Welcome to to SiteSell.com Spacer SiteSell Home Affiliate Program Site Build It!
Level the Playing Field


Level 0: Ignorance or Super-Savvy?

Contents at a Glance
Letter from Ken Evoy, Pres. SiteSell.com
Who's "Using Spam" To Tilt the Field?
"Deliver My Mail" (Download Package Here)
Level 0: Ignorance or Super-Savvy?
Level 1: What To Do If You Are Filtered
Level 2: The No-Whitelist, Stonewalling ISP
Level 2 Counter-measures
Damaged? Class Action Lawsuit
Think you have no e-mail deliverability problems?

You are either blissfully ignorant of problems, or have a very low level of business activity (we can help with that, too, but that's another story!). Or perhaps you are extremely mail-savvy and have already done much of what is outlined in this program -- even so, this page is invaluable. Savvy or not...

The program below helps you to verify and improve your practices so that your business successfully navigates the labyrinth of e-mail, spam, and anti-spam.. The "Big 3" principles upon which everything else is based are...

1) Stop sending mail that may be getting you into trouble (ex., e-zines to dead addresses at Yahoo!, vacation autoresponders unless they respond AFTER spam and viruses have been filtered out, etc.). If you send e-mail to a dead address or if you REPLY to spam or viruses, you will get into trouble sooner or later (even if you are very small, get it right now, and you won't have to worry about this later).

2) Work at the SMTP level. This is a bit technical, so let's use an autoresponder as an example.

Do you run an autoresponder that responds to all inbound e-mail, even spam and viruses? If so when you reply to spam that has been forged to look like it's coming from hotmail.com, that's where your autoresponder goes. Too bad hotmail now thinks it's coming from you (even if it's to send a sorry-this-was-spam message). Trouble. But...

If you can filter this out at the SMTP level (right at the moment when your mail server talks to the senders), it's a refusal, not a reply. Since you never take possession of the mail, you are not responsible for it.

Another example -- make sure your mail server refuses inbound e-mail to non-existent addresses at the SMTP "server-level" -- that way it is a refusal instead of a reply. Ask your tech if this is complicated for you. Some major ISPs still REPLY to the sender who mailed to a non-existent address. Bad -- this must be filtered out at an SMTP-refusal level.

3) All functionality should be Web-based, not e-mail based. Think this way for all future functionality. And change all existing mail-dependent functionality to Web-based. Examples of this appear below.

OK, let's see how the Big 3 convert into practical steps for you to take to prevent/eliminate any problems that e-mail may otherwise generate for you and your business.

Review and implement the following major steps to make yourself "squeaky clean." With this "Level 0 Filtering-Detection-and-Prevention System," you should virtually eliminate problems caused by e-mail....

1) Analyze every important e-mail that bounces-back...

  • post-order
  • affiliate registration
  • request to confirm a subscription
  • support
Examine the reason for the bounce-back. If it is because the recipient's e-mail account is inactive or over-quota, you are not being filtered. However, if the message mentions "content filter" or "UCE/spam filter" or some such message, you are being filtered.

Some bounce-backs go to the "Reply-to" address. But most mail servers will send to what is called the "envelope address" -- make sure that you are able to receive that mail, so that you can examine ALL bounces.

SIDEBAR:
Beware: Hotmail does not bounce-back e-mail that it filters. It merely deletes them, so you have no way of knowing that your intended recipient is not getting your mail! So how do you find out about these? That brings us to the next point...

2) Pay attention to customer complaints.

If a customer tells you that she did not get a reply or an e-mail that they expected, it may have been filtered, even if you did not get a bounce-back. How does this happen? Simple...

If an ISP rejects your mail, it is supposed to bounce it back to you (the sender) to let you know. The sad truth is that some companies (ex., Hotmail) do not bounce-back filtered e-mail. So you think that your customer received it... wrong! All kinds of bad arguments happen between you and your customer ("We mailed you."   "Did not!"   "Did too!"   "Did not!"), with Hotmail neatly out of the middle.

Deliver The Mail will bring Hotmail directly back into the middle, and will extricate you from the mess. The customer should complain, loudly, to Hotmail and let them know why she has switched to Yahoo! Mail (a good alternative, at this time).

3) Review your e-mail policies -- adopt responsible ones

If you "grew up" in the innocent e-commerce era, when spam was not much of a problem, your practices may be a bit out of date. Or perhaps you never paid much attention. In any event, make sure your e-mail protocols are consistent with this set of "sender best practices"...

