I’ve been called a lot of things in my life, but never “The Mailman”. When I hear that term I think of two things, first the guy that drives the little white truck and delivers the vast numbers of print catalogs to my house and second, I think of NBA great Karl Malone, known as “The Mailman” as he always delivered. In this case, however, the term “The Mailman” is being applied to me in a different context.

 

I am fortunate to have been selected by CRM magazine as one of their Influential Leaders of 2008, for the work that I and the team at Habeas have been doing to help save email. The title of their piece on me is “The Mailman”, thus the title of this post. I am truly honored to accept this prestigious award on behalf of the entire team (past and present) at Habeas.  The article praises Habeas for being thought leaders in the drive to educate marketers and email senders about best practices in email through such initiatives as ReputationWiki.org and our participation in industry forums likes AOTA as well as our work with our valued partners such as Lashback, BoxSentry, Campaigner, Summit Projects and many others. We’ve made it part of our mission statement to “save email” and a huge part of that is market education to email senders about differentiating themselves from spammers by adopting best practices in email (e.g., obtain recipient consent, relevant email, prompt unsubscribe, etc.).

 

This award comes at a very interesting time in my life and the company’s history. As I write this post I’m also multi-tasking by completing the very last byzantine details on the Habeas-Return Path merger. So, yes, Habeas and I are being recognized as industry leaders in email reputation management and delivery simultaneously with the company merging into Return Path. 

 

I admit the timing has a bit of irony, but in the big picture I think this award from CRM magazine is further validation of a few key things that drove the merger:

 

First, over the last several years email has made a strong resurgence as a marketing communications medium.  Both consumers and businesses love and prefer the medium above any other for their interactions.  I’ve written about our consumer research with Ipsos and Erick Mott has written about our business research with the EIU's "Digital Company 2013" initiative which supports this assertion.

Second, evangelism of best practices among email marketers is a huge part of what today’s email ecosystem needs. Organizations like eec, AOTA, MAAWG, and others are playing a big role in sender education. But many email sending organizations need more than a list of best practices – they need the rigor, analysis, process evaluation, consulting and performance monitoring provided by email deliverability and reputation service providers like Habeas and Return Path.

Third, email has become critical as a business to consumer communications medium across most verticals in the U.S. (retail, travel, automotive, etc.) and Europe and increasingly in the huge market of Asia as well.

 

We at Habeas are very proud of this award and I am very proud to be associated with the merged Habeas and Return Path. As of August 22, 2008, Return Path has the team to take the mission, saving email, and the company to the next level – evangelizing best practices to senders across industries globally, enabling consumers to have a better inbox experience and supporting the continued healthy growth of the email industry directly and through an extended network of receiver partners.  It’s going to be great to see email’s continued growth in the next couple of years – the Return Path team will continue to work hard to make sure the (legitimate) mail is delivered!


A special thanks to every Habeas employee since Day 1 (alphabetical order):

Tracy Amador, Bradley Anderson, Jeffrey Anderson, Joshua Barrack, Kristine Beebe, David Bernard, Robert Biala, Michael Bierman, Srinivas Bolisetty, Jessica Bowe, Keith Brown, Chris Brubaker, Jennifer Bumb, Michael Cabbell, Des Cahill, Eloise Carlton, Richard Castello, Carlo Catajan, Denise Cattan, Faith Combs, Joe Cordoni, Monica Coriz, Nicole Curutchet, Rajat Dutta, Larry Ellis, Ray Everett-Church, Kristin Fawns, Jennifer Fery, Mandy Fu, Michael Garcia, Liz Gegenwarth, Carl Gutenkunst, Sharon Haahr, Virginia Hammrich, Cynthia Herrera, Matt Herrera, Shawn Higginbotham, Tifaine Highly, Bill Hunt, Franz Hurtado, Anthony Igwe, Parul Ihde, Courtney Kerns, Carolyn Keyes, Charlie Kim, Jon Kingsting, Bryan Klech, Mike Klein, Sudhir Krishnan, Aleisha Lang, Brett Lemoine, Deborah Leyvas, Ky Lim, Quintin Litten, Steve Lozoya, Nigel Marrion, Michelle Marsh, Art Martinez, Alisa Matsuzaki, Sarah Matthews, Mike Mills, Anne Mitchell, James Moore, Erick Mott, Dharmendra Naik, Tara Natanson, Satish Natarajan, James Navin, William Nicholas, Donald Nordloff, Elaine Orgain, Scott Orgish, Farzana Patel, Manisha Phadke, Stefan Pollard, Beatrice Poulsen, Erin Raby, Venkatraman Ramamurthy, Catherine Ramos, Lianne Reynolds, Goody Riley, Michael Rosenberg, Ramie Salameh, Carol Sarracino, Theodor Schricker, Aparna Seetharaman, Nicholas Shackelford, Roshan Sharma, Charles Skinner, Philip Smith, Josh Stivers, JF Sullivan, Chuck Swenberg, Alfiya Tamayeva, Tom Taylor, Jaysree Thakore,  Mark Tognoli, Qarin Van Brink, Xuyen Vuong, Douglas Warren, Brady Wilkes, Huiwen Wu, Kalyan Wunnava and Chris Zutler

We had another great turnout and discussion during this week's Habeas Huddle webinar. I had the pleasure of presenting with Jeanniey Mullen, founder of the Email Experience Council and CMO of Zinio, David Daniels, VP of JupiterResearch and Des Cahill, CEO of Habeas.

Key Takeaways to Consider:

1) Email and the Web will continue to maintain their leading positions as preferred communication channels through 2013, despite the rise of fast-growing channels like web meetings, social networking, blogging, instant messaging and video conferencing.

