by Dave Larson How to Keep your E-mails in the Inbox and Out of the Junk Box Excerpts can be found in DM News, Oct. 2006 Essential Guide to E-mail MarketingOvation Marketing • 1.608.785.0000 LEGITIMATE E-MAILS ENDING UP IN THE SPAM BOX Legitimate e-mail marketers are facing an uphill battle. More and more well-intended e-mail is ending up in the junk box as companies and individuals tighten the screws on their anti-spam systems. Currently, across the board, seven out of ten e-mails are being flagged as spam. And, we know from our own research that very legitimate e-mails are not being delivered. The “seven out of ten” statistic is courtesy of Postini, a leading third party provider of e-mail security services, including eliminating spam and viruses. They process more than one billion e-mail messages per day for more than 35,000 companies, serving 9.1 million end users. Their numbers show that the makeup of spam currently looks like this: 2 How to Keep your E-mails in the Inbox and Out of the Junk Box Bulk mail Get rich quick Sexually explicit Special offers 97% Bulk mail 1.4% Get rich quick 1.2% Sexually explicit 4% Special offersOvation Marketing • 1.608.785.0000 THE CONFUSION BETWEEN BULK MAIL VERSUS SPAM Here lies the problem: the nebulous definition and perception of “bulk mail.” Some people automatically equate the term “bulk mail” with spam. Others see a difference. The fact is, if you are using industry best practices and are sending bulk e-mail to customers or prospects that have raised their hand and asked for it, your bulk mail is not spam. Yet today’s spam-detecting options, of which there are many, are doing so well at flagging any bulk mail as spam, that legitimate e-mails are getting unfairly nabbed as spam. Here’s a case in point. I’ve checked my e-mail junk box at work religiously over a five-day period. E-mails from reputable firms that I want to receive e-mail from are landing in there daily. I’m talking about organizations such as: • Chief Marketer • Fedmarket • Forbes • Madison and Vine (Advertising Age) • MediaPost Publications • PR Newswire • Springwise • The American Association of Advertising Agencies • The Interactive Advertising Bureau It doesn’t take a rocket scientist to do the math to see the revenue you are losing if 10%, 20%, 30% . . . whatever . . . of your e-mail is being chucked into the junk box never to be seen by the recipient who asked for it. THE PURPOSE OF THIS WHITE PAPER The purpose of this white paper is to make actionable recommendations on what you can do to keep your legitimate e-mails in the inbox and out of the junk box. Why did we decide to write this paper? First of all, we’re always trying to push the envelope when it comes to effective one-to-one marketing. Secondly, we identified early on that the level of deliverability is paramount to any e-mail program’s success. So, we challenged ourselves to become experts in this arena. We think we have and we believe in sharing our knowledge with other one-to-one marketers. I sat down with my associate at Ovation Marketing, Chris Haas, who manages all of the launchings of the e-mail campaigns we conduct for ourselves and clients and all of the closely related functions that will be discussed in this white paper. He’s our wizard of e-mailology. The whole premise of our discussion was to “cut to the chase” in order to prioritize the most effective techniques you can employ. We also conducted a live test where we randomly took over 200 e-mails, both B2B and consumer, that we had received and ran them all through SpamAssassin, a leading anti-spam program used by many companies, to see what e-mails were getting tripped up and why. We could end the white paper right here and simply direct you to religiously use all industry best practices by giving you links to already published lists of dos/don’ts and to carefully adhere to the CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act). But, hopefully you’ll find we’re going a level deeper and really helping you make a difference in your deliverability. (We do have links to helpful dos/don’ts at the end of the article.) 3Ovation Marketing • 1.608.785.0000 4 THE TWO KEY AREAS TO FOCUS ON In the interest of keeping it simple and focused, you have two key areas to concern yourself with: HOW E-MAIL SERVERS COMMUNICATE We’ll begin with the sending of the e-mail and then cover the content of the e-mail itself. 1) This first point covers what’s called the “Authentication” stage. It’s critically important that you are who you say you are. Here’s why. There’s actually a conversation that takes place between your sending server and the receiving server when you send an e-mail. Think of yourself at the handshake stage. The first thing your server does as a sender is to say, “Hello” (that really is the word used, except it’s spelled “Helo!”). Then you say who you are, for example, “We are AllCreaturesBeautiful.com.” The receiving server will look that up on the Internet and say, “Ok, they said they are AllCreaturesBeautiful.com. Are they really?” That will be the first check. You are who you say you are or you aren’t. If you failed that first test, which a lot of the newer systems check for, your handshake went limp and