For the past six months, almost all of Google’s services – including Google Search, Google Maps, Google Docs, Google Drive and Google Hangouts – have experienced serious disruptions when trying to gain access from China. The biggest blow, however, has just been made to Gmail, the world’s biggest email service, which has finally been blocked in China. Access to Gmail has been made increasingly difficult by government censors but now Google’s email service is virtually inaccessible in mainland China.
Google’s Transparency Report, which shows real-time traffic to Google’s services, shows Gmail activity in China plummeting just after Christmas. According to Reuters, Chinese Foreign Ministry spokeswoman Hua Chunying said she did not know anything about Gmail being blocked, adding that the government remained committed to helping overseas business and foreign investors:
“China has consistently had a welcoming and supportive attitude towards foreign investors doing legitimate business here. We will, as always, provide an open, transparent and good environment for foreign companies in China.”
Is there a solution for those trying to use Gmail in China?
Is there any way around Gmail’s block in China? Using a virtual private network (VPN) may be all that is required to get around the problem – but, in some cases, it will be beneficial to use a non-Gmail SMTP server that is designed to work in controlled locations such as China. For example, you don’t necessarily want to go through the hassle of connecting to a VPN if you want to send a quick email, or if you want to send an email from your smartphone. SMTP2GO also has many other benefits such as email tracking (the ability to see exactly what happens to every single email that you send), and the ability to monitor bounces, spam complaints (if someone clicks the ‘Spam’ button in Hotmail/AOL/Yahoo for an email that you sent to them, you need to know about that), unsubscribes (if you’re sending email newsletters) and many other features.
How to setup SMTP2GO in China
This controlled location setup gets around many problems that individual Internet Providers, or states, implement in order to restrict SMTP traffic.
- If you don’t have an SMTP2GO account already, you can create a free one here.
- Change your SMTP settings to the following (note, if you are unsure what your ‘usual SMTP server’ is, login to your control panel to find out):
- SMTP server: port80.smtpcorp.com (if your usual SMTP server is smtpcorp.com) OR port80.smtp2go.com (if your usual SMTP server is smtp2go.com).
- SMTP port: 443
- And, turn SSL/TLS on.
You can also try the following:
- SMTP server: your usual SMTP2GO SMTP server.
- SMTP port: 465 or 8465
- And, turn SSL/TLS on
- If all else fails, use a VPN service in conjunction with SMTP2GO. A good guide for finding a reliable VPN: The best VPNs to use in China.
The way you handle email unsubscribes for your marketing emails is more important than it looks. It’s not a time to make things difficult for the people who want to leave your list, or to just dismiss them without a second thought.
There’s actually a huge reason to make unsubscribing from your list easy, if not even pleasant: Spam complaints.
If people can’t find the unsubscribe link quickly and easily in your marketing emails, they will mark your message as spam. This is different for transactional emails, because those don’t require an unsubscribe link by law. Transactional emails also tend to get far fewer unsubscribe requests than marketing messages. But for this post, we’re focused mainly on marketing emails.
Enough spam complaints from any kind of email and your deliverability rates will begin to drop. In fact, if your marketing emails’ spam complaints are high (like over .07%), the first thing to look at is your unsubscribe process.
There’s another, nicer reason to handle unsubscribes carefully: You might be able to save the subscriber. People may unsubscribe because they don’t need or want your emails, but it’s why they don’t need or want your emails that we’re interested in. The why holds the key for:
• How to retain some of the subscribers who initiate the unsubscribe process
• Let other subscribers choose a different way to stay in touch (like social media)
• Let the remainder go without annoying them
Why People Unsubscribe
These are the three most common reasons people unsubscribe from emails according to research from Constant Contact.
Other reasons people unsubscribe include:
– They can’t read your emails on their mobile device
– They get too many emails in general
– Email isn’t the way they want to hear from you anymore
– They don’t remember who you are
– They want to change their email address
Each one of these reasons holds an important piece of information about how to turn the unsubscribe process from a quick, awkward parting to an opportunity to actually improve the relationship with your subscriber. So let’s walk through every opportunity you’ve got to turn your subscribers’ unsubscribe process around.
To give you an idea of how many email marketing programs comply with the best practices we’ll talk about, take a look at this table from the Online Trust Alliance’s 2014 Email Unsub Best Practices and Audit report. This report is based on the unsubscribe processes of 200 major retailers.