2) Email is proven, scalable, cost effective and is not going to go away; it's core to your digital company's success.

3) Users have growing concerns about becoming victims of fraud via email and the mobile web. However, users do prefer emails and make purchases online from businesses they trust.

4) Embrace customer empowerment online and their need for control and certainty, or risk losing customers and your competitive position.

5) Email reputation management absolutely helps to ensure email trust and online results.

We also received a number of questions from attendees; here's some Q&A to consider:

Q: How do you know if you have a good 3rd party reputation?
A: From a receiving perspective, we recommend you do a free Reputation Check that takes Habeas 24 hours to complete; this is also referred to as an email blacklist check.

Q: Do you have any tips for the 55+ market or trends with senior audiences?
A: Like any audience you're trying to engage and serve, know their hot buttons and communicate with them based on their expectations. Font sizes, content and creative should be easy to read since vision tends to decline as we get older.

Q: Should I send weekly emails?
A: It depends! Simply put, every customer has unique needs and expectations. Habeas suggests setting expectations upfront and using a preference center to help understand and segment needs that can then be applied in your email and outbound strategy. Operate with the recipient in mind.

Q: With email trends growing, at what point do internet users become overwhelmed, desensitized and apathetic to content?
A: Email is growing because of demand. Like anything, it's difficult to say when a good thing is too much -- but internet users have options to request and filter content via email, and are more empowered to hit the "this is spam" button.

To ask Habeas experts specific questions about your email strategy, operations and programs, please contact us and we'll do our best to provide useful information.

If you haven't already done so, take advantage of and share the on-demand webinar. Don't forget to download the new white paper just published by the Economist Intelligence Unit -- research that was co-sponsored by AT&T, Concep Global, Habeas, Nokia, PwC, SAP and WebEx. The webinar and white paper are free, factual and will likely spur some great ideas and content for your 2008 planning and execution. Stay tuned for more great content.

The final iteration of the CAN-SPAM Act regulations take effect this week, so this is as good a time as any to review the requirements of the law and to make sure the latest twists given by the Federal Trade Commission (FTC) are baked into your email, web, e-commerce and/or marketing operations.

 

The basics of the CAN-SPAM Act remain the same as they were under the interim regulations:

1. Do not have false or misleading header information or deceptive subject lines.  When you send email, the "from," "to," and email routing information must be truthful and accurately describe the entity who is initiating the email. The subject line must also accurately reflect the contents of the email.

2. Identify the message as an advertisement. Every commercial email must include clear and conspicuous notice that the email is an advertisement and that the recipient can opt-out of future messages.

3. Include a valid return email address or other Internet-based method for receiving and processing opt-out requests. You must give recipients a simple means of requesting to be removed from future mailings. This can be done via email, or through a link to a single web page. The mechanism must be functional for at least 30 days after the email is sent and requests must be processed within 10 business days.

4. Include clear identification of the sender's identity, including a valid postal address.

 
What's new under the new rules?

 

There are four main issues addressed, or clarified, under the final regulations issued a few weeks ago:

 

1. The opt-out mechanism must not require recipients to pay any fee, must not require recipients to provide any information other than their email address, and must not require any steps other than sending a reply email or visiting a single web page. In addition, the FTC made clear that if you utilize an opt-out web page, it cannot contain additional advertisements or exhortations not to unsubscribe. This may require some email marketers to change their current unsubscribe practices, particularly if they ask recipients to log in or to navigate through multiple pages to process the request.

2. In the case of emails sent on behalf of multiple advertisers, the FTC provides guidance on creating a "designated sender" in order to simply the notice, unsubscribe processing, and other compliance obligations. The designated sender will be the entity responsible for ensuring prompt opt-out processing, and ensuring that all of the advertisers receive copies of the opt-out (suppression) list for future mailings.

3. A post office box or private mailbox, if otherwise operated in accordance with postal service regulations, can be considered a valid postal address under the Act.

4. When the Act talks about a "person," that includes natural persons as well as corporations, associations, and non-profit entities.

Finally, if your site includes a "Refer-A-Friend," "Forward to a Friend," or other similar process, the FTC provided some lengthy guidance about how it will look at such emails in terms of compliance with the CAN-SPAM Act. For example, the FTC made clear that any site, product, or service that is advertised in a "refer-a-friend"-type message may be deemed the sender of that message if the person "induces" its transmission.

 

The FTC did not provide a definition of "induce," but they did indicate that a payment or other consideration wasn't a necessary  requirement of an inducement. The FTC's discussion on this point is very lengthy and I won't try to summarize it all here. But suffice to say that if you depend on "refer-a-friend"-type mechanisms, you will need to consult your legal counsel regarding changes you might need to make in order to ensure compliance.

 

While Habeas cannot provide you with legal advice, we certainly can assist you in reviewing your email reputation management and deliverability strategy and practices with various legal and industry best practices in mind. Our advisory services team is happy to help you fortify your online strategy and brands, and stay off email blacklists!

The Habeas team returned from this year's Authentication and Online Trust Alliance (AOTA) Summit in Seattle, and by most measures it was a roaring success.

As with past AOTA Summits, this year's featured a wide array of top-tier speakers, including Craig Newmark from Craig's List, former cybersecurity czar Howard Schmidt, and Washington State Attorney General Rob McKenna.

Even at a time when travel and conference budgets are being slashed, the turnout for the AOTA Summit was great, with a tremendous mixture of brands, vendors, service providers, and current/former government officials.

There were also a number of excellent sessions covering the latest technologies and best practices in authentication, email security, and deliverability. We're proud to say that Habeas and some of our customers presented in several sessions, including at AOTA's first Email Deliverability and Trust Academy.