you haven’t even gotten in the door. In order to make sure you are who you say you are, you must make sure that in the Domain Name System (DNS) your records are accurate, specifically your PTR (Pointer) record. What this record does is match your IP server’s address up with your domain name so that anyone can look it up. So how could you fall into the trap of not being who you say you are? First of all, while PTR records have been around for a long time, it’s only been recently viewed as a requirement by major players (e.g. AOL and Hotmail). Two other easy ways would be to change your hosting provider and forgetting to change your PTR record, or adding a new server internally and not modifying or creating your PTR record. SENDING OF THE E-MAIL CONTENT OF THE E-MAILOvation Marketing • 1.608.785.0000 2) Next is the “Authorization” stage. In order to get past this stage, you need to make sure that you’ve published a list of all servers that are allowed to send e-mail from your Domain’s SPF (Sender Policy Framework). There’s a good reason why. The conversation between the servers continues. Your server says, “I’ve got mail and I’m going to send it from this address.” The receiving server looks at the address and queries, “Is that IP address (your server) allowed to send mail from this e-mail address?” If your IP address isn’t identified as being an authorized one, you’re burnt toast. 3) Don’t ever do anything to get your e-mail server blacklisted. By blacklisted we mean doing something so that your server(s) address ends up listed on any one of a growing number of organizations’ lists of servers that companies should not accept mail from. There are well over 200 of these organizations. Most e-mail providers (e.g. Yahoo, MSN, Gmail, AOL, Hotmail, etc.) use blacklists, so once you’re blacklisted, no e-mail from your server will get through. None. Zippo. Nada. The easiest way to avoid being blacklisted is to: • Send only legitimate e-mail that your customer or prospect has opted into. If people receiving your e-mails are telling their e-mail provider that your e-mail is spam, you will quickly be blacklisted. • Keep your lists clean. If you don’t, you’ll pay dearly. The more undelivered messages a receiving server sees per incoming IP address, the more likely your server will be blacklisted, at least temporarily. • Some of the organizations compiling these blacklists are: www.completewhois.com (This particular one also queries lists kept by other organizations.) www.spamhaus.org www.spamcop.com WHAT TO DO IF YOU ARE BLACKLISTED If you do get blacklisted, act quickly to get removed. Contact the organization who has put you on a blacklist. Be aware that each blacklist has a different mechanism for getting removed. Some are easier. Some are much more difficult. You may have some unique hoops to jump through too. For example, sending an e-mail to communicate with them won’t work if it’s coming from your blacklisted server. If it is your first or second offense, you’ll usually be let off in a few days. But, if they’ve received a lot of reports, your request may very well be denied. If they have reports from really respectable places, you might be in deep doo-doo as well. Simply keep your nose clean and you shouldn’t have any problem. Check blacklists regularly. Just before every launch is the perfect time. Do this religiously. This regular monitoring is important because you can get blacklisted by accident. We were aware of a situation recently where a company’s network IP address was very close to another IP address that was blacklisted. The organization doing the blacklisting simply blacklisted all addresses in the immediate proximity of the offending one, resulting in the legitimate e-mail marketer being unfairly blacklisted. A series of phone calls and e-mails eventually returned the situation to normal, but it required a lot of time and effort for the innocent marketer. Based on this example, you can see how easily it can and will happen. 5Ovation Marketing • 1.608.785.0000 DESIGN YOUR E-MAILS FOR THE INBOX Now, let’s turn to the creation of the e-mail itself. In order to make this portion of the paper as helpful and up to date as possible we collected over 200 e-mails, both B2B and consumer, and ran them all through SpamAssassin. We used a variety of e-mails, ones that we had received at several different addresses. We used e-mails that we received both at work through our company servers and e-mails we had received at home through providers such as Gmail, AOL, Yahoo, Hotmail and others. We primarily used e-mails from recognized, well-known organizations and firms that we considered reputable marketers. SpamAssassin, we think most would agree, is the most-used spam filter. It’s also open-source, meaning the online community is constantly adding to it and refining it. Therefore, what it looks for is always a moving target. SpamAssassin conducts over 750 tests on any given e-mail to determine if it is spam. Each item is given a score. A positive number is bad. A negative one is good. Only a handful of the items it looks for are of the good, negative variety meaning over 700 of them can give you a bad, positive number. (Sounds like a double oxymoron!) The