So Mr/Ms Marketeer, you have everything in order.  You have a 400k address list, you’ve hired an ESP to make sure all the basics are in order, you’re authenticated and CAN-SPAM’d up to the eyeballs, and it’s time to market but … WHAM! your messages end up hitting the spam folder.

Sound familiar?

Surprised?

I’m not.   I didn’t say the list contained recent customers who love you enough to entrust your employer with their name, postal address, email address, date of birth, credit card number, inside leg measurement and gave your company their explicit permission did I?  I’d also go as far as to suggest that permission in one form or another is actually the root cause of most deliverability issues.

Since spam reports or complaints are a hugely important part of the reputation equation for every mailbox provider these days, I’ve some advice about some of the most common issues we’ve seen and learned from over the years.  These are the sort of problems  that are guaranteed to upset your email recipients and trip you at the first hurdle.

Before we start, I would like you to keep in mind, that for many email recipients, a “spam report” is a psychological pacifier, used when they want to resolve a situation in their inbox, a situation they genuinely believe the sender is contributing to.

Permission:

The key to creating the very cleanest mailing list is only ever using genuine self sourced, confirmed permission recipients.   Even the big senders get this wrong and it really is the simplest thing to get right. Why? Well it’s generally <Insert some excuse about 3rd parties here> reasons, so let’s set the record straight right now:  Editing your privacy policy is not an opt-in, no matter how legal it is. It’s a spirit vs letter of legality issue and is tantamount to tricking permission.  The same goes for co-registration, opt-in list leasing, marketing data partnerships and appending. So;

What sort of permission does your company really have?

How accurate is your data?

How current is your data?

How does the recipient actually know you?

My acid-test of permission is ” Did I give permission to this Company ” and  if the answer is anything but a simple “Yes” then I can’t say I blame anyone for hitting the report spam button and casting an email to the spam folder.  Your job is to ensure your customers make that familiarity connection when they read every single email.   If you chose make your opt-in blatantly clear and actually an obvious conscious decision during the customer sign-up experience your recipients are more likely to remember opting in.  To this end your recipient data should include data on exactly how the recipient opted in, be it a purchase option, website subscription request, an affiliate referral or entering a competition. If you’re not doing this then you’ll have problems back-tracking issues and segregating channel segments that cause an abnormal volume of complaints.

Mailing old lists:

Your recipients are likely to be a little forgetful, so despite your amazing data to the contrary, recipients will often just forgot they subscribed if you haven’t been mailing them recently. If your brand has slipped over their familiarity event-horizon they will reach for the “Report Spam” button. I’m surprised more legitimate marketers don’t remind users how and when they subscribed if they have a direct relationship.

Speaking of old lists…

List Sourcing:

The Ultimate E-Mail List!

↖ This is how you shouldn’t do it ↗

If you care about your companies virtual  ”sleaze rating”,  Never ever buy,  rent, borrow, swap, steal, scrape or otherwise acquire lists to supplement your marketing.  There are lots of brokers about offering permission granted lists and the recipients are besieged with spam, so is it any surprise they are probably a little more belligerent than most and complain a lot?  This is all because the lists are simply sold to anyone and everyone.

Don’t think this won’t happen to you either.  Part of the inspiration of this post is that I recently spoke to some great guys from an absolute powerhouse in the email space about an over-enthusiastic sender of theirs.  The reason readers should not to be complacent is that this victim weren’t an ESP, they were a retail giant who happen to send a modicum of marketing on behalf of others and somehow a bad list found it’s way onto their platform, and, well, a “WHAM!” happened.  My team had them back on the path of goodness by return, but it took non-trivial auditing time to investigate.

Personalise:

You can use some basic psychology to avoid some complaints by always addressing a recipient directly and properly. Addressing in this context is more than gender or name.  Here are some pretty poor examples:

• Dear shopper or Hi Subscriber, - You may as well say “Please report this as spam.”.
• YOUR EMAIL ID.HAS WON – Again, very generic greetings, but this time with a “too good to be true” hook.
• To: “jdoe@example.com” <jdoe@example.com> –  You don’t have a real name? How can you personalise?
• Sir, Will you / <Politician surname> Supporters!  We need … – Nothing says “report me” if you get the recipients gender or facts like political allegiance incorrect.

Just take a look how the “big guns” address their mail.  ”Hi Dave,”, “David”, “Mr Smith,”.  Using personalization appropriately is much more appealing to the recipient and endears the sender to them somewhat.  Here endeth today’s psychology lesson.

