> I am developing a service that sends email to registered users about
> upcoming events. I keep getting errors about my mails being bounced as
> spam. Even test emails I am sending to myself are getting bounced by
> my
> ISP. What procedures does a business need to go through to prove they
> are
> legitimate?
<NonTechnicalAnswer>
There is no silver bullet. To paraphrase an old adage, "one man's email
is another man's spam." The problem is that the definition of spam is
subjective. Some people (and software) will tell you that using certain
phrases ("Earn money in your sleep while increasing the size of your
manhood and losing weight by working from your home.") qualifies as
spam. Others will tell you that email you didn't specifically ask for
is spam ("Click here to receive mail from anyone that pays us enough
money to be loosely defined as a business partner"). Still more will
define as being anything they just don't want to read, regardless of
the source or reason for reception.
At work (not hofo.com), my employer sends out millions (no joke) of
emails a week through companies that have lists of email addresses that
supposedly meet one demographic or another. These companies have all
signed statements that affirm the lists were obtained "legitimately".
That is, these people knowingly (or unknowingly) checked (or unchecked)
a little box on a form somewhere that said "send me information about
something". Of course, I personally don't believe that all the
addresses are legitimate, there are just too many of them (but I also
don't have the pull to force the validation of these millions of
addresses). Some of the lists had to have had beginnings with address
harvesters. Or the user may have signed up for information from some
company back before privacy statements were de rigeur for websites. The
company sold your email address and interest preferences to someone
else, who resold it, ad nauseum.
Then again, my employer also sends email to people who went to our
website and filled out a form that said "I'm interested in this
product, send me information." They send something out right away. In
the absence of a sale, they also do a followup 60 to 90 days or a year
later (an accepted marketing practice), the person doesn't remember
they wanted information and cries foul. Thus it is spam, even though
the recipient initiated the one-to-one contact.
The best you can do is to:
- make all information requests obviously opt-in
- keep decent records of when the person asked for email (the lawyers
will come for you, trust me): their name, email address, IP address
used for the request, and timestamp.
- keep records of what you sent when to whom, matchable to when the
person asked for the information.
- make opt-out provisions obvious on the email and your website.
- be sure the opt-out solution is functional, and record these actions
as well - some people are cynical enough not to believe any opt-out
form is actually going to do so, but you can't not have it.
IMHO, I wouldn't even bother with the spam filter testing. The phrase
triggers and thresholds in SpamAssassin and the like are admin
configurable and thus subjective at the admin level. Bayesian filtering
(you gotta love it) is even more subjective, but better because this
can be done at the user level, and will in theory separate spam from
ham. In my experience with Bayesian filtering in OS X Mail, this can be
defeated by conversational phrasing or the latest trick, using a
paragraph of words that are legitimate dictionary words but aren't in
most people's common vocabulary. These words don't appear in the token
list from previous emails and skew the probability towards ham.
</NonTechnicalAnswer>
--
Howard Fore, [EMAIL PROTECTED]
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
