Home  › Email › Email Marketing

Can You Pass an E-Mail Reputation Audit?

  |  August 31, 2005   |  Comments

The auditors are coming! Take this mini-audit first, to see if you’re ready.

The auditors are coming! The auditors are coming!

This time, they don’t want your tax records. Instead, they’ll scrutinize every nook and cranny of your email policies and procedures to determine whether you’re a reliable emailer or a despicable spammer.

Unlike your average trip to the tax collector, though, this audit can actually do you some good.

In recent years, anti-spam efforts have moved steadily away from domain and content blocking. Reputation management and accreditation by recognized white-hat agencies count more heavily toward getting your email delivered.

Accompanying that movement are third-party auditing and accreditation firms that specialize in assessing your performance as an emailer based on your subscription, delivery, and privacy practices.

TRUSTe, Habeas, and Return Path/Bonded Sender are the best known of these firms. All three use a battery of tests and questionnaires that measure what you say you do as an emailer and how you perform in the email space.

It’s no simple chat over coffee. After you pass a preliminary certification quiz, Habeas scrutinizes your email operations with over 50 questions. TRUSTe uses a 15-page self-assessment.

After you finish the auditing process, you may feel as if you really did go through a tax audit, perhaps a root canal. Yet measuring your reputation and seeking third-party accreditation are steps to consider if you’re serious about boosting your delivery rate and maximizing email return on investment (ROI).

A reputation audit can reveal where you’re vulnerable to blacklisting or blocking because of a program weakness. It could reveal you failed to secure your network against computer worms, Trojan horses, and other malicious invaders, for example.

An accreditation procedure evaluates your email program against its best practices. If you pass, your email messages receive an accreditation, such as a special code, recognized by participating ISPs. The code allows your messages to bypass their filters and go straight to recipients’ inboxes.

Whether you anticipate using the services of one of these companies or not, you should know how your email practices and policies would stack up in an audit.

Try our 22-question mini-audit. It’s based on actual self-assessments. (Caveat: "yes" isn’t always the correct answer. It could mean you’re using methods that violate the accreditation company’s standards.)

E-Mail Address Collection

  1. Do you use an email service provider to send email? If not, do you own the IP addresses you use to send email? List all.

  2. Does your organization use any of the following sources to collect email: list brokers, third-party marketing lists, co-registration offers, or permission transferred from affiliates or third parties?

  3. Can you provide proof of consent for names and email addresses acquired through co-registration offers, including date, time, originating IP address, and Web page URL?

Privacy Notices

  1. Where on your Web site do you notify subscribers about the kinds of email you’ll send them: prominently above the form where email addresses and personal information are taken; below the form but above the submit button; below the form; on a privacy page linked from the registration page; or no explicit explanation provided?

  2. How do you notify users of changes in your email policies and practices: email, Web page, other, or none?

Online Consent

  1. How do you collect consent from recipients to send commercial or promotional email: double opt-in, opt-in with verification; opt-in; pre-selected option with verification; or other?

  2. How do you collect consent to share email addresses with third parties or affiliates: double opt-in, opt-in with verification; opt-in; pre-selected option with verification; or other?

  3. How do you determine whether third parties who provide you email addresses have obtained their users’ consent: in writing; reviewed their consent method; reviewed the URL where the third party obtained consent; or other?

  4. Do you send commercial or promotional email based on prior business relationships but without prior consent?

  5. Do you require users to accept your commercial or promotional email as a condition of doing business with you?


  1. Do you have a procedure to manage email bounces and update the status of repeatedly bouncing email?

  2. Is your company registered at Network Abuse Clearinghouse?

Unsubscribe Process

  1. Does every email message you send to your mailing list include an unsubscribe link that’s functional for at least 30 days after the message is sent?

  2. How soon do you process unsubscribe requests after receipt?

  3. Which unsubscribe mechanisms do you provide: click on a link in the email message; click on a link, then follow instructions on Web page; reply to message with unsubscribe request; log in to online account-management page; use offline methods; or other?

  4. Do you maintain an email-address suppression list? If so, how often do you run your mailing lists against your suppression list: before each email campaign, daily, or other?

Subscriber Information Management

  1. How can users update their subscription information and personal information?

  2. How do you verify the identity of a subscriber who wants to update his subscription or personal information provided at registration?


  1. Outline the steps you’ve taken to secure your system against open proxies, open relays, and transmission of viruses, worms, Trojan horses, and so forth over your network or IP addresses.

  2. How do you secure your database containing email addresses and other information obtained at sign-up?


  1. Do you associate information collected through log files, cookies, Web beacons, or other tracking technology with individual email addresses?


  1. Does your email program fully comply with the CAN-SPAM Act, as well as with Michigan and Utah child protection regulations?

How did you do? If you’ve updated your email program to follow industry best practices, you probably came out OK. If you spotted a weakness, you can start working on it now.

In a future column, we’ll outline several of the most common failings these audits turn up and how you can overcome them before the auditors arrive.

As always, keep on deliverin’.

Want more email marketing information? ClickZ E-Mail Reference is an archive of all our email columns, organized by topic.

ClickZ Live New York Want to learn more?
Attend ClickZ Live New York March 30 - April 1. With over 15 years' experience delivering industry-leading events, ClickZ Live brings together over 60 expert speakers to offer an action-packed, educationally-focused agenda covering all aspects of digital marketing. Register today!


Kirill Popov and Loren McDonald

As director of ISP relations and delivery, Kirill Popov creates and enforces strict usage and anti-spam policies, maintains ISP and community relations, and oversees all abuse and policy investigations and inquiries for EmailLabs clients. Kirill works with clients on best practices, content, design, and list hygiene to minimize potential delivery issues. He's a registered member of the SpamCon foundation and representsEmailLabs on AIM's Council for Responsible E-Mail.

Loren McDonald is vice president of marketing at e-mail marketing automation company EmailLabs, overseeing corporate marketing activities and client consulting services. He has 20 years experience in marketing, consulting and strategic planning. Earlier, Loren was founder and president of Intevation, an e-marketing services firm specializing in e-mail and SEM. He's held executive marketing positions at companies including USWeb/CKS (marchFIRST), NetStruxr, and Arthur Andersen.

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Email newsletters delivered right to your inbox. Subscribe today!




Featured White Papers

A Buyer's Guide to Affiliate Management Software

A Buyer's Guide to Affiliate Management Software
Manage your performance marketing with the right solution. Choose a platform that will mutually empower advertisers and media partners!

Google My Business Listings Demystified

Google My Business Listings Demystified
To help brands control how they appear online, Google has developed a new offering: Google My Business Locations. This whitepaper helps marketers understand how to use this powerful new tool.



    • Website Optimizer - SEO, CRO, Analytics
      Website Optimizer - SEO, CRO, Analytics (Marcel Digital) - ChicagoMarcel Digital, an award winning interactive marketing agency established in 2003...
    • Director of Marketing
      Director of Marketing (Patron Technology) - New YorkDirector of Marketing We are seeking a Director of Marketing to manage and build our marketing...
    • Senior Interactive Producer
      Senior Interactive Producer (Ready Set Rocket) - New YorkWhat You'll Do As a member of our team, the Senior Producer reports directly to our...