Fast Track Interview

Adrian Bye: Today I’m talking with Anne Mitchell from the Institute for Social Internet Public Policy (ISIPP). We are going to talk a little bit about the state of e-mail today and some of the things Anne has seen happen in the trenches of getting e-mail through. Anne, if you could tell us a little bit about yourself and your background, and then we’ll discuss the e-mail issues.

Anne Mitchell: Well, Adrian, thank you so very much for having me. I currently run ISIPP. We have an e-mail accreditation program called SuretyMail, which we use to help ensure that legitimate e-mail senders are able to get their mail through to the in-box. This was born from my original roots on the anti-spam side of the e-mail industry. I was initially in-house counsel and the Director of Legal and Public Affairs for the very first blacklist known as the MAPS RBL.

My background is in helping to ensure ISPs don’t have to deal with e-mail that people have not requested; also known as spam. In the course of my work, I have become extremely involved in assuring that legitimate senders are able to get their mail through to the ISPs.

I was one of the original founders of Habeas, which was started as a company intended to distinguish spammers from legitimate e-mail senders and then sue the spammers using Copyright and Trademark Law. I left Habeas in 2004, which was about a year after it was founded.

Adrian Bye: Habeas was just bought by Return Path. What does this sale mean?

Anne Mitchell: Up until the recent sale announcement, three primary, full-service e-mail accreditation companies were in existence: Habeas, SuretyMail, and Return Path. All three companies were offering the same kinds of services.

Let me explain what I mean by e-mail accreditation. At SuretyMail, we work with an e-mail sender and vouch for them to the ISPs and spam filters. We say, “These are good guys. They’re doing the right thing. They’re not sending spam. They are sending mail that’s been requested, and you should deliver their e-mail to the in-box.” The ISPs appreciate that because they don’t have to churn resources checking this segment of mail by running it through their whole gamut of spam filters just to determine it is not spam. With this method, they are able to deliver the mail right to the in-box and devote their resources to dealing with the real spam.

By full-service, I mean we work with all the different ISPs, and we offer a suite of various services related to e-mail deliverability. We provide delivery in-box monitoring, so you can see whether or not your e-mail has been delivered into the major ISPs. We offer e-mail client rendering, which means you can take your creative you’re about to send and see how it will be rendered by 20 different e-mail clients. You will know how it will look when someone using AOL, Outlook, or Hotmail reads it and how it appears on different mobile devices.

Adrian Bye: Innovation is on the rise in the e-mail space with SPF and Domain Keys. How important is accreditation given all these other types of protocols coming along for authentication?

Anne Mitchell: There are some promising authentication mechanisms out there, but there is by no means widespread, let alone, universal adoption for any of them. SPF has been around for how many years now, and we have people come to us every single day applying to be accredited, who not only aren’t publishing SPF but have no idea how to set it up and had no idea that they ought to be publishing SPF. Fortunately we offer a service to help with that, too!

There are huge ISPs that are unlikely to accept your e-mail if you are not publishing with SPF or Domain Keys. At best you’re going to get into their junk folders. The publishing of SPF or Domain Keys is extremely important, but the message and the adoption just haven’t followed. The technology and these innovations are important, but they do not obviate the need for accreditation.

Adrian Bye: If they’re not adopting free things like SPFs and Domain Keys, why would they be more likely to adopt authentication in paid services like yours?

Anne Mitchell: Because we would take care of everything for them. The typical e-mail sender really doesn’t know how to go about fixing the problems they have with deliverability. For example, they don’t know how to set up their SPF. They especially don’t know how to develop the relationships they need with their counterparts within the ISPs and most likely are not in a position to do so. Whereas the e-mail accreditation programs already have this relationship with each of the ISPs.

For example, if you woke up tomorrow and found that all of your e-mail had been blocked at AOL or Yahoo or started going into junk folders, would you know what to do? People want someone who already has the contacts and knows how to do this for them.

Adrian Bye: Something else we should talk about is that you’re a lawyer, and you’ve been involved with the legal side of CAN-SPAM. Some changes are happening in that law with regard to e-mail. Can you tell us a little bit of what’s happening there?

Anne Mitchell: There are four primary new changes to the law. One of the things about CAN-SPAM was that it required you to put a physical mailing address in each and every bulk or commercial bulk e-mail you send. When that was first enacted, we had people coming to us very concerned because they wanted to know, “Does this mean we actually have to put the physical address of where we sit in our office or is it okay to use a legitimate post office box where we really get mail?”

Our advice to them at that time was, “If you’re doing everything else right, and you choose to use a post office box as your mailing address in your CAN-SPAM compliant mailing, then the FTC is not going to come after you for that.”

One of the clarifications it made was that you may use a post office box as long as it really is where you exercise control, and it is where you go to check the mail. It basically confirmed what we had already told people.

You’re also required under CAN-SPAM to remove an e-mail address from your mailing list within 10 days of receiving a request to opt out. We tell people to remove it immediately when someone says they don’t want your mail. What this new rule clarifies is that the act of opting out must only take a single action.

