Accountability Is on the Way
DM News hosted senior direct marketers Aug. 3 to parse key issues affecting e-mail marketers and vendors. Here's part 1 of a four-part, monthlong series on spam filters, reputation systems, multiple e-mail addresses and transactional e-mail.
David Daniels, Research Director, JupiterResearch
Dave Lewis, VP of Alliances & Market Development, StrongMail Systems
Greg Martz, Director of New Member Experience, The Motley Fool
Matthew Seeley, President, Experian's CheetahMail
Charles Stiles, Postmaster, Time Warner's AOL
Moderator: Dianna Dilworth, Associate Editor, DM News
Contributor: Mickey Alam Khan, Editor in Chief, DM News
Dianna Dilworth: How do you see the e-mail channel today? What are the threats, and how do they affect direct marketers? Why is the restoration of trust and reliability in e-mail so important?
Matthew Seeley: If I look at how we see e-mail today and take a step back and look at the progress we've made over the past five years, I see it as something that is extremely successful. It has grown quite dramatically. Clearly, customers are interested in this communication method as well as transacting through e-mail.
Overall, I see it as a well-established direct marketing channel. When I talk to my customers, who are a lot of large retailers, it went from being something that was nice to have to something that is an extremely valuable channel, and they look at it in concert with other direct marketing channels. I'm pleased with how it's grown and how things are happening.
Certainly there are a lot of threats. Things that make me nervous are phishing and other things which today may not be the biggest threat but we have to be careful because they go to the core of what makes e-mail, and that is the credibility of the content itself. These are things that, as an industry, we need to be aware of.
Our past success in e-mail could be dangerous for our future, meaning complacency. We need to stay relevant for the customer, and the thing that we talked a lot about with our customers is saying the days of sending an e-mail and accepting that maybe your half-a-million subscribers that you can send the same content are over.
You have a lot of data about people, and that data tells you what they want to hear. You need to use it. We see this as critical in staying relevant to your end customer as part of that success. When I look at trust and reliability, part of that comes from the fact that what we need to be doing is making sure we establish credibility over time.
So the big retailers, the ones who have been sending for quite some time and doing the right things, I think they have established that trust. And that takes time. But if you don't do the right thing, if you don't continue to make sure you recognize that customer inbox as a privilege, you're going to lose that trust. We need to make sure that we are always mindful of that.
Ms. Dilworth: And actually isn't an
e-mail filter that catches a good mail also a threat?
Mr. Seeley: Yes, clearly when we look at what the ISPs have done, AOL and others, they have done an amazing job of reducing the amount of spam that the end user sees, and I think a lot of that comes from filtering. And when you are filtering billions of messages, there are going to be some false positives, and we have to accept that in our industry.
So ... we do some careful metrics on this to say that it has dramatically impacted, say, the ROI of e-mail in terms of false positives. So I think it's well worth what we're getting as a benefit. Do we always want to do that? Absolutely. I think it's just something as an ESP, we just need to put more resources behind it, and that is a constant reminder and making sure that that false positives issue stays something that is extremely small. It's just something that you're expected to do as an ESP these days.
Ms. Dilworth: My next question is for Dave Daniels from JupiterResearch, and it involves accountability. What's being done to address these threats and lessen the impact on legitimate direct marketers (legislation, technology, self-regulation)? Will accountability really restore trust and reliability to the medium?
David Daniels: There is definitely light at the end of the tunnel, and it's not a gigantic bag of spam. And these days tremendous progress has been made, within the past two years especially, among the large senders and the large receivers, the ISPs. The bedrock of what we're using in the infrastructure of e-mail, based on the simple mail transfer protocol of this design, that capability we never really envisioned that we'd be doing as much communication with this as we are today.
So it certainly requires bolting onto some things that deal with identity, and I think we've been somewhat successful although it would be great to see the adoption higher among marketers. Right now, based on our data, about 40 percent of marketers are putting SPF or Sender ID or some type of identity piece in the header of messages.
But beyond that we need to be able to restore trust for the consumer. Because the biggest challenge, as Matt was pointing out, is not necessarily those threats from outside from the phishers and spammers - those things we're dealing with and we've made wonderful progress in the last year, especially.
It's just about relevancy, making trust between subscribers and sender. The Internet population is a mature population now, and unfortunately what we have seen is that although e-mail is still the No. 1 activity that people go online to do, the amount of time that people spend with e-mail has decreased slightly, but we've certainly seen the amount of e-mail that people get increase.
We've also seen the number of e-mail accounts that people manage increase. That is part of the challenge as well, not just fixing the infrastructure but staying relevant so that we can maintain that dialogue and be noticed in the inbox.
Ms. Dilworth: Is the CAN-SPAM Act doing any good?
Mr. Daniels: I think it is doing some wonderful things to single out the bad actors. And I think it made it very clear: It set the ground rules as far as what we need to do and how we need to process unsubscribes, for example ...
It might be interesting to know from Charles' perspective if you've seen a decline in the number of people that are saying, 'This is spam,' versus using the proper opt-out mechanism. It is a bit of a user-training issue. But as far as the legislation goes, I think it's definitely effective.
Charles Stiles: We do monitor the abuse reports codes, and we have seen a huge decrease in those, and that is largely due to the fact that we are fighting the spam and clearing it out of the way. What CAN-SPAM has largely done for us is given us the ability to go after those people that we catch and have some backing to take them to court and make them pay.
