According to Google, currently less than 0.05% of valid emails end up in Gmail users spam folders. (I might try and argue this statistic, but I’m only 1 of Gmail’s 900 million users, so I’ll leave that for another day.) Google’s goal is to make Gmail a spam free email client for its users. Currently, Google relies on its users to know when they’ve made a mistake and delivered a legitimate email into the spam folder, via the “Not spam” button or allowed a piece of spam to make it past the filters and end up in a user’s inbox – using the “Report spam” button. Google has now implemented a new machine learning process to detect spam trying to portray itself as legitimate email. While Google has always used machine learning, it now uses this more sophisticated neural networking approach to analyze incoming messages. Google stated that they will use the “same intelligence developed for Google Search and Google Now” to make their spam filtering smarter.
Google is trying to make it easier for companies to avoid having their email messages marked as spam or junk with its new Postmaster Tools for Gmail. The program allows ‘Qualified’ high-volume senders to have a look under the hood of how Gmail processes and filters inbound email messages and provides insight into delivery errors and feedback loops. The new filters will also be customized for each individual user to better understand how an individual Gmail user manages their inbox and the types of emails received.
What is a ‘Qualified’ Sender?
If you’re a spammer, you’re out of luck. Google’s Postmaster Tools will only be available to qualified senders who meet its reputation requirement. Once you are ‘Qualified’, you’ll be given access to a number of dashboards. This will show you how often users report the sender’s emails as spam, additional insight into the sender domain reputation and additional info on how Gmail treats their messages. This will definitely be a double edged sword. If you send emails that generate complaints, you will be downgraded and likely have the majority of email send directly to the spam folder without passing GO or collecting $200. On the other hand, if you send emails that generate very few complaints, you’ll have the ability to send your email messages into that coveted inbox the majority of the time without a problem.
If you are looking for ways to find new customers and increase sales, you may be considering the purchase of an email list. A simple search of Google will produce a plethora of companies who will be happy to take your money and provide you a list of email addresses that purport to be a specific demographic or contain email addresses of individuals who meet your desired criteria. In most cases, purchased email lists do not provide useful, valuable or even valid and deliverable email addresses. Worse still, beyond simply being ineffective, purchased lists can actually cause serious problems for your business. In hopes of convincing you to put your credit card away and not waste your marketing dollars on a useless, junk email list, let’s take a look at how these lists are built and then consider the kind of damage that they can do to your company’s brand and reputation.
Poor Quality Data
One of the fundamental problems with purchased email lists is that they’re riddled with defunct and undeliverable email addresses. This is because lists are often compiled by scraping the Internet for email addresses that are listed on websites, resulting in a high number of info@ and sales@ type role accounts that are unlikely to generate a response. Some companies also include addresses collected from things like online surveys, where people frequently provide fake or throwaway email addresses. In other words, purchased email lists are similar to junkyards, except they’re not filled with old rusting cars. Instead, purchased lists are littered with obsolete, undeliverable, old, dead and long-forgotten email addresses that will not help you land a single new client.
Low Response Rate
It’s obvious that sending your message to dead or junk email addresses will not help you win new clients or increase sales. There is a remote possibility that a purchased list will get your message into a few active inboxes. Chances are fairly high that the people who receive your message will not bother reading it or taking action on what you are peddling. The most likely action they will take, is to complain about it, delete it or send it straight to the junk folder, ensuring that all other email advertisements you send their way will receive the same treatment, without the need to ever see anything sent by you or your company ever again.
If you have ever received an unsolicited call from a telemarketer, usually around dinner time, and hung up before they managed to say four words, then you already know why emailing people who didn’t opt in for your emails is a terrible idea. People on your purchased email list will do just what you do with telemarketers: Before they even read four words of your subject line, they’ll have sent your email to the spam folder.
Damage to Your Brand
Getting bad data and having a low response rate are obviously negative aspects of using a purchased email list. But these are minor problems when compared to the severe and, in some cases, irreparable harm that using a purchased list can cause your company. If you send emails to a purchased list from your own mail server, you’re placing your business at significant risk. Many people are likely to complain about your email or route your unsolicited message to the spam folder. These things do significant damage to your brand and your reputation, increase the likelihood that your server will be blacklisted, and if your ISP thinks you’re using their connectivity and IP address to spam, can even put your ability to maintain Internet access in jeopardy.
Using an ESP to Send to your Purchased Email List
If you are thinking that you could purchase a list and instead of using your own email server, send messages out using an Email Service Provider (ESP), think again: Reputable ESPs will not allow you to send to purchased lists. Even if you managed to get a purchased list loaded into a reputable ESPs platform, chances are high that the deception would quickly be discovered, you would be banned and in search of a new ESP. As you might expect, there are some shady ESPs out there who will allow you to send emails to purchased lists. The reason for this is simple. They can charge you a much higher fee than normal but your lackluster results will be the same.
Tempting as it may be to purchase an email list in the hopes of getting your message out to thousands of would-be customers, the risks are simply too high. Purchased lists are filled with junk, junk that can have a very real and very negative impact on your brand and reputation. Worse still, these purchased lists can prevent you from being able to effectively operate your business. In short, if you are looking for a wise marketing investment, avoid purchasing an email list.