  • the Web page where user submits e-mail address must be clear that user will receive further e-mails
  • privacy policy must be accessible wherever you request an e-mail address
  • subscriptions to e-zines must be confirmed opt-in (i.e., they confirm that they did subscribe, and not someone else for them) -- store the date, time and IP address of confirmation
  • your subject must be clear and not attempt to mislead, same with headers, return addresses, etc.
  • include your physical "real world" postal address
  • your email must be RFC compliant (ex., no "&" in your e-mail address) -- check with your ISP/Web host (all SiteSell and Site Build It! e-mail are RFC-compliant)
  • your reply-to address and pathway must not be concealed
  • e-zine must offer user clear options to opt-out/unsubscribe, and unsubs must be handled quickly (best method is a single-click unsubscribe link)
  • remove addresses if they bounce -- here are our recommendations for when to delete an address from your list...
          • two 550 errors (no such address)
          • three hard bounces (5xx error)
          • five soft bounces (4xx error)
  • certain client-side e-mail software is penalized by some filters -- in general, you are more highly regarded if you use a server-side mass-mailing service with an excellent reputation (see next section)
SIDEBAR:
Confirmed opt-in has the following advantages...
  • it registers a smaller number of more serious subscribers -- anyone who does not confirm an opt-in is not worth having as a subscriber
  • confirmed opt-in subscribers are less likely to unsubscribe
  • they are less likely to forget they subscribed and complain that your "e-mails are spam"
  • if anyone does complain that they never subscribed to your e-zine, you can prove that they did subscribe by providing the exact date, time, and IP address that they confirmed (all they have to do is confirm with their ISP that they were using that IP at that time!)
  • it eliminates spammers and the various addresses they use, from your list, since they won't confirm
  • it confirms that the e-mail address is correct, or you won't get a confirmation -- this prevents you from repeatedly mailing to non-existent addresses, a good thing.
Use confirmed opt-in even for your sequential autoresponders that deliver courses. It would deadly to send 7 e-mails to the same dead address at Yahoo! Mail or Hotmail. So another advantage of confirmed opt-in is to eliminate bad addresses/spam/viruses, which means you don't have to send all the following e-mails to an increasingly upset mail server that has to deal with it (SBI!'s Sequential Autoresponder does all this automatically. Actually we do everything on this Web page for you -- nothing to worry about.)

Before you do a mass-mailing of an e-zine, optimize it to make sure it passes through "content filters." The goal is NOT to trick filters. After all, you are not spamming. Merely eliminate filter mistakes by re-wording your message. Examples of "optimization for deliverability" include... Next, do a quick "sanity test" before you do a full mailing to your list of 50,000 confirmed opt-in subscribers. How? Do a test mailing to accounts that you, employees, and friends (or "friendly customers") have at the following major services...
  • hotmail.com
  • yahoo.com
  • aol.com
  • live.com (formerly msn.com)
  • comcast.net
  • earthlink.net
  • cox.net
  • bellsouth.net
  • juno.com
  • sbcglobal.net
This is an excellent "bottom line reality check." If you get through on all ten, you're in good shape overall!

After a mass-mailing of your e-zine, watch for "challenge-response systems" that send an e-mail to the From/Reply-to address of your zine. These e-mails ask you to click on a link to prove you're "real" (spammers don't check replies!). You only have to click once -- effectively, you add yourself to the customer's whitelist! Clever.

Following these recommendations will greatly increase the percentage of e-mails that make it to the intended destinations.

SIDEBARS:
A) What about the bonded services?
They all have drawbacks, but the third one below is particularly interesting...
  • Habeas -- interesting concept, suffers from chicken-and-egg. Not widely used enough to be worth the time and money.

  • Bonded Sender -- this is the one Microsoft will force you to use if you get blocked at Hotmail. Unfortunately, it's run by former senior execs at Hotmail and Microsoft. The details...

    Bonded Sender is powered and owned by IronPort Systems (ironport.com), which also owns SpamCop. A review of IronPort's directors and senior management reveals this background...
          • Jack Smith, board director (co-founder of Hotmail)
          • Scott Bannister, CTO (founder of ListBot)
          • Scott Weiss, CEO (business development at Hotmail & MSN).

    Kind of "smells" like the gatekeeper who locks the gate, and then sends you to his friend to buy a very expensive key. It also has outrageous penalties if very low numbers of complaints come in (ex., "I didn't want that" -- many people forget they subscribed!).

    And how does Microsoft explain that small businesses can pay to get bonded, but Hotmail can't whitelist a customer who wants e-mail? Want to complain about this cozy little relationship?

    Reach Hotmail/MSN at MSN support... (800) 386-5550

    More options to communicate with them are available at...
    http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer01&sd=GN#faq1398

    Reach Brightmail at...
    http://www.brightmail.com/contact_us.html

  • SPF -- best long-term hope. SPF also suffers from chicken-and-egg. But we are implementing it right now, because it is the best technology to prove that NONE of the spam that forges our sitesell.com address comes from us. If filtering services and blacklists have put us on their radars erroneously due to spammers forging our domains, e-mail addresses, names, etc., it's the filters' fault if they do not use SPF to detect whether, in fact, the mail servers are ours.

