CAN-SPAM, Deliverability, Design, Dynamic Content, Email marketing, Live Mail, Personalization, spam, Subject Lines

The Year in Email: A Look Back At 2016

By all accounts, 2016 was an extraordinarily eventful year. It saw the deaths of Fidel Castro, Muhammad Ali, David Bowie, Leonard Cohen, Carrie Fisher, George Michael, Leon Russell, Debbie Reynolds, Gene Wilder, and a whole host of others. Politically, it was the year of Brexit and a presidential election that caused the New York Times to take a hard look at their polling methodology. In sports, it was the year that the Chicago Cubs, after 108 years of losing, finally won a world series in a final game that played out like a movie script.

It was an eventful year in email too, but not necessarily in a good way. Some might argue that email—or, at least, email that wasn’t meant to be seen by the general public—helped lose the election for Hillary Clinton. August saw an organized subscription bomb attack of suspicious origin that temporarily landed several respectable news organizations on spam lists and caused Spamhaus to update their opt-in verification recommendations. In one respect, 2016 was a better than previous years. We saw fewer of the kind of clumsy design errors that we’ve seen in the past. Most of the really terrible errors came from sources that were questionable to begin with.

The Importance of Testing Across Platforms

It should go without saying that whenever you send out a message you should test it. If you are using Goolara Symphonie, or another ESP that has a preview feature built in, I’d start there. If you want to be extra careful, you can also send test mailings to several different addresses, or use the email previews available from Litmus and Email on Acid. Sometimes, a message looks fine in one email reader, but not so good in another. Here are some examples.

Aw Gee-Mail

misaligned iamges

If you’re going to have a problem displaying your email design in one provider, the provider should never be Gmail. After all, it is the most popular email reader out there, and it doesn’t cost anything to get an address, so what’s the problem? The folks at Orchard apparently didn’t learn this lesson, though. This particular email looked fine everywhere else, including the always problematic Live Mail, but completely fell apart in Gmail.

Dynamic Content Mishap

Bad dymamic content

One time when you absolutely must test before sending is when you are using mail merge or dynamic content.1 The example above is an actual email, sent to us with the subject line: “Your email.” A blank space between “Hello” and the comma would have been better than this. Well constructed dynamic content instructions would have prevented this from happening.

Hide and Seek

images covering type

A picture’s worth a thousand words, but this is email is pushing it. At first glance, it looks like Wired expects these images to do all the work, but look closely at the right edge of the top photo, just below the horizon. There’s a series of small dots there. A closer investigation reveals that those dots are the text hidden under each photo. This particular problem occurs in Microsoft’s recently abandoned Live Mail, and if Live Mail was the only email reader that had trouble with this mailing, I probably wouldn’t bother mentioning it. But Thunderbird also has trouble with the file, pushing the text and social links out to the right of the main table. Live Mail, at least, brings the text and social links back into the area where they belong, but then plops the photo down on top of everything. This wouldn’t matter if Wired bothered to provide meaningful alt tags, but the alt tags read: “Image for story 1,” “Image for story 2,” etc. Not exactly helpful.

A close inspection of the source code reveals the problem. Whoever put this email together did go to the trouble of using tables, but then they inserted divs into the mix. The code is also littered with ids and class tags that have no corresponding style instructions. It’s worth noting that all of the other mailings from the magazine look fine, and the ones for subscription offers include highly descriptive alt tags.

Honestly Missing Logo

Missing logo

That “Honest Mail Email Marketing” logo, looks suspiciously like nothing at all. A quick check of the HTML code reveals the problem:

<img src=”” alt=”Honest Mail Email Marketing Logo” width=”160″ height=”50″ border=”0″ style=”width:160px; height:50px;” />

They remembered to include the height, width, and border information. They even added alt text There’s only one thing missing: the actual source location for the image. Honestly, one test preview would have revealed this problem. There’s no excuse for it.

Code Fails

Some problems are simply the result of bad HTML. Sometimes it’s an out-and-out typo, but sometimes the problem is something subtle like including the DOCTYPE and HTML tags when you paste the email into the ESP app. Test previews and test send should catch most of these problems.

It’s Important, Procrustes

Bad image sizing

This email from Keurig suffers from a few problems. The image of the people chatting over coffee and the “Shop Today” button are obviously stretched. The designer put the correct size information in the properties for each of these images, but they forgot to add !important, so the sizing information was overridden in favor of the master table, stretching the images to match the master table’s 100% width requirement.

Knowing When to Link

button design

Having linking buttons is always a good idea, but knowing where to put the link is important. In this example from Camper, only the words “Women,” “Men,” and “Kids” are links. Since this text is placed in its own table, and that table has a bordered cell, it would make more sense to add the link to either the table or the cell. As it stands now, clicking anywhere inside the black border does nothing unless you click directly on the words. It’s a minor thing, but one worth remembering. Judging from the number of div tags in this email, I suspect that the author of this email is new to the form.

Button, Button, Who’s Got the Button?

fake button

Providing buttons that link to web content is never a bad idea. What is a bad idea is providing a button that is not a button at all. This email from Template Monster makes that mistake. Clicking on “Learn Now” simply brings up the image. To make matters worse, they’ve given it a blue border, further enforcing the perception that this is a link and not just an image.

Oops, I Did It Again!

Not to rag on Template Monster, but they don’t seem to have anyone checking the email before they send it. Here is the top of one of their emails:

Missing code

And here is the code for the logo at the top:

<a href=”#” style=”border:none;” target=”_blank”><img alt=”TemplateMonster” border=”0″ height=”40″…

Look at the href at the beginning of the line of code. This should link to their website, but it doesn’t. The pound sign (#) is a placer that indicates that although there is a link, it’s not going anywhere. Hover over it and it appears active, but clicking on it accomplishes nothing.

A little further down the page in the same email we get this:


The text in the orange button reads “Download You Gift.” I confess, I am always typing “you” instead of “your” so I can relate to this one, but a second pair of qualified eyes would have caught this immediately.

In the same email, every headline and image has a different link, even when they go to the same place. The headline about 20 free writing tools goes to the same page as the image next to it. I’m going to give them the benefit of the doubt on that one, and say that they did this to find out whether the images or the headlines are responsible for the most clickthroughs, but in the long run, isn’t that less important than the fact that they did click through?

That’s Code for …Code!

badly coded spam

I love it when spammers screw up. This was already obviously a spam message without having to even open it, but upon opening you’re presented with the HTML code for the message. When putting together a mailing in your ESPs visual editor, always make sure you are in the right tab (usually marked HTML) before pasting HTML code. Otherwise this might happen to you. Of course, any decent email marketer would have previewed the mailing, but these people tend to work fast. I’m surprise this doesn’t happen more often, actually.

Shopping Links

Sometimes there’s nothing wrong with an email, until you click on one of the links. Then you suddenly find yourself staring at a page that has nothing to do with anything. Retail stores appear to be the worst offenders, which is odd since so much of their business is contingent on people getting to the right page and ordering the product they want.

