Doing It Right: The Points Guy

One thing I’ve never understood is why senders often make subscribers wait until they’re sick of receiving the mail before giving them an option to adjust their frequency to something a bit less onerous (or “opt-down” in marketer-speak. Yuck.).

By the time senders deign to reveal that recipients could have opted for weekly or even monthly missives, it’s usually only after the subscriber is running for the door – way too late to salvage a valuable, permission-based relationship.  Continue reading

Sending More Mail Will Not Make It Suck Less

If you haven’t been keeping up with the current deliverability tempest in a teacup, you haven’t been missing too much. There’s some interesting material on both sides of the argument and at least one amusing troll, but there’s nothing there that, by itself, should make you change how you’re doing things. (Unless you’re spamming. If you are, you should stop doing that right now.)

It all comes on the heels of remarks by a Microsoft representative at a recent email conference, in which he appears to have reiterated that Outlook.com does not measure clicks on links in email. The premise advanced by some observers following the conference seems to be, “Free inbox providers don’t count clicks, so marketers should send more mail.”

Maybe I’m just not the the sharpest knife in the drawer, but I don’t see how they get there from here. Continue reading

Engagement Totally Matters

I read an interesting blog this morning that advances an argument that I thought, like the anti-vax movement, had been debunked by actual data a long time ago. And like that movement, the argument still keeps coming up over and over again. Continue reading

The ISPs’ Stupid Rules

A while back, I worked with a company that publishes a stable of well-established retail catalog brands. At the time, they’d just launched a new catalog to coincide with a holiday.

Unbeknownst to me, they had started mailing offers from the new catalog to recipients who had opted in to mail from one or more of their other catalog brands, with entirely predictable results. Continue reading

Who Really Wants Mail from 850 Hotels?

My long time friend and colleague Kelly Molloy of Return Path recently posted some observations on her Facebook timeline regarding some opt-in mail she recently received from a well-known brand. She’s given me permission to repost them here:

‎”Starwood Hotels and Resorts wants you to make the most of the Starwood experience. That’s why you’ll soon be receiving exclusive emails from us, featuring special offers and preferred rates at over 850 hotels and resorts worldwide.”

I don’t actually care about 850 hotels and resorts worldwide. I care about, like, three or four. But I can’t narrow my choices, and special offers for 850 hotels sounds like more mail than I want, so I’ll unsub. If you had given me a choice, I would have chosen the locations I want to know about.

I doubt Kelly believes she would have received mail from each of 850 Starwood properties, and I don’t think Starwood had actually intended to do that. But Kelly makes a good point in a humorous way. Starwood surely can get to the data about which properties its repeat customers usually stay at and how often. They should have used that information to finely target offers to the recipients that are most likely to engage with them.

Plastering an opt-in list with generic offers that aren’t tailored to anyone is not just a wasted opportunity, it actually causes recipients to revoke hard-won permission to send (or worse, to report permissioned e-mail as spam).

The first few words of the mail are quite telling: “Starwood wants.” Starwood would be better served by considering their recipients’ wants instead. And, of course, so would their customers.

Fatfingers Create Kerfuffle at New York Times

Twitter lit up earlier today with news that The New York Times subscriber list must have been hacked. It seems a few million folks received messages purporting to be from the Grey Lady, advising that their subscription had been cancelled per the recipients’ instruction, and asking them to reconsider.

News that the message had originated from Epsilon Interactive, who earlier this year were themselves a target of a now-infamous ESP breach seemed to confirm the assumption that hackers had sent the message.

I’m a current subscriber and received my own copy of the message, so I had an opportunity to inspect the headers. The message seems to authenticate correctly; SPF designates the sending IP (which belongs to Epsilon) as a permitted sender on behalf of email.newyorktimes.com. The DKIM signature seems to have some formatting issues, and Gmail renders a “neutral” opinion on its authenticity

I think it’s safe to conclude that the mail did indeed come from Epsilon; the question is whether NYT’s account at Epsilon had been breached, or if the message was sent in error by an authorized user of the Epsilon account.

Word comes now from NYT that it’s the latter case – a NYT employee sent the message to over 8-million recipients in error; it was intended for only about 800 recipients. I’m guessing that the employee ticked the wrong box in Epsilon’s customer application, and selected one or more incorrect segments of their lists to receive the message.

The mistake is easy enough to understand and forgive, but it has to have been an awfully expensive one nonetheless. Recipients already on edge following the well publicized breaches were quick to assume the worst, and quicker to share those assumptions on Twitter. I am sure a significant number of recipients marked the message as spam, which will likely have a measurable impact on sender reputation, thereby hampering deliverability of future sends. Also, sending eight million messages is a lot more expensive than sending 800. The Times also sent a follow-up notification to recipients selected in error, essentially doubling the cost of the initial mistake. And it appears that the Times’ inbound call center was swamped with inquiries, which itself carries measurable cost.

There are probably a few lessons to be drawn from the incident. The one that springs quickest to my mind is, “Aim carefully.”