    AOL, Google's new Gmail and 19,000 ISPs use SPF already. We highly recommend that you contact Hotmail and Brightmail and recommend they do the same.
B) What about deliverability services?
These services monitor and help you increase the percentage of your e-mail that gets delivered. We'll report on these when we find one that appears to offer value for dollar.

4) Review affiliate monitoring

If you have an affiliate program, your anti-spam policy must be strict and uniformly enforced. If not, you will lose control of the "bad eggs." Soon, the good eggs notice spam, so figure it's OK. In the end, you (rightly) get all the blame. ("Eggs and spam"... in another world, we'd be having breakfast.)

Review your policies now. Our 5 Pillar Affiliate Program has a near-zero spam complaint rate, due to two strict policies that have stood the test of time, unchanged since 1999...

Acceptable Use Policy

Investigation Protocol

You may copy and use the language of the above policies as you like. We hereby give you a free license to the use of our copyright on this material. No need to provide a link or credit.

OK, let's continue with Level 0 filtering-detection-and-prevention system...

5) Verify that your Web host and ISP meet "outbound mail server best practices"

For example, Hotmail's practices are poor. They report bounce-backs badly, telling you only that "Delivery to the following recipients failed" -- they don't even report the reason-for-refusal by the receiving mail server. AOL and Yahoo! Mail and other mail servers are much better -- they all report the specific reason why a receiving mail server refuses mail. Spammers use Hotmail with ease and forge Hotmail addresses. And Hotmail does not let senders know when it filters out e-mail. All in all, Hotmail is not a good choice for e-mail for any purpose.

On the other hand, Site Build It!'s WebMail resides on its own, dedicated servers. Our protocols and practices make it impossible to use WebMail to spam -- it is a 100% clean system. Same goes for Site Build It!'s e-zine MailOut system, which also resides on its own mail servers. Many e-zine servers have problems due to lax practices -- for example, marketers should never have the option to "confirm opt-in for their subscribers" -- subscribers must confirm all subscriptions, even those that marketers want to transfer from existing lists that they host elsewhere.

Net result? Responsible, spam-proofing policies do not bother the honest small business person, but do drive away spammers. Make sure your Web host does the same -- some ISPs are "friendly" to spammers, or merely "sloppy." But either way, it means the same bad results for you, and as a result, your e-mail could get caught up in filters through no fault of your own.

Final point -- ask your ISP or Web host or e-mail sending service if their mail practices are acceptable to all major, responsible (i.e., non-vigilante) filters (all Site Build It! sites comply automatically)...

  • Are e-mail servers secured to prevent unauthorized use (i.e., they must not be open proxies or open relays)?
  • Do they control the speed of the mailing rates of e-zines? If the rate is too high, you can trip a "volume" filter, especially if your list has too many "dead addresses."
  • Do they manage your list automatically, removing dead addresses?
  • Do they maintain, read, and reply to RFC-mandated postmaster and abuse aliases?

6) Monitor Blacklists

ISPs and spam filter systems often check blacklists. The only problem? You don't have to be a spammer to get onto that list. Sabotage and accidents happen regularly. So it's a good policy to check weekly to see if your domain or mail server are on any of these lists...

Mail Abuse Prevention System -- maintains the Realtime Blackhole List (has many ISPs as subscribers).

Open RBL -- check multiple blacklist databases for your domain or IP address.

SenderBase -- another useful multiple-list checker, a free "lead-in" promo for Bonded Sender.

Other anti-spam groups...

http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/

http://dir.yahoo.com/Computers_and_Internet/Communications_and_Networking/Email/Spam/

7) Convert to form-based systems

Do not use direct e-mail address links on your site. Convert current e-mail based functionality to forms -- this thwarts spammers because they are too lazy to create a program to fill in your form.

Why go to all this trouble? Because it is small business's part of the fight against spam. It's not fair to bang large ISPs and mail services with large volumes of useless mail -- so eliminate it. For example...

  • "Contact Us"
    Do not put e-mail addresses on your Web site -- spambots pick them up and mail them mercilessly. Use contact forms instead.
  • Autoresponders
    Do you send automated replies to inbound e-mail that is sent to certain e-mail addresses? If so, convert to form-based because you are likely replying to a lot of spam.
  • How to handle mail to non-existent addresses?
    Do not autorespond to addresses that do not exist at your domain -- either run a catchall and delete, or make sure your mail server refuses inbound e-mail to non-existent addresses at the SMTP "server-level."
  • E-mail courses
    Sequential autoresponders remain a valid marketing tool. But again, only in response to a form, not to an e-mail address. And include a request to confirm the opt-in on the first installment.
  • Subscribe to e-zines
    Again, use form-based subscriptions only (with automated request to confirm opt-in). Do not offer the ability to subscribe by sending a "blank e-mail" to e-mail addresses. And, of course, require a confirmed opt-in.
Why is this important? Because spambots suck up e-mail addresses posted to the Web, then mail to them relentlessly, forging addresses at major mail services such as Hotmail and major ISPs like AOL and Earthlink. If you auto-reply to forged spam to these big ISPs and mail services, they are likely to start filtering you out, even though you are not spamming. (Yes, even though the forgeries are "theirs" and they could easily adopt SPF to prevent forgeries -- soon, though, any service without SPF will be on shaky ground.) It is now the small business's responsibility to keep clean, up to date e-mail addresses in their confirmed opt-in mailing lists.