I Know It’s Here Somewhere

missing products

Fab has, in the past, shown products in their mailings that aren’t on the landing page. In most cases, the products shown are available, but buried on the second or third page of the sale listings. That’s fine. Lots of companies do this, so the public is used to it. But in the email shown above, the “Cosmo Complete Set” and Captain America print don’t even show up in any of the lists. Clicking on them takes you to the a sale page, but neither product is on any of the sales pages. If you want to buy either of these items, you’ll need to enter them as search queries on the web site.

Now Go and Find Me

not on site

Normally, Bed, Bath & Beyond is one of the better companies when it comes to email marketing, they always provided meaningful alt tags, their design is easy to read on both a desktop computer and a mobile phone, and their links, in most cases, go directly to the products shown. Here is one of their rare missteps. Clicking on this product does not take you to the products, or even anywhere near the product. A clue lies in the button labeled “Find a Store”—only it’s not a button. Clicking anywhere in the image will take you to BB&B’s Find a Store page. I suppose they justify this by pointing out that the product isn’t available online, but that’s no reason that this couldn’t be included on a page with more information on the product.

Alt, Right?

I bring it up every year, but every year there are plenty of examples of companies forgetting to add alt information to the img tags. While it’s true that services such as Gmail and the iPhone display images as the default, some people still prefer to keep the images turned off. Alt tags not only impart information on what they are missing, they also can provide incentive to display images as well. Here’s an example from Warby Parker that demonstrates the worst case scenario:

no alt tags

Now here’s a company that knows how to do it right, Bed, Bath & Beyond:

Good alt tags

Quite a difference. Perhaps the guys at Warby Parker assume that people will always want to display their images, a questionable assumption.

Unsubscribe Catastrophes

Unsubscribing should never be a hassle. Nobody is happy when a recipient unsubscribes, but it’s better than having that person mark your mailings as spam because they can’t figure out how else to get you to stop sending them things. Some marketers go to extraordinary lengths to making unsubscribing difficult, treading very close to the legal requirements of CAN-SPAM. A few cross over to the dark side. Here are this year’s worst offenders.

Unsubscribe? fUGGedaboutit!

No unsub link

CAN-SPAM has a few hard and fast rules. One of them is that you have to have an unsubscribe link. You also have to have a physical address. This email has neither. The supposed unsubscribe link takes you to the home page for the company. Not surprisingly, this email is not from an official UGG site at all, but a spammer that is trying to make their site look as legitimate as possible.

Email Purgatory

Missing unsub link

Unlike the previous email, this one is from a legitimate company (T-Mobile). This part of the email—which is commented in the HTML as “legal footer”—contains the physical address, privacy policy information, links to their various plan options, and instructions for how to ensure that email from them does not wind up in the spam folder. What it doesn’t include, however, is an unsubscribe link—an unequivocal violation of CAN-SPAM.

Go Ahead and Try to Unsubscribe! I Dare You!

bad unsub link

When it comes to anti-spam laws, the USA is about the most lax, but they still require two things: A physical address and an unsubscribe link. So when I get an email like this, it makes my blood boil. Here’s what you get when you click the unsubscribe link:

unsub fail

As one might imagine, this one went straight to the spam folder.

Crouching Promo and Hidden Unsub

unsub in image off

A nearly as devious method of hiding the unsubscribe was used by Lids, a company that specializes in sports caps. Here’s the bottom of their email with the images turned off:

You can see there’s a physical address, but where’s the unsubscribe link? Now here’s the same section of the email with the images displayed:

unsub in image on

Ah, there it is! They’ve made unsubscribe part of an image. To make matters worse, they used an image map to separate the various categories shown. I’m not sure what the thinking was here. Attempts to reach them went unanswered. Just to add insult to injury, I never signed up for this email, it was someone entering the wrong address either accidentally or on purpose.

Sure, There’s an Unsub. It’s Just Not Yours.

Another highly questionable approach to handling unsubscribes came from, of all companies, Salesforce:

Salesforce CAN-SPAM violation

I’ve blurred the names to save some embarrassment, but I can verify that the author of this email comes from Salesforce, promoting a webinar Salesforce has co-sponsored. Yes, there’s an unsubscribe link, but only in the forwarded content. Presumably that will only work for the original recipient, not for the person to whom the email was forwarded. This means that Salesforce, the largest SaaS-based, customer relationship management (CRM) provider on the planet, a company with its own email marketing solution, just sent me a promotional email without an unsubscribe link. It is a tactic worthy of a Viagra spammer. It doesn’t help that there’s a typo in the very first sentence. I dearly hope the author of this email is new to Salesforce.

Subject Line Fun

The subject line is the most important part of your mailing. If a subject line doesn’t provoke the recipient to open the email, then all your hard work providing good content and responsive design is for naught. Here area few subject lines that either failed miserably or worked brilliantly, or, in the case of the first example, simply overdid things.

Hello, It’s Me Again

Too many emails

Some email marketing experts are big fans of the practice of sending high quantities of email to your recipient list. It is a topic hotly discussed on email marketing forums, and each side can back up their position with plenty of facts and figures. But even the most ardent fan of high-volume sending would agree that Travelocity is pushing it here, sending an email every hour or so from two in the morning to five. It doesn’t help that all of these were sent at times when no others were sending out email, leading to all four messages being bunched together. Perhaps that was the idea, to create a sort of billboard for Travelocity residing in the inbox.

Did I mention…?

same email

It’s not usual for companies to offer multiple newsletters. Nor is it unusual to send these newsletters out on the same day. What is unusual is the use exactly the same subject line and content on both mailings, right down to the “You are subscribed to PCMag Tech Deals as…” at the bottom of each page. Given that a normal announcement from PCMag reads “You are subscribed to PCMag Announcements as…” and is usually some sort of deal on a PCMag subscription, I’d chalk this one up to either a mistake or laziness.

I’m Either a Realtor or a Marketer

email goof

Even we email marketers make boneheaded mistakes. To their credit, the folks at EEC caught this and quickly followed up with an apology.

A Special Odaer, Ordrre, Ordeorr…Oh Forget It!

typo in subject line

“Order” is a hard word to screw up, but whoever put this email together seems to have had a terrible time with it. They misspelled it in the subject line, and then again in the content.

Okay, I’m not REALLY Out of the Office

Out of Office trick subject line

I think I know what Sephora was trying to do here. This was an attempt to equate being out of the office with their summertime contest. Sending a fake out-of-office autoreply isn’t the worst misuse of a subject line, but it’s pretty sneaky and isn’t likely to endear you to anyone.

You know nothing, Jon Snow.

Game sof Throne subject line

As a fan of Game of Thrones, I enjoyed the use of GoT references in the subject line and “friendly” from, but I’m not sure that a company that specializes in predictive marketing is the right place for this approach. This link leads to a series of videos in which they try to show the marketing lessons available in the HBO series. That is more a testament to the ability of the human brain to find patterns where none exist than any marketing subplots lurking in George R.R. Martin’s on-going saga. This kind of subject is better served on a site such as ThinkGeek, which specializes in products attached to all aspects of geekdom, from TV shows or computer games. For them, even this is acceptable:

Konami Code subject line

A combination of keystrokes known as the Konami Code, a cheat that gives gamers additional powers while playing. If you’re in the real estate business, this probably isn’t a good subject line, but it works quite well for a company whose primary audience resembles the cast from The Big Bang Theory.

