChimp customers have been flagged by spam filters is “too many images, not enough text.” This is a very common mistake (see: Stupid HTML Email Design Mistakes), and I’ve blogged about this in the past. Over and over. (See: How Your Email Designs Can Get You Blacklisted, and this and this).

Anyway, here’s the top 10 list of spam filter criteria that MailChimp users are most guilty of. I’ve included the corresponding number of detected matches (keep in mind the system is not done scanning—it might take another week to finish):

1. BODY: HTML has a low ratio of text to image area    (1,217 matches)
2. BODY: Message only has text/html MIME parts    (971)
3. BODY: HTML has a low ratio of text to image area    (729)
4. BODY: HTML and text parts are different    (625)
5. Subject is all capitals    (324)
6. BODY: HTML and text parts are different    (279)
7. BODY: HTML: images with 2400-2800 bytes of words    (211)
8. BODY: HTML: images with 2000-2400 bytes of words    (194)
9. BODY: HTML: images with 1200-1600 bytes of words    (178)
10. BODY: HTML: images with 1600-2000 bytes of words    (178)

Number 5 is just idiotic. TYPING IN ALL CAPS = SCREAMING AND IS RUDE. Don’t type in all caps in your emails, please. Who does that?

Number 2 means somebody was lazy, and only included the HTML or the plain-text version of their emails, instead of both. I think that’s what it means. Spam filter rules can be cryptic sometimes (intentionally, perhaps).

But the rest of the detections on that list basically mean that the senders sent way, way too many images, and not enough readable text. Spam filters can’t read images. Spammers know that, so they often send spam that’s nothing but a big, ginormous image. And spam filters know that, so they in turn block email that they can’t read.

The battle between spam filters and spammers is brutal and never ending, and sometimes legit marketers get caught in the crossfire. Understand how both sides work, and do your best to cope.

But don’t try too hard to appease the spam filters. They don’t like that either (looks needy).

Not-So-Common Spam Filter Triggers

During our user research, we found some surprising spam filter triggers. Here are some examples:

• The phrase, “extra inches” will get you a score of 3.1 by spam assassin. The phrase sounds like it came from some kind of “appendage enhancement” pharma-spam, right? Turns out it popped up 4 times in MailChimp, from relaxation & beauty spas. As in, “if your new years resolution is to shed some extra inches off your waistline, come in and…“
• Dear FNAME, = “not very dear at all!” Do you merge the recipient’s FNAME into your messages? If so, don’t use the d-word. Turns out “Dear” will get you 2.7 spam points. That’s about halfway to getting your email blocked. Use something else, like “Howdy.” At MailChimp, we use “dear” in just about all our demo videos and tutorials, because it’s the easiest way to explain mail merge tags. When we say, “Dear *|FNAME|*,” people just get it. We might stop using this example. I’ve written about how  salutations can waste valuable space anyway.
• “Stop Further Distribution” – In your footer, when you give people that unsubscribe link, don’t try to be all official and corporate sounding. The phrase, “stop further distribution” will get you 3.1 spammy points. By the way—”distribution?” Nobody says that.
• “You registered with a partner” – If the body of your email contains that phrase, chances are very good that your email list is not permission-based. This actually sets off a few red flags in MailChimp’s list setup process,  (we get alerted when people enter that into their permission reminder), and I was pleasantly surprised to see that spam filters look for it too.

As you can see, your emails can get flagged as spam, even if you’re not a spammer. Your email delivery can suffer, even from an innocent mistake. If enough innocent mistakes happen, MailChimp’s overall deliverability can suffer. So we’re working on preventing that. Hopefully, you won’t be hearing from us soon.

So we created this: http://caniuseapurchasedemaillist.com/

If you run an abuse desk somewhere, and you’re tired of answering that stupid question over and over, feel free to link people to it. If you’re not sure why importing a purchased email list into a 3rd party ESP is a bad thing, then promptly turn off your computer and unplug it from the wall. Thanks.