Retain your subscribers
1) Give them a way to change their email address.
Many email users have three or even four email accounts. They often move their subscriptions around, so when that’s happening, make it easy for them. Here’s an example of what an email address change form might look like. Notice the “new email address” field in the gray box:
This refers to letting subscribers control how often they hear from you. So if you’re sending daily emails, offer them the option of getting emails once a week, or even once a month.
Some email newsletters give you a way to opt-down without even initiating the unsubscribe process, like this footer with a link for “Manage Preferences”:
3) Give them the option of re-subscribing even after they’ve unsubscribed.
This will be a little too pushy for some marketers, but if you retain even 5% of subscribers who would have otherwise opted out, it might be worth it.
4) Remind them of the benefits of staying on your list.
Of course, there have to be compelling benefits to staying on your list. This email from a pet supply retailer reminds people they’ll get weekly coupons only available to email subscribers… if they stay on the list.
5) Give them the option of going on “an email fast” or an “email vacation.”
This is similar to letting people opt-down, but with a twist. Here you give them the option to take a month off from receiving emails, or maybe even three months off.
6) Suggest they follow you on social media.
Marine Depot almost has this tactic down. This is the page I saw after I unsubscribed, where their “follow us on social media” pitch should have been.
But instead of suggesting I follow them on social media on that confirmation page, they sent me an annoying email unsubscribe confirmation email. The unsubscribe page is where they put their links to their social media platforms. If they had included this information in the unsubscribe confirmation page, I might have followed them on Facebook.
Here’s an example of an almost perfect unsubscribe confirmation page. Why is it so good? It’s super-easy to read, it confirms the unsubscribe, and it pitches their social media channels. It even offers me a chance to resubscribe.
Don’t annoy them
7) Make the unsubscribe link easy to find.
First thing: Use the word “Unsubscribe” as the anchor text of your unsubscribe link. Anything else is confusing.
Second thing: Make the link prominent. Google’s Gmail just did this for us by adding an unsubscribe link near the top of every email a Gmail user sees. But only 14.2% of email accounts use Gmail (according to a 2014 YesMail Interactive study). Given that 85.8% subscribers won’t see Gmail’s top unsubscribe link, consider adding your own unsubscribe link, like this:
Adding the top link will make it easier for them to unsubscribe, but remember: You don’t want to clutch on to subscribers who don’t want to be on your list. It just builds bad will. It also makes for poor engagement rates, and as your engagement rates fall off, your overall deliverability rates start to go downhill. So stay off that slippery slope.
Here’s an example of an unsubscribe link that is fairly hard to find. It’s certainly not impossible to find, but it takes long enough to annoy the average user. Notice how much easier it would be to recognize the unsubscribe link if the merchant had just used “unsubscribe” in the anchor text.
8) Always add an unsubscribe link at the bottom of your emails.
Bonus: Remind people how they got on your list in the first place. Here’s how marketer Ana Hoffman reminds subscribers how they got on her list:
9) Don’t make them fill out a survey before they can unsubscribe.
If they’re trying to unsubscribe, you’ve done too much marketing already. Don’t drag them through anymore.
10) Process unsubscribes immediately.
CASL (http://www.smtp2go.com/blog/canadian-anti-spam-law/) and CAN SPAM give you up to ten days to process unsubscribes, but most people expect to be removed instantly. If you keep mailing them after they’ve unsubscribed, they just might click that spam button.
Political campaigns are notoriously bad about this. You unsubscribe, and yet they continue to send you emails for two more weeks. Don’t do this. Once people have asked to go, let them go.
11) Don’t make people log in to unsubscribe.
Forcing people to log in is against CAN-SPAM law, so if you’re sending to American subscribers, making people log in is actually illegal.
12) Don’t send them an unsubscribe confirmation email.
It’s just annoying. Instead, give your ex-subscriber a clear message on the email unsubscribe confirmation page. People should not have to wonder if they’ve been unsubscribed. Also, don’t hide the unsubscribe message in tiny type.
Something like the image below is good. This message is the only thing you see on the unsubscribe confirmation page of a major retailer:
Remember: Half of the people who unsubscribe from your list will be on mobile devices. In addition to navigating your unsubscribe page, they may be walking down the street, talking to someone else, or even driving. Make your unsubscribe process simple enough to accommodate their fractured attention.