The emergency exits are…                           [Report Spam]

The cognitive aspect of a spam complaint is an interesting beast.  When a recipient makes the decision to report spam they are trying to alleviate a situation in their inbox that they completely believe is being caused by your mail. It doesn’t matter if they bought from you last week, or if they opened a mail from you and rendered the images 59 days ago, they genuinely want you to stop.  So please, for the love of the inbox, process every reply, every feedback loop and always put an unsubscribe button above the fold.  You don’t want unhappy subscribers on your list so by helping them to help themselves you will reduce complaints. So ask yourself before you send again, where is your emergency exit sign?

Another quick true story:  I spoke to an ”ESP” this morning that was re-selling a “technology partners” services (those of another ESP) to a 3rd party organization and had a pretty poor feedback situation going on with some recipients complaining very frequently over a continued period and their persistent sending to spam traps was borderline harassment.   After a lengthy discussion this “ESP” (and I use the term only because they did)  blamed their lack of feedback loop data on their technology provider.  They are clearly demonstrating neglectful list husbandry and this was obviously reflected in the feedback we see from the Cloudmark community.   Who’s to blame for the reputation of a poor sender in this scenario? Well it certainly isn’t us.  Where did their explicit permission come from?

Pick your ESP with care:

There are 3 rules of thumb with ESPs :

1. ESP’s vary in quality.
2. ESP’s are great at self marketing.  
3. Goto 1.

ESP’s are run by the successful marketeers, so choose one that’s going to work hard to help you the most no matter how much it hurts is the key.  Yes, they should audit your best practices thoroughly, if they don’t you probably chose the wrong ESP.  Yes, if you have sufficient data on your clientele they will probably advise you as part of their stewardship process to remove 20%, 30% or even 50+% of your list before you send.  Is that so bad? If you think about it they are trying to save your money and reputation.  One final thing to remember is that the term “blast” has never in my experience been a good sign.

Quality not Quantity:

Everybody knows (hopefully by now) that over-mailing a list is hugely damaging and that the key to engagement is quality not quantity.  The overall mantra to this tale is that high quality mail in general does not generate anywhere near the amount of poor feedback.  I’m not just talking about quality content, I’m talking about recipients and senders too.  If you can create a little desire or passion in your creative and your permission is in good order, you’re almost certainly on the right path.

TL;DR; Cheating on permission is “campaign suicide”.

Today the Federal Trade Commission (FTC) announced that they have charged 29 defendants with collectively sending 180 million unwanted text messages.

The text messages advertised “Free” Gift cards or prizes from major retailers such as Best Buy, Walmart and Target.  However, consumers who clicked on the links contained in the text messages were required to provide personal information and to sign up for other “offers” in order to be eligible and then also had to sign up other people for these offers.

Because the consumers who were receiving these text messages had not signed up to receive these messages, many people reported the messages as spam to the 7726 short code which is offered by the major US mobile carriers through the GSMA Spam Reporting Service, powered by Cloudmark.

7726 data highlights that the FTC has chosen to strategically go after the largest source of SMS spam in the US.  Gift Card spam has consistently been the largest category of SMS spam complaints in the US over the course of 2012.  For five months of the year it was over 50% of the volume being reported to 7726 and for 11 of the 12 months it was higher than any other category.  The only month where it dipped was October when there was a spike in bank phishing text messages.  The graph below shows the monthly percentage of spam reports which were gift card messages.

In contrast during February this year, there was a dramatic drop in Gift Card spam that started around Feb 20th.  We can’t know for sure if the drop off was caused by the FTC’s action, but it is a significant drop from being regularly over 50% of the reports, to under 10% of the reports for the last 3 days.  It will be interesting to watch the numbers going forward to see if they stay down, or whether the spammers will find new ways to send the spam or whether new spammers will take the place of the old ones, in order to keep traffic going to these sites.

To view the data another way, here are the main types of spam attacks reported during 2012.  Receive a Gift Card spam was 44% of all the spam reported in 2012:

In contrast in the first few days of March 2013, Receive a Gift Card spam has only been 7% of all the spam reported:

The agility of the FTC in going after the major source of SMS spam is impressive.

Spam that advertises free gift cards isn’t new. Theses posts from 2011 (Spam or Not Spam) and last year (Olympic gift cards with a shot of Starbucks) highlight gift card spam being sent to email recipients.  Because the spammers can get paid by the operators of the gift card websites, their incentive to send spam and get users to the website is high and they will look for the easiest, cheapest and most effective way to advertise and send traffic to their website, whether that’s via email, SMS or social networking.

One tactic we’ve seen the Gift Card spammers using lately is to use links hosted by URL Shortening websites to redirect through the shortener link to the website that will try to collect the users personal information and  sign them up for the various offers in the hopes of gaining the elusive gift card.

However, targeting mobile consumers is much more intrusive and has additional costs when compared to email spam, because people carry their mobile phones with them throughout the day and many people still have to pay a per message cost for every SMS they receive.  Therefore it’s gratifying to see the FTC going after these spammers.