In this post are assembled some random thoughts and comments from several members of the Habeas team who participated in the event. Here are some of the most noteworthy observations:

The deployment of email authentication continues to grow, but it remains a daunting task. In January, AOTA reported that over 50% of email is authenticated in some fashion. These figures were confirmed at this month's Summit, and most of the attendees at AOTA are from companies that really understand the urgency and importance of authentication. The problem is not with the companies whose representatives are involved in AOTA or attending these conferences, rather it's with the thousands of companies who weren't there and who don't yet see authentication as a critical brand protection and reputation protection measure. Thus, some of the most interesting and difficult conversation topics at the summit were around how to grow that number.


There remains a great deal of tension between email senders and receiving ISPs regarding who owns the consumer relationship at the inbox. One attendee made the point that the existence of the "This is Spam" button makes it difficult for a sender to get more useful preference information from their customers. For example, perhaps a recipient really only wants to receive such messages monthly rather than daily or weekly. It's difficult to get a recipient to consider such a choice when the Spam button is glowing in their face.

 
In many of the sessions, we saw continuing evidence that deliverability remains a significant challenge for many major brands, in large part because it can be a very imprecise science. Even when companies employ the very best practices, the difference in how various ISPs assess reputation continues to make reliable deliverability a challenge. For example, SPF records may have a great deal of weight at one ISP, while DKIM signatures have more weight at another. Content filtering may also see a resurgence for ISP to ISP email due to some problems with hackers breaking the "CAPTCHA" process and automatically creating accounts for spamming. All of this points, yet again, to the importance of comprehensive and ongoing reputation management.


Adding further confusion to the deliverability landscape is the proliferation of "best practices" documents and recommendations. With recommendations out there from the DMA's EEC, the ESPC, MAAWG, the IAB, and others, it will be increasingly difficult for senders to stay on top of what "state of the art" actually means. If there's good news for Habeas customers, however, it's that we stay on top of these for you. More importantly, we are very involved with these organizations, and others, and continue to work to resolve any discrepancies and contradictions between all of these standards.


We closed the event with a fabulous group dinner at “The Met” including our customers Sal Tripi from Publishers Clearing House and Sean Walker from The PGA -- and were joined by Craig Spiezle from the AOTA board, members of the team and a few industry friends.


The AOTA Summit continues to be the premier event focusing on authentication issues and technologies. But even though the event is over, the challenges being addressed by the members and attendees continue. Habeas is proud to be helping AOTA drive the effort to get everyone to "Authenticate in '08!"


As always, Habeas Advisory Services and our extended team are happy to help you and your organization with email reputation management and inbox deliverability strategy and execution to achieve your business goals.

Wednesday, May 14, 2008

By: Ray Everett - Church

After four years of drafts and discussions, the Federal Trade Commission has approved the Final Rule - the enforceable implementing regulations - that say how the FTC will be enforcing the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act).
 
The Final Rule was issued by the FTC on Monday, May 12, and will be published in the Federal Register, most likely within the next week or so. They will take effect 45 days after their publication. You can find a copy (http://www.ftc.gov/opa/2008/05/canspam.shtm) in PDF form at the FTC's website.
 
(Obligatory disclaimer: The information contained in this blog posting is not intended to serve as legal advice. If you have any questions about compliance or liability, you are urged to seek appropriate legal counsel.)
 
The entire federal register notice is 109 pages long, although the rule itself is only six pages of that. The rest of the document is a lengthy but incredibly informative discussion of all the feedback they received during the process and an explanation of why they did or did not choose certain approaches.
 
The rule itself sets out four main issues that will affect senders of commercial email:

* The FTC clarified that when the law uses the term "person," that will include not only individual human beings, but also corporations and non-profit organizations.

* To satisfy the Act's requirement that commercial email display a "valid physical postal address," a sender is allowed to use an accurately-registered post office box or private mailbox, so long as it is established under the applicable United States Postal Service regulations for such services.

* An e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than "sending a reply e-mail message or visiting a single Internet Web page" to opt out of receiving future e-mail from a sender.

* The definition of "sender" will be modified to include a means of creating a "designated sender" who will be responsible for complying with the Act in those situations where multiple parties may be advertising in a single e-mail message.

The first two points are neither earth shattering nor controversial. But the same cannot be said of the other two, or of the many issues which the FTC chose to discuss in its notice but on which it ultimately chose to punt rather than issue regulations.
 
Prohibiting the charging of a fee to be unsubscribed is a no-brainer. But by prohibiting the asking of additional information, which would include usernames and passwords, could mean some changes for how sites handle the unsubscribe process.
 
Moreover, the discussion makes it quite clear that the FTC will not look kindly upon any process that takes more than one page, or fills that page with other advertising or marketing pitches. A big flashing banner that says "Please don't unsubscribe!" will definitely not be allowed on the unsubscribe page. Whether you could place some kind of appeal on the landing page after the unsubscribe request itself has been processed is not clear in the discussion by the FTC.
 
The biggest news in this Final Rule, however, is how the FTC chose to modify the definition of "sender" in response to many inquiries about multi-advertiser messages. They added to the definition of "sender" to clarify that:
 
"...when more than one person's products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act's definition will be deemed to be a "sender," except that, only one person will be deemed to be the "sender" of that message if such person: (A) is within the Act's definition of "sender"; (B) is identified in the "from" line as the sole sender of the message; and (C) is in compliance with [the Act and the FTC's Final Rule]."
 
In creating the concept of a "designated sender," the discussion in the notice indicates that the FTC intends that the "element requiring identification of the person in the "from" line [be] mandatory."
 