Location, Location, Location!

Deliverability fail

Sometimes, a subject line, by itself isn’t anything special, but where you find it makes all the differences. I found this one in my spam folder. I could say “Physician heal thyself,” but this just demonstrates what a complicated subject deliverability is.

That’s it for this year! We can’t wait to see what 2017 will bring. We predict more email address providers will follow Gmail’s lead in allowing CSS in email. On one hand, this means we can get more creative in our email designs, but on the other hand, it means more places for things to go wrong. If there is a moral to this blog post, it should be obvious by now: test, test, test. For more on the subject of how to deal with email mistakes, check out our white paper on the subject: Oops! – Handling and resolving email marketing mistakes.

1. If you’re not using dynamic content, you’re missing a real opportunity to improve your email engagement results. Jordie van Rijn explains how and why in his article, Making the most out of Dynamic Email Marketing. For more on Goolara Symphonie’s powerful dynamic content visits, visit our dynamic content page.

Deliverability, Email marketing, spam

CAPTCHA and Release

captchas drive me crazy
[Note: This is the second in a two-part series on subscription bombing and how to defuse it. Last time, we looked at the techniques used to create recent attacks. The time we look at the technique Spamhaus recommends as the best way to avoid ending up the victim of a subscription bombing: the CAPTCHA.]

As we discussed in our last blog article, the best way to prevent subscription attacks, according to spam listing companies such as Spamhaus, is to use a verification test in your email signup form. The best known of these, and the one that Spamhaus recommends by name is the CAPTCHA. CAPTCHAs can be a pain in the neck sometimes, and when they are not easy to solve they can cause people to just give up trying and leave your site. But newsletter signups that don’t require CAPTCHAs are just what subscription bombers look for. If you find yourself on the receiving end of one of these attacks, you’ll have a lot more work to do to recover your reputation score, and will, after that, have to use a CAPTCHA anyway. Having accepted, however unhappily, that CAPTCHAs are a necessity, we’ll look at different CAPTCHA technologies that are available today.

The best known form of CAPTCHA is the reCAPTCHA, version 1, which consists of a small box displaying two distorted words (usually consisting of one real word and one that is gibberish). You are asked to enter the words you see, and if your answers are incorrect, you are presented with two new words and asked to try again.

sample captcha

ReCAPTCHA was developed by a group of computer scientists at Carnegie Mellon University who recognized that CAPTCHA technology offered a great crowd-sourced way to achieve better OCR. If the OCR software couldn’t identify a word, sometimes humans could, which meant you could feed words to people that computers couldn’t recognize. That’s why in 2009, the ReCAPTCHA technology was acquired by Google for their Books project, and was used by the New York Times to digitized their archives. This seemed like a good way to block fake signups, but they didn’t factor in either advances in OCR software, or the low costs of doing business in third world countries.

Capturing CAPTCHAs

Almost as soon as they appeared, people started working on ways to crack the CAPTCHA codes. One company we found in India offers workers around 90¢ and hour to solve as many CAPTCHA codes as humanly possible. Those who can’t do it quickly or who make too many mistakes are kicked off the service. This is a time-consuming way to crack CAPTCHA codes, but by offering wages far below anything most people could live on the authors presumably make it worth the effort. Just to pour salt in the wound, anyone interested in doing this thankless work is expected to pay a fee to join.

Meanwhile, OCR software kept getting better, so it wasn’t long before someone had the bright idea of creating a bot that used OCR to identify the words in a CAPTCHA. It doesn’t always get it right. In fact, it often gets it wrong, but it doesn’t matter. Unlike a human, who is going to give up in frustration after a few tries, a bot can keep trying and trying until it gets it right. Since their advent, bots have become a major problem for word identification types of verification. To counter this, word-based CAPTCHAs became more distorted and harder to decipher for humans and bots alike. We’ve all seen the results of this battle over decipherability. We’ve all encountered CAPTCHAs so hard to identify that it takes us a few tries to get them right, and we all have better things to do with our time than enter meaningless words in an attempt to receive more email.

captcha collection
An assortment of actual CAPTCHAs collected from various sites.

To solve this problem, a new kind of ReCAPTCHA was created that relies on the natural differences between software and the human brain. This made it easier for humans to recognize the words, while keeping it hard for the bots the do the same. In recent variations, a reCAPTCHA might ask users to identify images instead of scrambled type relying on human intuition to solve. Take this example:

image captcha

At the top of CAPTCHA we are presented with an image (in this case, a cat) and asked to find all the images with matching content. This is a mixed bag. It will certainly block bots from finding a solution, but it also presents us with instructions that those of us who skew towards the Asperger‘s end of the spectrum and tend to take things too literally might also find perplexing. The picture at the top is an adult gray tabby, but the pictures below are all of kittens and only two are gray tabbies. We realize most people won’t get this granular with the data, and that’s what Google is counting on. The top picture is a cat, so humans will click on all the pictures of the same animal, even when every other aspect of the picture is different.

I’m Not a Robot

No Captcha

Two years ago, Google introduced a version of the ReCAPTCHA they call a “No CAPTCHA reCAPTCHA.” With this type of CAPTCHA, there’s no need to try and decipher heavily distorted words, or squint to make out blurry photographs of street numbers, or identify various animals. You check the box labeled “I’m not a robot” and you’re done. The No CAPTCHA reCAPTCHA uses Google’s Javascript API and a form, and appears, for now at least, to be an excellent choice for verification. Spamhaus likes it, and it produces the least amount of hassle in the signup process.

Gamifying the Process

A variation on the CAPTCHA that is designed to alleviate the annoyance of typing in meaningless words is the addition of gaming elements to the verification process. With this technique, you are asked to complete some simple task to verify that you are a human being. The task is always simple and resembles a children’s game in its approach. You might, for example, be asked to “put the carrots in the shopping cart.” The picture will show an image of an empty shopping cart with images of various groceries floating next to it. By clicking and dragging the image of the carrots to the image of the shopping cart, you verify that you are a human.



These gamified verification techniques are effective approaches to the problem, although we haven’t seen that many instances of their use. They appear to be acceptable to Spamhaus as well. According to them, “…any mechanism that successfully keeps bots from abusing signup forms is good and absolutely necessary nowadays. Captcha is currently the best mechanism, and whatever the captcha test does (task, game, whatever) is also fine as long as bots can not easily defeat it.”

Alternatives to CAPTCHA

CAPTCHA is, by no means, the only way to verify a signup. Programmers continue to invent new ways to foil the bad guys. A couple alternatives are the Honeypot and the Social signup. Before choosing either of these, you should note that Spamhaus prefers a CAPTCHA verification that requires the user to perform a task. That’s not to say these are not effective in blocking bots, only that implementing them might not help you get off the SBL. As of right now, a CAPTCHA-type mechanism is the safest way to go.