13) Bring them to a branded unsubscribe page.
The only problem with the example above (the green confirmation message) is the retailer did not include their logo on the page. It’s better if you include your logo so the subscriber knows for sure who’s list they’ve unsubscribed from. The principle behind this is the same as other best practices outlined here: Don’t make people guess. Besides, it’s one last chance to get a brand impression in.
Good news for SMTP2GO users: We’ve got this covered. You can add your logo to your unsubscribe confirmation page, if you choose to use SMTP2GO’s built-in unsubscribe functionality.
14) Offer your subscribers the ability to unsubscribe from all commercial messages you send, not just emails.
That means text messages, direct mail, and phone calls.
15) The unsubscribe links in your emails should work for at least 60 days after the email has been sent.
It’s surprising, but many emails have unsubscribe links that stop working after a period of time. This may benefit the marketer, but it irritates subscribers no end. Not only that, but it’s illegal: CASL requires unsubscribe links to work for 60 days after sending. CAN SPAM requires they work for 30 days.
Deliverability is still a challenge for most email senders. ReturnPath still reports only one in six emails makes it to the inbox. Their latest benchmark report, Inbox Placement 2014, shows some industries are having an especially hard time getting their emails read. Only 43% of the emails sent by the Software and Internet industry are reaching their recipients.
Given these difficulties, email senders need every tool available to stay ahead of the spam filters and their competitors. That’s where dedicated IP addresses come in. Mailing from a dedicated IP address can improve deliverability rates, and usually does. But it is not a guaranteed fix.
There are pros and cons to using dedicated IP addresses for email. They’re not the right choice for everyone. To help you make the right choice for your business, we wanted to walk you through the benefits of both dedicated and shared IP addresses.
The importance of IP addresses for email comes down to what’s called “sender reputation”. Your sender reputation largely determines your email deliverability rates. Your IP address is an important component of sender reputation, but it’s not the only component. Sender reputation is also influenced by reputation of the domain name used in the “From” email address, the domain name used in the “Return-path” email address, and the domain names of any links in the email itself.
There is no universally agreed-upon arbiter of sender reputation, but there is something that comes close. It’s called “SenderScore”. SenderScore is basically a metric produced by the ReturnPath company. It is used by major email providers like Yahoo, Outlook, Windows Live, and others. You can learn more about it here. A high SenderScore helps only when you send emails to an email provider that uses it.
SenderScores can range from zero to one hundred. You’ll need a SenderScore of at least 90 to be considered a trustworthy sender. Aim for 95 or better. If you’re wondering what your SenderScore is, check ReturnPath’s online SenderScore tool.
Dedicated Versus Shared IP addresses
With a dedicated IP address, it’s just your account on that IP address. No other sender is associated with it. With a shared address, you’ll be sharing that IP address with hundreds or thousands of other senders.
Don’t dismiss shared IP addresses simply because sharing with other senders might hurt you. Sharing an IP address could be detrimental, but if you’re working with a reliable vendor you won’t be sharing the IP address with any bad senders. Email service providers and other vendors (like SMTP2GO) will monitor how all their accounts are used.
An email vendor can require its customers to follow standard best practices for mailing and managing lists. These requirements protect the vendor, but also protect you and all the other accounts you share an IP address with. It’s very possible that you could actually benefit from sharing an IP address with other well-managed accounts. If they’ve got high engagement rates and treat their subscribers well, they could be good neighbors.
So if having a shared IP address is not so bad, why do businesses get dedicated IP addresses? Because a dedicated IP address can improve your deliverability rates – if all the other parts of your deliverability equation are in place. A business with a dedicated IP address can also apply to be ReturnPath certified (for an ongoing fee). That usually increases inbox placement rates. But for a dedicated IP to be right for you, you’ll need enough email volume to make it work.
How often do you mail?
If you mail less than three days a week and you send less than 5,000 emails on those days, a shared IP address is likely to be the best choice for you. With such a low send volume, you’d barely be able to keep your IP address “warm” enough to be recognized as a regular sender by the major ISPs.