Under the Act, the "from" line (the line identifying or purporting to identify a person initiating the message) must accurately identify any person who initiated the message. So when taken in conjunction with this change, the FTC seems to be requiring  that there be at least one entity accurately identified in the "from" line and they're probably going to presume that that entity will be deemed to be sender.
 
Applying this process to an example, let's say a newsletter publisher "PublishCo" sends an advertisement containing promotions for Company A, Company B, and Company C. Under the originally proposed definition of "sender," all four entities could be considered a sender, and thus all four would be responsible for ensuring CAN-SPAM Act compliance.
 
But under the Final Rule, the FTC would allow PublishCo to be the "designated sender" to be responsible for all compliance tasks, no matter how many advertisers appear in the body of the message.
 
To be the designated sender, however, PublishCo would need to be accurately identified in the "from" line, include their physical address in the body of the email message, and provide one of the two designated opt-out mechanisms (e.g., "sending a reply electronic mail message or visiting a single Internet Web page").
 
It's important to note that the rule does not require that there be a designated sender. The FTC discussion indicates that having an entity identified in the "from" line is "mandatory," but the discussion goes on to indicate that the rule:
 
"does not eliminate the possibility that a message may have more than one "sender." However, marketers can use the criteria set forth in the proviso to establish a single sender and reduce CAN-SPAM's compliance burdens. If marketers fail to structure the message to avoid multiple senders under the sender definition, then each sender is obligated to comply with CAN-SPAM requirements for senders, notably, to provide its physical postal address and to honor any opt-out requests."
 
In other words, if you don't have a designated sender, every advertiser appearing in a message could be deemed a sender and be responsible for processing unsubscribes and sharing suppression lists with all other senders. In a newsletter containing ads for a half-dozen advertisers, this could rapidly turn into a compliance mess, with each and every one of the advertisers liable for ensuring that all the collecting, processing, and trading of unsubscribe lists with all the other advertisers occurs without a hitch.
 
Under our example above, if the email "from" line did not indicate a single designated sender and instead provided something less definitive (e.g., "A_Consortium_of_Fine_ Businesses@PublishCo.net"), then all of the advertisers in the message could still be considered "senders" under the Act and be responsible for not only its own compliance but the compliance activities of every other "sender" on that message.
 
There's also another twist to this. In order for PublishCo to meet the Act's definition of a sender, it would need to be considered as advertising in the message. This requirement could be met with something as simple as including the words, "For the best in new products and services, come visit PublishCo.net." Without some content that could be clearly considered advertising for itself, however, PublishCo might not fulfill the legal definition of a sender and leave all the other advertisers on the hook.
 
The decision about whether to be a designated sender is one that a company like our fictional PublishCo will have to make with its legal counsel. But it might make sense for PublishCo to step up and be the entity identified as the designated sender, placing their address in the "from" line, their contact information in the message body along with their unsubscribe process, allowing PublishCo to take on the tasks of providing consumers with the opt-out choices, and in turn providing each advertiser with the suppression list arising from that campaign. For most ESPs or publishers, this could mesh well with the existing value-added services such organizations already provide.
 
Taking on this role as the designated sender would also allow PublishCo to offer choices to subscribers about exactly which advertisements they want to receive. While we noted that the FTC expects the unsubscribe process to be simple and unencumbered with additional advertisements or appeals, the law does still permit offering an array of choices.
 
Simplifying the compliance process by having a "designated sender" may help avoid legal problems, but it can also help email deliverability. Think of our example above with three advertisers and a publisher. If all four entities were considered senders, each with its own boilerplate disclosures and opt-out processes, a consumer receiving such an email might be confused about whether they might need to follow four different unsubscribe processes in order to effectively communicate their desire.
 
Some less-than-reputable advertisers might rejoice at such a prospect: by making the unsubscribe process cumbersome some recipients might be dissuaded from doing so - or so the theory goes. But in the end, it is really all of the senders who will wind up as the ultimate losers.
 
When faced with a confusing or cumbersome process, consumers will take the path of least resistance and click the "Report Spam" button or report the senders to email blacklists. Anything that drives consumers to click the spam button is among the most damaging things a sender can do to its email reputation.
 
At Habeas, we have long encouraged the customers of our online reputation management services to adhere to prevailing email industry best practices. Foremost among those is compliance with the CAN-SPAM Act, including making sure that the unsubscribe process is clear and simple.
 
At the end of the day, if a consumer is no longer interested in your email, you want to get them off your list as quickly - and from the consumer's perspective, as effortlessly - as possible, in order to avoid being labeled as spam and harming your email reputation.
 
Finally, it is worth noting that the FTC decided not to address a number of other thorny issues in the regulations. But the Federal Register notice does include some useful, if lengthy, discussions of many of those topics and provides some insights into how the agency might rule if pressed on those points.
 
Among the other topics discussed are: CAN-SPAM's definition of "transactional or relationship message"; the Commission's decision not to alter the length of time a "sender" of commercial e-mail has to honor an opt-out request; the Commission's determination not to designate additional "aggravated violations" under the Act; and the Commission's views on how CAN-SPAM applies to forward-to-a-"friend" email marketing campaigns.
 
The viral "tell a friend" email model, in which someone either receives a commercial e-mail message and forwards the e-mail to another person, or uses a Web-based mechanism to forward a link to or copy of a Web page to another person, is a hallmark of today's hottest social networking websites. The FTC declined to wade into regulating those kinds of emails, but they took pains to explain that, as a general matter, if the seller offers something of value in exchange for forwarding a commercial message, the seller must comply with the Act's requirements, such as honoring opt-out requests.
 