Honeypot Verification

One of the earliest attempts to simplify the process of signing up and restrict it to real people is the use of a honeypot. The idea is simple: A form is hidden in the HTML for a page, but it isn’t visible on the page, so no human visitor to the site should ever know about it. Since bots don’t visit pages this way, but, instead, look at each page’s code for forms, they will see the form and attempt to fill it out, thus identifying them as bots and not humans. It is a wickedly clever technique for fooling the bots, although, as we’ve already discussed, bots have gotten much more sophisticated over the years and are seldom fooled by this technique anymore. It can also cause problems with browsers that have CSS turned off, and with ones such as Safari that autofill forms. It is still in use, but is often combined with a more interactive signup.

The Social Approach

facebook signup

As social sites become more and more important to people’s daily lives, we’ve seen a corresponding growth in sites that require social signups. Instead of entering words or playing games, you are offered a button that says “Sign Up With Facebook.” This approach lays everything on the line, but it also stands a significantly higher chance of losing the audience. Several studies have shown that people just don’t like using their Facebook accounts for promotional purposes, still preferring email as the main source for sales announcements. We don’t recommend using this approach except for those rare cases where your Facebook profile is your main sales mechanism.

At this time, we recommend the “No CAPTCHA reCAPTCHA” for your verification purposes. It satisfies Spamhaus’s requirements, and it makes the signup process as easy as possible for your subscribers. Of course, if history is any indication (and it usually is), it’s just a matter of time before this approach is compromised, and we’ll have to find a new way to verify newsletter signups. It is important to remember that nothing in the field of email marketing remains static. There’s no set-it-and-forget-it solution. You’ll still want to keep track of your email data to see if there are any anomalies occurring.

Deliverability, Email marketing

Defusing Subscription Bombs

subscription bombs
On Monday, August 15, people all over the world woke up to find their email inboxes stuffed with unwanted email, victims of an organized and relentless “subscription bombing” attack. This attack used a bot designed to find sign-up forms and enter thousands of email addresses on a site before moving on to the next one, where the process was repeated. Before the bot was through, each address ended up subscribed to hundreds of newsletters. The owners of the email addresses remained unaware of what had happened until they started receiving the emails. Faced with what appeared to be unsolicited emails, they did what many people would do in this situation: they flagged the mailings as spam, which sent the reputation scores for the attacked companies spiraling down.1

Most of the companies that were victims of this attack were respectable, legitimate companies whose only crime was that they made their newsletter sign-up processes too easy, also making it easy for attackers to enter false information. Many well-respected email senders suddenly were having trouble landing in the inbox and were getting relegated to junk status. Even the New York Times felt the effects of this attack.

The attacks started over the weekend, but because not everyone checks their mail services on Saturdays and Sundays, by Monday morning some accounts were packed with new, unwanted emails. In many cases, the amount of emails was massive enough to make it impossible to identify and separate the legitimate mailings from the junk. More diligent people took the time to try and unsubscribe from these emails, but as security expert Brian Krebs noted, “By the time I’d finished deleting and unsubscribing from the first page of requests, there would be another page or two of new newsletter-related emails.” For most people, the easiest solution was to select all the new email and either delete it or mark it as spam, which sent reputation scores spiraling. Suddenly, hundreds of a company’s mailings were being identified as spam, landing several legitimate companies on blacklists.

High-profile companies that use a single opt-in method without a verification test appeared to be the most at risk, but were, by no means, the only ones affected. Many of the sign-up email addresses ended in “.gov,” suggesting that the attack might have had a political motive behind it. A belief strengthened by the recent Russian hacker reports. Some people have speculated that it was simply the work of bored computer geeks out for kicks. Whatever the reason, it caused many legitimate companies to wind up being blacklisted.

No Easy Unsubscribe

The problem was exacerbated by the fact that, by its very structure, there’s no quick way to mass unsubscribe from several email subscriptions. It’s easy to select a dozen emails and either delete them or send them to the spam folder, because both of these actions occur within the mail reader. Unsubscribing is a little trickier. Each piece of email must be unsubscribed from separately. There’s no way to select a batch of emails and unsubscribe from them en masse because the unsubscribe information for each piece of email is going to a different place and is handled in a different fashion. Some require verification, others present a display of settings that need to be unchecked.

Some services, such as Gmail,, and the latest update to the iPhone’s Mail app feature an unsubscribe button, but only when the unsubscribe link in the email leads to automatic unsubscribe. Links with multiple choices, or multiple step unsubscribes don’t show up. So when hundreds of emails arrive in the inbox at the same time, nobody (Brian Krebs notwithstanding) is going to go to the trouble of trying to unsubscribe separately from all those mailings. It is far easier to accomplish the same effect by selecting everything and deleting it, but since none of these emails were actually solicited, it is even more likely for people to use the spam button to show their dissatisfaction. When enough people do this, blacklisting services, such as SpamCop, Junk Email FIlter, Barracuda, and especially Spamhaus, sit up and take notice.


How each of these blacklist services handles junk mail varies, with equally varied results in terms of effectiveness. The most well-known and commonly used blacklisting service is Spamhaus. When Spamhaus decides to put you on their “Spamhaus Block List” (SBL), you’ve got a serious problem. Everyone from Yahoo to McAfee, and Gmail (to some extent) use the SBL data, so staying off this list is mandatory of you ever want your mailings to be read.

After this latest subscription attack, we saw several obviously legitimate news organizations end up on blacklists after this attack. Getting on this list is relatively easy. Getting off it often takes a concerted effort by your ESP or deliverability team. How difficult that process is will depend on several factors, such as past transgressions as well as subjective considerations, such as the general impression of your site by the people at the blacklist service (and not just Spamhaus either).

The Double Opt-In

Spamhaus has always maintained that the double opt-in (DOI—also known as the confirmed opt-in) will help prevent surreptitious sign-ups. Some services, such as MailChimp, now use double opt-ins exclusively (much to the dismay of their subscribers if the questions Quora and Reddit are any indication). But a DOI doesn’t solve the initial problem of bot sign-ups. Even Spamhaus acknowledges that a DOI does not automatically prevent your company from landing on their blacklist. The recipients will still receive that annoying first deluge of DOI verification mail, which, when thousands have been entered, is enough of a problem by itself. The double opt-in might keep the problem from compounding though, which is certainly preferable than continuing to send emails to increasingly more annoyed recipients.

For Canadian and European emails, where adequate verifications of acknowledged sign-ups are required, the double opt-in is already the safest option. While most ESPs (Goolara included) let you decide what sort of opt-in procedure you want to implement, you should be aware that a single opt-in puts you in greater danger of a malicious and erroneous sign-ups. If your site is popular enough to experience more than one or two sign-ups a day, you should consider switching to a double opt-in.


