What makes e-mail trustworthy? There are at least two factors at play here: e-mail authentication, as described in a recent article, ensures that outbound e-mail really comes from the purported sending domain. That doesn’t tell you whether the sender is a highly-reputable institution or a spammer, though.
This is where e-mail reputation comes in. It’s a new concept based on easily-understandable principles. Are you a reliable sender — a known and rated entity? Are you sending me something I expect to receive? Beyond that, is it something I find valuable?
Today, we as recipients actually wield a considerable amount of power with regard to received e-mail. We can mark an e-mail as spam. We can unsubscribe. We can comment on senders and their reputations. But many people believe that marking an e-mail as spam has no consequences. In addition, there is a common perception that unsubscribing merely lets the spammers know there really is a human being at this e-mail address, leading to more spam. It may surprise people to know that information about a sender’s reputation is actually listened to, and acted upon, especially by vendors who employ best practices.
Take, for example, Publishers Clearing House. Most U.S. households are familiar with the big envelope that comes once a year, inviting them to participate in the huge sweepstakes offering a variety of magazines and merchandise at discount prices. But the company has come to rely more and more on e-mail, rather than postal mail. Customers opt in via the Web site to receive timely notification of sweepstakes and magazine offers. With their heavy reliance on e-mail as a communications and marketing tool, Publishers Clearing House is a good example of a company that places a great deal of focus on reputation.
“We strive for an impeccable reputation,” says Sal Tripi, director of operations at Publishers Clearing House. “Unfortunately, illegitimate e-mailers have made it very difficult for consumers to conduct business on the Internet with legitimate vendors. That’s why we work hard to go above and beyond to stand apart from illegitimate mailers. It is vitally important that we maintain our reputation for trustworthy e-mail — we want to be known as the company with the best e-mail practices in the industry.”
Building a Good Reputation
Next, monitor every outbound e-mail campaign through ISP feedback loops, taking careful note of the number of unsubscribe requests and the number of times the recipient hits the “This is Spam” button, and very quickly (within hours, not the 10 days provided by CAN-SPAM) taking the recipient off the list. He also recommends doing a post-mortem analysis on each campaign to drive the number of unsubscribe requests down. His firm also monitors delivery at major ISPs to see what the content filters are picking up, and fine-tunes the campaigns to avoid the e-mail being unnecessarily trapped.
However, he relies heavily on a new category of solution provider — called “reputation services providers” — for some of the heavy lifting. Every e-mail sent in his campaigns is certified — the company uses Habeas, a reputation service provider that provides a sort of “Good Housekeeping” seal of approval for the e-mail.
“This third-party seal gives customers another avenue to express concern about e-mail,” explains Tripi. “They can click on the Habeas link and give feedback. In addition, we can take the customer feedback information in the aggregate to help us fine-tune out mailings.”
The Role of Reputation Service Providers
Reputation service providers act as trusted third parties who are able to use data gathering and analysis techniques to observe and rate massive numbers of sending entities. They monitor a sender’s performance and provide objective information to receivers who can then use the data according to their internal rules for accepting e-mail. Ultimately, messages from senders with the highest levels of reputation make it to the inbox, while those with less-than-desirable sending habits are filtered out by ISPs.
Reputation service providers are important to e-mail senders, especially those who send more than 50,000 e-mails a month — but this is not limited to e-commerce departments. In larger enterprises, both IT and marketing are trying to get a more centralized view and control over outbound e-mails. A reputation service provider can identify deficiencies in the sender’s practices, and measure and monitor their ongoing e-mail success.
There are also benefits for e-mail receivers — the ISPs, enterprise anti-spam and security solution providers, and mail transer agent (e-mail software) vendors that process large volumes of inbound e-mail and must accurately separate legitimate e-mail from bad e-mail. They access the reputation service providers’ reputation information about e-mail sending entities in order to more efficiently stop spam and deliver legitimate e-mail.
Consumers typically are sending e-mail at a sufficiently low enough volume that they “fly below the radar screen” of antispam and reputation services. However, consumers do participate in the e-mail reputation ecosystem by “voting” at their ISP (e.g., AOL, Yahoo, Hotmail) on undesirable e-mail using the “This is spam” button. Consumer complaints about an e-mail sender are considered a cornerstone of e-mail reputation services.