He gave me some tips that I could pass on to our readers. So here you go:

• Comcast really, really hates it when you send to an old list (with lots of undeliverable email addresses). If you’ve got too many emails on your list that no longer exist, Comcast will block your IP address. This is a very strong argument for cleaning old, inactive members from your lists. Yes, I know it feels safer to keep old members on the list, because the number of recipients looks so much bigger. Yes, I know your boss keeps telling you not to clean your list, because they don’t want to lose any prospects. But those bad addresses are just holding back your overall deliverability and keeping the good addresses on your list from getting your message. Yes, I have numbers to prove it. In a later post.
• Comcast doesn’t like it if you send too many emails all at once to them (this one’s kind of a no-brainer). Here’s what makes them different: they’ll actually TELL you how many you’re allowed to send at once.
• As you can see from this chart, the rate of emails you’re allowed to send to Comcast at once depends on your IP’s “reputation.”
• Your IP reputation is based on at least two factors: Authentication (a technology standard that’s used to prove an email is not a forgery), and the IP’s “Sender Score” (Your IP’s Sender Score is kind of like a credit rating, and it’s the folks at ReturnPath who issue the score). MailChimp customers – Authentication is free with every MailChimp account, and through our relationship with ReturnPath we monitor our senderscore closely.

For those of you familiar with ISPs and abuse desks in general, none of this is all that new. The interesting stuff is how forthcoming and helpful Comcast is with their error codes and rate limiting charts. Overall, their new Postmaster site is one of the best I’ve ever seen (look at all the handy RSS feeds):

http://postmaster.comcast.net/

If you’re new to all this, and wonder how this applies to you:

• Don’t send to old email addresses. You’ll get yourself (and other innocent senders) blocked.
• At some ISPs, old email addresses get turned into spam traps. You send an email to a spamtrap, and you are instantly blocked. We had a case of a MailChimp user who sent to a 10-yr old email list (totally opt-in, and the guy luckily had IP/timestamps on all subscribers) and one of the addresses had been turned into a spam trap. The impact on his deliverability from a spamtrap hit was instantaneous and dramatic. Keeping his proof of opt-in for so long saved his behind.
• If you’re sending your emails from an ESP (like MailChimp, Constant Contact, etc) that has shared IP ranges, then one bad apple can truly spoil the whole IP range. So it’s important to go with an ESP that closely monitors their deliverability, and punishes bad senders (it’s for the greater good). Quality over quantity.
• Don’t export your entire email address book and assume they all want to receive email newsletters from you. Address book dumps are full of old email addresses, and are one of the most common reasons I see senders get blocked. Other reasons include: Fish bowls, sharing lists, and buying lists.
• If you have an old list of people who opted-in to receive emails from you, but you haven’t sent them an email in a really long time (or ever), then you need to delete any emails older than 1yr, then send the remaining subscribers a “remember me?” welcome email. Here’s a good example.
• If you send emails on a regular basis, and you think your system is cleaning the list for you, you still might want to segment your list by actives vs. inactives.

Comcast isn’t the only ISP that hates it when you send to old/dead lists.  AOL’s postmaster talks about IP reputation and undeliverables here. ReturnPath, the experts on email deliverability, mentions undeliverables here and offers some tips. Laura Atkins from WordtotheWise talks about “Letting Go” of old members.

In general, there’s a shift (again) in the way ISPs and email receivers judge emails as spam or not. Instead of relying on blacklists or focusing on bad content, they’re looking at your overall reputation as a sender. And list cleanliness (undeliverables, hard bounces, spam complaints) are huge factors in determining how clean your list is.

Here’s a good permission reminder:

And here’s a bad one from a campaign that received 300+ abuse complaints:

I wouldn’t go so far as to say this “bad” permission reminder is what caused hundreds of abuse complaints. It’s more of a symptom of a much larger problem. But that’s a topic for another blog post.

Back to the original question: What makes a good permission reminder?

For the most part, if you send true permission-based email marketing, your recipients don’t need permission reminders. They already know how they got on your list. They signed up for it (See Mark Brownlow’s: You’re receiving this email because…yeah I know).

But the permission reminder isn’t just for your recipients’ sake. You see, sometimes email gets reported as spam, even if it’s not. ReturnPath did a survey where 14% of people said they always hit the “report spam” button, even if they signed up for the email. People forget. People are lazy. People are mean.

Inevitably, if you send enough email campaigns, you’ll get reported for spamming. It just happens.

When you get reported for spamming, your email campaign is no longer just a newsletter or promotion. It’s a piece of EVIDENCE.

This evidence will be reviewed by a judge. That “judge” can be an email admin at a major ISP, or an abuse desk manager at a spam firewall company, an IT person at a large corporation, or an angry recipient who just likes to publicly accuse companies of spamming by posting their emails on NANAE.