Currently, Spamhaus recommends the use of a CAPTCHA as part of your sign-up process. A CAPTCHA requires an action by the user, such as solving an equation or identifying two words that are either distorted or partially obscured by a pattern. They are easy to implement and may be the only way to get your company off the SBL. The most common one is ReCAPTCHA, which is provided by Google, but there are others on the market. We also recommend using a CAPTCHA, but this technology brings its own set of issues, which we’ll take a look in more detail in our next blog post.

Worst Case Scenario

So what do you do if you’ve already fallen prey to an attack? Preventative maintenance is always the best course of action. Besides double opt-ins and the use of a CAPTCHA, a regular practice of looking at your report metrics and subscription sign-ups can alert you to potential problems before they get out of hand. Noticeable increases in the amount of email being greylisted or sent to the junk folders might be a warning sign of worse things to come. Sudden increases in sign-ups from “gov” sources can also indicate potential bot attacks, so you may want to segment out these mailings for closer examination. In most cases, though, these attacks are sudden and unexpected, and nothing you do once the attack starts will stop the problem from escalating.

If you do end up on a blacklist, you should notify your ESP immediately and see what steps they can take to solve the problem. Some ESPs, such as Goolara, also offer deliverability services, and they can help you get your IP removed from the blacklist. Otherwise, you might want to seek the services of a professional deliverability expert. As long as you don’t have a history of sending to spam traps (which will normally only occur if you don’t keep your list up to date, or have a nasty habit of buying questionable lists), you should be okay.

Next time we’ll take a closer look at CAPTCHAs and other methods of sign-up verification.

1. The reputation score is how email services identify whether a mailing has any value. The higher your reputation score, the better your chances of ending up in the inbox. For more information on this, see our white paper Deliverability Enhanced.

Deliverability, Email marketing, Trends

Watch Out For Typos!

Email typos
Here at Goolara we’ve been seeing a recent rise in a peculiar method of gathering and hijacking information. The basic mechanism isn’t new, but the fact that it’s being used with clickthroughs appears to be a new twist. It is based on exploiting mistyped email addresses by purchasing domain names that are either misspelled or have letters added or removed. You might, for instance, intend to send an email to someone at a Gmail address, but because you typed too quickly, it’s going to “” instead; or maybe your finger hit two keys at once, and the mailing is sent to “” In both cases, the domains are registered and your mail is actually being processed by these sites. To put it another way: That mail you accidentally sent to the wrong address is being received by someone who has intentionally chosen their domain name to take advantage of this mistake. Is that someone you really want to have any of your email data?

This technique, called typosquatting, has long been used to trick people into visiting sites (called domain doppelgangers) that look a lot like the sites they are imitating.1 Most of it disappeared after laws were passed and some successful lawsuits were filed against these pretenders, but the legislation didn’t address the other part of the equation. The law can prevent them from mimicking an existing website, but anyone who has registered one of these domains still has the ability to receive any email sent to it. While a website could be construed as attempted fraud, simply receiving misaddressed email falls into a very gray area. Even this isn’t that new. These fakes sites have always accepted email. The new twist is that they are now apparently clicking on the links in the email they receive.

The Man-in-the-MailBox

It’s hard to know the reasons for these clickthroughs. It’s possible that they are intended to keep the address active and defray suspicion. Or it might be part of more complex scheme, such as the “Man-in-the-MailBox” scam detailed in a report on domain doppelgangers put out in 2011 by Peter Kim and Garret Gee of the Godai Group. In that report, Kim and Gee explained how they set up set up 30 doppelganger accounts for various firms and received 120,000 e-mails in the six-month testing period. Acting as middlemen, they would pass on data to the correct address and then send the information back to the intended recipient. In this way, they accrued 20 GBs of data that included everything from trade secrets to individual passwords.

It is also a method of verifying the links, which can be useful for ascertaining the value of each email address. This may seem like an inefficient way to collect addresses, but the evidence suggests that the processes here are handled primarily by bots, so minimal manpower is required. Like an army of ants, they achieve their goals methodically over time. If you intended, for instance, to send something to a specific address at Gmail, the typosquatter can now figure out the correct address without much difficulty and add it to their list. With the amount of email data passing through the Internet every hour, it is possible to build up a substantial list of names in no time.

Why It’s Important

You might be tempted to ask why this is important? After all, it’s only a few addresses here and there, but there are costs involved. Keep in mind that you’re paying for those addresses, and you’re paying for sending to those addresses. If you’re using an automated system to relay leads to your sales department, then clickthroughs from these sources can cause your sales staff to waste valuable time chasing down these imaginary leads and doing follow-ups that go nowhere.

It is also possible that some of these people are up to things far worse than merely collecting addresses. While many companies don’t accept email responses, some set up their mailings so that they send email replies to specific staff members. You don’t want to put your sales team in a situation where clicking on links from these sources—either accidentally or absentmindedly—lead to bigger problems. It is also worth remembering that these address mistakes simultaneous keep those subscribers from receiving your intended email while opening them up to receive email from these questionable sources.

Protecting Yourself

As you might imagine, protecting yourself against this problem can be tricky. Checking for typos only goes so far, and when your mailing list includes thousands of names, it’s almost impossible to catch them all. In Symphonie, we’ve added logic to the process that identifies and blocks these domains when we encounter them, so you don’t have to worry about the most commonly mistyped addresses. This doesn’t mean you shouldn’t stay on your guard, though. Like rust, these scammers never sleep and they are coming up with new naming variations all the time. Catching these people in that act is a responsibility we all share.

Requiring a double opt-in will help somewhat. Since, in most cases, the email address is initially entered by the subscriber, getting them to verify it will eliminate a lot of the potential for typos. It won’t keep you from accidentally sending the verification email to an incorrect address, but it will help keep that address off your recipient list. The mistyped address still has the potential to end up on scammer’s list, but at least you won’t be sending wasting your time and money sending mailings to them.

1. Technically, there is difference between typosquatting and domain doppelgangers. Typosquatting means a domain that is similar to the intended domain, but is misspelled, while a domain doppelganger will appear almost the same, but with periods either added, removed or misplaced (for instance instead of

Deliverability, Design, Email marketing, HTML Issue

Using Fonts in Email

Fonts in EmailA well-designed typeface is a thing of beauty. It can convey emotion, improve sales, and help define a corporate identity. For years, designers have been trying to figure how to use their favorite fonts in email, sometimes these attempts fail miserably, and other times they lead to other problems that you wouldn’t expect. Using fonts in email takes you into treacherous territory. Is it better to use inline font-family styles or convert everything to images? And what about web fonts? Can you use them in email marketing?

In this overview, we look at all the methods for using fonts in email that are available to marketers and designers. Some of these techniques qualify as best practices, while others should be avoided at all costs. A couple might even qualify as worst practices.

Before we get too deep into the subject, we’d like to point out that we’ll be using font and typeface interchangeably. In the past, “font” referred a specific size of a typeface, so Helvetica 12pt was one font and Helvetica 24pt was another. With the advent of digital publishing, these designations lost their meaning.