If you have already purchased an email list and have not sent to it, I’ll leave you with some sage advice. Find the list you purchased and highlight it by clicking only once on it with your mouse. On the right hand side of your keyboard you will see a group of keys which consist of mainly numbers. Just to the left of this group, you will see a small section consisting of 5 keys. In the top right corner is the “End” key. In the lower left corner is the “Delete” key. Press It.
Related Reading: Email Marketing – Don’t Be the Biggest Moron in the Room
Over the past few weeks I’ve received a large percentage of phishing emails that purport to be from American Express, although they are not. These emails are sent by scammers trying to steal user names and passwords from unsuspecting American Express card holders, so they can then access their account information and card numbers to use them for fraudulent purposes. Below is a sample of one of the many phishing emails I received.
Although it is pretty obvious to me that this email is not from American Express and is no doubt a phishing email, there are some recipients who are not so astute. If your mother, grandfather or someone new to the Internet or not paying close attention received this email, would they be able to tell that it was not sent from American Express? Would they click the link that looks legitimate and appears as if it would take them to the American Express website? Even though it will not take them to the real American Express website, will they unwittingly type in their user name and password on the fake site? Obviously a percentage of people do, because if they didn’t, these phishing emails would cease being sent.
Below is the header that was received with this email:
From: American Express [mailto:firstname.lastname@example.org]
Sent: Tuesday, October 09, 2013 12:15 PM
Subject: Fraud Alert: Irregular Card Activity
Based on the received ‘from name’ and ’email address’, it looks like the email was sent from American Express. It even has an aexp.com email address, which is the domain American Express uses to send emails from. It’s not that I blame American Express for sending this email, but rather American Express could easily stop this email from being delivered if they would simply fix their SPF Records. You might ask yourself at this point, how can you blame American Express if they didn’t send this email? Hang in there for 2 minutes and I’ll tell you. Let’s review a few details first.
OK, so what is an SPF Record?
An SPF (Sender Policy Framework) record is a DNS (Domain Name System) record which lists specific servers and IP addresses that are allowed to send e-mail from a domain, such as aexp.com. Correctly configured, this reduces spam and phishing activity that may be perceived to originate from a specific domain, that actually doesn’t, which is known as source address spoofing.
An SPF record is used for messaging security purposes. The SPF record enables a receiving email server to query DNS and determine whether the sending server is authorized to send from a specific domain. There are three ways in which an SPF record can be parsed and dealt with; such as hard fail, soft fail or neutral. The difference between a hard fail and a soft fail is how the owner of SPF records expects the message recipients to treat a spoofed message. When a neutral response is received, it usually means that no SPF record exists for the domain. Most email servers will accept an email with a neutral SPF response, but most SMBs and large corporations all have published SPF records.
Below is a list of SPF Records for aexp.com, which is used by American Express to send email.
“Spf2.0/pra a:phxamgw01.aexp.com a:phxamgw02.aexp.com a:sppim501.aexp.com a:sppim502.aexp.com ~all”
“v=spf1 ip4:126.96.36.199/24 ip4:188.8.131.52/24 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168 ip4:22.214.171.124 a mx a:sppim502.aexp.com a:sppim501.aexp.com a:phxamgw01.aexp.com a:phxamgw02.aexp.com ~all”
To simplify and make the records easier to decipher, I have broken down the formatted records into an easy to understand format.
Without getting into too technical an explanation of how an SPF record is configured, I’ll discuss and point out the failure. If you look at the last line in the SPF record detail above, you’ll notice ~all which is listed as a “Soft Fail”.
Understanding the difference between ~all Soft Fail and -all Hard Fail
A Soft Fail (~all)
If the email message from a domain comes from an IP address which is outside the IP range that is defined in the SPF record for the domain, the message will be accepted but marked in the email header. This is something you do not see when you receive the email. All properly configured email servers will accept an email tagged with a “Soft Fail”.
A Hard Fail (-all)
If the email message from a domain comes from an IP address which is outside the IP range that is defined in the SPF record for the domain, the message will be rejected.
How American Express has failed to protect its card members.
If American Express simply changed their SPF Record from ~all (Soft Fail) to –all (Hard Fail) these fraudulent, phishing emails, that appear to be sent from American Express, would be rejected at the recipients email server and never get delivered to the intended email recipient. Simply using ~all is tantamount to saying, here are all the possible servers that our email should come from, but if it doesn’t accept it anyway. Why even bother publishing SPF records if you’re going to override them with a ~all?
American Express has a section on their website dedicated to fraud prevention and protecting your information. They provide advice and a vast amount of information to help you protect yourself, but fail miserably themselves where it really matters.
In 2012 alone, losses from credit card fraud totaled $6 billion. Now who do you think pay’s for those losses? You are correct, we all do. If by simply changing a tilde (~) to a dash (–) or ~all to -all (Soft Fail to Hard Fail) American Express could reduce the number of phishing emails delivered and significantly reduce credit card fraud and losses due to stolen credit card information. Why wouldn’t American Express make this simple change? Don’t know? Neither do I.
“It is the obvious which is so difficult to see most of the time. People say ‘It’s as plain as the nose on your face.’ But how much of the nose on your face can you see, unless someone holds a mirror up to you?”
― Isaac Asimov