Let’s talk about this “warm” idea. How warm an IP address is refers to how often the address is used. You’ll need to warm up your new IP address slowly or ISPs could block your emails. This happens because from the ISPs’ view, they saw no activity from an IP address for awhile, and then suddenly they see a blast of activity. To an ISP that blast of emails looks like spam, so they may block those emails. We have an entire post about how to warm up an IP address. Read it carefully if you’re considering moving to a new IP.
Even if you send more than 5,000 messages three days a week, or if your email list is larger than 20,000 subscribers, a dedicated IP address may still not be right for you.
The costs of a dedicated IP address
The next criteria to consider is price. Shared IP addresses are less expensive than dedicated IPs. How much less expensive they are depends on how many emails you’re sending, which vendor you’re working with and what other features you need. Senders can pay five to ten times more for a email deliverability package with a dedicated IP address than for one with a shared IP address. That said, if you can trust you’ll see higher deliverability rates, it might make financial sense.
Total control of your Sender Score
One of the major reasons larger companies choose a dedicated IP address is they know they’re following deliverability best practices and they want the full benefits of that work. If you know your company is doing everything possible to optimize your deliverability rates, then a dedicated IP address could be a good investment.
You might even want more than one dedicated IP address. That would allow you to send specific types of email messages from each IP address. For example, your transactional emails could go out on IP address #1. Your promotional email messages could go out on IP address #2.
There is one final benefit to having a dedicated IP address: It won’t change. Even though a shared IP address is described as singular, it’s common for shared IP address packages to rotate which IP addresses emails are sent from. Most of the time this has little effect on deliverability because all the IP addresses the vendor uses are kept in good standing. But it has the potential to cause issues here and there, and is something to keep in mind.
There are a lot of metrics to follow in email marketing: open rates, click-through rates, unsubscribes. But there’s one key metric all others are dependent on, and that’s deliverability.
Bad deliverability rates can undermine all your other email marketing efforts. That’s why there are whole departments dedicated to improving deliverability rates. Fortunately, there’s plenty you can do yourself to boost your email deliverability rates, and to keep them high. So here’s the roster of email deliverability best practices, broken out by category.
Build your list right
1) Build a high-quality list from the start.
When in doubt about whether or not to do any list-building technique, ask yourself: Is this going to build a high-quality list? If the answer is no, skip that technique.
2) Use double or confirmed opt-in.
Double opt-in will reduce unsubscribes, hard and soft bounces, and increase open rates and click through rates. All those metrics influence deliverability.
3) Never buy a list.
Of course, you wouldn’t do this anyway. You wouldn’t do it because you know better. But you also wouldn’t do it because we wouldn’t let you. It’s SMTP2Go’s policy to not allow our customers to mail to purchased lists.
Create emails that get delivered
4) Send a welcome email.
Welcome emails get three times the open and click-through rates of regular promotional emails. Send your welcome emails immediately (do not “batch” them) to get the highest engagement. ISPs monitor open and click-through rates, so by sending a welcome email you’ll immediately be making a good first impression – both with your subscriber and with their ISP.
Want bonus points? Ask your new subscribers to whitelist your emails.
5) Use a recognizable and consistent “from” name in your emails.
Sender names and email addresses are more prominent in mobile email clients than the emails’ subject lines. And more than half of all email is now delivered to mobile devices.
6) Use a recognizable and consistent “from” address in your emails.
7) Use a subject line that does not include all caps, even for “FW:” or “RE:”
Why not? Because spammers use all caps. And because adding “FW:” or “RE:” breaks item #8.
8) Use a subject line that is not deceptive.
Deceptive is a loaded word, but it gets to the heart of the matter: Don’t try to con your subscribers, even if it’s to get them to open an email. Instead, put all that craftiness into creating an email worth opening. The end goal is always to create emails people want to receive.
9) Use subject lines that don’t have excessive exclamation marks or special characters.
This doesn’t mean you can’t ever use a cool special character, or make an exclamation. Just don’t overdo it.
10) Be careful with how you use video in your emails.
Some email service providers actively discourage their customers from using embedded videos in emails because videos can hurt deliverability. There is a good workaround for this, though: Include an image from your video, with a fake play arrow in the center. Link the image to a page where the video can be played.
11) Include an unsubscribe link.
This helps deliverability, but it’s also required when sending marketing or newsletter emails through our service. And it’s one of the most fundamental email marketing best practices.
12) Keep links in your emails to a minimum.
How many is too many? It depends. But try to keep it below 5-10.