Dave Lewis: From my perspective the underlying problem that we've got is dealing with spam, phishing and spoofing problems that affect legitimate brands and affect the reputation. That spillover effect definitely impacts legitimate mailers as well.
As Dave pointed out, the infrastructure that was built 30-odd years ago never was built to carry this kind of volume or applications that it's carrying today. And there was never thought really given to e-mail security.
So today you have billions and billions - I think the numbers are something like 60 billion a day - billions of messages flying around cyberspace. The biggest problem we have is not really knowing who the senders are. And if we don't know who the senders are, then you can't hold them accountable for certain actions. So as I look at authentication, you know, identification, that is the thing to do. You establish who the senders are and then the next step we are talking about is holding them accountable for those actions.
I don't think we can legislate a solution here. I look at CAN-SPAM and it's not the end-all. It really establishes in my mind what the low bar is, and you've got to use that ... in order to play in the game. But it's not the equivalent of best practices. It's the minimum practice that you have to follow in order not to violate the law.
I think we need to be looking at ourselves and what we can do as a community, both senders and receivers, to solve the problem, not to Capitol Hill.
Ms. Dilworth: Is there a technological solution to the abuse?
Mr. Lewis: Well, we're a high-tech company. No, I don't think there is such a simple solution. It's not the technology that we have or the role it's playing. It certainly can enable a lot of good best practices for marketers and such. But there are limitations to what technology can do in terms of filtering and things like that.
And I think those limitations are what cause a lot of those false positive messages. I think all of us around this table could cite cases where we've seen legitimate marketers, their e-mail is being tagged as spam because of some particular element in their copy or something about their mailing practices that has nothing to do with their reputation. And the basis on which mail is delivered is, I think, what we need to be talking about as an industry.
Greg Martz: From the sending perspective, I think there is a responsibility on our end as well. We've all heard it before that there probably needs to be more friction in e-mail, and so authentication is friction, reputation or maintaining a good reputation is friction. There are other new things in the marketplace that are adding a monetarial friction. So I think we can't put all of the onus on the ISPs and the recipients of mail to make sure that all of our e-mail goes out. We have to be better stewards of the channel if we want it to succeed as much as it has to date.
Ms. Dilworth: I'd like to direct a question to Charles Stiles of AOL. If e-mail authentication is the critical first step, where does the industry stand now in terms of adoption (senders and receivers)? What are AOL and the major ISPs doing to enforce authentication?
Mr. Stiles: Right now, e-mail authentication is very much. But if you look back to two years ago, it was all very much a concept. Nobody was really doing it, and we were still arguing about what protocols we would use and how we would accomplish these things. In the past two years we have made dramatic changes, and the adoption has been rapid. I would say right now, a lot of people have adopted e-mail authentication or are on the verge of adopting e-mail authentication.
What is the industry doing as far as service providers? AOL, as far as I can speak for, we are looking at D cam. We are looking for Sender ID. We don't think that these are the end-all, be-all. Again, this is a technological issue to a social problem. But we are developing those to check on the inbound side. We don't anticipate it being used for hard failures, but we do look at those tools as helping us to identify legitimate e-mail and make sure that the consumers get it.
Ms. Dilworth: When will it reach the point where ISPs start wholesale blocking of e-mail that isn't authenticated?
Mr. Stiles: I think some ISPs may start doing that in the relatively near future. We [AOL] will not do that. We're looking at this very much as a heuristic. It is just one more component of e-mail. We look at where e-mail comes from, who's sending it, how often, what are the consumers saying? One more component of that will be, 'Is it authenticated?' Is the source the true source? Are these people claiming to be who they really are?
Ms. Dilworth: What will happen to senders who don't adopt authentication?
Mr. Stiles: Again, it depends on the receiving side. If they are sending to an entity that uses this as a heuristic, it could impact your ability to deliver. It might slow your delivery down, or you might have other channels that you have to go through. You might have to apply for a white list. You might have to contact the ISP or the other mailbox provider.
However, if the receiver goes with a harder approach where they say they simply won't take the mail, [the sender] simply won't be able to deliver to that domain. I think that's pretty hardcore, but, at the same time, adopting sender ID and D cam is really not all that difficult. I think most legitimate mailers have already done that or are looking to doing that.
Mr. Martz: You are absolutely right. It is not that hard to authenticate your mail at this point. So my message to all senders would be to do it now. It's not a silver bullet, it never will be. But it's one of those things the legitimate mailers should be required to do at some point. And along with that and reputation, you'll have a better chance of getting into the inbox.
Mr. Lewis: We've had a lot of discussion on this topic, on the Email Sender and Provider Coalition, too, and I think I can speak on behalf of the organization on this point, that we would encourage the ISPs to, at some future point when adoption reaches whatever critical mass is determined to be, to take definitive steps.
Because unless we solve the identity problem associated with e-mail, who is sending, we'll never get to a point where we can hold those senders accountable for their actions, and at some point there has to be stern actions taken.
But it isn't just an issue on the sender side. It doesn't do any good if the senders of e-mail are authenticating their e-mail and the domain that's receiving it, which all of us are in, both senders and receivers, ultimately, if they are not checking. You have to have adoption on both sides.