Category Archives: Deliverability

Coming Back After Quarantine

In March of 2020, when the lockdown started, many businesses scaled back their operations, assuming that it would be over in a few months. We all know what happened next. Now, as businesses are coming out of a year of hibernation and restarting their marketing programs, some are finding that their email deliverability has dropped precipitously. More email is going to the spam folder and more subscribers are choosing to unsubscribe. They ask: “How can this be? We haven’t changed anything.” If you’ve encountered this problem, there are a few things you can do to alleviate the situation.

Remind Them Why

The sad truth is that people have a short memory and email is easily forgotten. If you immediately start sending them mailings the way you used to, they might not even remember who you are. This means there’s a greater chance of them clicking the spam button. See it from their viewpoint. It’s likely they are receiving dozens of emails every day. A year ago, they saw your mailings regularly and were used to it. In the meantime, they’ve been subscribing and unsubscribing from many other mailings. Suddenly, here comes your emails out of nowhere. If they haven’t kept your business in the front of their thoughts, they may assume that your mailings are from an affiliate marketer, or worse, unsolicited. “Who is this company, and why are they suddenly sending me emails?” they ask. If you’re lucky, they will click unsubscribe, but there’s also a chance they will see you as a spammer.

It’s easy enough to avoid this. If you’ve not sent emails during the past year, you’ll need to reintroduce yourself. An email letting them know that you’re coming out of lockdown and reminding them why they chose to subscribe to your mailings is a good idea. You’ll want to get across the point that you’re not sending unsolicited email and that your future mailings will have value to them. Avoid sales pitches for the first few emails. They need to remember why they subscribed to your email list in the first place, so give them something other than a sales pitch.

Common Ground

Few events in history brought the world together like the pandemic. We all went through it so we all have that in common. You’ll want to let them know why you weren’t mailing anything during the lockdown and that you are still in business. If it’s applicable, you can point out that you understood the hardships that the lockdown presented. You might even want to relate how your own staff dealt with the situation. A subject line such as “We’re back in our offices,” or “It’s been a while since we wrote” can help. Anything that will let them know that you’ve sent them email in the past and that you’re not a complete stranger.

One technique that works well for unengaged subscribers of any kind is to offer something at a discount or for free, however, this will only work once you’ve reintroduced yourself. Free offers and coupons from out of the blue are invariably viewed with suspicion and can be counterproductive. First, you’ll need to make sure you’ve established that you’re not sending them these offers unsolicited. Once you’ve done that, special offers are a great way to keep your subscribers engaged and bring them back to your site.

Start With the Best Bets

If you’ve set your subscriber database up for it, segmenting your mailings to distinguish the more engaged subscribers from the rest will help you get things back up and running. It will also clue you in to any changes you’ll need to make to your data. If portions of the group that were engaged before the pandemic and were interacting with your business on a regular basis, but are now ignoring you, you’ll want to find out why before opening up to the rest of the community.

Things Change

No matter what you do, one inescapable fact is that not everyone came through the pandemic with the same results. Some of your subscribers may no longer be in business. Hundreds of bars and restaurants have had to close their doors permanently. Thousands of people moved on to other fields after losing their jobs. Sadly, for some of your subscribers, your products or services may no longer be relevant to their needs. This isn’t always a bad thing. While others may have moved away from what you have to offer, new people are entering the market all the time. Right now is a good time to put some effort into strengthening your subscriber list, while new people are still learning about the fields they’ve entered. You’ll want to be there to greet them at the door, so to speak.

© Goolara, LLC, 2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Goolara, LLC and the Goolara Blog with appropriate and specific directions (i.e., links) to the original content.

Hey Google, Why’d You Do That?

Leave a reply

Last week, Google suffered several major outages. Naturally, it made the news. So many people rely on Google for search, Gmail, YouTube, and maps, not to mention Drive, which some companies use to prepare documents and presentations. We don’t fault Google for having an outage. We make software, so we know how difficult it can be, even for a company with Google’s resources, to avoid this situation. However, we do think the way the outage was handled for Gmail was unforgivable and shows a lack of respect for users of Google’s services.

What Happened Was…

On Tuesday, December 15th, 2020, Gmail stopped accepting email sent to Gmail. It lasted from approximately 1:30 to 4:15 PT—the middle of the afternoon on the West Coast, and toward the end of the workday on the East Coast. Bad times for an outage like this when you consider some businesses send their mailings out as soon as they are ready to go and, in the United States anyway, that is exactly when Google went dark.

This shouldn’t have been a problem for sending email. The protocol that defines how email is sent allows for a store-and-forward system where a mail server can hold email until a server is ready to accept it, making multiple retries over time to get the email delivered. If Gmail had gone down such that its servers simply didn’t respond, anyone attempting to send email to a Gmail user would have their email delayed, and that would be the only negative result. After the servers came back up the email would be delivered, and the system would catch up.

However, Google didn’t make the Gmail servers unavailable. Instead, they were left running but answered requests to receive email with a message that the email address was not valid. For a user sending an email to a friend or relative and getting a message back that the address is not valid might be confusing at best. Less sophisticated email recipients might assume that the invalid email message is correct and go ahead and remove that contact from their address book or, worse, assume that their own system was hacked when their messages to friends started returning invalid email notices, leading to a lot of wasted time on hold with their Internet provider’s tech support.

The Effect on ESPs

For the business of email marketing, the results are more serious. It’s common for Email Service Providers (ESPs) to set their software up to remove recipients when the destination email server says the recipient is not valid. We do it, as do many others. This is done to avoid potential future deliverability problems. Sending repeatedly to an invalid email address is a good way to ruin your reputation score.¹ In the Google case, it meant that a large amount of email wasn’t delivered to recipients. Worse than this, it meant that huge numbers of valid Gmail users were needlessly removed from ESP databases all around the world.

Fortunately, we were made aware of the problem early (the only real advantage to it happening in the middle of the workday). We contacted our customers and reversed the on-hold status for the hosted customers and the on-premise customers for whom we manage deliverability; but if you are using a different ESP or managing deliverability issues yourself, you should check to make sure your email lists have been corrected after this problem. We assume most quality ESPs will be proactively resolving this issue, but it would be good to check. If you run your own email marketing program, you’ll need to work with your programmers and database administrators to handle this issue.

Google’s Attitude

Google’s handling of this outage was disappointing. Leaving the Gmail servers up but responding to all email requests with “Unknown User” needlessly caused all kinds of problems and confusion for users. We would go so far as to say that it was a very rude thing to do. If Google had simply turned off the computers, there would be almost no negative impact from the outage beyond delayed delivery. Google employs dozens, if not hundreds, of people in its Gmail division. Was there no one there who could simply pull the plug on the Gmail servers?

Turning off a server is easy, but they were unwilling to take this step, apparently unconcerned about how it would impact their users and anyone who wanted to contact them. Is this a sign of how Google feels about its users? Google removed the “Don’t be evil” motto from their code of conduct several years ago. We now see why.

1. For more on what a Reputation Score is and why it’s important, see the Deliverability Enhanced white paper in the Resources section of the Goolara website.

© Goolara, LLC, 2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Goolara, LLC and the Goolara Blog with appropriate and specific directions (i.e., links) to the original content.

The Techniques Behind Mail Client Unsubscribe Links

Leave a reply

Of course, we’d all rather have no unsubscribes from our painstakingly crafted newsletters and promotional mailings, but you can’t please everyone, and having a recipient unsubscribe is vastly superior to having them mark your email as spam. In 2014, Google caused some furor in the Email marketing community when they announced the addition of an unsubscribe link that appears at the top of the email content. A few years down the road, we can see that the angst of many marketers was unfounded. Gmail wasn’t even the first email client to offer an automatic unsubscribe link. Microsoft started offering unsubscribe and block features in Outlook as early as 2010. We did some research, looking at a large collection of emails we’ve received to determine what criteria caused the ISP to show the unsubscribe link. There were inconsistent results, but one of the most significant factors is the List-Unsubscribe header.