SIDEBAR TO SITE BUILD IT! OWNERS:
If you already use SBI!, don't worry. Very little on this page that is technological should worry you. Simply conduct yourself accordingly, and you'll be fine. As always, we do it all for you, including the "behind-the-scenes" technology.


SIDEBARS RE CONVERSION TO FORMS, BASED ON OUR EXPERIENCE:
A) Prioritize your conversion according to importance/urgency vs. time/effort.
Our HIGHEST PRIORITY, yet heaviest conversion, was our support system -- it was 100% e-mail based, and spam was paralyzing us. Our CRM system is now totally form-and-database driven. You may not need to program your own custom CRM system, but do eliminate your "support@" address and replace it with a support form. We have been steadily converting other functions to Web-based, according to three criteria...
  • how important it is to our customer
  • the amount of outgoing e-mail it cuts down (vs. how much programming it requires)
  • how much work/resources the project requires.
B) Converting is work, but don't put it off.
Implement "quick fixes" where possible, then blend in the longer-term solutions.
Our "Operation Web-based Conversion" has been done in stages. Ironically, one of the last jobs on our "to do" list is SpamCheck! But we did cut down over 100,000 useless outbounds per day very quickly. Here's how...

SpamCheck started to be hit by spam, since it is e-mail based... over 100,000 per day! Autoresponding to that many e-mail replies can get you into trouble in a hurry, especially if a spammer is forging SOL.

So, as a quick fix, we added our own content filter... the word "TEST" must begin the subject if you want to receive your SpamCheck report. We run the filter at an SMTP level -- here's how it works....

   STEP 1) You e-mail your "test e-zine" for a spam-scoring of its content, as described on the SpamCheck site.

   STEP 2) Your mail server talks to our mail server (we have not yet accepted the e-mail). We see that "TEST" is in the subject, so we send the "spam score" for the content in that e-zine. However, spammers don't know about this rule and there is no reason for them to "fake it" since all they get is an automated spam report (no human ever sees any of these inbound e-mails, nor do we store the addresses except to prevent abuse). Since "TEST" is not in the subject, we send this refusal back to a spammer's mail server...

554 mail server permanently rejected message: Your e-mail was rejected by our spam filter because you failed to put the correct word in the subject of your e-mail request. If you want a spamcheck report, please visit http://spamcheck.sitesell.com for instructions. If you want a free masters course, please visit http://freetrial.sitesell.com and download your course. (#5.7.1)

This way, your mail service does not think we are sending them an e-mail. We are merely refusing that mail. So we stay out of trouble with the mail services (remember, many of these "replies" would go to Hotmail, AOL, etc., since they are commonly forged by spammers).

Note the instructions in the refusal message -- only honest users of the service actually get and read the bounce. So we can still let them know the right way to use SpamCheck. Unfortunately, since Hotmail merely tells their users "Delivery to the following recipients failed," their users are deprived of SpamCheck.

C) Do it in stages.

We did the same thing for our Masters courses, chopping 750,000 e-mails. It happened in stages...

  • months ago -- we converted sequential courses (5 daily e-mails on a variety of Net marketing topics) to "confirmed opt-in" even though users understood they were going to receive 5 e-mails in all. Since we were getting 150,000 bogus subscriptions per day, that cut down 600,000 total e-mails.
  • next, we added the requirement for MASTERS to be in the subject (same system as for SpamCheck) -- this eliminated most of the remaining 150,000
  • finally, we've been converting the courses from sequential autoresponders to downloadable PDF e-courses, and all future courses will be downloadables.
Bottom line -- between the Masters courses and SpamCheck, we've eliminated almost 1,000,000 (it would be well over 1,000,000 by now if we had not changed) needless e-mails per day. This didn't happen overnight, but it's all part of being a responsible Net citizen.

Almost every piece of e-mail that goes out now is user-requested. 99.9% of the "bad stuff" is either refused at the SMTP server level, or dropped/deleted without need for a reply because we know it's spam.

8) Proceed to Level 1, even if you are not being filtered right now. Educate and activate your customers. Do this now before you have problems, rather than after. Point them to the right place to complain in order to reduce problems when they do occur. "An ounce of prevention..."  

Contents at a Glance