13) Never send emails with attachments.
Attachments are a red flag for spam, unless you’re sending one email to someone you’ve already swapped emails with (like a client). This rule is pretty easy to follow, though – just give people a link to a page where they can download whatever files you would have otherwise attached.
14) Keep your email file size small.
If you want to try something new, use an animated gif.
16) Limit spam trigger words in your emails.
You can do a Google search to find dozens of spam trigger word lists. The best one I’ve seen is from HubSpot.
As soon as you look at those lists you’re going to see why avoiding spam words is really more of an ideal than a realistic practice. That’s because if you tallied up all the spam word lists, you’d never get an email out. Even “unsubscribe” makes some lists of spam words.
Fortunately, you don’t need to be perfect. Just try to not sound too hypey, or too much like a spam email, though phrases like “Lose weight”, “100% free” and “Make money fast” probably will need to be edited out.
17) Test your emails.
If you test, you’ll be able to improve open rates and click-through rates. That means better deliverability.
Tend your list
18) Track your deliverability rates.
This might sound overly simplistic, but it works. What we measure increases.
19) Clean your list.
Remove subscribers who have not opened or clicked an email recently. “Recently” is usually defined as within the last six months, but that’s only a general rule.
Will slashing your list kill your profits? Maybe – it all depends on your list, your business and your emails. But maybe you’ll get results like the Indianapolis Symphony Orchestra did. They cut their list by 95%… and doubled sales.
If deleting old subscribers makes you panic, you can try a re-engagement campaign. Just keep your expectations low: Even the best re-engagement campaigns only get about 20% of subscribers back. Or you can try a few tricks to get your emails out of the bulk folder.
MarketingSherpa surveyed hundreds of email marketers to see what they do to optimize deliverability rates. Here’s what they said:
20) Segment your list.
Segmenting your subscribers means you can deliver more targeted content that will be of more interest to your readers. More interest means higher click-throughs and opens, and that means more emails get delivered.
21) Mail to your subscribers on a regular basis.
To use SMTP2GO to send marketing or newsletter emails you have to have mailed your subscribers within the last three months. But that’s the absolute minimum. You need to mail at least once a month for your subscribers to remember you. While there are exceptions to that, they are generally lonely exceptions. Most sources recommend at least mailing twice a month.
What’s the least you can do and still get a good response? It depends on your list. Just don’t go for months on end without mailing your subscribers, or you might get disappointing results.
22) Don’t mail to your subscribers too often.
Annoying, huh? Mail too little and it causes problems… mail too frequently and that causes problems, too. So what’s too frequently? It depends on your list, but any more than once a day is usually too much.
23) Purge any email address as soon as it has one hard bounce.
A hard bounce is when an email is sent to an address that no longer exists.
24) Purge any email address as soon as it has 2-3 soft bounces.
Soft bounces can happen because of an inbox being too full, or a server being down temporarily.
Give your subscribers control
25) Offer your subscribers a preference center.
Give your subscribers a way to control how often they hear from you, and how they hear from you. Include a way for them to change their email address.
Basically, put your subscribers in the driver’s seat. Give them control over the emails you send.
Get the mechanics right
26) Maintain a high sender score.
SenderScore is the secret sauce of email deliverability. Fortunately for you, we’ve got that well-covered.
27) Use a service that has good relationships with the compliance departments at all the major ISPs.
Check this one off. We’ve been working with all the major compliance departments since 2006.
28) Your email service monitors all accounts to maintain an excellent reputation for itself and its customers.
Again, we’re on it.
29) Have your email service provider process unsubscribes immediately.
We do this, too.
30) Authenticate messages with DKIM (Domain Name System validation), SPF (Sender Policy Framework) and reverse DNS.
Don’t worry about doing any of this. It’s part of our service.
31) Participate in ISP feedback loop programs, also known as FBLs. So if someone on your list marks a message as spam, then the ISP (say Yahoo) will contact your provider and let them know. Then your provider will immediately unsubscribe the complainer from your list.
Once again, we’ve got you covered.
32) Monitor blacklists to make sure you’re not on them.
We take care of blacklist monitoring. If you’re not using our service, you can subscribe to a service such as MXToolbox to make sure you get alerted if your IP addresses appear on major blacklists.More technical tips are available in our Knowledge Base article: Prevent emails going into spam folders.