List-Unsubscribe

One thing that should be included in your mailing—and is automatically inserted by most ESPs—is the List-Unsubscribe header. This provides a web link and/or a mailto address to use for automated unsubscribes. To see if your mailings have this, look at the header information, either by choosing to see the header or, in Gmail by choosing “Show original.” In some cases, you’ll see this line followed by a “List-Unsubscribe-Post” line, which may contain the command: “List-Unsubscribe=One-Click” to further facilitate the unsubscribe.

In our research, most of the cases where the ISP showed the unsubscribe link the email included the List-Unsubscribe header. Since this is the main mechanism to provide an automated unsubscribe ability, it is unclear how Google and the other ISPs are determining the unsubscribe link when the header is missing, but we have seen some cases where this was done.

Using “Via” Sends

When the ISP displays that your domain is “via” some other domain, it generally means that you do not have your SPF records configured correctly. If your email is “via” another domain, there’s a good chance the unsubscribe link won’t appear. Take a look at these two From addresses:

The mailing that was sent from the How-To Geek’s primary domain (howtogeek.com) has the unsubscribe link, while the mailings sent using a different domain (reviewgeek.com via howtogeek.com) does not. In our research, we found that none of the mailings sent via other domain addresses appeared with the unsubscribe links.

The Link’s Reputation Score

You can do everything right and still not have the unsubscribe link appear. In our research we were surprised to find many valid senders that didn’t have the ISP’s unsubscribe link. It wouldn’t make Google or some other ISP look good if the unsubscribe link they offered instead went to a phishing page. Email recipients should have confidence that clicking the link will be safe, but how does the ISP determine if the link provided as the List-Unsubscribe is valid? The answer is by using the same basic algorithms they have already applied to your sending to determine if the recipients want your email (your email Reputation score).

When the link does not appear, it is usually for one of these three reasons:

The sender does not send enough email out to create a usable profile
There is a problem with the sender’s IP information
The sender is a known spammer.

If it’s the first, the problem should disappear as your email sending rates increase. If it’s the second, you may have some erroneous information in your setup. As for the third, it needs no explanation.

The World of Apple

Not surprisingly, Apple has created its own version of the unsubscribe button. On iPhones and iPads, these appear in the Mail program like this:

The Apple unsub link appears to be intended to make it easy to unsubscribe from newsletters and other list-based mailings. The Apple unsub link is not contingent on the sender’s reputation score, so you may get the unsubscribe notice on the iPhone, but not in Gmail on the desktop. As with the Gmail unsubscribe link, figuring out why and when it appears is difficult. The wording of the message suggests that it appears when it recognizes that an email has come from a mailing list, but we see plenty of emails that unquestionably are sent from email lists that don’t include this link.

Email Apps

Email apps handle things slightly differently again. In the Gmail and Yahoo apps, you’ll find unsubscribe as one of the choices in the “more options” menus.¹ It won’t appear if your unsubscribe process uses a preferences menu or requires the subscriber to re-enter their email address.

Conclusion

Determining the conditions which will cause your email to appear in the ISP’s unsubscribe link can appear a bit arbitrary or illogical. The most important thing is to make sure you have the List-Unsubscribe header, and that the link works properly. Beyond that it appears to mostly be an issue of your good email reputation score, which is significant for many other reasons as well. Allowing recipients an easy way to stop receiving email they don’t want will help ensure good deliverability to the remaining engaged recipients.

1. Unlike the hamburger menu, which everyone agrees on, this menu goes by several names. Apple prefers to call it the “more options” menu, while on Android it’s the “overflow” menu. Some sources call it the “meatball” menu, while others refer to it as the “dumpling” menu. Still, others go for the most literal description of the menu, referring to it as the “ellipsis” or “three-dot” menu.

Our ESP has been hacked!

Leave a reply

We recently had a customer come to us to say their account had been hacked, and spam email was being sent from our system. We immediately investigated but were unable to find any sign of problems. The customer insisted the emails they had received were coming from our system because the “From” address was their email marketing address. In fact, their account hadn’t been hacked at all. It was just another example of scammers taking advantage of the “Friendly From” name in an attempt to fool readers into thinking an email was from someone else.

We’ve all received those emails that claim to have been sent by WalMart, Chase Bank, FedEx, and others. They’re annoying enough already, but they become intolerable when the company being spoofed is your own.

Scammers will copy the identifying elements from a sender’s mailings, such as the design and logo, in an attempt to convince readers that the email came from the legitimate company. But how can you recognize this, and what can be done about it?

Prevention

When email was created in the early 1970s, the designers had no idea how popular it would become or the range of problems that could be introduced. They created a simple, flexible system that allowed email to become what it is today, but that flexibility also enables malicious people to abuse the system. Email allows you to assign the “from” address to anyone you want. This is useful, especially for marketers who want to use an ESP to send emails that appear to have come from their company, but it can also be used to prey on a good company’s reputation.

To help prevent this kind of abuse, you need to add the email authentication protocol SPF. This protocol tells the receiving mail server which mail servers are allowed to send email using the “from” domain, so should reject email that is being sent by some other entity. The use of this protocol will help prevent phishing emails (those pretending to be from eBay, Bank of America or other brands with good reputations) from landing in your inbox. It is important that your SPF specification end with a “-ALL”, rather than “~ALL” or other options. The dash indicates that the email should be rejected, which is what you want.¹

DKIM (pronounced “dee-kim”) is also a popular email authentication protocol. DKIM uses encryption to verify that an email message was sent from an authorized mail server. A private domain key is added to the headers on messages sent from your domain. A matching public key is added to the Domain Name System (DNS) record for your domain. Email servers that get messages from your domain use the public key to decrypt message headers and verify the message source.

An email authentication protocol popular with high-profile, brand-driven companies is DMARC It was created by PayPal with the specific intention of preventing spoofing and phishing, and is most useful for companies that are often targets of these types of scams. For most businesses, SPF and DKIM should do the trick. DMARC only works if you’ve set up both SPF and DKIM.

Recognition

So what if someone contacts your organization saying they have an email from your company that is spam. How can you determine if your ESP has been hacked or if someone is sending email using your company name as a “from” address?

The content is seldom useful. Any decent ESP allows customization of the content, so any link could be sent and the unsubscribe information can be specific to you. These can be faked by the malicious entity.

In many cases, these attempts to trick readers into thinking an email comes from a legitimate source are easy to spot:

Although this appears, on the most casual glance, to have come from Chase Bank, there are giveaways that it did not. The most obvious one is that the actual email address is not from Chase, but from a free email service in Germany. Clearly, a major institution like Chase Bank is unlikely to use a free email address to send out information about a customer’s account status. Presumably, upon clicking the link, you’ll be taken to what looks like a sign-in page for Chase. They’re hoping you will continue believing the ruse and enter your login name and password.

If you want to find out where an email came from the email headers are your best source of information. Unfortunately, email clients don’t always make viewing the headers easy. The desktop version of Outlook, for instance, requires you to go to the File menu and choose Properties, then the headers appear in a small scrolling box that can’t be resized.

Yet, here too, though the headers are useful, they can be faked as well. Under the covers, headers are just part of the email content, and the malicious entity can provide any headers they want to the email. However, the standard rules for email are that the mail server that accepts and email should add some “received” headers. Your mail server knows the IP address of the mail server that is sending the email and should provide this information, as well as the name associated with that IP address, as part of the “received” header.

Often there will be multiple “received” headers. The email protocols were originally designed to be store-and-forward systems where an email might require passing through several mail servers before getting to the one that has the proper mailbox. In our modern environment multiple “received” headers often come as part of the sending process. Many ESPs and other senders will generate the email on one computer that relays it to another computer for actual delivery. This will result in multiple “received” headers that can be used to trace the path back to the original sending computer. The standard for “received” headers is to add from the top, so the data near the beginning of the headers data should be the data added by your mail server and can be trusted. Everything after that is suspect.

Understanding “received” headers can be a bit tricky, so you may need to ask your ESP or email expert for help. But simply scanning the data added by your mail server can often give you a clue of where the email came from. If the headers say “Received: from mail-ot1-f48.google.com ([209.85.210.48])” for example, it should mean that your mail server received an email from IP address 209.85.210.48, which, when looked up, inform us that it is a Google mail server. If the malicious email says it is coming “from” your brand, but the headers say: “Received: From h2hclan.com ([36.89.36.149])” you can feel confident it was not your ESP that sent this email.

Finding the Headers

If a client, co-worker, neighbor, or whoever forwards you an email that claims to be “from” you, the important headers will be lost. A forward is actually a new email message, with a new set of headers, and the content copied from the source email. This email will not show you the interesting header information. To get that you need a copy of the email as it was received. With most email clients, if you create a new email message and include the problem email as an attachment, the headers will be retained. The trick is getting that person who received the malicious email to send you the email as an attachment.

Conclusion

If you have a popular brand, and especially if you have good email deliverability, malicious people will eventually decide to try and take advantage of all your hard work to deliver their junk. The only thing you can do about this is to have the proper SPF records in place, which will limit the damage. Being able to recognize when an email has been sent faking your domain is important so you can quickly determine if someone has gotten into your email server or ESP, or if it is the more likely case of someone attempting to abuse your good reputation with an email pretending to be “from” your company.

1. Fortunately, our customer had the proper SPF records in place, so the damage was minimal. It seems that more North American mail servers pay attention to SPF records, and not so much in China and Asian countries where this particular abuse-email was targeted.

Privacy Report 2020

1 Reply

The second decade of the 21st century is shaping up to become known as The Privacy Decade. Recent legislation, both internationally and in the United States, is primed to change the parameters regarding what information about a person you can or can’t collect, and the limitations on what you can do with that information. One thing these regulations have in common is that they don’t restrict their data privacy requirements to emails sent from within their borders. If your emails are sent to subscriber inboxes within any of these states, you are deemed culpable for those violations and can be subject to hefty fines. Unlike previous legislation, such as CAN-SPAM and CASL, these new laws are not aimed specifically at email but are intended to address privacy issues across all devices, platforms, and services. They all do affect email because email involves the gathering of private data in the form of email addresses and, in some cases, names and locations. Each of these laws comes with its own set of restrictions, some more draconian than others.

More Restrictions

While some people might not care if everyone knows where they are every hour of the day, most of us value our privacy and like to have some say over what a company may or may not know about us. Accepting this and working with it is the best tactic for any email marketer. Try to game a subscriber’s private data was never a good idea, but all signs point to more restrictions and greater penalties for doing so as every country gets into the act. While there are no plans for upcoming legislation in this Congress, states such as California and Vermont have created their own stringent privacy laws and 2018 saw the passage of data breach notification laws in several states.

GDPR Arrives

The legislation that started the privacy protection ball rolling was the European Union’s General Data Protection Regulation (GDPR). This regulation set a high bar for an individual’s rights to access any data about them that a company gathers, as well as the right to have that data deleted (for more on GDPR, see our three-part series on the subject). It covers a staggeringly wide range of data—everything from a person’s email address to the geolocation featured in many digital cameras. It extends to any person living within the European Union, regardless of their nationality. If you send email to a person in the EU, you need to be GDPR compliant. Full stop.

California Picks Up the Torch

Taking its cues from the GDPR, the state of California came up with its own privacy regulation. Passed in 2018, the requirements of the California Consumer Privacy Act (CCPA) goes into effect January 1, 2020, and features many of the same restrictions as the GDPR, including the right to obtain one’s data from a company and the right to be forgotten. No other state has, as yet, passed such a strict law, but it looks like Washington State is set to follow suit with their Washington Privacy Act, which is also modeled after the GDPR.

As strict as the CCPA seems, it’s got nothing on the GDPR. The California law applies only to for-profit businesses, so nonprofits can breathe easy. Additionally, for-profit businesses need to have a gross annual revenue exceeding $25 million for the law to take effect, and your active email list must exceed 50,000 subscribers. It also only applies to tax-paying residents of California.

Brazil Follows Suit

In August of 2018, the Brazilian government signed into law the Brazilian General Data Protection Act (Lei Geral de Proteção de Dados Pessoais or “LGPD”). Like the GDPR, after which it was modeled, its scope is global, with companies in any country facing fines for violating its rules. As with the CCPA, the Brazilian law goes into effect in 2020. One notable difference between the GDPR and the LGPD is the latter’s inclusion of terminology pertaining to “non-discrimination”). It also addresses credit and health records with more specificity. Originally, the law had provisions for the establishment of an independent data protection authority, but the President rescinded that in a line item veto. The LGPD is more punitive than California’s law but less so than the GDPR. The maximum fine under the LGPD is 2% of a company’s Brazilian revenue up to 50 million in Brazilian Reals per infraction (about 13.4 million in U.S. dollars). Compare that to the GDPR’s 4% of an organization’s annual revenue or 20 million Euros (about 22.6 in U.S. dollars), whichever is greater.

And Then There’s India

Also getting in on the post-GDPR drive for stronger privacy controls, the Ministry of Electronics and IT (MEITY) in India has been hammering out its own privacy regulations—a process they started back in 2010. Following the 2017 Indian Supreme Court ruling declaring that privacy is a “fundamental right,” the MEITY finally got on the ball and drafted the Personal Data Protection Bill 2018 (PDP Bill), which contains many of the same features as GDPR, but with a few curveballs that already have companies crying foul. The main one is the requirement that all “personal data” on people residing in India must be maintained at a facility within India (although the bill doesn’t define what constitutes personal data—they’re leaving that up to the government). India isn’t the only country mandating such a restriction. China and Vietnam have similar restrictions, but neither of those countries could be considered free. Their governments exert a great deal of control over every aspect of data transfer and Internet use.

India, on the other hand, has a free market economy—some might say too free. It also has an online market second only to China in size, with close to 500 million Internet users. Restrictions making it harder for companies to conduct business aren’t welcome, and this requirement is already meeting with criticism and opposition. When the MEITY requested feedback on the bill, they received nearly 600 recommended changes, from both businesses and governments, including the United States.

Perhaps this is why, since its introduction, the government has had a few opportunities to pass the PDP Bill, but decided to wait until June 2019, after the new government is in place.

Congress Changes Its Tune

In 2009, U.S. Senator Patrick Leahy of Vermont tried to get his Personal Data Privacy and Security Act passed, but the bill never reached the floor. It was too much, too soon, and nobody had any idea yet the extent to which sites such as Facebook and Google would use personal data. Still, data privacy restrictions would be a hard sell in Congress, even today, if not for the increasing number of states tackling the problems on their own. All fifty states have laws concerning the reporting of data breaches, and 35 states have laws regarding the disposal of data. To complicate matters, the laws in each state are different. Some state laws apply only to business, while others only restrict the government, leaving private businesses to do what they want with your data. Some are quite stringent, while others are written in such general terms as to be virtually unenforceable.

Mostly in response to California’s legislation, the U.S. Chamber of Commerce and several other business-based groups are lobbying Congress to pass a federal omnibus privacy and data protection law that would pre-empt the CCPA and other existing and future state data protection laws.

Email’s Role in All of This

Unlike CAN-SPAM and CASL, this recent legislation doesn’t focus exclusively on email. In the case of GDPR, it regulates everything from website visits to in-camera geolocation. They all affect email marketing, although how much depends on your subscriber list. If your list is exclusive to the United States, and your gross revenues don’t exceed $25 million, then you can go about business as usual. None of the recent legislation will have that much impact on your email efforts. There is a lot more legislation on the books now concerning data breach notification, but that’s of more concern for the IT department than the marketing department.

If you have international subscribers or own a business that brings in over 25 million a year, we recommend you follow the rules of the GDPR. It is still the strictest of the current laws, so if you are in line with it, you should be fine for the others. For everyone else, there are a few things you can do to avoid problems. They include the following:

Make Your Terms Clear

Spell out in the clearest possible language exactly what you plan to do with the data you collect and make sure you include a statement to the effect that you will not use this data for other purposes or sell it to other companies.

Leave Boxes Unchecked

If you do any business in the European Union, this isn’t simply a suggestion, it’s the law. It’s less important in the States, but, like the single- vs. double-opt-in controversy, each approach has its supporters and detractors.

Respect the Privacy of Your Subscribers.

Email marketing is a double-edged sword. On one hand, we all like our privacy, but on the other, we also prefer receiving emails about things we are actually interested in. As an email marketer, the only datum you actually need is the email address, but, by itself, that makes for generic, “batch-and-blast” emails. Personal data helps improve the engagement and the receptiveness of your subscribers to your mailings. But don’t abuse it. Just because you can send an email saying “Hey Jill! I noticed you just visited our website fifteen minutes ago” doesn’t mean you should. It makes you look like a stalker, so avoid it.

The Ground’s Still Shaking

One thing is certain: This story is far from over. Right now, most of the fretting over the new laws has been a waste of time. How much they affect you is extremely variable. New legislation is cropping up in countries around the world every day and, as time goes on, it appears more and more likely that some national legislation in the United States will be enacted to bring the various states back into line. When that happens, we’ll take a look at this subject again.

The Year in Email

2 Replies

Here we are again. Another year has come and gone. As always, there was no shortage of email flubs this years and we’ve collected a few of our favorites. Interestingly, we saw fewer of the “Dear [customer name]” errors that used to plague email marketing. Either people have finally made sure that their name fields contain information, or they’re starting to use dynamic content more. Either way, it’s nice to see that one go away. We’ll start the list with the one thing that doesn’t appear to be going away: the inactive unsubscribe link and CAN-SPAM violations.

Don’t You Dare Unsubscribe

After receiving ten unsolicited emails in just a few days from a company pretending to be Dawgs—a purveyor of ugly sandals—I tried to unsubscribe. This is what I got. How much of this is the sender’s fault and how much is the fault of their ESP, I can’t say, but needless to say, all of their emails went straight to the spam folder.

Unsubscribe? Never heard of it!

How do I count all the things wrong with this email? From the needless word breaks to the disconnect between the offer (car rentals) and the company offering the deal (North Hills Clothing), this email cries “spam” at every level. How it ended up in my inbox is beyond me. I never would have clicked on the unsubscribe link on such a suspicious email, but this one doesn’t even have an unsub link!

See, We’ve Got an Unsub Link. I Think…

East Midlands Trains does a good job of providing their physical address, and it looks like they’ve provided an unsubscribe link, but click on that link and nothing happens. A look at the email’s source code show where the problem lies:

<a href=”<%unsubscribe_link_text%>” target=”_blank” style=”text-decoration:underline; color:#333333;”>How to unsubscribe.</a>

There should be an actual URL listed in this href. Somewhere along the line, the unsub link got screwed up. Whether this was the email’s creator typing it in and accidentally using the wrong number of percentage signs, or HTML that was copied verbatim from a different ESP is hard to say.

Click Here. Go ahead. I dare you.

You can click on that unsubscribe link all day and nothing will happen. This is an odd one. If you look at the email’s source code, you’ll find an unsubscribe link that works and a physical address (Royal Caribbean Cruises), but you won’t find either in the email when it’s opened. There is an unsubscribe, but the one that’s displayed is missing its URL. It’s a sloppy piece of coding that has the body copy closing before the final content. Add to all of this that the email supposedly comes from Amazon but clearly does not. This is either badly designed spam, or phishing or both.

We’re Experts!

The above example is the bottom of the page on an email. Yes, that blank white area below the signup button is part of the email. At first it may look like the information required by CAN-SPAM is missing, but it’s there. The problem is that the sender decided to use a dark orange background image and set the overlaying type (the physical address and links) in white. This email looks fine as long as images are turned on, but not everyone turns the images on. When the images are off, you end up with a seemingly empty white space at the bottom of the email. This error is bad enough on its own, but this particular email came from another email marketing service provider. Out of professionally courtesy, I won’t name them, but the “Friendly From” in their sender line refers to them as an “Email Markeitng” (sic) service. As if all this isn’t enough, the mailing is filled with buttons asking readers to “Read More” or “Check It Out!” but none of these buttons are linked.

We Prefer to Call It…

This runs dangerously close to violating CAN-SPAM, which specifies that mailings must have a clear unsubscribe link. Here they’re trying to be clever. It didn’t help that clicking on the link went to an unsubscribe page that requires one to enter their email address. Guess which email went into the Spam folder?

Readability is So Last Year

Gucci likes to stay fashionable, but sometimes fashionable and readability collide. Pink and gold might be an interesting combination for apparel, but it makes a lousy combination in a text box.

Did You Say &⁠#38 or &⁠#48?

This one confuses us. The HTML clearly shows that special characters labeled “&⁠#38” were inserted between each word in this headline. That’s the HTML code for an ampersand, but there’s no reason for for ampersands to appear between each word in the headline. The most likely cause is the code was copy and pasted from one program to another, leading to the insertion of this character for no good reason.

Button, Button, Who’s Got the Button?

In the grand scheme of things, this is a pretty minor infraction, but it’s if you are going to make a table cell in your email look like a button, it’s better to put the <a> tags around the cell instead of the type. In this example, you’ll only activate the links by clicking directly on the type. Clicking within the boxes has no effect.

We’re a Real Company, Honest!

We can’t tell whether or not the way the words “social media” run down the left side of the image is some misbegotten design idea (we think not), but the CanStock watermark on the image is unforgivable. If you plan to use an image, either pay for it, or create your own version (paying for it is usually cheaper). Sending out email like this makes a company look suspiciously like a fly-by-night affair. Marketing Knowledge Cloud isn’t such a company, but you couldn’t tell it from this email.

Even Alt Tags Can Be Wrong

This one nearly caused my brain to explode. You can see in the text I’ve highlighted in yellow that the HTML codes for the right and left curly quotes are displaying instead of the curly quotes. That might have been okay, except that below it on the right, another article on the same page is displaying curly quotes in the same content. It that weren’t enough, as soon as I choose “display images” the HTML code disappears. A closer examination of the code revealed that this text appears as part of a styled alt tag (for more on stylized alt tags see The Finer Points of Styled Alt Tags). The code for the right curly quote reads: “&#8220;” which will display as “&⁠#8220;” which is the correct code for that curly quote. Either somebody really wanted this to look exactly wrong, or they got confused. The right curly quote on the headline to the Page-Turner article has a value of x201C, which works, but it is hexadecimal code instead of the more common HTML code. If I had to guess, I’d say that the two article were written and formatted by different people and then assembled in the newsletter. One of them knows more about HTML than most people, while the other needs to go back to class.

All Tests Are Not Created Equal

This looks pretty bad doesn’t it? The code contains media queries to make sure the content adjusts its size across various devices. The problem is, it’s wrong. This screenshot was taken from an iPhone. The first table is behaving as it should, but then the rest of the email goes all cattywampus. We suspect the person that created this simply tested the responsive results by resizing the window on their browser—a kind of poor man’s test environment. If you do that, this email looks fine, proving that there’s no substitute for the real thing.

I Are An Expert!

Speaking of testing, here’s an email from a company that that specializes in providing testing environments for all the various browsers and phones. Either they missed one, or they decided that the Mail program in Microsoft’s Windows 10 wasn’t worth worrying about. Either way, this isn’t something a company whose raison d’etre is testing email should ever be guilty of (to prevent further embarrassment, we’ve removed the company’s logo).

I Heard You the First Time

Amazon likes to send out notifications about newly available movies and TV shows. We’re not sure what happened here, but suspect that the API call that was suppose to register that the email had been sent wasn’t receiving the proper information and decided to keep sending until it was told to stop.

There’s Always One More Typo

Typos are the bane of every writer’s existence. So what’s worse than a typo in your content? How about a typo on the actual product you’re selling. This glass, offered by Bourbon & Boots, has what should have been a clever quote by Mark Twain, but we’re sure Mr. Clemens knew the difference between “then” and “than.” This error has gone uncorrected for over a year now.

Hey Everybody! We Value Your Privacy!

When the GDPR came into effect, lots of businesses scrambled to make sure they were compliant. Sometimes, these efforts were counterproductive to say the least. One of the worst came from Ghostery, who sent out an email explaining the steps they’d taken to ensure GDPR compliance. Too bad the included everyone’s email addresses in the “To” field.

Did I Say Mail Merge Errors Were Gone?

Perhaps I spoke too soon. Just when I thought I’d see a year without mail merge errors, this one landed in my inbox. It’s such an easy error to avoid with the careful use of dynamic content.

Our Next Speaker: Wyatt Earp

One of the more amusing apologies came from b8ta—a tech gadget store than sponsors meet-ups with inventors and start-up founders. We’re not sure how you’d confuse Ben Holt with Ben Einstein, but we guess it could be worse: They could have announced that Albert Einstein was going to appear at the b8ta store instead.

Don’t Do This. Not Ever.

Apology emails have a higher open rate than other emails, so one can see why a marketer might want to use this to their advantage. But apologies are a serous thing and pretending to apologize for the sake of sales puts you just one step away from being labeled a spammer. Don’t do it.

Okay, that’s it for this year. We hope you enjoyed that. In the end, the lesson to be learned is always the same: Test, test, test.

It’s Holiday Season again, and in keeping with past Holiday Seasons, here’s this year’s email game. This one is based on the classic “Shut the Box” but with an email delivery theme. We’ve modified the rules slightly to reflect aspects of email marketing and we’ve added a rule that simulates the difficulty of getting email delivered during the holiday season. It’s a very easy game to play and lots of fun. Enjoy!

Rules

Players: Can be played by any number of players but will require additional printouts for more than two players. It may also be played as a solitaire game in which the player tries to beat their own score.

Requirements: Two dice.

Object: To get the most emails delivered. The winner is the person with the fewest remaining undelivered emails at the end of a round.

Before you begin: Print out the game, then cut out the player cards and the individual “Delivered” tags. Each player should have one player card and ten “Delivered” tags.

Start: Players choose who goes first by rolling one die. The player with the highest die roll goes first.
The first player rolls both dice and covers the numbered envelopes with the Delivered tags so that the total number on the covered emails matches the number on their dice roll. They may cover any number of envelopes as long as the total matches their roll. For example, if a player rolls a three and a six, they may cover the #9 envelope or cover smaller numbers to total nine (e.g., 5 + 4, 2+3+4, etc.).
It is then the next player’s turn to roll.

A player’s game ends when they cannot make any more moves. For example: If the player rolls a two and a four, but none of the remaining envelopes can be marked delivered to make a total of six (e.g., 2,5,7,8,9) that signals the end of their game. If the other player(s) can still roll and deliver emails, they continue until they have no moves left.

Scoring: At the end of their rounds, when no player can deliver any more emails, the players total the number of the envelope that has not been delivered. The player with the lowest score wins that round.

NOTE: In some versions of the game, the total number of points left are added to determine the score, but the goal here is to get the most email delivered, so the points don’t matter as much. A player who only had the #10 email left undelivered (total = 1) has a better score than the player who has the #1 and #2 emails left undelivered (total = 2).

Optional Holiday rule: From Thanksgiving until Christmas, getting your email delivered is notoriously more difficult. Mail that got through in October suddenly is landing in the bulk folder as the Holiday Season nears. To simulate this effect, we’ve created the Holiday rule. If you play the game using this rule, after you’ve finished your move the player on your right (or opposite player if two are playing) has the option of removing the delivered tag from one of your delivered emails. Using this rule does increase the strategic potential of the game.

A couple years ago, as a gift to our readers for the holidays, we offered The Email Game, a simple luck-based game that also served as an instructional tool for learning what to do, and what not to do when sending out your mailings. This year we’re back with a game we call Spam Attacks, based on the subscription bomb attacks that plagued ESPs everywhere in late 2016. The game is a dice and board game similar to Backgammon where each player moves from opposite points on the board and landing on an opponent’s piece will send it back to the beginning (or, in this case, into the Blacklist area). unlike the previous game, this you can win this game with strategy, although a certain amount of chance will still keep things exciting. Enjoy, and Happy Holidays!

Pieces:

How to Play:

Before you begin: Print out the game board and playing pieces (envelopes and bombs). Cut out the six playing pieces separately. You will also need a standard, six-sided die.

Number of players: Two. Each player has three pieces
These are designated as the Email Marketer and the Spam Attacker. The Email Marketer uses the three envelope pieces. These are referred to as emails. The Spam Attacker uses the bomb pieces. These are referred to as spam attacks.

Object: For the Email Marketer, it is to get at least one of their emails delivered before all three are blacklisted. An email is considered delivered when it successfully moves off the playing board. For the Spam Attacker, it is to get all three of the Email Marketer’s emails blacklisted before they can be delivered. The Spam Attacker causes an email to be blacklisted by landing on the square occupied by an email. That email is then sent to the bottom of the blacklist (the square labeled “Blacklisted!”). The Email Marketer must restart the journey for that piece from that point. The first player to achieve their objective wins the game.

Rules:

The Email Marketer begins their journey around the game board by placing a piece on the square in the upper left corner of the board (labeled with a ►), They then move their pieces clockwise around the board to the finish line. The Spam Attacker starts by placing a piece in the square in the lower left corner (labeled with a star) and initially moving counterclockwise. The spam player pieces cannot leave the board once they are in play, nor can the enter the blacklist area. If a spam attack piece reaches either end of the playing area, it continues its journey back in the opposite direction. The Email Marketer may only move forward in a counterclockwise direction. They do not need an exact count to leave the playing area. The Spam Attacker can move in either direction, so it’s possible for the Spam Attacker to double back and tag a piece they have already past.

Each player can decide at what point they wish to add each piece to the playing field. If they have more than one piece in play, they can choose which piece they want to move next. They can only move one piece with each die toss, but they must move one of their pieces with each toss.

Safety Zones: There are three Safety Zones on the board (labeled with the Goolara rings). The Spam attacker cannot land on these squares. The Spam Attacker must jump over them in their move counts. The Email Marketer can land on these squares, and can keep a piece on one of the these squares as long as they want. Two emails cannot occupy the same Safety Zone. If an envelope lands on Safety Zone that is already occupied, the second piece must move to the next square after the Safety Zone. The email marketer can, however, create a temporary Safety Zone by placing two pieces in the same square (see Special Cases).

Winning the game: The Email Marketer wins the game when at least one of their pieces moves off the board. The Spam Attacker wins if they get all three of the Email Marketer’s pieces in the blacklist area.

Special Cases: If the only move an Email Marketer can make causes that piece to land on a Spam Attacker’s piece, the Email Marketer cannot move and loses that turn. If the Email Marketer has two pieces on the same square, that square becomes a safety zone as long as two pieces of email occupy it, and the Spam Attacker cannot land on it.

Variation: The game can be played with four players: Three Email Marketers and one Spam Attacker. Each player must move on their turn, so the Safety Zones offer limited protection. Play continues until one of the Email Marketers has successfully moved their piece off the board. The first player to do so wins the game. The Spam Attacker wins if they manage to get all three players in the blacklist area.

Special kudos to Sabine Kroschel of Pixaline for her lovely background image.

The Year in Email: A Look Back At 2016

Leave a reply

By all accounts, 2016 was an extraordinarily eventful year. It saw the deaths of Fidel Castro, Muhammad Ali, David Bowie, Leonard Cohen, Carrie Fisher, George Michael, Leon Russell, Debbie Reynolds, Gene Wilder, and a whole host of others. Politically, it was the year of Brexit and a presidential election that caused the New York Times to take a hard look at their polling methodology. In sports, it was the year that the Chicago Cubs, after 108 years of losing, finally won a world series in a final game that played out like a movie script.

It was an eventful year in email too, but not necessarily in a good way. Some might argue that email—or, at least, email that wasn’t meant to be seen by the general public—helped lose the election for Hillary Clinton. August saw an organized subscription bomb attack of suspicious origin that temporarily landed several respectable news organizations on spam lists and caused Spamhaus to update their opt-in verification recommendations. In one respect, 2016 was a better than previous years. We saw fewer of the kind of clumsy design errors that we’ve seen in the past. Most of the really terrible errors came from sources that were questionable to begin with.

The Importance of Testing Across Platforms

It should go without saying that whenever you send out a message you should test it. If you are using Goolara Symphonie, or another ESP that has a preview feature built in, I’d start there. If you want to be extra careful, you can also send test mailings to several different addresses, or use the email previews available from Litmus and Email on Acid. Sometimes, a message looks fine in one email reader, but not so good in another. Here are some examples.

Aw Gee-Mail

If you’re going to have a problem displaying your email design in one provider, the provider should never be Gmail. After all, it is the most popular email reader out there, and it doesn’t cost anything to get an address, so what’s the problem? The folks at Orchard apparently didn’t learn this lesson, though. This particular email looked fine everywhere else, including the always problematic Live Mail, but completely fell apart in Gmail.

Dynamic Content Mishap

One time when you absolutely must test before sending is when you are using mail merge or dynamic content.¹ The example above is an actual email, sent to us with the subject line: “Your email.” A blank space between “Hello” and the comma would have been better than this. Well constructed dynamic content instructions would have prevented this from happening.

Hide and Seek

A picture’s worth a thousand words, but this is email is pushing it. At first glance, it looks like Wired expects these images to do all the work, but look closely at the right edge of the top photo, just below the horizon. There’s a series of small dots there. A closer investigation reveals that those dots are the text hidden under each photo. This particular problem occurs in Microsoft’s recently abandoned Live Mail, and if Live Mail was the only email reader that had trouble with this mailing, I probably wouldn’t bother mentioning it. But Thunderbird also has trouble with the file, pushing the text and social links out to the right of the main table. Live Mail, at least, brings the text and social links back into the area where they belong, but then plops the photo down on top of everything. This wouldn’t matter if Wired bothered to provide meaningful alt tags, but the alt tags read: “Image for story 1,” “Image for story 2,” etc. Not exactly helpful.

A close inspection of the source code reveals the problem. Whoever put this email together did go to the trouble of using tables, but then they inserted divs into the mix. The code is also littered with ids and class tags that have no corresponding style instructions. It’s worth noting that all of the other mailings from the magazine look fine, and the ones for subscription offers include highly descriptive alt tags.

Honestly Missing Logo

That “Honest Mail Email Marketing” logo, looks suspiciously like nothing at all. A quick check of the HTML code reveals the problem:

They remembered to include the height, width, and border information. They even added alt text There’s only one thing missing: the actual source location for the image. Honestly, one test preview would have revealed this problem. There’s no excuse for it.

Code Fails

Some problems are simply the result of bad HTML. Sometimes it’s an out-and-out typo, but sometimes the problem is something subtle like including the DOCTYPE and HTML tags when you paste the email into the ESP app. Test previews and test send should catch most of these problems.

It’s Important, Procrustes

This email from Keurig suffers from a few problems. The image of the people chatting over coffee and the “Shop Today” button are obviously stretched. The designer put the correct size information in the properties for each of these images, but they forgot to add !important, so the sizing information was overridden in favor of the master table, stretching the images to match the master table’s 100% width requirement.

Knowing When to Link

Having linking buttons is always a good idea, but knowing where to put the link is important. In this example from Camper, only the words “Women,” “Men,” and “Kids” are links. Since this text is placed in its own table, and that table has a bordered cell, it would make more sense to add the link to either the table or the cell. As it stands now, clicking anywhere inside the black border does nothing unless you click directly on the words. It’s a minor thing, but one worth remembering. Judging from the number of div tags in this email, I suspect that the author of this email is new to the form.

Button, Button, Who’s Got the Button?

Providing buttons that link to web content is never a bad idea. What is a bad idea is providing a button that is not a button at all. This email from Template Monster makes that mistake. Clicking on “Learn Now” simply brings up the image. To make matters worse, they’ve given it a blue border, further enforcing the perception that this is a link and not just an image.

Oops, I Did It Again!

Not to rag on Template Monster, but they don’t seem to have anyone checking the email before they send it. Here is the top of one of their emails:

And here is the code for the logo at the top:

<a href=”#” style=”border:none;” target=”_blank”><img alt=”TemplateMonster” border=”0″ height=”40″…

Look at the href at the beginning of the line of code. This should link to their website, but it doesn’t. The pound sign (#) is a placer that indicates that although there is a link, it’s not going anywhere. Hover over it and it appears active, but clicking on it accomplishes nothing.

A little further down the page in the same email we get this:

The text in the orange button reads “Download You Gift.” I confess, I am always typing “you” instead of “your” so I can relate to this one, but a second pair of qualified eyes would have caught this immediately.

In the same email, every headline and image has a different link, even when they go to the same place. The headline about 20 free writing tools goes to the same page as the image next to it. I’m going to give them the benefit of the doubt on that one, and say that they did this to find out whether the images or the headlines are responsible for the most clickthroughs, but in the long run, isn’t that less important than the fact that they did click through?

That’s Code for …Code!

I love it when spammers screw up. This was already obviously a spam message without having to even open it, but upon opening you’re presented with the HTML code for the message. When putting together a mailing in your ESPs visual editor, always make sure you are in the right tab (usually marked HTML) before pasting HTML code. Otherwise this might happen to you. Of course, any decent email marketer would have previewed the mailing, but these people tend to work fast. I’m surprise this doesn’t happen more often, actually.

Shopping Links

Sometimes there’s nothing wrong with an email, until you click on one of the links. Then you suddenly find yourself staring at a page that has nothing to do with anything. Retail stores appear to be the worst offenders, which is odd since so much of their business is contingent on people getting to the right page and ordering the product they want.

I Know It’s Here Somewhere

Fab has, in the past, shown products in their mailings that aren’t on the landing page. In most cases, the products shown are available, but buried on the second or third page of the sale listings. That’s fine. Lots of companies do this, so the public is used to it. But in the email shown above, the “Cosmo Complete Set” and Captain America print don’t even show up in any of the lists. Clicking on them takes you to the a sale page, but neither product is on any of the sales pages. If you want to buy either of these items, you’ll need to enter them as search queries on the web site.

Now Go and Find Me

Normally, Bed, Bath & Beyond is one of the better companies when it comes to email marketing, they always provided meaningful alt tags, their design is easy to read on both a desktop computer and a mobile phone, and their links, in most cases, go directly to the products shown. Here is one of their rare missteps. Clicking on this product does not take you to the products, or even anywhere near the product. A clue lies in the button labeled “Find a Store”—only it’s not a button. Clicking anywhere in the image will take you to BB&B’s Find a Store page. I suppose they justify this by pointing out that the product isn’t available online, but that’s no reason that this couldn’t be included on a page with more information on the product.

Alt, Right?

I bring it up every year, but every year there are plenty of examples of companies forgetting to add alt information to the img tags. While it’s true that services such as Gmail and the iPhone display images as the default, some people still prefer to keep the images turned off. Alt tags not only impart information on what they are missing, they also can provide incentive to display images as well. Here’s an example from Warby Parker that demonstrates the worst case scenario:

Now here’s a company that knows how to do it right, Bed, Bath & Beyond:

Quite a difference. Perhaps the guys at Warby Parker assume that people will always want to display their images, a questionable assumption.

