Email Spam Law Guide, Part 2: Spam Filters
In part one of this 2-part post, I explained CAN-SPAM, the main law governing email spam in the United States. The key takeaway is that unsolicited marketing emails are legal, but only as long as your email meets some basic requirements and your list wasn’t obtained through harvesting tactics.
But that doesn’t mean an email server has to accept your message.
In part because CAN-SPAM is so weak, technology for filtering out spam messages, even if they’re perfectly legal, has become quite advanced. Anti-spamming measures have been developed on three levels:
- The recipient’s email server has algorithms for detecting and blocking spam based on past activity of your email address, domain, and IP address. If it thinks you’re spam, it will either put you into a spam folder (basically a death sentence for your marketing email) or refuse to deliver your message altogether.
- Shared blacklists, such as the Barracuda Reputation Block List (BRBL), aggregate and publicize lists of supposed spammers. In Barracuda’s case, the data is provided by their global install base of email appliances. Local email servers match incoming mail against blacklists and use them to supplement their own algorithms.
- The sender’s email server, in an effort to keep their IP or domain off blacklists, sometimes has security measures to prevent employees from sending spam. While I don’t know much about this practice, I think it’s safe to assume many larger companies would have something in place to this effect.
Once blocked by a server or placed on a blacklist, it can disrupt your communication with legitimate established business partners, and can be pretty difficult to get off. So how do you stay off a blacklist in the first place?
While blacklists and email servers don’t publicize their exact spam criteria, there are a few factors that I’m sure go into everyone’s algorithm:
1) Volume of mail
This one is simple. If you’re sending thousands of emails per day, there’s a good chance you’re dropping spam-bombs.
How to avoid it: Keep your marketing lists small and targeted.
Servers will parse your email for spammy content. For example, all-caps or exclamation points in the subject line, or phrases like “exclusive offer” are likely to set them off. Additionally, if they find the same content showing up again and again in different emails, it will flag the message as spam.
How to avoid it: Use targeted content, rather than eye-catching gimmicks or phrases, to make your email stand out. Segment your audience and tailor it to them.
3) Percentage or number of manual spams
You can be sure a company’s email server is paying attention when its employees manually flag a message as spam. One or two of these won’t hurt, but if it’s happening routinely, there’s no question you’ll get blocked.
How to avoid it: The best way to avoid this is an opt-in system. If someone consented to marketing emails, they’re less likely to turn around and mark them as spam. If you aren’t using an opt-in, your list has to be very targeted at people who will be receptive to your messaging.
4) Percentage or number of bounces
When you send an email to a fake or de-activated email, the server responds with a bounce notification. Generating a ton of these is a pretty good indication to the server that you might be a spammer.
How to avoid it: Always know how the emails on your list were obtained and how fresh they are. The older the list, the more bounces you’ll trigger.
5) Callout activity
Validating an email address by ‘pinging’ the server is perfectly legal and, at least in theory, very useful. However, since this is a common tool for spammers when executing a directory harvest, it’s generally frowned upon. Many email administrators have configured their servers to give misleading responses to validation attempts, and attempting it on a large scale will land you on blacklists.
How to avoid it: As tempting as it sounds, validating a list of emails before marketing to them probably does more harm than good in the eyes of the recipient’s server, and it often doesn’t work anyway.
While those are the obvious ways servers and blacklists screen for spam, I’m sure there are more sophisticated techniques that I’m not aware of.
The bottom line is that if you’re sending emails to people who don’t want to read them, you’re risking doing semi-permanent damage to your online reputation, especially if you’re doing it systematically on a regular basis. Servers will tolerate a red flag or two, but since it’s difficult to tell what exactly will flip the switch, realize that you’re playing with fire when you send out unsolicited emails.
Hence the growing prevalence of opt-in or double opt-in policies. Although they aren’t required by law, they’re the safest way to make sure your email gets delivered to a recipient’s inbox, and they’ll have higher conversion rates as well.