scores range from a very miniscule .0001 for “message has unparseable relay lines” to a killer 100 for “address in the user’s blacklist.” The default setting within SpamAssassin scores anything 5.0 or over as spam. A lot of companies customize the settings within SpamAssassin, usually making the criteria more stringent so that even lower scores result in the e-mail being flagged as spam. You can look at SpamAssassin’s reporting features to see exactly what item(s) is flagged on any given e-mail. Here’s an example of one e-mail in our test of 200 that scored a 6.3, meaning that in real life it was considered spam and sentenced to death. Ironically, it was from a highly respected association serving the advertising and marketing industries pointing out that even well-seasoned, well-meaning marketers can unknowingly fall into the spam trap. The SpamAssassin report on this particular e-mail looked like this: Score Reason 0.9 BODY: HTML: images with 2000-2400 bytes of words 0.0 BODY: HTML included in message 2.2 Message-Id has pattern used in spam 1.4 Bulk e-mail fingerprint (msgid ms hash) found 1.9 Bulk e-mail fingerprint (Outlook no name) found 6.3 TOTAL HERE’S WHAT EACH ONE OF THESE MEANS: BODY: HTML: images with 2000-2400 bytes of words A common spam tactic is to send an image of text so spam filters cannot “see” or “read” the words. Since most legitimate e-mails will have a significant amount of text accompanying an image, SpamAssassin looks at how much actual text is in the message. The fewer the bytes (or characters) of words, the higher (or worse) the score will be. BODY: HTML included in message: This simply means the e-mail was of the HTML variety and not a straight text e-mail. Note that this has a zero score attached to it. That’s because we used the default settings on SpamAssassin. This default setting is zero because most people don’t consider an HTML e-mail as spam. However, as noted earlier, an organization can manually go in and set the scores based on their needs, and many do. 6Ovation Marketing • 1.608.785.0000 7 Message-Id has pattern used in spam: Every e-mail that goes out is given a unique identifier of a string of characters. SpamAssassin saw something in the identifier that has been associated with spam in the past. Bulk e-mail fingerprint (msgid ms hash) found –and– Bulk e-mail fingerprint (Outlook no name) found: These two are related. The program that sent the e-mail was identified as an Outlook product (which is good). But it didn’t match a known version of an Outlook product (which is bad). Looking at all 200 e-mails, the most common mistakes we found in our study were the following: Score Reason 2.6 Contains an URL listed in the OB SURBL blocklist 2.4 BODY: HTML: images with 400-800 bytes of words 2.2 BODY: Removal phrase right before a link 2.1 RAW: HTML has doubled end HTML tag 1.5 Subject: MIME encoded twice 1.2 Subject is all capitals 1.2 URI: Contains an URL in the BIZ top-level domain 1.0 BODY: HTML: images with 2400-2800 bytes of words 1.0 URI: Dotted-decimal IP address followed by CGI 0.8 RAW: Frontpage used to create the message 0.8 BODY: HTML font color similar to background 0.7 Date: is 6 to 12 hours before Received: date 0.6 BODY: HTML: images with 1200-1600 bytes of words 0.6 From: does not include a real name 0.5 BODY: HTML font face is not a word 0.5 URI: Includes a ‘remove’ e-mail address 0.4 Subject starts with dollar amount 0.4 BODY: HTML link text says “push here” or similar 0.3 BODY: HTML tag for a big font size 0.3 Subject contains “For Only” 0.2 BODY: HTML has a low ratio of text to image area We aren’t going to explain these in detail or the paper will drone on forever in geek-speak. Some are even self-explanatory. There is a detailed listing of all of SpamAssassin’s spam filters on their web site at http://spamassassin.apache.org/tests_3_1_x.html. What is important to point out is that many seemingly harmless tactics such as the following will flag your e-mail as potential spam! Some of these would be considered classic direct marketing tactics in some marketers’ eyes, yet SpamAssassin and other spam filters will disagree. Subject Line: • Starts with “Hello” • Contains “Your family” • Contains “Your own” • Starts with “Buy” or “Buying” • Is all capitals • Starts with dollar amount • Contains “For only” • Contains “FREE” in CAPS • Starts with “Free” Body of E-mail includes: • Removal phrase right before a link • Asks you to click below (in capital letters) • Click to be removed • Claims compliance with spam regulations • Offers a full refund • Contains “Dear (something)” • Money-back guarantee • Why pay more? • Receive a special offer • What are you waiting for • Compete for your business • Lowest price • If you want to subscribe HTML Links • Says “push here” or similar • Says “opt out” or similar Ovation Marketing • 1.608.785.0000 8The whole point here is that an e-mail that’s seemingly safe on the surface can be penalized for some very obscure items. It’s critical to have someone on staff or an outside resource you hire that understands spam filters forwards and backwards to protect your legitimate e-mail from being flagged as spam. It’s critical that this person or persons stays current on the