Edit: Headers included below, for the edification of various interested parties:

<pre>Delivered-To: andrew.barrett@gmail.com
Received: by 10.204.68.75 with SMTP id u11cs308277bki;
        Wed, 28 Dec 2011 10:14:50 -0800 (PST)
Received: by 10.50.17.195 with SMTP id q3mr36902675igd.11.1325096088086;
        Wed, 28 Dec 2011 10:14:48 -0800 (PST)
Return-Path: <150b39d46layfovciab7saeiaaaaaaxwmvxqqoseiuiyaaaaa@email.newyorktimes.com>
Received: from dmx1.bfi0.com (dmailer0121.dmx1.bfi0.com. [208.70.142.121])
        by mx.google.com with ESMTP id en3si23815262igc.11.2011.12.28.10.14.47;
        Wed, 28 Dec 2011 10:14:48 -0800 (PST)
Received-SPF: pass (google.com: domain of 150b39d46layfovciab7saeiaaaaaaxwmvxqqoseiuiyaaaaa@email.newyorktimes.com designates 208.70.142.121 as permitted sender) client-ip=208.70.142.121;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of 150b39d46layfovciab7saeiaaaaaaxwmvxqqoseiuiyaaaaa@email.newyorktimes.com designates 208.70.142.121 as permitted sender) smtp.mail=150b39d46layfovciab7saeiaaaaaaxwmvxqqoseiuiyaaaaa@email.newyorktimes.com; dkim=neutral (bad format) header.i=@email.newyorktimes.com
Return-Path: <150b39d46layfovciab7saeiaaaaaaxwmvxqqoseiuiyaaaaa@email.newyorktimes.com>
DKIM-Signature: v=1; a=rsa-sha1; d=email.newyorktimes.com; s=ei; c=simple/simple;
	q=dns/txt; i=@email.newyorktimes.com; t=1325096067;
	h=From:Subject:Date:To:MIME-Version:Content-Type;
	bh=eAJBhggz56bI1iAGtnD6v787ib8=;
	b=XtriQSLHzmhMsaITYZDGYIS3VRsGlWGjP/3aELRkLaOawj6tlMWioBwo5yok6ipT
	rK73yfllp2Mk/NjAw4VBEOJtaRSwwhmGQOQKRp7rhi4aVtqXq5N8OJAExKKiH7pd
	GOJHgOIlmc42UkaqzlyQwJ/Zdppkp+coxwtB+Rwyt0Q=;
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
	s=ei; d=email.newyorktimes.com;
	h=List-Unsubscribe:Received:Reply-To:Bounces_to:Message-ID:X-SS:X-BFI:Date:From:Subject:To:MIME-Version:Content-Type;
	b=aVU70NLC7DPVnsy+oTRKCWYM8JFro8ZQ4q1rx4bKKIISSiLhLuq4lMayMhnZrKJN
	DTBukp3y6+dCQIv7VZgu1tXJ5BkcwQXZAuhBV2QH1RjaHiucsKuPX470y8Ybc25E
	76S+SiSLDknfSKurAlEJcmAQZyrx6f1WUvfVNcy3gUc=
List-Unsubscribe: <mailto:xxxxxx@email.newyorktimes.com?subject=unsubscribe>
Received: from [10.150.20.107] ([10.150.20.107:56117] helo=dlspvhcimailer7)
	by dmx1.bfi0.com (envelope-from <150b39d46layfovciab7saeiaaaaaaxwmvxqqoseiuiyaaaaa@email.newyorktimes.com>)
	(ecelerity 2.2.2.45 r(34222M)) with ESMTP
	id DD/83-28890-38C5BFE4; Wed, 28 Dec 2011 13:14:27 -0500
Reply-To: =?iso-8859-1?B?Im5vLXJlcGx5Ig==?= <150b39d46layfovciab7saeiaaaaaaxwmvxqqoseiuiyaaaaa@email.newyorktimes.com>
Bounces_to: nytimes.150b39d46layfovciab7saeiaaaaaaxwmvxqqoseiuiyaaaaa@email.newyorktimes.com

Holiday Fail, Indeed.

You might have thought that a large, e-commerce-centric company like Pro Commerce, Inc. – owners of well-know brands like ProFlowers and Red Envelope – would know better than to send e-mail with deceptive subject lines, a clear and blatant violation of the CAN SPAM Act.

You’d have thought wrong.

I received the solicitation below with the subject line, “Flower Delivery Notice Failure.” I immediately assumed the message was a phish, possibly sent with data obtained in one of the recent ESP breaches. After all, I do have a Pro Flowers account, but I haven’t purchased from them in a few months.

But the message is signed with a valid DKIM signature and is authenticated with SPF, and both point at network assets under Pro Commerce’s control. They are not using an ESP; the mail came from their own servers, hosted in Cogent IP space.

Maybe they should consider using an ESP. They obviously could use a little help. I realize that businesses of every size are under enormous pressure to make their Q4 revenue numbers, but this is not the way to do it.

Image