When your email campaign gets turned into evidence, the permission reminder can become a critical factor in determining whether or not you are a “good guy” a “bad guy” or “an idiot” (idiots are the same as bad guys, for all intents and purposes).

3 Elements of a Good Email Permission Reminder:

1. It’s specific

Your permission reminder should be very thorough in explaining exactly how your recipient got on your email list. This is not the time to be terse. At the same time, you don’t want to list all possible ways someone might’ve been added. For example, if your permission reminder says, “You received this email because you purchased something from our stores, signed up online, dropped a business card in a fish bowl at a tradeshow, or signed up with  a distributor/partner/affiliate sometime in the past” then it’s obvious that you’re a lazy jerk who just exported all your different databases, combined them into one list, and “blasted” an email out. Don’t be a lazy jerk. Setup differnet lists, and send very different welcome emails to them, each with different permission reminders.

Instead of writing, “You’re receiving this email because you’re a customer” try something more like, “You’re receiving this email because you’re a customer who opted-in for emails when you purchased something from our online store.” Or, “You’re receiving this email because you signed up for email specials while making a purchase at one of our stores.”

2. It’s polite

Your permission reminder should be written in a way that shows you genuinely care about your recipients’ privacy, and you know that emailing them is a privilege, not a right. Don’t get me wrong. Your permission reminders don’t need to be full of apologies. Groveling is pathetic, and a waste of time. Just show some genuine concern. Sometimes, “concern” just means “details.”

I’ve seen permission reminders written like, “This is not spam, as defined by U.S. Legislation ID Code 23298.2342.L32 Docket #ABC123.” You know who quotes spam laws? Spammers.

I’ve seen permission reminders like, “This is just a one-time promotion, so there’s no need to report us for spamming.” Just because it’s one time doesn’t mean it’s not spam. It just means I only have to report you for spamming one time. Jerk.

I’ve seen permission reminders like:  “You’re receiving this email from Acme Widgets. If you don’t want them anymore, unsubscribe.” Okay, but I already know I got this email from Acme Widgets, because you said it in the from: line, and your hideous logo is ginormous. The question is, “how the *&%$ did Acme Widgets get my email address?”

Show people that you took the time to write the permission reminder. Because they’re taking the time to read your permission reminder.

3. It’s provable

This is where the “evidence” part comes into play the most. A good permission reminder will include some sort of indisputable proof that the recipient actually gave you permission to email them.

For example, “You are receiving our newsletter because you opted-in for it when you downloaded one of our whitepapers on software engineering.”

With this kind of permission reminder, someone (such as an abuse desk admin at an ISP) can ask the complainer, “The permission reminder says you opted in when you downloaded their whitepaper. Well, did you opt-in, or not?”

Sure, people can lie and say they never heard of you. But any time I’ve ever investigated an abuse report, and had a permission reminder like this, the complainer is usually very honest. I get responses like, “Yes, I signed up for their newsletter, but good grief, they keep sending me the same friggin’ email offers over and over. I just want them to stop.”

In that case, I don’t have to shut down the sender’s account. I can just tell them to stop being sloppy, and try to send more relevant, updated content.

I’ve also received responses from complainers, like, “Yes, the last guy who had this job downloaded that whitepaper, and signed up for those emails, but that idiot used the sales@ email address here, so now I’m getting these emails. Every time I try to call the sender, nobody answers. I just want the emails to stop.” In that case, I can advise the complainer to click the unsubscribe link (or I do it for them).

If possible, you can merge customer information into your permission reminders.

For example, for some of our own MailChimp system alerts, we tell people, “You are receiving this email because you are a registered customer of MailChimp. Your username is ____ and your last login was on ___. ”

I still get complaints from people, but at least they know why they got the email. They’ll write and say things like, “I don’t use MailChimp anymore. Please delete my account.”

Here’s an example of a permission reminder that lacks trackability (I’ve seen this one a lot): “You have received this email because you expressed interest in our product in the past.” Okay, when? How? With whom did I express interest? All this means to me is that you purchased my email address from some affiliate who did the dirty list-aggregation work for you.

Better would be, “You have received this email because you requested more product information from Acme Widgets when you registered your ABC Widget.” Ok, I don’t remember signing up for emails, but I do remember buying an ABC Widget, and I do remember filling out lots of forms for rebates and warranty registration. I’ll give them the benefit of the doubt and just unsubscribe, instead of reporting Acme Widgets for spamming me.

