Yahoo adopting Sender Score Certified has positive implications for legitimate email marketers who are already Sender Score Certified, as it will begin to improve their deliverability in Yahoo mail inboxes.  It also means caring about email reputation as a marketer has never been more important.  As more and more ESPs adopt strict, uniform standards for the mail that reaches their customer inboxes, getting a handle on your reputation as a sender could mean the difference between sink or swim. Mailers can apply to become Sender Score Certified at the Return Path site.

How did I get on these lists of annoying mailings? It was my own fault! I bought a phone through a website and hurryingly hit submit before I noticed a box checked allowing partners and affiliates to send me unsolicited email. Read the fine details. I have tried to unsubscribe without success. Now advertisements are sent to me blindly. This all being said, it seems that advertisers and publishers would want their mailings to reach their target audience. It would drive click through sales and increase deliverability. The current system is broken.

~MOE

The suit, filed under the CAN-SPAM Act,  alleges that Guerbuez fraudulently gained access to various Facebook accounts and used them to market male enhancement pills, “legal Marijuana” and ringtones. Facebook claims losses due to harm to it’s reputation and resources spent fighting Guerbuez’s spamming efforts.

More info at links below:

Deborah Gage, San Francisco Chronicle
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/11/24/BUBO14B6J6.DTL

Matt Marshall, Venture Beat
http://venturebeat.com/2008/11/24/facebook-awarded-873-million-in-suit-against-spammer/

Jacqui Cheng, ars technica
http://arstechnica.com/news.ars/post/20081124-facebook-spammer-fined-almost-1-billion-under-can-spam.html

Security and bandwidth issues are definite bonuses with text based emails.  Personally, I wouldn’t go through the trouble to cut and paste a URL just to see what a company is trying to sell me.  After doing a little research, I think that it is a quality way to get into the inbox but probably not the best as far as response.  People are lazy and so am I.  Give me hyperlinks and colorful images to catch my eye (If you want my money).

~Reerun

LashBack executives viewed presentations by key law enforcement officials and members of the anti-spam community, including one by Stuart Paton and Vincent Schonau from top messaging security firm Cloudmark titled Fundamental Principles and Outbound Spam Analysis Studies. To summarize, the presentation noted that webmail is currently the top outbound spam vector.  A small number of IPs are responsible for the majority of webmail spam, but webmail spammers use hundreds of user ID’s for spamming.  The primary threat is currently off-net IPs spamming through webmail of SMTP AUTH.  Because imposing IP based rate limits risks blocking legimitate users, Cloudmark recommends its managed outbound IP reputation service. To control spam sent through webmail, ESPs should limit the number of messages that an IP can send in a day and use volume thresholds to flag suspect sending patterns.

In addition to hearing Cloudmark’s presentation along with many others, we were fortunate enough to meet Hein Dries-Ziekenheiner, LL.M, CEO of VIGILO Consult, who has a thorough background in fighting fraud and criminal activities online.  As a former technical advisor to OPTA, the Netherlands’ enforcement agency, a trained lawyer and former lobbyist, he is an expert on the risks posed by the increase in illegal activity and the requirements this places on business strategy of email marketers.  VIGILO Consult provides consulting services in the area of ICT related public and regulatory affairs, compliance and strategic advice.

In the current uncertain economic situation, both VIGILO and LashBack feel it is important to stay ahead of the competition and online criminals by staying on top of reputation.  Monitoring reputation allows for safe expansion into new markets to diversify revenue.  VIGILO and LashBack are teaming up to provide LashBack clients with two special offers from VIGILO which provide anti-spam forensics to mitigate the effect of criminal activities on reputation.

The services VIGILO provides are an excellent extension to LashBack’s Brand Alert and Compliance services, as they allow clients to identify the appropriate response to any criminal activity impacting their business which requires extensive research to identify the source.  VIGILO can also work with law enforcement to assure the proper potential public penalties as well as assist with any private legal action a client may want to file. Whether you are thinking of expanding your business in the EU or have complex online criminal activity impacting your email marketing program, VIGILO can help you get started. Visit VIGILO’s special page for further information.

Shockingly, however, the study found that as many as 20% of major brands did not immediately respect unsubscribes.  When handling the opt-out process, these companies all sent more than one email after the unsubscribe, and many sent four or more messages.  While many marketers think that the relationship with a consumer ends with the opt-out, sending additional messages could have a seriously negative impact on overall brand image, and may cause customers to stay away for good.