Making an Assessment
Let’s take as an example the “seal” that Tripi mentioned earlier. In order to obtain this seal, the company undergoes frequent detailed and thorough assessments of its e-mail sending practices and reputation. The firm supplies Habeas with comprehensive information that triggers over 50 automated and manual tests in five main areas:
- Sender identity
- Technical e-mail sending infrastructure
- Legal and best practices
- Sender reputation
- Complaint/feedback rating
The evaluation process looks at aspects that are easy to independently verify: Is the system set up correctly (DNS, reverse DNS, IP identification, etc.) from a technical standpoint? System audits are performed, as are audits of the registration and acquisition practices and mailing patterns. Does the sender handle abuse complaints and unsubscribe requests properly — and promptly?
Further tests are performed that compare the sender’s assertions with data gathered and analyzed by Habeas’ reputation databases. Publishers Clearing House receives a written report on their e-mail reputation, with point-by-point recommendations to improve the sender’s practices in each of the five areas.
“We check our reputation every day, by going to an online reputation monitor to make sure there is nothing negative,” says Tripi. In spite of taking multiple steps to ensure the trustworthiness of their e-mail communication, “in the world of e-mail, mistakes can happen. You can be added to a blacklist, your content can trigger a spam filter, so checking every morning is a valuable service,” he said.
Measuring Effectiveness and Value
How does a reputation service provider measure its own effectiveness? At Habeas, CEO Des Cahill admitted that the easiest way is to quantify delivery rates for e-mail, but they don’t stop there. “We measure the most difficult delivery metric — delivery of the e-mail to the ISP’s inbox,” he said. “By tracking that delivery rate continuously across the customer base, we are able to average delivery rates in the low to mid 90 percent range at the top ten ISPs for our certified customers. This is quite high, as 5-7 percent of e-mails sent may be undeliverable due to inaccurate or changing e-mail addresses.”
For reputation service providers in general, it seems that senders measure the value less in terms of increasing delivery, and more in terms of avoiding many of the pitfalls in today’s online environment of phishing, spam and viruses. For example, “We have many sender customers using best practices in their e-mail programs, but they get blacklisted when their affiliates are overly aggressive. We also see reputable brands being hijacked by phishers, so quickly making our customers aware of these incidents can help minimize brand and consumer impact,” according to Cahill.
Our recommendations stem from the best practices outlined by Habeas, one of several vendors in this space who believe that what separates a legitimate sender of e-mail from a spammer is one and only one thing — use of best practices in e-mail. Adopt the following best practices to both increase the probability that your e-mail will get to the intended recipient, and preserve and enhance your brand and reputation:
- Permission practices: Be sure to obtain clear proactive consent from the recipient to receive e-mails from you.
- E-mail relevance: Ensure that your organization sends out e-mails which are in line with the expectations (content, frequency, etc.) set when you obtained the recipient’s permission.
- Mailing list hygiene: Promptly honor unsubscribe requests. Remove bounced e-mail addresses and aged, unresponsive e-mail addresses quickly.
- Technical infrastructure: Utilize authentication technologies such as SIDF and DKIM. Make sure you understand all the different e-mail streams originating under your organizations domain or sub-domains.
For more information, go to the Messaging Anti-Abuse Working Group or the E-mail Sender and Provider Coalition. A great online and semi-annual forum that will provide a good overview on many of these topics is the Authentication and Online Trust Alliance, an industry coalition focused on authentication and reputation.
To conclude, here are some final words from Tripi: “When someone gives you their e-mail address, they have given you their trust. it is a privilege. Don’t violate that trust. Understand and respect what the customer wants. It’s always more difficult to take the high road, but it’s definitely better in the long run.”
Tanya Candia is a consultant and expert on information technology (most notably data management and security), business management and marketing issues. As president/founder of Candia Communications, she consults with a variety of companies on busienss, strategy and maketing programs. Candia can be reached at [email protected].