The amount of talk about spam in the industry is beginning to rival the amount of spam itself, yet no solution is in sight. Nor are many companies taking concrete steps to combat the spam problem, although most agree its proliferation threatens the very existence of email marketing.
As marketers go about their business without establishing a unified front, a number of firms are tackling the spam problem in a way that may further threaten legitimate email marketing. The companies in this column all filter people’s email. Read on to learn how to avoid getting caught in their traps.
ISPs such as EarthLink are touting anti-spam capabilities as a part of their marketing efforts. What you might not know is a company named Brightmail provides the technology that runs them. Brightmail filters email for 6 of the top 10 ISPs in the U.S., including MSN, AT&T, Verizon, and EarthLink.
Brightmail developed a patented system that corrals spam before it gets to the end user’s mailbox on the server. Spam is funneled into a separate mailbox people can check, to make certain no legitimate mail is caught.
Brightmail’s is an installed software system, rather than an ASP, so all email operations remain in-house at the client company — be it an ISP or a corporation trying to deal with its spam problem. Filtering criteria are changed all the time, updated remotely from the Brightmail Logistical and Operations Center (BLOC).
“Filtering rules need to change all the time. They may work right now, but the spammers’ goal is to go around that filter,” said Francois Lavaste, vice president of marketing at Brightmail. “Even if they are effective this week or this month, they won’t be for long.”
Information used to update those filters comes from a network of decoy accounts, or probes. After Brightmail’s employees post the addresses on Web sites and use them in discussion groups, the accounts lie in wait for spam. When it hits — as it invariably does, although the addresses aren’t used to sign up for anything — the filters are updated to block the rest of the spam “attack” before it makes it to all the other addresses protected by Brightmail.
It’s a system that produces few false positives, but Lavaste says legitimate marketers do occasionally fall into the trap. Why? Because they use what Lavaste calls “hybrid lists” — ones that have a number of opt-in addresses on them but have been padded with extra, non-opt-in addresses.
“There are gray situations like this one. I would recommend anyone who is buying direct marketing lists really inquires about the origin of the name,” said Lavaste.
MessageLabs, which began its life as a U.K.-based ISP, shifted its business model and relaunched as an ASP offering virus protection. In the last six months, spam has increasingly become a focus. The company has been working on enhancements to the spam-blocking products, expected to be unveiled in August.
“I’m seeing spam become a bigger and bigger deal,” said John Harrington, U.S. marketing director for the company. “When we first launched here in June, it was all virus, virus, virus. Slowly customers are affected more and more by spam.”
Although its approach is similar to Brightmail in many ways, it differs. First, email filtered by MessageLabs must be rerouted through the company’s servers, then it proceeds to the end user. Another major difference is the way messages are filtered.
“We’re using a combination of some filtering rules and patented technology,” said Harrington, “as well as blacklists and whitelists. Typically, anyone doing legitimate direct mail via email, if they’re doing it the correct way, they’re not going to show up on the blacklist,” said Harrington. “Our false positive rate is very, very low.”
The company uses MAPS’s Realtime Blackhole List (RBL) and other blacklists. Customers can also customize filters to suit their individual needs.
MessageLabs works primarily with corporations and claims to scan more than 7 million messages every day for over a million users worldwide.
Permission Technologies and its product, CleanMyMailbox, are oriented toward the individual user. It’s an ASP solution but doesn’t require users to reroute email to its servers. Instead, CleanMyMailbox “probes” people’s inboxes on their own servers, removing anything determined to be spam. That email goes into a “spam box” on the company’s servers, where users check online for legitimate mail and to tweak their settings.
The filters work in an entirely different way than MessageLabs’s or Brightmail’s. CleanMyMailbox looks for patterns matching those of known spammers. It looks for the addressee. If it’s to a large group of people, such as a BCC list, that throws up a red flag. After that, it scans headers in the email to see if it’s associated with a known open relay (a nonsecure server spammers use to send email). Then, it looks at subject line content, keywords such as “free” or “Viagra,” for example. The body of the message is examined next. Lines in all capital letters or with lots of exclamation points are noted.
All in all, around 300 factors are examined. If the “total score” is above a certain number, mail is thrown into the spam box. Users examine the messages caught there through their account on the company Web site and customize personal settings to better eliminate false positives. They can set the software to automatically accept mail from certain addresses or with certain words in the subject line, for example.
Getting past CleanMyMailbox, which officially launched last week, is a matter of avoiding the practices that would brand you as a spammer. Don’t use an open relay, don’t use “free” or “Viagra” in the subject line, and don’t use all caps or lots of exclamation points. Still, you may get caught initially. Be reliable and use the same sender name, so users will at least recognize you as a legitimate emailer and put you on their whitelist.
Still No End in Sight
Although all of these companies should be lauded for their anti-spam efforts — especially those working to distinguish spam from legitimate email marketing — none is perfect. (I’ve used two out of the three personally, and I still get spam.)
Filtering is only one piece of the puzzle. There’s much legitimate marketers can do to combat the problem. Chiefly, you need to make sure you know where the names on your lists come from. If you’re working with a partner to gather names, keep a close eye on her and make sure none of the names you receive generate complaints. If you’re an email service bureau, refuse to mail to any names for which you don’t have opt-in documentation.
Do you know any marketers, agencies, or service bureaus blazing new trails in the war against spam? Please let me know. At the very least, the industry needs to share best practices. Everyone will benefit.