For example, when I click on the link in your e-mail that says “unsubscribe,” it must take me immediately to the unsubscribe page. We would argue to the “You have successfully unsubscribed” page. We counsel senders that they should not be asking for a password. You definitely shouldn’t put an intermediate page that says, “Are you sure you want to unsubscribe? Here, let us tell you all the reasons why you shouldn’t.” Arguably, it shouldn’t even be a page that says, “You are about to unsubscribe. Do you want to confirm?” Ideally, a single action means when I click unsubscribe on that e-mail, I’m taken to a page that says, “You have been successfully unsubscribed.” Now that page can say, “If you didn’t mean to, click here.”

The third clarification to CAN-SPAM is perhaps the most confusing, confounding, and impenetrable piece of legislation I have ever seen. Perhaps the best way to explain it is to explain what it is trying to avoid.

Let’s say you get an e-mail from suretymail.com. You look at the sender and say, “Ah, SuretyMail is sending me e-mail.” Then you open the e-mail, and the only thing in that e-mail is a big advertisement for FedEx. Maybe FedEx paid us a bunch of money and said, “You guys ensure mail gets delivered to the in-box, and we positively get real packages delivered overnight, so there’s a synergy.”

Who do you think the average end users are going to try and unsubscribe with? Do you think they’ll know? Do you think they’ll look up at that header or are they going to see FedEx? This new rule with CAN-SPAM helps address the confusion that can be caused from things like this.

Here’s the rule: if you send e-mail that contains advertisements for entities other than yourself, such as one or more third-party advertisements, you must also include some sort of advertising text for yourself in that same e-mail.

If you are sure to include the text for yourself in the body of the e-mail, you become what is known as the designated sender, so this is called the Designated Sender Rule. You then are the designated sender for handling opt-out requests. If you fail to include something about yourself in the body of the e-mail, then every advertiser who has advertised in that e-mail is on the hook for handling opt-out requests.

The fourth clarification was a reiteration to whom CAN-SPAM applies, which is any and all commercial bulk mail. This includes e-mail for which a primary purpose is to feature or sell your own goods or services even if you don’t send that e-mail yourself.

Adrian Bye: If you send an e-mail from your server to AOL, Hotmail, Yahoo, or Gmail, what are the current checks an e-mail goes through to get into the in-box?

Anne Mitchell: The first thing that happens is that their receiving server will make note of the IP address from which you’re connecting. Then, it’ll do a series of checks on that IP address. The first thing it will do is look it up in all the different blacklists and see if you’re listed there. The second thing it may or may not do is look you up in the various accreditation services such as ours to see if you’re listed with us.

Now I’m sort of aggregating, so this is a combination of all the various things different ISPs do. They will check to make sure you have RDNS, which is Reverse DNS, set up. This means taking your IP address and seeing what domain it says it services. It will check to make sure that your IP address resolves back to, for example, adrianbye.com. Then it will look at the headers of your e-mail to see, “Okay, this IP address says it is adrianbye.com. Who does the e-mail say it is from?”

It’ll check to make sure that the mail is coming from your domain. For example, if your mail is claiming to be from adrianbye.com, but the IP address actually resolves to example.com, the odds are good that your e-mail is either going to get bounced, blocked, or go to the junk folder.

That all happens before their server ever accepts your e-mail into their mail server. Once it passes all of those checks, it goes into content filtering. The spam filters are all looking at what’s in the text. That can mean the actual words and phrases you’re using. It can check to see if you have links to domains that might be on blacklists. It checks everything from the headers down to the bottom of the e-mail.

It is looking at the URLs and the domains advertised in the text of the e-mail. It is looking at the “from” address and even the “to” address. It is looking at the subject line and the overall content of the body. It is looking at the HTML-to-text ratio. It is looking at the image-to-text ratio. It is looking at the size of the font in the HTML, and it is looking at all the words in the body of the e-mail. All of those things can determine whether your mail gets delivered to the in-box or to the junk folder.

We have an e-mail deliverability blog at GettingEmailDelivered.com where we talk about the things to do right and the things that can be done wrong, which can affect and impact your e-mail deliverability. There was a recent post about how the content you choose can either cause your e-mail to be delivered to the in-box, as it should, or go straight into the junk folder.

Adrian Bye: If an e-mail is accredited, would it then bypass a lot of the content checks?

Anne Mitchell: It all depends on the spam filter or the ISP and to what extent they dispense with all the other checks. In some cases, it doesn’t go through any of the other checks. As soon as they see that your IP address is listed with us, it goes straight to the in-box. In other cases, they see you’re listed with us, and then they look at all the other things.

Some ISPs are very careful and say, “We really trust SuretyMail, but we’re still going to check to make sure that the content doesn’t look too spammy. If it does, then we are going to look a little more closely at it.” Because of the weight they give us, the odds are good that it will still go to the in-box, but that’s why I say it really depends on the ISP or spam filter. They all do it differently.

No one can guarantee that 100 percent of you e-mail will always go to the in-box because the ISP and spam filters change their algorithms daily and sometimes hourly. If you’re accredited with us, your e-mail will go to the in-box; if it doesn’t, we are going to go to bat for you to rectify the situation and make sure it goes to the in-box.

Adrian Bye: If someone wants to sign up with your service, how might they do that? How much is the cost?

Anne Mitchell: We have many free resources available at suretymail.com. You can also go to ISIPP.com. We have a unique pricing structure because we wanted to make sure everyone could afford this. Rather than basing the pricing on volume, which other places may do, the cost really depends on your business model. That way, it’s affordable for everybody.