TechWeb

How To Stay Off E-Mail Blacklists

Mar 31, 2006 (11:03 AM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=184419792


E-mail has become a critical marketing tool for small businesses. By giving smaller firms the ability to market as effectively as larger ones with no incremental costs for increasing the number of e-mails, email has truly been one of the boons of the Internet age.

Unfortunately, there’s also no additional cost for spammers, so the amount of unwanted e-mail is escalating sharply, giving rise to "blacklists" that companies are increasingly using to help spot and automatically block unwanted e-mails. E-mail hosting services such as Yahoo! and AOL have their own blacklists. There are also blacklists operated by smaller organizations.

While the blacklists are designed to thwart spammers, sometimes they thwart the legitimate e-mail marketing efforts of legitimate small businesses. Joel Smith, chief technology officer for AppRiver LLC, located in Gulf Breeze, Florida., says that valid businesses getting blacklisted is one of the top support issue for his spam-and-virus filtering firm.

Although it's best to try and stay off all blacklists, a small business may not have the resources to monitor all of them. Most experts agree that the ones to be most concerned with are Spamhaus and SpamCop.

There are different procedures for getting off different blacklists. Some require only a phone call or e-mail. Others have very specific procedures. Follow those procedures to the letter, Sullivan recommends. If there are five steps, follow all five, not just four. Failing to do so will keep you on the blacklist. “They’re very rigid about the procedures,” Sullivan says.




By following some best practices, small businesses can stay off blacklists to begin with. Here are some pointers:

1. Make sure that your e-mail server doesn’t relay outside e-mails. A favorite trick of spammers is to find unprotected e-mail servers and use them to send out millions of e-mails. The benefit for spammers is such methods are difficult to trace, so they rarely get caught. They use countless numbers of these relays, so it doesn’t matter if some are short down.

But it does matter to the small business that is unwittingly relaying these e-mails. So Smith recommends that small business ensure that outsiders for e-mail relay can’t use their e-mail servers. One way to check is to use www.tools.appriver.com, which is a free service. Another way to prevent such a problem from occurring again is to use a third-party e-mail service to distribute e-mails.

2. Check your hardware for malware. Some 60 percent of spam comes from “zombie” computers and servers that have been infected with malware that uses the hijacked computers to send spam, says Andres Kohn, vice president of product management for Proofpoint Inc. in Cupertino, California, a messaging security vendor. So use a reliable virus protection program to scan your systems and make sure all servers and computers are free of such malware.

3. Have strict policies regarding outside devices and storage media. Some malware can come from an employee who knowingly or unknowingly brings it in on a CD, flash drive or personal laptop computer that he adds to the network. Strictly enforced policies about such practices can prevent these outside infections, which can be the first step in being added to a blacklist.

4. Have and enforce policies regarding forwarding of e-mails. According to Kohn, it’s not the total number of complaints that ultimately lands a company on a blacklist; it’s the percentage of complaints. So if a company that sends out 1,000 e-mails a day garner 100 complaints, there’s a strong chance the company will wind up on the blacklist. A high percentage of complaints can come from people forwarding jokes, photos, or more questionable material to large numbers of people, many of whom in turn complain about it to blacklist owners.

5. Use customer relationships properly. “Some companies wrongly think that because they have a prior relationship with a customer, they have the right to send them unsolicited, bulk e-mail,” says Bharat Suneja, principal exchange architect for Zenprise, Inc. in Fremont, California. So there should be company-wide policies about proper e-mail communication procedures for current and prospective customers.

6. Educate users on good and bad e-mail practices. This goes hand in hand with the policies mentioned earlier. Some don’t know that they may be engaging in potentially dangerous e-mail practices. The smaller the business, the more likely such habits can result in a blacklisting, resulting in a loss of business and, subsequently, layoffs. If employees are educated in precisely how engaging in bad e-mail practices can hurt them, they will be more likely to use email carefully.

7. Use a feedback loop. ISPs with large numbers of e-mail recipients, such as AOL and Yahoo!, provide e-mail feedback loops that will forward any mail reported as spam originating from the associated IP addresses back to the listed e-mail address. If legitimate e-mails are listed as spam, the sender should contact the ISP immediately to determine a remedy.

8. Monitor outgoing e-mails. If a company typically sends out 5,000 e-mails a day, but traffic surges to 25,000, there could be a problem, Suneja warns. If a spike is warranted by a special promotion or other similar communication, that's one thing. But if there's no explanation for the jump in email traffic, it's time to take a closer look.

9. Include authentication certificates with e-mails. J.F. Sullivan, vice president of marketing for Habeas Inc., in Mountain View, California, says that such certificates help legitimize e-mails, ensuring they’re not accidentally reported as spam by automated systems.

10. Use opt-in permissions. By allowing e-mail recipients to opt-in rather than forcing them to opt-out of e-mail messages, a company greatly limits its chances of ever appearing on a blacklist, Sullivan says. The policy of opt-in also has to be clear as to what companies are part of the agreement, especially in the case where a company has several affiliates.

11. Maintain good records of opt-ins. Whether permission was obtained via e-mail, phone or a coupon or other document filled out at a store, make sure the permission is listed in a CRM system or some other company-wide system, says Chip House, vice president of privacy and delivery for ExactTarget, in Indianapolis, Indiana. He adds that opt-in permissions are better than opt-out options for a number of reasons, not least of which that they reduce the number of complaints blacklists get about a business's emails.

12. Confirm opt-ins. This goes one step further than No. 11. Once a customer or prospect has opted in, send an e-mail to confirm the opt-in, clearly spelling out procedures for denying or canceling the opt-in permission that has been granted.

13. Ensure that your email infrastructure is set up properly. Some companies, such as Habeas, provide free audits to ensure that e-mail systems are set up properly (i.e., outside relays not allowed) and that best procedures are followed (i.e., “opt-in” for e-mail recipients).

14. Keep e-mail lists scrubbed and updated. If a firm continues to send e-mails to former customers or to prospects who have already indicated they are not interested in receiving future e-mails, the chance that recipients will complain to blacklists increases sharply, Sullivan says. Therefore, he advises against buying third-party e-mail lists.

15. Follow practices required to be included on "whitelists." The opposite of blacklists, whitelists provide companies with additional affirmations of their e-mail practices, according to House and Sullivan.