Note: In the above example, it would require Acme Widgets to actually segment their customer lists. Sure, it’s a little extra work, and it would be so much easier to blast out a big campaign to “everyone” instead. But remember #2 above? Showing genuine concern for the recipient? Who’s more important here? What’s a few more clicks in your email marketing system?

The point is, you want to write your permission reminder so that if/when it is turned into evidence, it can boil a dispute down to a simple yes-or-no scenario. Either you have opt-in proof, or not. Done. You don’t necessarily have to merge in the proof, but you should at least imply that you have the proof, if needed. If you can’t do that, the only implication for any judge is that you’re probably sending spam.

Re-cap

So let’s go back to that bad permission reminder, and review why it’s so bad.

To set the stage, the email was sent to members of a non-profit organization. It was a special offer coupon from one of the organization’s largest sponsors (who happens to be a pharmaceutical company). So the only thing recipients saw in the email was a big giant graphic for a pharmaceutical product (assuming the image wasn’t automatically blocked by their email program). No organization logo in the header. No branding of any sort (colors, fonts, graphics, etc). Just a big coupon. Kinda sounds like spam, huh?

Worst of all, the permission reminder did nothing to help. Here’s what I mean:

1. It explains nothing.  It says I received it because of my relationship with a certain organization. Okay, what’s the relationship? Can you be more specific? Why not? Probably because you don’t actually know my relationship, do you? In fact, how do I know you’re not just some 3rd party who purchased my email address from the non-profit? Now I’m angry at two organizations.

2. It shows no concern for my time and privacy. They put together an email that doesn’t even include a company logo. Just a giant coupon for a pharmaceutical product (assuming I can even see that graphic in the first place). How much effort do they devote to respecting my privacy? Ten words. And directly below that, they offer a link to view the email online. That’s like knocking on someone’s door and telling them, “Hi there, I just ran over your dog while pulling into your driveway. Anyways, I’ve got these cool encyclopedias to sell you…”

3. It lacks proof. How does one define a “relationship” with a non-profit? Am I a member? Someone who’s donated something? A volunteer? Employee? The word “relationship” seems deliberately vague, as if to cover all possible bases in case they’re questioned.

A better way of doing this would be:

1. First and foremost, spend some time on the design of this template, for God’s sake. Put the organization’s logo at the top somewhere. Use the organization’s colors. Customize it to show you care.
2. If the email is just going to consist of a big coupon image from a 3rd party, then put some intro text above it. Something like, “Hello ____ members, we’ve got a very special offer from one of our biggest sponsors, ____. We thought you might be able to use this for ________. Or, make up a bogus (but fun) story, like Simple Shoes did here.
3. In the footer, include a permission reminder like, “From time to time, we send special offers from our sponsors to all members of ____. We hope you find them useful. If not, you can unsubscribe from our special offers list here.”

Most people who send true permission-based email marketing have no trouble writing good permission reminders. It’s not rocket science. It should just come naturally. If you find yourself struggling with your permission reminder, it’s probably a sign that you don’t actually have permission. Perhaps you need to re-introduce yourself. Perhaps you need to segment your list to only include those who did give permission.

• Don’t send to a really old list. If you do, ISPs will say, “Siiiigh. Looks like this sucker bought an old email list from a spammer, and is trying to contact a bunch of email addresses that have expired, or never existed in the first place. So let’s block him.” People ditch or change or lose their email addresses after about a year (see this post on address-abandonment from Word To The Wise.). If you haven’t been sending regular email campaigns to your customer list, you’ll need to clean that list out before you begin emailing them any serious campaigns. Note that “clean your list before sending” does not mean, “blast an email, and see who bounces.” Remove emails that are too old, remove “role” email addresses (webmaster@, sales@, info@, etc), and remove anyone that did not specifically request email marketing from you. We’ve heard that there are companies who can clean your list for you, but we’ve never used them ourselves.
• Never, ever, ever purchase an email list. If you want to grow your list, partner with a company that has the same audience that you target, and have them send an email on your behalf in order to get those people to subscribe to your list. Here’s an excellent example of how to do that, and here’s an article with mistakes to avoid.
• Use the confirmed opt-in method on your email signup forms. This method sends a confirmation email that the subscriber has to click in order to complete the subscriber process. If you just use the “single opt-in” method, your list is vulnerable to prank submissions, typos, and spambots that plug in spam trap addresses.
• Never scrape lists from websites, or assume that you can just add “sales@” or “info@” onto the front of a company’s domain name in order to reach its “decision maker.” Yes, I’ve had to shut down accounts for doing such idiotic things with their lists. It only takes one or two spam complaints from these “role addresses” to get yourself blocked. Some websites actually are setup to track email scraping.
• Educate your sales team on email marketing laws and best practices. Tell them they can’t just export a giant email list from your CRM of “prospects I’ve met over the last 10 years at various tradeshows” and “blast an email to ‘em.” It’s possible your sales people don’t care one bit about email etiquette. They just want to make their commissions (which is the way it should be) but there are laws that can land them in jail, or get them fined by the FTC. And jail time and fines can really eat into their commissions. If that doesn’t work, you’ll need to learn how sales people talk. Hint: try some profanity (and here’s a slightly-safer-for-work version).
• If you’re an agency that’s helping a client send email marketing for the first time, here’s a guide on how to tell if your client might be a spammer.
• Don’t just email all the contacts in your Outlook Address Book. There are email addresses in your address book that you probably don’t know are in there, like: tech support contacts from companies you’ve requested help from (techies get really mad when they receive emails from people they don’t recognize, and they know how to report you for it, fast), and companies who’ve sent you email order receipts; friends and family (who may enjoy personal emails from you, but not necessarily your company)
• Tradeshow lists can be dangerous. Here are some tips for dealing with tradeshow email lists.