In addition, new CAN-SPAM regulations surrounding unsubscribes specifically make it illegal to require a consumer to log in in order to opt-out.  While most companies provide a landing page confirming the opt out has taken place, some send a confirmation email. Sending an email to confirm an opt-out from emails is controversial and found by many consumers to be a little annoying, as they have just finished asking not to receive any more mail. 

In other cases, forcing the consumer to reply with a message with something like “unsubscribe me” in the subject line is both time-consuming and bothersome.  I have had to fill out one of these emails before and found it to be an unnecessary hoop to jump through as well as inconvenient.  To add, I still received messages from this online clothing merchant after they forced me to mail them an unsubscribe message- and.  Needless to say, I won’t be shopping on their site anymore.

Return Path recommends that companies make the unsubscribe process as simple and convenient for the consumer as possible, as well as consider it a part of their customer relationship, rather than just a technical transaction.  Give departing customers the best possible brand experience and pay attention to the quality of your unsubscribe process with the same fervor as welcome messaging.  The first step to improving the brand experience, is as always, reputation.  Monitoring for compliance provides the necessary foundation for making the unsubscribe process a positve part of your branding strategy.

Meanwhile, Canada is the only G8 country that has yet to pass anti-spam legislation, resulting in reports that spam accounts for nearly 80% of mail in Canadian inboxes. One of Prime Minister Stephen Harper’s campaign promises to protect consumers was to pass anti-spam legislation, and security and privacy experts are eagerly awaiting a follow through.  A lack of regulation on commercial email in Canada not only predicates an increase in fraud and phishing scams that prey on Canadian consumers, but also affects consumers internationally because there is little prosecution authority on Canada-based spammers.

If the aforementioned legislation passes, specifically bill s-235, which is at its second reading stage, reputable email marketers who rely on opt-ins and permission-based lists and follow unsubscribe best practices will not be affected negatively.  Also, certain groups such as charities and political parties would remain exempt. The bill is aimed at sending a strong message to those involved in fraudulent schemes and illegal activity through email and would be a great addition to collective global anti-spam legislation.  Equally important as the legislation is the enforcement behind it.  Any anti-spam legislation passed would need to give the proper amount of authority to enforcement officials and Canadian courts in order to be taken seriously by increasingly bold cyber criminals.

In an effort to homogenize mailing best practices and protect consumer information, the ESPC board has voted to require all members to use at a minimum, MD5 hash encryption.  Because some mailers may need to make system changes to support file encryption, the deadline for implementation is September 1, 2009.  According to the ESPC statement, members will need to provide ESPC staff with a link to a public statement on their respective company websites indicating their support of this encryption requirement.

LashBack has long championed the use of MD5 hash encryption as a key best practice to eliminate threats associated with suppression list abuse.  Other steps marketers can take to protect the integrity of their data include suppression list cleansing services by UnsubCentral, as well as putting enforceable terms in contracts with their affiliates that spell out the consequences of suppression list abuse.

Unscrupulous marketers mailing to consumers who have specifically opted out of your list can have a negative effect on your company’s reputation.  Leaving un-encrypted data vulnerable to third parties might not only lower your deliverability with ISPs, but also damage consumer perceptions of your brand.  The key to controlling and managing relationships with consumers is building trust.  The only way to build a trusted brand is by monitoring what is being sent to your customers and making it a priority to protect their information.

The IAB, in releasing this statement, hopes following these specific email best practices will allow email marketers to increase deliverability, gain the trust of both consumers and advertisers, and encourage responsible actions by all involved in the email ecosystem. LashBack advocates and encourages all who send commercial mail to download this guide to improve best practices and ultimately, performance.

It is unclear whether McColo Corp. will be held liable for any illegal activity.  At present, their website is not accessible. Typically hosts are not responsible for the activities that take place on their servers, except in the case of child pornography.  However, several security researchers claim that the firm is the host for many of the most prolific botnets online as well as more than 40 child-porn sites.  A similar drop in spam volume occurred back in September when Intercage was shut down, but was short-lived as the server found a new home within a week.  According to washingtonpost.com, security experts worry that shutting down the hosting service will cause the illegal activity to spread across multiple networks, thus making it harder to track and more difficult to mitigate.

Click the link below to read the full investigative report from Brian Krebs at washingtonpost.com:

Host of Internet Spam Groups is Cut Off