At the end of the day, for those familiar with the regulatory process, it's not surprising that this one has produced a set of rules that raises almost as many questions as it answers. We will undoubtedly see a number of additional inquiries to the FTC seeking further advice as companies explore how the Final Rule affects their particular ways of doing business.
 
But the good news for senders is that the new FTC rules will probably not have a significant adverse effect on senders who are already following the industry's best practices recommendations.
 
For those Habeas customers who are already utilizing our online reputation management services, our deliverability analysis and auditing process will be updated to reflect the guidance provide by the FTC for CAN-SPAM Act compliance. (Should you have any questions about your compliance practices, your customer service rep can provide you with further information.)
 
In the meantime, all email marketers should assume that the 45-day compliance clock is running and that they will soon be held accountable under the new regulations. For some senders, these new regulations will require changes in how they process unsubscribes or manage multi-sender campaigns.
 
To tackle these and other compliance questions, senders should consider a Compliance Analysis by the Habeas Advisory Services team, in which experts from Habeas review your CAN-SPAM Act compliance practices and make recommendations for reducing your risks. You can contact Ray Everett-Church <ray@habeas.com>, Director at Habeas, for more information.

Wednesday, April 23, 2008

By: Des Cahill, CEO

 It's an exciting time in Silicon Valley and spring is in the air. The fruit trees, the ones that haven't been replaced by buildings housing start-ups, are in full blossom. Habeas' headquarters are located just a stone's throw from such iconic companies as Google, Apple and In & Out Burger. The ongoing tussle between Yahoo! and Microsoft is keeping the Valley blogs buzzing. Judging by the recent San Francisco ad:tech and Google's earnings report, Silicon Valley companies in the interactive marketing space are not feeling the effects of any recession. The energy and optimism of the Valley springs eternal.
 
And it's truly an exciting time at Habeas. We're growing our customer and partner base rapidly -- revenue growth for 2008 is more than 50% year over year. We hit or exceeded all our financial targets in the first quarter of 2008. Habeas recently announced partnership deals with eleven and Cloudmark to extend our SafeList coverage and reputation data network. We've launched major enhancements to our software platform to deliver blazing speed, add new reputation data sources and increase overall capacity for our growing customer base. While I could look back in amazement at the progress in the company from 4.5 years ago when Chuck and I re-started the company (we used to have a haiku?), there isn't any time for that. We're too busy looking ahead. And what we see is exciting.
 
Online reputation management (previously known as: accreditation, whitelisting, email deliverability...) is ever more critical in a world where the Internet and email have increasing importance in the global economy, yet online crime and exploits like spam, phishing, keylogging and malware continue to grow. We're proud to be the only company solely focused on online reputation management services. We've successfully been building a trusted brand, great group of employees and a sophisticated reputation network and technology platform since 2003.
 
There's been some chatter about Habeas as of late. Here's the deal. Habeas, like some of our competitors and many leading email companies, is venture backed. Venture backed companies talk to each other all the time about partnering, investing, etc. Those discussions are often facilitated by investment bankers. Habeas is working with a firm called William Blair. They're helping us look at our options to finance the continued growth of our business. There are many options available to Habeas to do so and these guys are the experts -- they know email and SaaS (software as a service) business models. William Blair has worked with Constant Contact on their recent IPO as well as the S-1 filings of both Exact Target and Convio.
 
Those projects that William Blair has been involved in underscore a key point -- email and interactive marketing industries are hot areas now and going forward. Habeas believes in the current and long-term importance of reputation services to the overall health and sustainability of the email and interactive marketing industries. We're proud to be a unique leader in this area and to be managing the growth and capabilities of the company to best serve our customers and partners. Onward!

Thursday, June 28, 2007

By: J.F. Sullivan, VP Marketing

Just to put this blog in perspective I should confess that I always love seeing Maureen Caplan Grey in print, as she is always insightful and always informed. When reading her recent article entitled, "Will honest mail ever prevail?" she highlighted a need for a definition that still remains unfulfilled.
 
What *is* the definition of an email reputation?
 
Much like anti-spam tools in the early days of 2002, the definition of reputation services varies greatly amongst the vendors described in her article. Let's break them down if only to further the discussion - and perhaps stir up a bit of controversy in the process!
 
First are the reputation services you already know. Anti-spam technologies and edge-of-network solutions that protect you from incoming spam. Many of these solutions are leveraging and/or creating reputation technologies. However, with no intent of malice, one could classify these as "negative reputation" systems. In that, they are observing much of what is "bad" on the Internet and therefore they are able to assess a negative reputation with a variety of senders and sending systems.
 
A close cousin of these anti-spam systems are the more popular blocklists (colloquially termed blacklists) which identify spammers or senders who look a lot like spammers either by using spam trap email addresses or other creative detection mechanisms. One could say that these are an unadulterated version of negative reputation systems.
 
In another camp we have the large ISPs who are developing their own proprietary reputation systems - such as the one Hotmail recently announced. These systems are designed around a number of parameters but are HEAVILY weighted towards complaint rates. Hence, while a sender may appear good in all other respects, if complaint rates are too high, the sender will earn a bad reputation and be blocked from the inbox.
 
On the other hand, the reputation service providers such as Habeas, as well as our e-marketing based counterparts at Return Path, have a more holistic view of reputation. Given that both companies began as public Internet whitelists, they were already complementary approaches to anti-spam and blocklist services. More recently however, we at Habeas see our reputation systems evolving beyond the purely positive, i.e. whitelisting, towards more of an aggregate view of reputation. By observing hundreds of millions of senders daily, their infrastructure, practices, and sending behaviors, we are able to attribute a multi-faceted reputation to a sender that takes into account a whole host of factors.
 
