June 10, 2004
Event Wrap-up

Show Notes From INBOX Email Event in San Jose: Whitelisting is Hottest Topic - Should You Pay?

SUMMARY: Major emailers, broadcast firms, filter vendors, corporate mail managers, and ISPs all converged for three days in San Jose last week. MarketingSherpa Editor Janet Roberts reports the topic that obsessed everyone was - you guessed it - getting good mail delivered while filtering out the bad stuff.



Here are her notes from the show, including an update on AOL whitelisting (make sure your email tech team acts on this), and the big debate/headache over possibly paying for whitelisting:
The stakes are about to go a lot higher in email delivery, but there are things you can do to protect your company and its campaigns.

Here's what we learned over three days at INBOX: The Email Event in San Jose:

-- ISPs and others that determine whether or not your email goes through are going to demand a lot more information that proves your email is actually coming from you and not a spammer.

-- You're probably going to have to pay-to-play to some extent, either to a for-profit or not-for-profit whitelisting service.

-- ISPs really do what to hear from you before you have problems rather than just when something goes wrong. But you'll have to track them down first.

Here are the details with comment on how it will affect your operations:

Trend No. 1: More ISPs Will Demand Authorization

Because most of the event attendees worked on the network or system-design end of the email industry, the big talk was how the merging of Microsoft's CallerID and POBox.com founder Meng Weng Wong's Sender Policy Framework either will or won't help reduce the flood of spam email -- both the relatively benign commercial stuff and the more malicious virus and phishing (fraud) messages.

The merged format -- which conference attendees dubbed SenderID for now -- will require anybody sending email to publish records showing that they're authorized to send email from their addresses.

Ask your IT or database manager and/or your email broadcast vendor whether your company is ready to publish a Sender Policy Framework record that allows a receiving company, such as AOL, to double-check your outbound mail server's IP address and verify that you are who you claim you are.

You'll see an immediate effect of this if you're on AOL's whitelist. By the end of this summer or thereabouts, AOL will require that everyone on the whitelist must publish SPF records. (Or, you'll be booted.)

We recommend you do it ASAP because some ISPs and others in the technical community investigating SenderID want to start testing how well it works on whitelisting within 30 days.

Technically, an SPF record is a line of code that gets added to your Domain Name Server code, which ISPs already query before deciding whether to let your email in or not.

It might sound intimidating, but your IT staff or your email broadcast vendor, if you have one, should be able to handle this for you.

In fact, some vendors, including DoubleClick, Constant Contact and EmailLabs, already are jumping on the SPF bandwagon and offering to publish their clients' SPF records as part of their regular service.

(A link to SPF's homepage, which lays out the technical requirements and how to publish, is at the end.)

How will this affect you?

Laura Atkins, president of the nonprofit SpamCon Foundation, said: "In the short run not much, I don't think. In the longer term, it will change how some of the ISPs are running their whitelists and managing their blocking.

"There will be less reliance on IP based blocking and
more weight put on authentication, even weak authentication like SPF and Caller ID."

What's the first thing email marketers should do?

Atkins: "Start publishing SPF v.1 records now. This is what we're advising all our clients.

"They should also start looking at DomainKeys and evaluating how they could be implemented. The rollout for DK is longer and more complicated for SPF, but is a better protocol in many ways."

So why bother now? SPF's backers want you to do it because it's good business:

"If you are not authenticated, your brand is in danger and it will be a hit on your balance sheet," said Dave Anderson, CEO of email-systems designer Sendmail.

"If a set of players is going to say they will stop accepting unauthenticated email, your business can be hurt. ... If you want your email to get into AOL and Yahoo!, you must authenticate."

And what about your needs? People are looking out for them, but if you want to get in on the discussion, join a mailing list covering SPF and related issues. (See subscription links and discussion at the end of this column.)

"You've got to get the email marketers in on this effort," Anne Mitchell of the Institute for Spam and Internet Public Policies admonished the conference's technical industry reps.

Trend No. 2: Expect to Pay to Play

The email marketers at the conference debated whether for-profit whitelisting services (services that promise to help you get more email delivered for a fee) are a good thing or something you might expect from Tony Soprano and his Mob boys.

John Caldwell is Email Marketing Manager for ConsumerInfo.com, an Experian company that emails credit reports to 1.6 million paid subscribers. "Aren't you penalizing me, with no guarantees?" he told a panel of representatives for services such as the email postage firm Goodmail and IronPort's Bonded Sender program. "This would cost me $125,000 a year to do."

Others backed using a whitelisting service, especially if they had done everything you can think of to boost delivery and opens.

For example: Bizrate.com's VP Direct Marketing & Promotions David Weinrot said partnering with Habeas (the haiku-using email-delivery assurance company) was "the best thing we could have done.

"This was strictly an ROI calculation for us, like an insurance policy. Our company has done all it can, with double opt-in, unsubbing, getting on whitelists, doing list hygiene, but we still had delivery issues."

Bigfoot Interactive CEO Al DiGuido told us privately that "financial barriers" such as penalties in Bonded Sender or fees to promote delivery are an essential element in the spam battle. "Authorization and identification without a financial barrier is only half the battle," he said.

Trend No. 3: (Some) ISPs Really Do Want to Hear from You

But don't wait until you have a problem, ISP-relations people told us.

One who would talk on the record was Dennis Dayman, who heads up ISP relations and related services for Verizon Online and praised big mailers who stay in touch before and during a campaign as well as after to report problems.

"With a lot of mailers, the only time we hear from them is when their email is blocked or they have other transient problems," he said.

He singled out companies -- or more often, their email broadcast vendors -- that call before they schedule a big campaign.

"We can suggest sending times. see if there are any problems with a campaign that would trigger problems. I get paged a lot," he said.

The trick is to find them. Even Dayman is shy about posting contact numbers out in public. He did say Verizon Online is about to launch an 800-number call-in line to discuss problems and ask questions.

(We'll post that as soon as it goes live.)

Most of the people Dayman talks to are ISP-relations people at the big broadcast vendors, who should be running interference for you anyway.

If your vendor doesn't have good one-to-one relationships with the big ISPs, you probably need to find a new vendor.

So where can you track down these people? We were told the best place to start establishing relations is to join an industry spam discussion group. One of the best is SPAM-L; see the links list at the bottom for subscription information.

Useful links related to this story:

1. Background, information and FAQ for Sender Policy Framework:
http://spf.pobox.com/

2. AOL Postmaster Background on SPF:
http://postmaster.aol.com/info/spf.html

3. Yahoo!'s Domain Keys proposal and background:
http://www.antispam.yahoo.com/domainkeys

4. SPF mailing list: http://spf.pobox.com/mailinglist.html

5. Find session notes, presentations and other comments from participants in the INBOX Web site's Workspace:
http://www.socialtext.net/inboxevent/

6. How to subscribe to SPAM-L:
Send a blank email to this address and reply to the confirmation notice: mailto:spam-l-subscribe-request@peach.ease.lsoft.com

Improve Your Marketing

Join our thousands of weekly case study readers.

Enter your email below to receive MarketingSherpa news, updates, and promotions:

Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions