Are You Certifiable?

Author’s note: Since the publication of this story in August 2010, Goodmail has announced that they will be ceasing operations as of February 8th, 2011. I’ve left the references to Goodmail intact in the post, in hopes that the treatment of similarities and differences between Goodmail and other services may still be of use to the reader. –AJB

It’s no secret that ISPs and large inbox providers often rely on accreditation of a sender’s practices when making filtering decisions. Accreditation providers are the conceptual inverse of a black list – the two most widely-used even refer to themselves as “white lists”.

Today, there’s a range of certification and “seal of approval” programs available to most permission-based senders. Clients occasionally come to us looking for guidance on whether the expense associated with third party certification is worthwhile. The answer is, “it depends”. Here’s a quick run-down of two of the best-known players in the space, along with three newer entrants that may be worth a gander.

In the accreditation universe, ReturnPath’s certification program is the 800-pound gorilla, because they cover an estimated 1.8-billion e-mail inboxes. ReturnPath offers two levels of whitelisting: Safe and Certified. Both require an audit of the senders’ acquisition and sending practices, as well as a vetting of senders’ e-mail infrastructure. Participants in the program must use dedicated IPs for whitelisted outbound mail, and those IPs must have and maintain good reputation scores – senders can be suspended from the program if their reputation tanks after they’ve been approved.

Senders on the Safe list typically get delivery to the inbox, but with links and graphics off; senders on the Certified list get inbox with links and graphics enabled. Because they’re so widely used by receivers, ReturnPath commands a premium for inclusion on their whitelists – and that’s certainly a consideration for senders of any volume.

Another big player in the space is the CertifiedEmail whitelist offered by Goodmail Systems. This program offers services similar to ReturnPath, but with a slightly different angle. Partner ISPs who agree to use Goodmail also agree to allow certified mail a free pass through all of the ISPs other filtering mechanisms, and to deliver it with links and graphics enabled. However, only opt-in and transactional e-mail is eligible for the program. Prospecting or acquisition mail and opt-out mail will not qualify.

Goodmail is an attractive proposition for senders, but it also comes with a big price tag – so big, in fact, that the Goodmail web site warns its prospective customers that it may not be worth their while if they’re sending to fewer than 50,000 recipients per month, and with at least 15% of that volume to recipients at Goodmail partner ISPs. The network of partner ISPs includes some very big e-mail inbox providers, like AOL, Verizon, Mail.com and it’s affiliated domains, and others, but no longer includes Yahoo! after a falling-out this past winter.

SuretyMail, a relative newcomer to the space, positions itself as a low-cost alternative to the first two. However, SuretyMail is not a whitelist per se; rather, it certifies as many different attributes – good, bad and indifferent – of the sender’s e-mail as it can verify. For example, if a sender uses only opt-in, SuretyMail will certify that in the form of a response to an automated query by the receiving ISP. If mail from an IP is coming through a social networking service, SuretyMail will certify that, too. The idea is to provide the querying ISP with enough hard data about the mail to make its own automated delivery decisions. While SuretyMail can’t guarantee preferential delivery, it does promise significant improvement in deliverability metrics, and a money-back guarantee.

Unlike Goodmail and ReturnPath, SuretyMail doesn’t perform an advance audit (though it will do a background check of historical sending practices). SuretyMail can also monitor senders’ feedback loops to keep tabs on any changes in sending practices and reputation.

A seal of approval program called “I Don’t Spam” launched this spring, offering senders the opportunity place the company’s Spam Free Seal on their web sites. Prospective subscribers who click on the seal will see a count of the number of verified spam violations the sender has had, though the violations “age off” the tally on a rolling six-month basis.

The company has done some split testing to show significant increases in the number of subscribers and conversions for seal-bearing sites versus a control group; however, they don’t mention what gains in deliverability participating senders enjoy. I think senders shouldn’t expect any, as the program is only subscriber-facing. ISPs can’t know whether mail is coming from a seal-bearing sender – and that’s probably a good thing, because the program’s definition of spam falls quite a bit short of most ISPs’ operational definition. Permission is never mentioned in the program’s participant requirements, which instead seem to focus on CAN SPAM compliance. On the other hand, costs are low, with a monthly fee that’s dependant on the number of sites on which the sender displays the seal.

Last and most recently comes an announcement from CRM-provider and ESP RatePoint, who are planning to port the venerable VeriSign Trust Seal over to their own offerings, and re-brand it as “SafeSender”. It’s the first time VeriSign has partnered with an e-mail provider to use the familiar red checkmark seal in the actual e-mail creative. But it wasn’t clear from the announcement exactly what RatePoint and VersiSign will be certifying – are they asserting some level of compliance with best practices, or merely authenticating the sender?

I put the question directly to a RatePoint pre-sales engineer on the day of the announcement, and after putting me on hold for a few minutes, I was advised that RatePoint “would not be talking about that” until product release next quarter. Since my call, though, other industry publications have written that the seal will indicate to recipients that the sender has been authenticated, and that the message has passed a VeriSign malware scan. This makes sense, since VeriSign earned it’s original fame and fortune in the SSL certificate business (which it recently sold off to Symantec).

So how do senders decide whether and which program they should participate in? Price will certainly play a big part in any decision, insofar as cost of preferred delivery offsets any gain in ROI. Seal programs seem like a cheap alternative, but they are not true deliverability solutions.

The conclusion I draw is that there’s just no shortcut around good sender practices: send the mail your customers want, and only to those who asked for it. If you can do that well enough, you may find you don’t need any of them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s