While we're on the topic of these cottage industries, I am on record as stating that I can certainly understand why some senders would want to invest in Goodmaill to pay for guaranteed email rendering at AOL, Yahoo and four other ISPs. That being said, as a technology, Goodmail Systems has nothing whatsoever to do with reputation systems, services or technologies. Anyone who states otherwise is just trying to include them in conversation for PR...utterly shameless I should think!
 
Finally, I find that the ESPC and MAAWG, (i.e., the Email Sender and Provider Coalition and Messaging Anti-Abuse Working Group ) while certainly furthering the conversation around reputation services, are better characterized as interested bystanders than organizations that are driving standards. For an organization that is truly driving standards, interested parties should check out the Domain Assurance Council which was founded by Habeas, Return Path and Ironport (now Cisco) to drive standardization around reputation information access.

Monday, June 25, 2007

By: J.F. Sullivan, VP Marketing

Recently, a new type of spam surfaced. The content was the same old penny stock pump and dump scam we've seen millions of times. But this time, the content was in a PDF attachment, not the body of the email.
 
Frankly, this was inevitable.
 
Spammers are going to use whatever means necessary to get their message across. The fact that they are using PDF attachments, something assumed to be innocuous and trustworthy, is no surprise. Frankly I'm astonished they haven't resorted to .PPS files to show cheap animations for their spams via PowerPoint!
 
Now here's a question: since the anti-spam vendors have to filter the content, why weren't they doing the same for the attachments? A few possibilities are that PDF scanning:
 
a) oversteps the bounds of what is considered private communications
b) makes it difficult to analyze content
c) is very, VERY costly
 
No doubt the truth is a combination of the aforementioned, but the last is certainly a major contributor. Consider that on a moderately configured system, spam detection and commensurate flagging of the message can reduce performance by an average of about 30 percent. What does doing this for attachments mean?
 
A LOT of increased processing and decreased message throughput is my guess. So perhaps the next field of battle is spammers forcing security systems to chew up so much processing time that the war of attrition moves to the equivalent of a DDoS (Distributed Denial of Service) attack?
 
Ugly indeed.
 
Seems to me, the move towards email behavior analysis and reputation systems for managing inbound mail is more important than ever. Beyond the fact that Habeas has evolved our business to be a source of reputation information - why would we argue this? Simply because the more we move away from filtering and towards an examination of the activity and behavior of a sender, the more efficient our receiving systems will be. Moreover, the more difficult it is for spammers to hide, the easier it will be for legitimate senders to reach the inbox.
 
After all, anything can paint itself pink and stand one leg like a flamingo. But, if it walks like a duck and quacks like a duck, you can be pretty darn sure - it's a duck!

Tuesday, June 19, 2007

By: Des Cahill, CEO

"Road Noise" was the title of an audio journal I made during a long and interesting car journey through the Pacific Northwest sometime in the late 80's. The exact date and route is somewhat fuzzy. I visited various relatives and friends in Northern California, Oregon and Washington during that epic journey - and the tape has achieved mythic cult status amongst this group. Who can forget the interview with the sorority sisters in Eugene or the entry from I-5 just north of Medford when we nearly got clipped by that semi?
 
Well, I'm resurrecting the brand. Road Noise is appropriate as I've been traveling a lot this last month. MAAWG in Dublin, then a quick jaunt to London for eTail and hop over the pond to New York for the Stevie Awards last week. DM Days in New York this week. And more to come in July with the FTC Spam Summit in DC. Once again, it's all a little fuzzy. So here's a Road Noise post on these past few days in New York and DM Days. It'll help me remember the key happenings and hopefully provide an interesting perspective for you.
 
Ahhhh, New York City in the early summer. Warm weather. Times Square. Street vendors. Food carts. Groups of tourists. Throngs of tourists. Tourists everywhere. Buses and hotels full of them. All from Europe or Asia - yes, the falling dollar has made $500. hotel rooms a bargain if you're paying in pounds, yen, or euros. New York is a great place to be in June, but it isn't a place to seek solitude.
 
But if you're in the online marketing or email business, then a great place for some alone time would've been the Jacob Javitz Convention Center where DM Days was being held. The conference was fairly well attended, but it wasn't an INBOX level affair. 95 percent of the vendors and attendees were in the off-line list business. There was a small interactive enclave, but the only friendly faces I saw exhibiting were FreshAddress and ListTrack. There was an all-day email 101 track that Austin Bliss was running, and he was kind enough to invite me to present at one of the sessions on compliance and best practices. It was well attended and reminded me that there are a lot of email marketers out there who don't know about authentication or reputation, and are still trying to figure out best practices basics. There is still a lot of education and outreach to be done through the AOTA, ESPC, MAAWG and of course, the DMA.
 
So, I give a bleak review of DM Days. This morning, I pointed out DMA's lack of relevance to online marketers to someone in the industry. "Why doesn't the DMA 'get' interactive marketing?" I said, "ad:tech is eating the DMA's lunch with their conferences." My breakfast guest pointed out that the DMA, unlike ad:tech, does more than conferences. It covers a broader spectrum of marketing activities and does extensive policy work and outreach through its lobbying efforts. He pointed out that the DMA may not be the best at representing best practices standards in email or online marketing but, "the DMA is a lot like the U.S. It's imperfect, it's powerful, it's influential and until someone or something else comes along, it's the only game in town."
 
Great line I thought.
 
So if the fear of being surpassed by Japan motivated U.S. economic and educational reform in the 80's, and fear of being surpassed by China may yet motivate the U.S. to be more globally competitive in the latter part of this decade - who is going to motivate the DMA to get more attuned to the radical shift in marketing dollars to the online world?