Unsubscribe Catastrophes

Unsubscribing should never be a hassle. Nobody is happy when a recipient unsubscribes, but it’s better than having that person mark your mailings as spam because they can’t figure out how else to get you to stop sending them things. Some marketers go to extraordinary lengths to making unsubscribing difficult, treading very close to the legal requirements of CAN-SPAM. A few cross over to the dark side. Here are this year’s worst offenders.

Unsubscribe? fUGGedaboutit!

CAN-SPAM has a few hard and fast rules. One of them is that you have to have an unsubscribe link. You also have to have a physical address. This email has neither. The supposed unsubscribe link takes you to the home page for the company. Not surprisingly, this email is not from an official UGG site at all, but a spammer that is trying to make their site look as legitimate as possible.

Email Purgatory

Unlike the previous email, this one is from a legitimate company (T-Mobile). This part of the email—which is commented in the HTML as “legal footer”—contains the physical address, privacy policy information, links to their various plan options, and instructions for how to ensure that email from them does not wind up in the spam folder. What it doesn’t include, however, is an unsubscribe link—an unequivocal violation of CAN-SPAM.

Go Ahead and Try to Unsubscribe! I Dare You!

When it comes to anti-spam laws, the USA is about the most lax, but they still require two things: A physical address and an unsubscribe link. So when I get an email like this, it makes my blood boil. Here’s what you get when you click the unsubscribe link:

As one might imagine, this one went straight to the spam folder.

Crouching Promo and Hidden Unsub

A nearly as devious method of hiding the unsubscribe was used by Lids, a company that specializes in sports caps. Here’s the bottom of their email with the images turned off:

You can see there’s a physical address, but where’s the unsubscribe link? Now here’s the same section of the email with the images displayed:

Ah, there it is! They’ve made unsubscribe part of an image. To make matters worse, they used an image map to separate the various categories shown. I’m not sure what the thinking was here. Attempts to reach them went unanswered. Just to add insult to injury, I never signed up for this email, it was someone entering the wrong address either accidentally or on purpose.

Sure, There’s an Unsub. It’s Just Not Yours.

Another highly questionable approach to handling unsubscribes came from, of all companies, Salesforce:

I’ve blurred the names to save some embarrassment, but I can verify that the author of this email comes from Salesforce, promoting a webinar Salesforce has co-sponsored. Yes, there’s an unsubscribe link, but only in the forwarded content. Presumably that will only work for the original recipient, not for the person to whom the email was forwarded. This means that Salesforce, the largest SaaS-based, customer relationship management (CRM) provider on the planet, a company with its own email marketing solution, just sent me a promotional email without an unsubscribe link. It is a tactic worthy of a Viagra spammer. It doesn’t help that there’s a typo in the very first sentence. I dearly hope the author of this email is new to Salesforce.

Subject Line Fun

The subject line is the most important part of your mailing. If a subject line doesn’t provoke the recipient to open the email, then all your hard work providing good content and responsive design is for naught. Here area few subject lines that either failed miserably or worked brilliantly, or, in the case of the first example, simply overdid things.

Hello, It’s Me Again

Some email marketing experts are big fans of the practice of sending high quantities of email to your recipient list. It is a topic hotly discussed on email marketing forums, and each side can back up their position with plenty of facts and figures. But even the most ardent fan of high-volume sending would agree that Travelocity is pushing it here, sending an email every hour or so from two in the morning to five. It doesn’t help that all of these were sent at times when no others were sending out email, leading to all four messages being bunched together. Perhaps that was the idea, to create a sort of billboard for Travelocity residing in the inbox.

Did I mention…?

It’s not usual for companies to offer multiple newsletters. Nor is it unusual to send these newsletters out on the same day. What is unusual is the use exactly the same subject line and content on both mailings, right down to the “You are subscribed to PCMag Tech Deals as…” at the bottom of each page. Given that a normal announcement from PCMag reads “You are subscribed to PCMag Announcements as…” and is usually some sort of deal on a PCMag subscription, I’d chalk this one up to either a mistake or laziness.

I’m Either a Realtor or a Marketer

Even we email marketers make boneheaded mistakes. To their credit, the folks at EEC caught this and quickly followed up with an apology.

A Special Odaer, Ordrre, Ordeorr…Oh Forget It!

“Order” is a hard word to screw up, but whoever put this email together seems to have had a terrible time with it. They misspelled it in the subject line, and then again in the content.

Okay, I’m not REALLY Out of the Office

I think I know what Sephora was trying to do here. This was an attempt to equate being out of the office with their summertime contest. Sending a fake out-of-office autoreply isn’t the worst misuse of a subject line, but it’s pretty sneaky and isn’t likely to endear you to anyone.

You know nothing, Jon Snow.

As a fan of Game of Thrones, I enjoyed the use of GoT references in the subject line and “friendly” from, but I’m not sure that a company that specializes in predictive marketing is the right place for this approach. This link leads to a series of videos in which they try to show the marketing lessons available in the HBO series. That is more a testament to the ability of the human brain to find patterns where none exist than any marketing subplots lurking in George R.R. Martin’s on-going saga. This kind of subject is better served on a site such as ThinkGeek, which specializes in products attached to all aspects of geekdom, from TV shows or computer games. For them, even this is acceptable:

A combination of keystrokes known as the Konami Code, a cheat that gives gamers additional powers while playing. If you’re in the real estate business, this probably isn’t a good subject line, but it works quite well for a company whose primary audience resembles the cast from The Big Bang Theory.

Location, Location, Location!

Sometimes, a subject line, by itself isn’t anything special, but where you find it makes all the differences. I found this one in my spam folder. I could say “Physician heal thyself,” but this just demonstrates what a complicated subject deliverability is.

That’s it for this year! We can’t wait to see what 2017 will bring. We predict more email address providers will follow Gmail’s lead in allowing CSS in email. On one hand, this means we can get more creative in our email designs, but on the other hand, it means more places for things to go wrong. If there is a moral to this blog post, it should be obvious by now: test, test, test. For more on the subject of how to deal with email mistakes, check out our white paper on the subject: Oops! – Handling and resolving email marketing mistakes.

1. If you’re not using dynamic content, you’re missing a real opportunity to improve your email engagement results. Jordie van Rijn explains how and why in his article, Making the most out of Dynamic Email Marketing. For more on Goolara Symphonie’s powerful dynamic content visits, visit our dynamic content page.

CAPTCHA and Release

Leave a reply

[Note: This is the second in a two-part series on subscription bombing and how to defuse it. Last time, we looked at the techniques used to create recent attacks. The time we look at the technique Spamhaus recommends as the best way to avoid ending up the victim of a subscription bombing: the CAPTCHA.]

As we discussed in our last blog article, the best way to prevent subscription attacks, according to spam listing companies such as Spamhaus, is to use a verification test in your email signup form. The best known of these, and the one that Spamhaus recommends by name is the CAPTCHA. CAPTCHAs can be a pain in the neck sometimes, and when they are not easy to solve they can cause people to just give up trying and leave your site. But newsletter signups that don’t require CAPTCHAs are just what subscription bombers look for. If you find yourself on the receiving end of one of these attacks, you’ll have a lot more work to do to recover your reputation score, and will, after that, have to use a CAPTCHA anyway. Having accepted, however unhappily, that CAPTCHAs are a necessity, we’ll look at different CAPTCHA technologies that are available today.

The best known form of CAPTCHA is the reCAPTCHA, version 1, which consists of a small box displaying two distorted words (usually consisting of one real word and one that is gibberish). You are asked to enter the words you see, and if your answers are incorrect, you are presented with two new words and asked to try again.