• If you operate a booth at a tradeshow, and you collect business cards from people who visit the booth, send them a personal, one-to-one email ASAP! (use your Crackberry or laptop) with whatever sales pitch you want to give them, and provide a link to your email subscriber form, so you can stay in regular contact. Actually, don’t just give them a link to your email signup form. You know they won’t subscribe (what’s in it for them?). Give them a link to a landing page on your website with a valuable whitepaper, which also contains a link to “receive our newsletter, which contains even more valuable research.” Even better, insert full page advertisements in your whitepaper, that point back to your newsletter signup form.
• Keep those contacts, but categorize them appropriately. A “lead” that you met at a tradeshow is someone you can keep in your CRM to contact some day (”Hi Bob, we met at the Acme Widgets Show back in ‘05. If you’ve still got a need for enterprise Acme monitoring services, our company just introduced…”). But that “lead” is NOT someone you can add to a big marketing mailing list. If they receive mass email from you out of the blue, they’ll report you for spamming.
• If you operate a tradeshow booth, and the tradeshow host offers to give you an email list of all attendees, that is NOT a list that you can import into your mass marketing list. At best, you can only send them personal, one-to-one messages before the event (from your own email program, not en masse from an email marketing service), inviting them to your booth. Yes, that’s a royal pain in the you-know-what. Which is why the tradeshow organizer should be doing this emailing for you (because recipients will more likely recognize them than you).
• On rare occasions, we’ve seen tradeshow organizers include opt-in checkboxes, where attendees can request emails from exhibitors at the show. If you can confirm this, then the list may be okay to send a mass email to. But you have to do it soon, and it should be in the context of the tradeshow. Your subject line and intro paragraph of the email should be something like, “See you at the Acme Tradeshow” If you just add this “opt-in list” to your general marketing list, and these attendees get your Quarterly Newsletter out of the blue, they’ll have no idea who you are, or that you got their email from the tradeshow. They’ll report you for spamming.
• If you collect email addresses while exhibiting at a tradeshow, consider keeping that as a separate list, or flagging them in your master database as “From Acme Show 2008″ or something. That way, you can see who came from where, and isolate any email delivery problems by “source of list” if you need to. I’ve seen cases of responsible email marketers with huge, clean lists, that randomly decide to import a list of people their sales team met at a tradeshow. Those tradeshow attendees forget who you are, or receive an email they don’t think is relevant, and report the company for spamming. If they can’t delete all those tradeshow attendees from their list, their entire list is basically tainted.
• Fish bowls are a bad, bad idea. For adding emails to your list, that is. If you’re collecting business cards in a fishbowl at your booth (such as for a prize drawing), you can’t just subscribe all the email addresses from those cards to your email marketing list. You can crack-berry those people and ask them if they want to subscribe for email marketing (see the first tip above for specifics). Or, if your fish bowl has a giant sign on it that says, “Enter to win a prize, AND subscribe for email marketing” then you’re probably okay. Just make sure you send your first email marketing campaign to these people soon after the event, and be sure to refer to the tradeshow in that first email to them (”Hi Jane, thanks for visiting our booth at the Acme Tradeshow…”).