Thursday, May 3, 2007

By: J.F. Sullivan, VP Marketing

Recently, a customer of ours had to be suspended. They were suspended because they appeared on the ROKSO blacklist. For those of you who don't know what this blacklist is, suffice to say, it's the kiss of death in the email delivery circle. Essentially, appearance on this list means that the sender as been officially blocked by at least three (and counting) ISPs having been, in their measurements, identified as a spammer. The policies that guide this kind of transgression dictate that the customer would be suspended for a long, long time. How long you ask? The suspension would be a minimum of six months from the point that contact has been established as fixing whatever problem lead to the listing.
 
Holy Unspam Batman!
 
As it turns out the reason that they were identified as a spammer was because - drum roll please - they had decided to no longer use a range of IPs that they had traditionally used to send email. These IPs were no longer under their control so the real Spammers, opportunistic predators that they are, almost immediately co-opted these IP addresses. The Spammers then them to generate an armada of spam messages before the customer in question was locked down. The customer was locked down because the IP addresses were associated with them for so long that those IPs were now part of their reputation profile. Unfortunately, practices such as this are becoming more and more commonplace.
 
Not to go off on a rant here but it sure seems like this is, yet another, classic example of folks not monitoring their reputation at all times. Perhaps, it's an even better example of folks not keeping in mind what goes into a reputation. We all know that the complaints and sending behavior are elements of your online reputation but consider that, at least in this example, neither complaints nor sending behavior is directly attributable to the customer in question. What happened was a combination of forgetfulness, non-automated processes and identity theft. The net effect was the catastrophic listing on ROKSO.
 
So could reputation monitoring have absolutely prevented this situation? Perhaps not, but certainly putting instrumentation in place which keeps track of your IPs and domains is a start. Also, services which alert you of impending problems either with your servers as well as your ISP blocking issues would be good idea. Finally, perhaps a dashboard that continuously updates the various activities of the Internet that affect your reputation, and just what is going into your reputation, would useful as well.
 
Point is, do not take this noise about reputation monitoring lightly, the bite is much worse than the bark!

Wednesday, May 2, 2007

By: J.F. Sullivan, VP Marketing

For months now, vendors have been pushing the topic of monitoring and maintaining your online reputation. In the very cottage industry of email, it seems there are more companies springing up to inform you about your online reputation than photographers gathered around Alec Baldwin these days. Why is that?
 
The fact is, much of what folks refer to as reputation is not a new thing, it has existed for years. Blacklists were always a form of negative reputation. Whitelists, conversely, sprung up as a form of positive reputation. ISPs have been holding the axe of user complaints, aka feedback reputation, over the heads of senders for years now as a way of determining the "goodness" of an emailer. Recent announcements have repositioned anti-spam content analysis vendors as now supplying reputation add-on tools.
 
We openly confess that we ourselves have been aggregating and maintaining a reputation data network of several million receiving systems for years.
 
So why all the sudden fuss?
 
Perhaps all this energy was directed at the moment last week when Microsoft announced that they will begin throttling the connections of new senders not by whether or not they were on a whitelist but solely by the established reputation of that sender. A reputation that is determined by creating an aggregated view of the sending volume, complaints, etc. over time.
 
So are you interested in maintaining the relationships you enjoy today with your customer? All the former rules apply with regard to message content and construction. But, whereas you may have found blacklists, whitelists, and other reputation information an inconvenient annoyance in the past, the future is going to be very different. Your customer relationships are going to start with that reputation, or your customer relationships won't be relationships at all.

Thursday, January 31, 2008

By: Des Cahill

Two Thousand and Seven was a great year for e-mail and 2008 is going to be even better. The key for e-mail success in 2008 will be continued vigilance in the cause of online brand reputation and careful segmentation and treatment of your outbound e-mail. The best practice of sending fewer e-mail messages to a more targeted audience of customers in your database will emerge as a standard in 2008. Less e-mail will mean more success for your business, whether you define success in terms of reliable communications, revenue, click-through, registrations, retention or other success factors.
 
In that spirit of "less is more," let's look back at 2007 and think more about 2008!
 
In 2007, email became sexy again! Witness the IPOs of Constant Contact and S-1 filings of ExactTarget and Convio. The public markets are enthused about e-mail again and the merger and acquisition realm sees it no differently. The acquisition of eDialog by publicly-traded e-commerce platform company GSI Commerce shows how valuable e-mail is as a core component of any online business or platform.
 
The DMA published its annual statistics guide in October 2007 and once again cited e-mail as the highest ROI online marketing medium. DMA projects e-mail marketing to generate an average of $48.56 in return for every $1 spent. That's why online marketers love e-mail; done right, it's incredibly cost-effective. And e-mail usage is booming among consumers too. According to a recent Pew Internet Research study over 90 percent of U.S. Internet users use e-mail regularly and most of them use e-mail once a day or more.
 
When measured as a percentage of consumer time spent online, email once again staked its claim as the number one online application -- beating out search, news, traffic and weather applications. Furthermore, penetration into the population and the frequency of e-mail usage are both growing year over year.
 
But you didn't need me to tell you that consumers love e-mail. You know you're addicted to your Blackberry, your webmail, your Outlook and so is everyone around you!
 
That's not to say that 2007 was all just a bed of roses for e-mail. Unfortunately, spam continues to cast a long, dark shadow over the world of e-mail marketing. Anti-spam solution vendors are telling us that over 90 percent of e-mail traffic on the Internet is spam. Our own Habeas data tells us that 99.8 percent of IP addresses sending e-mail are, in fact, spammers!
 
The good news is that most of the spam isn't getting to your inboxes or cluttering the inboxes of your customers. The bad news is that the continued growth of spam levels means that you need to continue to vigilantly protect your online brand and your connection to your customers' inboxes. Your company needs to stand out and join that 0.02 percent of senders who aren't spammers and whose legitimate e-mail is delivered regularly to customer inboxes.
 