Types of Fonts

Fonts come in six basic types:

Types of fonts


serif fontsSerifs are those little feet that protrude from the edges of a character. Examples of this style of typeface include Century Schoolbook, Garamond, and Palatino. The most famous serif typeface is Times New Roman, which was created for the London Times by Stanley Morison. Serif typefaces are still the preferred choice for blocks of printed text. On the computer screen, they are little harder to read due to the effects of screen resolution of the serifs.

Sans Serif

Sans SerifIf a typeface does not have those little feet, it is referred to as “sans serif.” Examples of sans serif typefaces include Franklin Gothic, Gill Sans, and Univers. The most well-known sans serif font is Helvetica, which is even the star of its own movie. The most common variation on Helvetica is Arial, which was specifically designed to match the font metrics of Helvetica. This was Microsoft’s way of getting around the license fees for Helvetica. San serif typefaces are preferred over serif typefaces for text on the computer screen. Some fonts, such as Verdana, were specifically designed for better readability on computer monitors.


HandwritingA Handwriting font, as the name suggests, is one that resembles handwritten text. These fonts are also referred to as “Cursive” or “Script” fonts. Sometimes these are fancy, such as Park Avenue and Edwardian Script, and sometimes they are more casual, such as Comic Sans and Freestyle Script. Caution should be used with these fonts. As you’ll see when we get to the Web Fonts, cursive fonts usually default to Comic Sans, which is often a poor substitution.


DecorativeDecorative fonts are the ones that favor novelty over readability. They come in both serif and sans serif variations, and are usually restricted to logos and headlines. As a rule, they should never be used for blocks of text. Popular decorative fonts include Ad Lib, Jim Crow, Mesquite, Stencil, and Old English. They are sometimes used for logos, but, even here, are best used sparingly if at all. Because of the high level of variations between them, they should never be used in email.


MonospacedMonospaced fonts are the ones that assign the same amount of space for each character. In a monospaced font, the ‘m’ takes the same amount of space as an ‘i’. This type of font is often used to display code, or to mimic an old typewriter. The most popular example of this is Courier. Monospaced fonts come in both serif versions, such as Courier, and sans serif versions, such as Consolas.


DingbatsDingbats are not fonts in the usual sense of the word, but, instead, have replaced the standard alphanumeric characters with little pictographs. In Webdings, for instance, a capital J renders a picture of an island with a palm tree, while in Wingdings it renders a smiley face. Dingbat fonts should never be used in email. You may like the idea of creating rebuses using Webdings, and it may look right on your PC; but if someone opens it on a Mac or some other system that doesn’t come with Webdings, they’ll only see gibberish.

Several pictographs are built into other typefaces as part of the Unicode (UTF-8). These are safer to use and sometimes are even used in subject lines (with ✈ and ❤ being particular favorites). Just make sure that you’ve encoded your mailing as UTF-8 and not 7-bit ASCII. Otherwise, you may end up with little squares or questions marks where the pictographs should be. It’s also important to remember that although there is some overlap in appearance between dingbat font characters and the pictographs that are available as part of the standard Unicode font set, they are not interchangeable. For example, the picture of the airplane in the middle on the left in the picture above is a capital Q in Wingdings. This one will not work in email. You need to use the airplane character as it is indicated in Unicode (you can find a handy chart of the Unicode dingbats and other special characters here).

Using a font directly

You can assign any typeface you want to your email content. Here, is an example of an inline style assigned to display in Helvetica:

<p style=”font-family: Helvetica;”>Hello World</p>

Of course, this doesn’t mean that your recipients are going to see the same thing on their computers that you see on yours. If the recipient does not have Helvetica installed in their system, they are going to see another font. As a rule, this will be Arial, but don’t count of the substitution to be automatic. By only listing one typeface in font-family style, you leave it up to the ISP, email client, or particular software to choose the alternative. This could end up being anything from Myriad Pro to Courier.

For this reason, it is always a good idea to provide a list of acceptable alternatives to the font-family style, starting with the preferred font, with the rest of the fonts following in order of preference:

<p style=”font-family: Helvetica, Arial, Verdana, ‘Helvetica Neue’, sans-serif;”>Hello World</p>

We’ve ended the list with the generic “sans-serif” as a safety measure to ensure that if none of the fonts listed are available, the text will still appear as a sans-serif font.

But what if your type absolutely has to be in a specific typeface? If it is part of your logo or associated with a specific branding campaign, you might not want the type replaced with anything else. In that case, your best bet is to convert the type to an image, but be careful—this is an overused technique that comes with some definite downsides.

Using Images for Type

At first, it seems like converting all your text to an image seems like a way to go. If you wanted to use Ad Lib for your headlines with Broadway for your text, an image would make sure that this (admittedly terrible) combination would look the same to everybody, regardless of their operating system, email client, or computer. But before you go converting all your mailings to images, there are a few important caveats to take into account.

No Text, No Inbox

First and foremost, you shouldn’t do it because it can affect deliverability. Shady email senders sometimes try and outsmart the spam filters by converting their text to an image in an attempt to elude the spam filters that check for certain words. As a consequence, many ISPs deduct points from a reputation score when they find only images in a message. This can be just enough of a negative to redirect your mailing from the Inbox to the Spam folder.

Not Text, No See

The second downside to using only images is that not all mailbox providers display images as a default. The Mail app on the iPhone does and Gmail does, but most others still default to image display off. If all your text has been converted into an image, you run the risk of missing potential sales for no better reason than that the recipient never saw your actual message.

Remember the Alt Tag

If you do plan to use an image to display text, the safest thing to do is to include the text in the image as an alt tag. That way if the recipient has image display turned off, he can still get an idea of what the picture contains. In the case of logos, you can also add styles to the alt tag to improve the email’s appearance. For more on this subject, see our white paper, Using Text and Images.

What About Web Fonts?

From time to time, people ask about using Google Web Fonts in email. If you are new to Google Web Fonts, these are fonts that you can use without having to have them installed either on your computer, or the computers of your recipients. There are other sources for web fonts, such as Adobe and Font Squirrel, but these usually require scripts, which do not work in email. Web fonts require you to add two pieces of information to your mailings—a <link> tag with the URL for the font you want to use, and a font-family style attribute.

Web Fonts will only work when the email client recognizes the <link> tag and can use it to download remote content (in this case, the fonts). Here’s an example of an email that was set using two Google Web Fonts—Luckiest Guy for the headline and Josefin Slab for the text. In this first example we’ve taken the HTML code provided by Google and stuck it in the mailing without further modification. Here is how the HTML it appears in a browser (in this case, Chrome) before it is sent as an email:

Google Web FontsNow here’s the same email as it appears in various email clients and platforms:

web font chart using defaultsAs you can see, only the iPhone and Thunderbird rendered it correctly. Even here the fonts are only displayed when “Load Remote Images” is turned on (the default setting for the iPhone, but not for Thunderbird). Because Web Fonts require a link to work, these fonts are treated the same as images. If an email client defaults to “Images Off,” it’s not going to display Web Fonts either, even if it can. No images, no fonts.