Despite the prolific growth of social media as a marketing and communication tool, newsletters are still one of the most effective and least expensive PR tools. But creating a newsletter that gets delivered and, most importantly, viewed, can be something of a challenge.
When it comes to the creation and sending of newsletters, the adoption of a ‘scattergun/hope for the best’ approach really isn’t unusual. Many will have experienced the frustration of painstakingly creating a newsletter, only for the test message to repeatedly end up in spam folders. And loud, desperate wails of: ‘Why? WHY?! What am I doing wrong?!’ ring out across the office.
The good news is that there are measures that can be put in place to give your newsletter the very best chances of reaching its intended audience. These measures can be split between the actual content of the newsletter and then the technologies used in the sending process. We’re going to call these: The Words Bit and The Tech Bit.
The Words Bit
- Provide content that’s worth reading, preferably with a strong call to action (Download Ebook now, Register for a live class, etc). Think about what you want your readers to do. Nobody is going to want to read something that’s hashed together and is full of spelling or grammatical mistakes. It doesn’t have to be a literary masterpiece, but it does need to be coherent and correct at the very least! And if you can make it useful and interesting, even better.
- Consider the language used both within the body content of the newsletter and the subject line. There’s a long list of ‘danger’ words to avoid, which wave warning flags at spam filters. These include words and phrases such as: ‘Free’, ‘Big bucks’, ‘Removes wrinkles’, ‘Buy now’, etc… Don’t use them. Ever! Also, consider the length of the subject line and try to keep it short and sweet.
- When it comes to using images, it’s best not to over do it. But do choose images wisely. The higher quality the images, the more professional and appealing the newsletter will look. Also, never send images without text. Filtering software often consider emails containing very little text to be spam. Avoid using text within images as it looks kind of spammy.
- Make your newsletter responsive: mobile opens count A LOT. Try to have a one-column layout, make the font size larger for improved reading on a smartphone and place CTAs in the middle of the screen so they’re easy to tap.
- If you’re sending to a mailing list make sure that it’s fully opt-in (this means that you have the permission of your recipients to send them emails), that it’s fully up-to-date, and that it’s clean. If you have doubts, you can have your mailing list cleaned by a paid cleaning service. Also, when sending to a mailing list, you must include an unsubscribe link so your recipients can easily remove themselves if they no longer wish to receive emails.
The Tech Bit
- If you find that emails are being filtered into a spam folder, or junk mail folder, the first thing to check is the SPF record of your domain name.
- Consider setting up a custom DKIM signature.
- If you’re sending from a free webmail client such as Hotmail or Yahoo, your emails are often treated more suspiciously by recipient spam filters. It is always better – and a lot more professional – to send emails from your own, or your business’, domain name.
- By running your emails through the IsNotSpam email checker, you’ll be able to view a report that will let you know how spam filters assess your email, and if your SPF and DKIM record is setup correctly.
- If you place links in an HTML email, it is best to not display the actual link (http://www.etc…) in your email. Many email programs now have anti-phishing technology which treats such links suspiciously. And never use an IP address in a link.
- Never use URL shorteners in an email.
- Check that your domain name is not on a domain blacklist. You can search for this at MXToolbox.
- Don’t send emails from a brand new domain name. The domain name used in your ‘From’ email address should ideally already have a good email sending history, and be older than just a few months. This also applies to domain names used in the links contained within your emails.
Mix together the Words Bit and the Tech Bit, with a good, strong dash of a highly reputable SMTP service provider, and you will most definitely improve the deliverability of your newsletters. And who doesn’t want that?
Hackers abound. We see more and more news headlines about not just eBay accounts getting hacked, but major international banks getting hacked. And while there’s no sane way for the average person to be sure their information is 100% forever safe (you can’t even buy laundry soap at Target 100% safely) there are quite a few things you can do to stay mostly out of harm’s way. Many of them are even free.
So here’s a list of the best ways to protect your email account (or accounts). Quite a few of these are best practices for Internet wide security, especially because so many security breaches start in the inbox.
1) Use secure passwords.
It’s painful to see how weak most passwords are. Don’t let yours be a pushover. A “good” password is at least 10 characters long with a mixture of upper and lowercase letters. Good passwords will also have at least one number and one special character thrown in for good measure.