latest advances affecting e-mail marketing. And, we even recommend having someone else audit the work as a safety check. A must for any marketer is to run any e-mails they plan to send through a program like SpamAssassin. Then you’ll know ahead of time exactly what any potential problems are and be able to fix them accordingly. THE IMPORTANCE OF THE WORLD WIDE WEB CONSORTIUM Furthermore, another key recommendation is that you have someone working on the creation of your e-mails beyond your designers. This needs to be a person intimately familiar with the HTML specifications which are published by the W3C or the World Wide Web Consortium (http://www. w3.org). W3C is an international consortium where member organizations, a full-time staff and the public work together to develop Web standards. By following their specs, you will avoid using a common spammer tactic called malformed HTML. While following their specs doesn’t guarantee absolute success, breaking their rules by using malformed HTML spells instant failure. Marketers may unknowingly not be following W3C specs because designers generally don’t care about the HTML code as much as a specialist trained to follow these specifications. One way to make sure your HTML code is squeaky clean and follows W3C specs is to run it through a validator such as the W3C Markup Validation Service. Not only will this help prevent it from being flagged as spam, it will also help prevent rendering problems, most notably through MSN and Hotmail. TESTING E-MAILS Prior to sending out any e-mail campaign, it’s eminently critical to mail it to “test” e-mail accounts at all of your top recipient domains (e.g., AOL, Yahoo, Hotmail, MSN, G-mail, etc.). If you don’t, you’re condemning your e-mail marketing to a slow but sure death. The benefit is two-fold. You’ll see that it is indeed being delivered to the inbox and you’ll learn if any of these domains are rendering it in some hideous fashion you may not recognize and that will annoy your customers to no end. This is increasingly becoming a problem in e-mail marketing. BE CAREFUL WHEN FOLLOWING CAN-SPAM RULES Legitimate marketers should follow the CAN-SPAM rules of course. However, be aware that if you follow some items to the letter of the law, you may very likely get flagged as spam. The classic example is that many spam filters will look to see if there is the required CAN-SPAM unsubscribe link and penalize you for it because it thinks mass e-mail as spam when in fact it is perfectly legitimate since the receiver has asked for it. The solution? Be creative in your wording. For example, the traditional wording is often similar to: “If you no longer wish to receive these e-mails, please reply to this message with “Unsubscribe” in the subject line or simply click on the following link...” We’d recommend this wording: “To manage your newsletter subscription preferences click here...” The latter still implies the ability to opt out. In fact, it is closer to CAN-SPAM and European regulations because it implies that you can opt out of every e-mail from the company instead of just the single newsletter. Ovation Marketing • 1.608.785.0000 9BAYESIAN FILTERS Another one of the spam filters commonly used out there today is called a Bayesian filter. A Bayesian filter learns what is good by looking at good e-mails and learns what is spam by looking at bad e-mails. You could even think of it as having artificial intelligence since it gets smarter over time. Bayesian filters, at least in the short term, are the biggest challenge to spammers, but also to legitimate marketers because there aren’t hard and fast guidelines. What they will flag as spam will be forever evolving, making for a moving target. THIRD-PARTY E-MAIL CERTIFICATION PROGRAM Another recent option to stay out of the spam box has arrived on the scene. It’s called a thirdpaart e-mail certification program. Here’s how it works. You pay a sum of money up front that is put into a trust. For every spam-related violation you make, they take money out of your trust. If you’re legitimate, you get your moola back at the end of your contract or it rolls into the next year, whatever you agree upon. You’re saying, “Here’s my $10,000. I am legitimate. I am confident I won’t lose any of it.” A spammer could participate too. But theoretically, the spammer will have empty pockets at the end of his program. We haven’t tested one of these programs yet so we don’t have a firm opinion one way or the other. But it is certainly something to keep your eye on. RECOMMENDED TACTICS FOR CREATING E-MAILS THAT GET DELIVERED Finally, in an effort to cover all angles, here are some basic points to remember when creating any e-mail. Following these guidelines should not only keep your e-mail out of the junk box, but they should increase readership as well. • In the sender “From: name,” include company or brand name, not an e-mail address, generic department or an unfamiliar person’s name. • Use a consistent “From: address,” since people use it to sort and whitelist your mail. • In the sender line e-mail address, include company or brand name, not a generic address such as reply@xyz.com or info@xyz.com. • Use short, benefit-driven subject lines. • Be sure