The fact that cursive is listed as the font category for Luckiest Guy doesn’t help. It means that on PCs the headline defaults to various weights of Comic Sans, a font so detested that Weird Al Yankovic uses it as a gag in his song, “Tacky”. On Macs and iPhones, cursive defaults to Snell Roundhand which is better than Comic Sans, but is still a far cry the intended result. In the case of Live Mail, the fact that “serif” was listed as the fallback didn’t seem to matter. It still converted the text to Arial.

Of course, there’s nothing that says you have to use the HTML exactly as Google provides it. In the case of the Luckiest Guy font (and, I suspect, many others), you’d be better off ignoring their recommended category and choose one of your own. You’ll also want to add a few logical alternatives to the list. Here are the inline style settings for the headline after we’ve modified it:

style=”font-family: ‘Luckiest Guy’, Impact, Haettenschweiler, ‘Franklin Gothic Bold’, ‘Arial Black’, sans-serif; font-size: 3em; color: #63499B”

There’s really nothing like Luckiest Guy that is common on computers, so I’ve chosen an assortment of bold display faces that you’ll find on many devices and platforms. Likewise, Josefin Slab is a hard one to match since slab-serifs (i.e., serifs that are squared off instead of pointed) are not that popular either. Here are the inline style settings for the body copy:

style=”font-family: ‘Josefin Slab’, Memphis, Lubalin, Rockwell, Clarendon, Georgia, serif; font-size: 1em;”

Rockwell and Clarendon are popular fonts, and although Georgia is not a slab-serif font, it is a common font and shares many characteristics with Clarendon. Here are the results:

Web Font chart with better style choicesAs you can see, the results are still far from perfect, but they are better. If this level of discrepancy between fonts is acceptable to you, then you might find web fonts worth experimenting with. If your audience is made up primarily of iPhone and Mac users, it might be worthwhile. If your audience is primarily on PCs and Android phones, then it probably isn’t worth the effort.

Text Still Wins

When all is said and done, the advice we gave in Using Text to Deliver Your Message still stands: You’ll get the best results if you remain flexible on the font choices. Converting text to images where the font is important (such as logos and other branding) is acceptable, but even then, limit it as much as possible and make sure you’ve provided alt tags that are either informative or will make people want to display the images.

Deliverability, Email marketing, Trends

Deliverability and Volume Shifting

Deliverability chart 1
Sometimes you might come up against a situation where the perfectly innocuous email you are sending has trouble getting delivered to certain addresses. You may have had no problems sending to that ISP in the past, and the mailing might even be based on a previous design that got through without problems, but suddenly you’re finding your mailings held up and greylisted. When this happens, you’ll want to check your mailing patterns for sharp increases in volume. If you see a spike like the one shown in the picture above, there’s a good chance you’ve uncovered the problem. It is easy enough to avoid, but it might require you to retool your approach to campaign marketing.

The Volume Factor

Besides using keywords, text-to-image ratios, link redirects and a myriad of other ways to assess if an email is possible spam, ISPs and other mailbox providers also use your mailing patterns to identify when something’s wrong. If you suddenly decide to send out 100,000 emails, where you have previously been restricting your mailing output to a few thousand, you might find your mailing suddenly throttled way back on its delivery. Sudden spikes like this can cause even well-established companies to experience delivery problems. Email marketing programs that otherwise do not have deliverability issues will see their mailings blocked or greylisted when the volume of delivery jumps suddenly at irregular intervals.

On one level this makes perfect sense. If one day you suddenly saw a fifty-fold increase in traffic to your site, you’d immediately suspect something was wrong. The mailbox service providers react the same way, erring on the side of caution. Of course, if you regularly send 100,000 emails a day, the email provider won’t see anything unusual and will (unless there are other issues) allow your mailing to land in the Inbox.

This isn’t to say you have to send the same number of emails every day, but it does suggest that a little planning goes a long ways. Here are a few things to keep in mind:

Don’t be Sporadic

It’s okay to have spikes in your mailings as long as the occur at fairly regular intervals. You may have some problems the first time it happens, but if you do it regularly, most email service providers will adjust and allow more of your email through in the future. The chart shown at the top of this article shows what happens when a once time high-volume mailing arrives at a mailbox provider—alarm bells go off, even if you’ve had no deliverability problems in the past. If the same sender has a pattern of sending large quantities once a week, the odds are better that the mailing will get through.

Deliverability chart 2

Watch Out For Greylists

Provided there are no obvious spam triggering elements in your mailings, then, in all likelihood, emails stopped because the mailing’s been greylisted. In one sense, this is a good thing because it means the email will eventually reach the recipients, but it can also be a very bad thing if that particular mailing is time sensitive. A one-day only, Fourth of July sales announcement won’t do anyone much good if it doesn’t reach the Inbox until July fifth. Be especially careful if you’re planning on time-zone specific emails to arrive exactly when desired. You may want all the email delivered at 10:00, but it’s unlikely to happen.

Caution is always the best approach. Either send it out a little early, or make sure you have a policy in place if the mailing gets delayed. Even this might not help, though. While most ISPs throttle back the delivery of sudden, unexpected sending spikes, some ISPs will block a mailing completely if they feel the sudden spike is suspicious.

No Sudden Moves

Spreading the mailings out over a few days can also help avoid problems associated with a sudden spike in mailings. Then over time, if you keep your mailings on a regular schedule, you can consolidate these mailings into once mass mailing without difficulty. The window for most ISPs is about a month, but even monthly volume spikes will cause problems. A weekly spike has a better chance of getting through. Likewise, a regular pattern, such as every Tuesday, will work better than mailing spikes at random intervals.

You Don’t Have the Last Word

You can get as angry at the mailbox providers as you like, but if they decide to throttle back your time-sensitive emails, there’s not a lot you can do about it. Yelling at your email marketing software provider (ESP) and insisting that they must deliver your mailing when you want them delivered is placing the blame in the wrong place. The mailbox providers hold all the cards, so if they decide to greylist your mailing, there’s not much your ESP can do about it beyond verifying the reasons for the delivery problems. Any changes in tactics will have to come from your side of the equation.

The realities of deliverability cannot be overlooked, they require you to plan your promotional marketing scheduling carefully. If you are not the one in charge of the mailing schedule, you’ll want to make sure that the person who is in charge fully understands the factors involved in deliverability and how to best use the email marketing channel. Would there be a loss if a monthly newsletter was delivered over several days, or split into 25% a week? If not, then you might want to consider parsing the mailings out over a longer period of time, or, if you’ve decided to send more email on a regular basis, ramp up the sending over time.

Large volume mailing without encountering deliverability problems is easily achieved, but it might require you and the management to change your mindset on how you send email. Email clients aren’t going to change the way they do things just for you. You have to change to keep in sync with the way they do things. Make sure you’re consistent above all. If that’s not possible, try spreading out a large send over several hours. This gives the ISPs a chance to verify that your mailing is legit and will help ensure the mailing won’t run into major stoppages.