2) Use SSL (Secure Sockets Layer) or TLS (Transport Layer Security).
SSL and TLS are very similar. When used for sending emails, both result in your emails being sent securely between your computer and your SMTP service. Your SMTP service should also properly encrypt emails (using the latest version of TLS) between itself and the recipient’s mail server. This step in the email delivery process requires the recipient’s mail server to support SSL/TLS. SMTP2GO always encrypts emails wherever technically possible.
3) Have good antivirus software installed on every computer.
This is one of our recommendations that will certainly help your email security, but also the security of everything else on your computer. PC Magazine has named Webroot SecureAnywhere AntiVirus, Norton AntiVirus, Kaspersky Anti-Virus and Bitdefender Antivirus Plus as their top choices for anti-virus software. You can see how these products compare in the graphic below.
4) If you have many different people sending emails in your business, create a different SMTP username for each sender.
That way, if someone’s computer gets hacked and that computer starts sending spam, then it’s easy to disable that one SMTP username without affecting any other users.
Of course, we also recommend you change the password on that infected computer and SMTP account immediately. To learn more about how to do this, see the SMTP2GO help topic on multi-users.
5) Be extremely careful about opening attachments.
If possible, scan any email with an attachment before you open it, especially if it is from someone you don’t know. Nine out of ten viruses or malware get on to computers via attachments.
6) Consider encryption (like OpenPGP) for sensitive emails.
Some of these plugins (and software) can even stop entities like the NSA. If you want to set them up, look into gpg4win (GNU privacy Guard for Windows). There’s a fairly detailed tutorial on how to set this up here.
If nothing else, break sensitive information into two or more parts, then send each part in a separate email. That at least makes it harder for unscrupulous people to get the information they need to do damage.
7) Consider multiple email accounts.
According to a Harris Interactive 2013 poll, the average Internet user has 3.1 different email accounts. That’s up from the year before, when they found the average person had 2.6 accounts.
There’s wisdom in this. It’s called not putting all your eggs in one basket. Don’t put all your emails in one inbox, either, because if that inbox gets compromised, you’re in trouble. Besides, many email services (like Gmail) will request you submit a backup email address, just in case there’s trouble with your account.
Of course, having more than one email account both helps and hurts email security. On the good side, it lets you hedge your bets, in case one account goes down. But it also creates another account, and thus another access point for trouble. Despite that conflict, I’m certainly glad I have more than one email account, both for managing all the emails I get, and because when I have had an email account hacked, it’s been a lifesaver to have a backup email account. The backup account lets me continue to get email messages and gives me a safe inbox to send the password change email to.
8) Consider not showing your email address in public places where it can be scraped.
If you have to include a working email address on a public document (like a press release), consider using a secondary email account. Using an email address tied to an account that you could do without will keep things neater later on, should that email account become compromised.
This tactic won’t work for everyone, but it should at least serve as a reminder: Keep your email address as private as possible and you’ll avoid many potential problems. An ounce of prevention is still worth a pound of cure.
It’s a good idea to Google your email address every so often, to see if it is listed on any page in the results. If your email address does show up in the results, see about getting it removed from those pages.
If you have your own domain name, consider using a private WHOIS service to hide your email address. Or, use a different email address (e.g. beginning with domain@), so you at least know where a spammer harvested your email address. If you receive spam at a domain@ email address, it gives clear evidence the person emailing you harvested your email address from your WHOIS record, and is therefore spamming you. You can then complain to the spammer’s ISP (see point 10 for how to report spam).
9) Don’t include sensitive information in your email messages.
This is known as “data leakage” among security experts, and email is one of the primary sources of it. If you have to give someone sensitive information, consider calling them. If you have to send a sensitive document, perhaps snail mail might be worth the wait. If it’s not, Google Drive is a good free service that lets people share documents. Edward Snowden recommends SpiderOak as another secure way to share documents.
10) Don’t reply to spam or phishing schemes.
Replying to spam just notifies the spammer they’ve “got a live one”. Don’t do it. Besides, more than 3% of spam carries malware. If that sounds like a paltry percentage, go look in your “bulk” email folder, aka your spam folder. You’ve probably got a couple hundred spam messages in there right now. That translates into six or more malware emails, just sitting there, waiting for you to click them.
Instead of replying to spam, follow our instructions for how to report it.
11) Be careful about public Wi-Fi.