Fighting spam is a collective effort.  The more ways that the cost of sending the spam can be increased, the less likely the spammer is to send that type of spam.  When the URL Shortening websites take action to make it harder for spammers to use their services this also helps decrease the spam.  And when legal action is taken against a spammer, it can often deter both that spammer and the other spammers who see the legal action being taken as they take the cost of the legal action into account.

Yesterday, a news article on my local public radio station caught my attention.  On Wednesday, the Institute of Medicine (IOM) put out the report: “Countering the Problem of Falsified and Substandard Drugs”.  The report was created at the request of the US Food and Drug Administration (FDA).

Lawerence Gostin, the Georgetown University law professor and World Health Organization adviser who led the study, was quoted in the NPR news article: 

“It’s actually more profitable to supply illegitimate drugs than cocaine or heroin,” Gostin says. “And so you’re seeing more and more sophisticated drug suppliers.”

Gostin repeated a similar quote to the Wall Street Journal.

As we analyze spam and other malicious messages at Cloudmark, we regularly see evidence of the suppliers of illegitimate pharmaceutical hard at work.  Generally the spammers are trying to convince people to visit a website that purports to be selling Canadian pharmaceuticals.  Some of yesterday’s web pages even had a cheerful “Happy Valentine’s Day” banner which today has been switched out with a “Happy President’s Day” banner.

Online Pharmacy Selling Illegitimate Pharmaceuticals

The email spam messages often don’t contain a URL that links directly to the pharmaceutical website, instead they may contain a link to a legitimate website which has been hacked, most likely because the legitimate site is running an older version of WordPress or Joomla with known vulnerabilities but the website owner has yet to upgrade.

The spammer, or someone paid by the spammer, has hacked the legitimate website and placed a page on it that will re-direct a browser to the fake pharmaceuticals website.  Alternatively, the spammer may use a URL shortening site to redirect through to the pharmacy website.  However, the hacked websites is the current favorite technique that we’ve seen used the most in the last few months.

In 2012 Cloudmark saw the percentage of email spam that Cloudmark was filtering which contained hacked websites jump dramatically in the second half of the year.  In June 2012 hacked domains accounted for about 5% of the email spam, but rose in September and October to around 10%, with spikes as high as 30%.  Then in late December we saw a spike to almost 50%.  During January 2013 we saw another spike in the first week of the year and it then returned to around the 5% level for the last half of the month.

The Institute of Medicine report reminds people that “Falsified and substandard medicines provide little protection from disease and, worse, can expose consumers to major harm.”   The report is aimed at starting a productive international discussion about how to address the problem of falsified and fake medicines.

IOM report: Administration estimated that the September 2012 raid shuttered more than 4,100 illegal online drug sellers.  (Interpol): © Carabinieri NAS (Italia)

Last September, the FDA also launched a a national campaign to alert US consumers to the possible dangers of buying pharmaceuticals online.  They recommend that consumers beware of online pharmacies that allow people to buy drugs without a prescription, or that offer deep discounts or cheap prices that seem to good to be true.  They recommend to US consumers not to buy from pharmacies that are located outside of the United States or which are not licensed in the United States.  They note that a legitimate US pharmacy will always require a doctor’s prescription, and will provide a physical address and telephone number in the US.

They also provide a link for US consumers to look up which pharmacies are licensed in their state.

The FDA website also recommends that people do not buy from online pharmacies who “Send spam or unsolicited email offering cheap drugs”.  In general Cloudmark recommends against a person buying anything from anyone who sends spam.  At worst the person is at risk of being duped into buying a fake, non-existent or dangerous product.  At best, they’re encouraging the spammer to send more spam.

Usually the pharmacy spammers are making money from an affiliate network where the spammer is paid by the owner of the pharmacy site, either per click that gets sent to the pharmacy site, or for each person who buys something from the site.

Unfortunately, the spammers send the spam because some people, even a very small number of people, are falling for the offer and buying the product.  And as Lawerence Gostin pointed out, it can be “more profitable to supply illegitimate drugs than cocaine or heroin”.

A recent article from New Zealand indicates that Vodafone New Zealand also encourages their users to report SMS spam to 7726 (S-P-A-M). (See: http://www.theaucklander.co.nz/news/txt-for-trouble/1080298/)

“Vodafone says if a customer does receive spam they should forward the message to 7726…”

Vodafone also lets you know how to report your complaint to the  New Zealand government’s Department of Internal Affairs, so that they can take action.  It appears that New Zealand takes spam seriously.

Hopefully more and more mobile operators around the world will support reporting spam to a well known short code, so that messaging streams can be protected.  People should be able to get the messages they want and they shouldn’t have to deal with or be charged for, the messages they don’t want.