How can the holy grail of reliable e-mail delivery be accomplished? Through hard work and perseverance, continual segmentation, testing and self-education. It requires getting your entire team -- including marketing, IT and executive management -- on board with adopting e-mail best practices and working with the right vendors as partners to execute those practices.
 
Simple, right? It isn't.
 
It's a lot of hard work to do e-mail well. It was hard work in 2007 and it will continue to be a challenge in 2008. We call all this hard work "online reputation management": keeping a focus on and visibility into your brand's online reputation with ISPs, blacklists and, most importantly, your customers.
 
All that discipline pays off when you are thinking carefully about what offers to send to different audiences on your prospect list. Do you send offers for a 20 percent discount on Coach handbags to the same people who have been responding to your Super Bowl Lazyboy promotion? Probably not a good idea, as you'll generate complaints, unsubscribes and brand erosion amongst the Super Bowl set.
 
For 2008, the industry must adopt the mantra of "less is more." Before your next campaign, think about segmenting your list -- by gender, historic response rate, self-disclosed interest or item last bought -- and tailoring more targeted offers to those segments. Your volume may be less, but your complaints will drop dramatically, your unsubscribe churn will decrease and your business results should be solid. The days of "batch and blast" are long gone.
 
Your 2008 New Year's resolution must be a commitment to building a discipline of online reputation management that reduces the outreach that drives customers away and, through intelligent targeting, brings "more" success to your business.

Wednesday, October 24, 2007

By: Tobias Knecht, European Email Policy Manager

Because many commercial emailers are sending messages internationally, feedback from these sources are just as important as in the US. This begs the question: how do unsubscribes function in Europe? At the moment, there are quite a few opinions about the correct unsubscribe mechanisms and the "must-haves" for newsletters or commercial mail.
 
For example, a German court issued an order at the beginning of this year that email users must be able to instantly unsubscribe from a newsletter or email list. This is called the "One-Click-Unsubscribe" and means that the instant you click the button you are unsubscribed. This court order requires the following:
 
* No confirmation questions during the unsubscribe process.

* Any questions about the reason for unsubscribing must be asked after the unsubscribe process is complete.
 
* You may confirm the unsubscribe via email, but may not require any action within this email.
 
In addition, the court has also stated that any user who marks a newsletter or other communication as spam via a feedback loop must be immediately unsubscribed from that list.
 
Another point is that most ISPs in Europe require that volume email contains a "List-Unsubscribe Header". More information about the "List-Unsubscribe Header" can be found on www.list-unsubscribe.com
 
A combination of both the List-Unsubscribe Header and the Unsubscribe Button would create an ideal new great scenario for senders, receivers, and customers. Imagine a customer receiving a travel newsletter in his personal email account that he decides he does not want anymore. Instead of clicking the "This is Spam" Button he can click the Unsubscribe Button the ISP provides for him, and the ISP unsubscribes him automatically. For more information about list unsubscribes go to:

www.list-unsubscribe.com/2006/09/case_study_wind.html

Tuesday, June 12, 2007

By: J.F. Sullivan, VP Marketing

I recently read Seth Godin's blog about being a Spammer -at least in the eyes of Yahoo! It reminded me of certain principles that we always take for granted, but perhaps bear repeating lest any of us forget the limitations of this business of email marketing.
 
The spammers are winning. This is still true. On a good day it's a war of attrition and on a bad day it is like being part of Paris Hilton's legal team. This isn't going to change anytime soon. If for no other reason than everyone from spammers to the people who fight them now have an entrenched economic stake in the survival of this marketplace.
 
Senders don't determine what's spam. Only the person who receives the message is the arbiter of what is and isn't spam. Trying to exert control here is like trying to control your teenage daughter's wireless minutes. ISPs really only care about keeping their users happy. They do not care about false positives. They do not care about misdirected messages. They do not care about your accreditations, certifications, or other well-intended actions. They care that people don't complain. To that end, they primarily consider user complaints to determine delivery protocol.
 
Users are in control. And that alone is a cause for great consternation and concern. Users tend to be unreliable, misinformed and lazy - and those are the ones who behave better than I do! Yet all that we do, or to put it more precisely, all that we are empowered to do, is subject to the whim of the users (both B2B and B2C mind you). Assume, annoy, or antagonize at your own peril these people called "users".
 
There are no guarantees in this war. Ultimately, if you buy the former point, it doesn't matter whether you pay for certified email, put on a stamp, insert a trusted seal, include free shipping, extend the warranty, or promise a gift certificate to a spa, both the user, and the ISP who acts on behalf of that user are going to ultimately determine deliverability.
 
Yet despite all this, legitimate email as well as spam volumes continue to rise. 97 billion emails will be sent in 2007 according to IDC Research - which is second to text messaging (est. 750 billion) but still ahead of web searches. The game is not over, because no one fighting in the war either wants it to be or can afford for it to be. Companies still plan to use email in multi-channel marketing campaigns (over 70%) and spending on email marketing is continuing to rise. So, what should you do to enable email delivery?
 
I say you should do everything you can. I say you should invest in an email audit to figure out where you stand today. I say you should examine the myriad accreditation services, because it can't hurt if someone else says you're a good sender. I say you should maintain and continuously monitor your reputation including user complaints because it's a key determining factor for inbox delivery. I say that you should investigate certified email if you're sending to the half dozen vendors that have announced support and predominantly to those half dozen odd vendors. I say do all this because you say you want inbox delivery.
 
And, honestly, that's about the only say we marketers have in the matter.