Hands Off

WATCH OUT, SPAMMERS. E-mail list security is under the magnifying glass. An effort is under way within the list community to protect e-mail lists from theft and misuse.

One reason is to attempt to protect consumers from unwanted intrusions. But, “there is really no way to protect yourself from getting on a spam list other than never posting your e-mail address anywhere on the Internet,” says NetCreations president Rosalind Resnick, whose company in Brooklyn, NY offers the PostMaster Direct Response opt-in e-mail marketing service.

The other is to protect list owners themselves from theft of a valuable asset. Experts offer these tips: Use a recognized service bureau; investigate the list owner’s opt-in standards; and ensure that there is a system in place to build suppression files.

“We require that people use our e-mail service,” says Deb Goldstein, president of IDG List Services in Framingham, MA, which uses Boca Raton, FL-based Email Channel as its service bureau. “The mailer gets no access to the list.”

And many follow the same rules.

Axciom/Direct Media’s Regina Brady adds “We’re very, very concerned about the privacy of lists. We only allow e-mail names to go to three recognized service bureaus.”

The company operates its own e-mail service, E-mail Campaign Management in partnership with New York-based Big Foot but also allows Email Channel and eClassdirect in Half Moon Bay, CA, to do delivery of their e-mail lists.

As an example, Brady says, a recent request by a client to send the firm’s Catalog Link file to an unrecognized service bureau was flatly refused.

Other e-mail service bureaus recommended by pros? NetCreations, San Mateo, CA-based Digital Impact and Match Logic Inc. in Westminster, CO.

But others shouldn’t be discounted, cautions American List Counsel’s Eric Zilling, who recommends ensuring reputability with “a little due diligence” by asking the right questions.

Is the service bureau bonded? What other lists do they manage? (Those managing household names should get the stamp of approval) What are their privacy polices? Do they have clear opt-out options that are simple to reply to? Are the names kept on a secure server?

“If you’re satisfied with the criteria, you still have a pretty high degree of certainty that your names are not going to be misused,” Zilling says.

E-mail service bureaus offer fulfillment, lettershop, merge purge, database maintenance, modeling, tracking, reporting, creative development and customization and personalizion of messages.

Zilling says file theft can happen two ways; if the names are shipped to an unsecured location or if in-house security fails and an employee “walks away with a million names.”

He adds that security within service bureaus could be tightened up a bit.

He says e-mail service providers should follow in the footsteps of postal service providers who keep tapes locked up and accessed only by IT professionals. He says in many e-mail service bureaus, computers containing e-mail files are out in the open, with only firewalls and passwords blocking theft.

“I think (e-mail service providers) could go to another level by making the physical space around the computers where the files are stored more secure and not just the access to the files within the computers,” Zilling says.

Another measure to protect list security? Many list owners have opted to keep their lists in-house, requesting-copy from mailers and sending the messages out on their behalf. “Unlike the postal world, where as a matter of practice tapes are shipped all over the world, e-mail list owners don’t send their names anywhere,” Zilling says.

Resnick adds, “I know of no legitimate list owner who hands e-mail addresses over to the mailer.”

And, because list owners are unwilling to release their lists, merge purge can not be utilized to its fullest extent. For example, IDG’s Network World Fusion and Dummies Daily are fulfilled in-house while its CIO file is fulfilled at the Email Channel. “If you wanted to order all three of these an unduplicate them, you can’t, but I do know there are e-mail service providers that are working on solving this problem” Goldstein says.

To make merge purge what it is today in postal, list owners have to buy into the concept of e-mail service providers as third party bonded service bureaus and use them so people have access to their file and can complete a merge purge, Goldstein adds.

Pros add that losing control of an e-mail list can not only compromise consumer privacy but quickly destroy the brand.

Zilling says suppression files should be set up by list owners, mailers and service bureaus and that it’s in the mailer’s best interest to take advantage of all the suppression files they can.

“You need to have a place where the list is continually cleaned everyday,” Goldstein says. “As soon as someone says, ‘I don’t want to receive that,’ we have to respect that and act right away.”

Email Channel’s internal e-mail suppression list is divided into three categories; a general “unsubscribe” file, a “client by client” list and a “global” file. The global file comprises disgruntled e-mail recipients who have set off letter bombs or used fowl language via e-mail and have been banned from receiving any e-mail from Email Channel, says Email Channel president John Lawlor.

Letter bombs, or programs created to send tens of thousands of e-mail messages back to the sender, can close a server down, Lawlor says. “It fills up the hard drive so your computer stops functioning.”

Mailers should have a keen understanding of what potential consumers have opted into. For example, a customer who requested information on Java programming and receives gardening tips would consider that spamming.

Worldata’s Roy Schwedelson says copy should clearly articulate privacy and ethical standards. And the question should be asked, ‘Has there been full disclosure that the names could be made available for mailing purposes and is the list owner clearly identified?’

“We say to our clients, if the list owner is not willing to identify themselves as the list owner in the message then the mailer shouldn’t mail that file because the recipient can’t distinguish it from a spam message,” Zilling says.

And just like the postal universe, lists can be seeded with names to ensure the list is only used once and that the message is received. “Most of our major mailers are taking advantage of that,” Resnick says.

But, Lawlor adds, spam is in the eye of the beholder. For example, a publisher recently distributed a newsletter via e-mail that subscribers had previously signed up for. But when some received it they responded ‘how dare you send me this spam.’

Obviously, some consumers will mistake solicited mail for spam, but well-maintained unsubscribe lists can curtail problems.

In the future, Schwedelson says, eventually standards and practices for e-mail lists will be in place and those lists will likely be used as postal files are today. “Eventually, our files will move between companies and that’s when the fun will begin,” he says.