not to use excessive spacing and or capitalization in your subject line. • Use normal conversational language throughout. • Include a “Request to add sender to safe-senders list,” preferably as a text line, at or near the top of the e-mail. • Display physical mailing address (not a P.O. Box) and telephone number. • Do not use “cute” spellings. Don’t space out your words. Don’t use str@nge characters. • Accommodate preview pane viewing. • Plan for blocked images. Ovation Marketing • 1.608.785.0000 10Ovation Marketing • 1.608.785.0000 11 • Display the subscriber’s e-mail address in the e-mail. • Include a link for a web version of the e-mail, preferably near the top. • Provide a forward-to-a-friend link. • Provide a link anywhere in the e-mail to allow the reader to change address or preferences. • Provide a working button or link to an unsubscribe page. • Use a subscriber administration center which is a block of copy containing crucial information including e-mail address, unsubscribe link, contact information, privacy policy and any other standing information. • Make it easy for people to change or cancel their subscription. If you make it hard to unsubscribe, users and system managers will block your mail rather than waste time arguing. • Provide a direct link to your privacy policy or detailed privacy statement within the message. • Provide at least two non-e-mail links pointing to departments or destinations on your web site. ����� ���� ��� ����� ����������� ����������� ���� ���� • In the e-mail, provide a search box or link to your site search function on your web site. • Clearly place a Contact Us/Send Feedback link. • Don’t use tools which generate low-quality HTML (example: MS Word). • In HTML e-mails, do not use invisible text. Make sure your text colors and sizes are distinct enough and large enough to read. Invisible text is often identified as a sign of spam. • In HTML e-mails, do not use invisible web bugs to track your e-mails. If you must track your e-mails and whether they’re read, use visible graphics as part of your tracking. • Tell the recipient why they are getting the message, e.g. “you signed up for our newsletter, E-Management Trends on September 4, 2005.” If you use addresses from co-registration, tell the recipient where they signed up, and not just “one of our marketing partners.” • Send mail on a regular schedule, like once a week or once a month, so users don’t forget that they subscribed. SUMMARY: Currently, across the board, seven out of ten e-mails are being flagged as spam. Legitimate e-mails are getting unfairly nabbed as spam because today’s spam detecting systems are doing so well at flagging any bulk mail as spam. However, you can put yourself in the driver’s seat because you are in control of both the mailing and the content of your e-mails. In terms of mailing, make sure your mail servers are properly set up and maintained so your e-mails breeze through the Authentication and Authorization stages. Don’t do anything to get your servers blacklisted. And if they are, get them off immediately. In terms of the e-mail itself, make sure you follow all industry guidelines, rules and best practices. Before any launch, run all e-mails through a spam filter to identify any problem areas. Most importantly, it’s critical to have a person or persons on staff or an outside resource you hire that understands spam detection, both from a mailing and content perspective. Finally, remember that e-mail marketing is an evolving science. It is only going to get more and more difficult to ensure your e-mails are being delivered as spam detection gets stricter and stricter. Ovation Marketing • 1.608.785.0000 12HERE ARE SOME ADDITIONAL “HOW TO” RESOURCES THAT YOU MIGHT FIND HELPFUL: • Some Tips for Legitimate Senders to Avoid False Positives (from SpamAssassin) http://wiki.apache.org/spamassassin/AvoidingFpsForSenders • A Quick Tips Guide to E-mail Marketing (from EmailLabs) http://www.emaillabs.com/pdf/BestPractices_quicktips.pdf • Make Your E-mail Stand Out in the Crowd (from EmailLabs) http://www.emaillabs.com/articles/email_articles/email_message_stand_out.html • The Ten Most-Ignored Best Practices http://emaillabs.com/articles/email_articles/email_best_practices_audit.html • Six Steps to Avoid Spam Filters (from EmailLabs) http://www.imediaconnection.com/content/6806.asp • The Opt-In E-mail Marketer’s Checklist for Inbox Delivery (From Lyris) http://www.lyris.com/resources/whitepapers/deliverability_checklist.pdf • Bulk e-mail HOWTO (from Barracuda Networks) http://spam.abuse.net/marketerhelp/bulk-howto.shtml Ovation Marketing • 1.608.785.0000 13Ovation Marketing uses one to one creative and marketing tools that help database-driven marketers sell through direct channels by providing results-based, proactive ideas. Member of the American Association of Advertising Agencies since 1988. Member of the Direct Marketing Association since 1990. For more information, contact: Lee Mullally, Public Relations Director leem@ovationmarketing.com 608.785.0000 x208 © 2006 Ovation Marketing 201 Main Street, 6th Floor • La Crosse, WI 54601-0717 Phone 608.785.0000 • Fax 608.785.2496 Web www.ovationmarketing.com • Email ovation@ovationmarketing.com