Deliverability, Email marketing, List Management

Keeping Your Email List Clean

Keeping your list cleanRecently, while reading a newsletter from another Email Software Provider (ESP), we came across the following advice in a column titled “Ask the Experts.” A reader asked how can they keep their subscriber list clean. We were shocked by the advice they gave. They recommended the following:

  1. Remove improperly formatted email addresses, duplicates, and syntax errors. Doing so will increase your deliverability rate.
  2. An email address that hasn’t seen any engagement in opens or clicks within a predetermined time frame, (rule of thumb is around six months), should be removed from your list or targeted for a re-engagement campaign.
  3. Use an online email validation tool to validate each email address to confirm it’s [sic] deliverable.

While we are fine with the second recommendation on the list, the first and last recommendations have us shaking our heads. The “expert” here seems to be suggesting that these are things you are going to have to handle on your own. Wouldn’t it make more sense for your ESP to handle these things for you? Let’s look at them one at a time.

Improperly Formatted Email Addresses

If you already have an established email program you shouldn’t have any “improperly formatted email addresses, duplicates, and syntax errors.” These should have been filtered out when the data was first imported into your ESP. Why would any ESP leave an obviously bad address, like, in your database? Perhaps if you have to pay by the address there’s some incentive for the ESP to keep these obvious mistakes in the database, but that’s a terrible way to make money. You are going to want an email marketing solution that is able to recognize these obviously bad addresses and remove them as soon as they are entered into your subscriber list.

Imaginary ISPs

While is a bad email address because it contains one too many @ symbols, its domain,, is legitimate. But what happens if the syntax is correct, but the domain is wrong. There’s nothing wrong with as an email address, except that there is no such domain Good email marketing software will also check the domains and remove the bad ones from the send list, so if one doesn’t exist, you won’t have to wait until you’ve started sending to find this out, and you shouldn’t have to run your list through third-party software to do so. Whether it’s syntactical errors that are the problem or bad domains, there is no reason your ESP shouldn’t automatically remove these improperly formatted and non-existent domains from your list. If your ESP isn’t already handling this, you should find another ESP immediately.

Hurting Delivery

As if that’s not enough, the “expert” goes on to say that leaving these addresses in your list will hurt your deliverability. How exactly would that happen? If the email address or domain is invalid the DNS system will tell you. No ISP could be contacted to deliver this email, so this bad address couldn’t possibly affect your deliverability. It could never get that far. Enter an address to gmail.moc instead of, and Google will never here about it. The mailing will get stopped at the starting gate.

Invalid Domains

But improperly formatted email addresses are only half the story. Those are pretty obvious and are usually easy to spot. More difficult to recognize are the ones that appear to be legitimate addresses in every way but will return an invalid user response. may look like a perfectly acceptable email address, but it returns an invalid mailbox error. The quickest way to find out if an email address like this one is valid is to send to it, but you’re only going to want to do that once. Some email marketing software will send to an invalid address three or four times before giving up on it. This is asking for trouble. It’s a bit like someone knocking at your door looking for someone else, and then doing it again a few minutes later, and then again. You wouldn’t like it, and neither do the ISPs, which is why each time you retry, your reputation score takes a hit. Not a big one, but they add up, and the more it happens the worse it is for your reputation score.

So why do some ESPs allow more than one attempt to send to a bad email address? Mostly it’s out of laziness. Since every email client uses its own nomenclature to describe when an email isn’t valid, you can’t simply say, stop sending if you receive an “invalid user” message because the email client might decide to identify it as “invalid recipient,” “mailbox not found,” or some other variation on the message. There’s no end to the creativity of IT professionals when it comes to coming up with different ways to say exactly the same thing. To confound things more, some of these return messages are actually benign, notifying you that the mailbox is full or that the email has been temporarily rejected but is still valid.

Email sortingGood, enterprise-level email marketing software, such as Goolara Symphonie, can distinguish between these different messages and stop sending to invalid addresses immediately while offering other courses of action for mailings that are detained for other reasons. Less robust systems often take the shortcut and simply try three times (in case it’s just a temporary problem) and then stop (in case it’s a bad address). This solution offers the worst of both worlds. With this method, every bad address hit you receive is automatically tripled. If you have 50 bad addresses, you’ll get 150 hits against your reputation score. Likewise, if the problem is temporary (mailbox full, for example), and the resends hit the mailbox full message three times, the ESP end up quarantining a perfectly good email address that might have been okay for a later mailing.

Online Email Validation

The advice column expert’s recommendation for how to handle these invalid email addresses is the last suggestion on their list, and it is as astounding as the first one: “Use an online email validation tool to validate each email address to confirm it’s [sic] deliverable.” In other words, they want you to send your list to a third-party to validate the addresses.

To understand what’s wrong with this approach, let’s look at two likely scenarios. In the first scenario, you are just starting a new email sending program. At this point, you shouldn’t have many email addresses unless you bought them or engaged in some other questionable practice. As we’ve already discussed, your ESP should eliminate any addresses with obvious syntax errors and duplicates automatically, and it should check all the domains as well to make sure they are valid. At this point you can try sending to these email addresses to find out which ones are not valid. If you have a high percentage of invalid addresses you may get blocked by some ISPs, or even by your Email Software Provider, but you shouldn’t have that many addresses when you are starting your email program, so this really shouldn’t come up. If you do get blocked it is probably worth looking at your list again because now you’ve got a bigger problem than a few invalid email addresses (and, honestly, the only likely way for this to happen is if you’ve purchased a list).

When Bad Addresses Happen to Good Senders

In the second scenario you are an established sender with a regular list of recipients. If the ESP is worth a hill of beans, every address you’ve sent to should be valid at this point, so the only questionable ones are the new addresses. Any previous bad addresses were purged when they were imported or when they were first sent to, so the only bad addresses will be those that have either gone bad since your last sending, or are new addresses on the list.

People sometimes provide bad addresses. They may be mistyped, or they may be intentionally incorrect. This is inevitable. As we’ve already pointed out, the obviously bad ones should never even make it into the system, but that leaves the ones that look fine, but are still invalid. These could hurt your deliverability, but only if you have an unusually high number of them. The percentage should be very small if you are using a good ESP and sending to your recipients on a regular basis.
The ISPs know that bad addresses can happen to good senders, so there is very little penalty for a small percentage of bad addresses. If you have less than one percentage of unknown users, it’s unlikely you’ll experience any deliverability problems.

So why would you take the subscriber list from your established email marketing program and send them to an outside firm to have them verified? The only reason would be that your ESP has no method of cleaning your list of bad addresses. If that’s the case, it’s time to start shopping for a better Email Software Provider. This is one of the fundamental things one should expect from an ESP.

The Real Secret to Good Deliverability

Going though your email addresses one at a time in search of bad email addresses is neither the best use of your time, nor the best way to improve your deliverability. Honestly, the best things you can do for it are make sure you send at least once a month, don’t buy lists, and make sure your email marketing software knows what to do with bad email addresses.