ReCAPTCHA was developed by a group of computer scientists at Carnegie Mellon University who recognized that CAPTCHA technology offered a great crowd-sourced way to achieve better OCR. If the OCR software couldn’t identify a word, sometimes humans could, which meant you could feed words to people that computers couldn’t recognize. That’s why in 2009, the ReCAPTCHA technology was acquired by Google for their Books project, and was used by the New York Times to digitized their archives. This seemed like a good way to block fake signups, but they didn’t factor in either advances in OCR software, or the low costs of doing business in third world countries.

Capturing CAPTCHAs

Almost as soon as they appeared, people started working on ways to crack the CAPTCHA codes. One company we found in India offers workers around 90¢ and hour to solve as many CAPTCHA codes as humanly possible. Those who can’t do it quickly or who make too many mistakes are kicked off the service. This is a time-consuming way to crack CAPTCHA codes, but by offering wages far below anything most people could live on the authors presumably make it worth the effort. Just to pour salt in the wound, anyone interested in doing this thankless work is expected to pay a fee to join.

Meanwhile, OCR software kept getting better, so it wasn’t long before someone had the bright idea of creating a bot that used OCR to identify the words in a CAPTCHA. It doesn’t always get it right. In fact, it often gets it wrong, but it doesn’t matter. Unlike a human, who is going to give up in frustration after a few tries, a bot can keep trying and trying until it gets it right. Since their advent, bots have become a major problem for word identification types of verification. To counter this, word-based CAPTCHAs became more distorted and harder to decipher for humans and bots alike. We’ve all seen the results of this battle over decipherability. We’ve all encountered CAPTCHAs so hard to identify that it takes us a few tries to get them right, and we all have better things to do with our time than enter meaningless words in an attempt to receive more email.

An assortment of actual CAPTCHAs collected from various sites.

To solve this problem, a new kind of ReCAPTCHA was created that relies on the natural differences between software and the human brain. This made it easier for humans to recognize the words, while keeping it hard for the bots the do the same. In recent variations, a reCAPTCHA might ask users to identify images instead of scrambled type relying on human intuition to solve. Take this example:

At the top of CAPTCHA we are presented with an image (in this case, a cat) and asked to find all the images with matching content. This is a mixed bag. It will certainly block bots from finding a solution, but it also presents us with instructions that those of us who skew towards the Asperger‘s end of the spectrum and tend to take things too literally might also find perplexing. The picture at the top is an adult gray tabby, but the pictures below are all of kittens and only two are gray tabbies. We realize most people won’t get this granular with the data, and that’s what Google is counting on. The top picture is a cat, so humans will click on all the pictures of the same animal, even when every other aspect of the picture is different.

I’m Not a Robot

Two years ago, Google introduced a version of the ReCAPTCHA they call a “No CAPTCHA reCAPTCHA.” With this type of CAPTCHA, there’s no need to try and decipher heavily distorted words, or squint to make out blurry photographs of street numbers, or identify various animals. You check the box labeled “I’m not a robot” and you’re done. The No CAPTCHA reCAPTCHA uses Google’s Javascript API and a form, and appears, for now at least, to be an excellent choice for verification. Spamhaus likes it, and it produces the least amount of hassle in the signup process.

Gamifying the Process

A variation on the CAPTCHA that is designed to alleviate the annoyance of typing in meaningless words is the addition of gaming elements to the verification process. With this technique, you are asked to complete some simple task to verify that you are a human being. The task is always simple and resembles a children’s game in its approach. You might, for example, be asked to “put the carrots in the shopping cart.” The picture will show an image of an empty shopping cart with images of various groceries floating next to it. By clicking and dragging the image of the carrots to the image of the shopping cart, you verify that you are a human.

These gamified verification techniques are effective approaches to the problem, although we haven’t seen that many instances of their use. They appear to be acceptable to Spamhaus as well. According to them, “…any mechanism that successfully keeps bots from abusing signup forms is good and absolutely necessary nowadays. Captcha is currently the best mechanism, and whatever the captcha test does (task, game, whatever) is also fine as long as bots can not easily defeat it.”

Alternatives to CAPTCHA

CAPTCHA is, by no means, the only way to verify a signup. Programmers continue to invent new ways to foil the bad guys. A couple alternatives are the Honeypot and the Social signup. Before choosing either of these, you should note that Spamhaus prefers a CAPTCHA verification that requires the user to perform a task. That’s not to say these are not effective in blocking bots, only that implementing them might not help you get off the SBL. As of right now, a CAPTCHA-type mechanism is the safest way to go.

Honeypot Verification

One of the earliest attempts to simplify the process of signing up and restrict it to real people is the use of a honeypot. The idea is simple: A form is hidden in the HTML for a page, but it isn’t visible on the page, so no human visitor to the site should ever know about it. Since bots don’t visit pages this way, but, instead, look at each page’s code for forms, they will see the form and attempt to fill it out, thus identifying them as bots and not humans. It is a wickedly clever technique for fooling the bots, although, as we’ve already discussed, bots have gotten much more sophisticated over the years and are seldom fooled by this technique anymore. It can also cause problems with browsers that have CSS turned off, and with ones such as Safari that autofill forms. It is still in use, but is often combined with a more interactive signup.

The Social Approach

As social sites become more and more important to people’s daily lives, we’ve seen a corresponding growth in sites that require social signups. Instead of entering words or playing games, you are offered a button that says “Sign Up With Facebook.” This approach lays everything on the line, but it also stands a significantly higher chance of losing the audience. Several studies have shown that people just don’t like using their Facebook accounts for promotional purposes, still preferring email as the main source for sales announcements. We don’t recommend using this approach except for those rare cases where your Facebook profile is your main sales mechanism.

At this time, we recommend the “No CAPTCHA reCAPTCHA” for your verification purposes. It satisfies Spamhaus’s requirements, and it makes the signup process as easy as possible for your subscribers. Of course, if history is any indication (and it usually is), it’s just a matter of time before this approach is compromised, and we’ll have to find a new way to verify newsletter signups. It is important to remember that nothing in the field of email marketing remains static. There’s no set-it-and-forget-it solution. You’ll still want to keep track of your email data to see if there are any anomalies occurring.

Remind Them Why

Common Ground

Start With the Best Bets

Things Change

Share this:

Like this:

What Happened Was…

The Effect on ESPs

Google’s Attitude

Share this:

Like this:

List-Unsubscribe

Using “Via” Sends

The Link’s Reputation Score

The World of Apple

Email Apps

Conclusion

Share this:

Like this:

Prevention

Recognition

Finding the Headers

Conclusion

Share this:

Like this:

More Restrictions

GDPR Arrives

California Picks Up the Torch

Brazil Follows Suit

And Then There’s India

Congress Changes Its Tune

Email’s Role in All of This

Make Your Terms Clear

Leave Boxes Unchecked

Respect the Privacy of Your Subscribers.

The Ground’s Still Shaking

Share this:

Like this:

Don’t You Dare Unsubscribe

Unsubscribe? Never heard of it!

See, We’ve Got an Unsub Link. I Think…

Click Here. Go ahead. I dare you.

We’re Experts!

We Prefer to Call It…

Readability is So Last Year

Did You Say &⁠#38 or &⁠#48?

Button, Button, Who’s Got the Button?

We’re a Real Company, Honest!

Even Alt Tags Can Be Wrong

All Tests Are Not Created Equal

I Are An Expert!

I Heard You the First Time

There’s Always One More Typo

Hey Everybody! We Value Your Privacy!

Did I Say Mail Merge Errors Were Gone?

Our Next Speaker: Wyatt Earp

Don’t Do This. Not Ever.

Share this:

Like this:

Rules

Share this:

Like this:

Pieces:

How to Play:

Rules:

Share this:

Like this:

The Importance of Testing Across Platforms

Aw Gee-Mail

Dynamic Content Mishap

Hide and Seek

Honestly Missing Logo

Code Fails

It’s Important, Procrustes

Knowing When to Link

Button, Button, Who’s Got the Button?

Oops, I Did It Again!

That’s Code for …Code!

Shopping Links

I Know It’s Here Somewhere