I know, I know: You have to check your email for work. And so you have to use an airport’s public Wi-Fi, or a coffee shop’s public Wi-Fi. We all understand. But also understand that public Wi-Fi is a fantastic opportunity for hackers, and for people who aren’t even crafty enough to deserve to be called hackers.
If you just have to use that Wi-Fi network, at least verify you’re on the actual free network, not the “free” network a hacker set up to look like the coffee shop’s (or the airport’s) network. Next, make sure there’s a “https:” at the beginning of the url where you log in. If you don’t see the “s” in the “https”, or if you get a warning that there’s a problem with the security certificate, don’t use that network.
If you’re feeling really paranoid, get signed up for a VPN (virtual private network) service. Private Internet Access and Tunnel Bear are two popular choices. So is F-Secure. They’re less than $10 a month and don’t require a technical degree to use.
Do you have any other tricks to keep your email safe? Have you ever had an email account hacked? Let us know in the comments.
There’s a battle being waged just beyond your inbox. You can’t hear it, and you can rarely see it. It is a battle to the death against spam. It’s ISPs vs spammers, with some anti-spam “entities” like Spamhaus thrown in as covert forces.
You, me, and anyone who uses email to run their business sometimes gets drawn into the crossfire of these forces. And – let’s face it – a few of us might even inadvertently do spammer-like things. Sometimes, we get caught. Spam traps are one of the most common ways to get caught, and are also one of the finest tools ever created for catching spammers.
Before we get too much further, let’s give you a more specific definition of a spam trap.
A spam trap is an inactive email address set up by an ISP or an anti-spam entity for the sole purpose of receiving unrequested emails, aka spam emails.
There are several types of spam traps. Here’s how to identify them, and which list management sins can trigger them.
1) The recycled spam trap.
This is an email address that was once used in a normal way, by a real person who was getting legitimate emails. Then one day that person left – they either stopped logging into their email account or they closed the account. After an extended period of inactivity, like 18 months, their ISP (for example: Yahoo, Gmail) decided to reactivate their email address, but now as a spam trap. So if anyone mails to that email address, they’ll trigger the trap.
The recycled spam traps teach an important lesson: Clean your list regularly. “Regularly” would be at least once a year, and possibly every six months, though some email experts think cleaning lists every six months is too frequent. We’ll leave that for the experts to debate, but it’s clear that an annual purge of inactive names is a safe and recommended practice. Not only will you have gotten rid of people who have “emotionally unsubscribed”, but you’ll also keep yourself out of range of recycled spam traps.
Word to the Wise blogger and email deliverability expert Laura Atkins (https://wordtothewise.com/author/laura/) views all spam traps, and all the issues they create as merely symptoms of a mismanaged list. Her diagnosis rings true in many ways, and can easily be applied to recycled spam traps. Basically, if you’re triggering recycled spam traps, you need to clean your list, or, in the lingo of email marketers, practice better “list hygiene”.
2) The honey pot.
This is not the sort of honey pot Winnie the Pooh loves. In fact, if he were an email marketer, this honey pot would give Winnie a very sour mouthful. In this context, honey pots are email addresses that ISPs, or (more typically) anti-spam entities like SpamHaus have created expressly to trap spammers.
Honey pots are especially sticky because ISPs and anti-spam organizations don’t just create them and then wait for someone to accidentally mail to them. The ISPs and anti-spammers will actually promote honey pots, in a way almost guaranteed to trap spammers. They do this by publishing honey pot addresses on websites, and may even embed the honey pot addresses in the code of the pages (like in “alt” tags and the like). When embedded on sites, these honey pot addresses are also sometimes called “seeded addresses”.
One particular kind of honeypot spam trap is setup by Backscatterer.org, which runs an entire business out of detecting the “backscatter” spam sent to their spam traps. Your email service provider should have measures in place to prevent you from generating backscatter spam. If you’re an SMTP2GO customer, we’ve got you covered: See our setup guide for ways to correctly configure Microsoft Exchange Server and other recommended techniques to block backscatter spam from ever being sent.
Unfortunately, many email service providers do not have such measures in place, and as a result, backscatter spam is extremely common. This is mostly because the default installation of Microsoft Exchange Server (and some other MTA’s) actually allow backscatter spam to be sent.
How honeypots get on to “legitimate” email lists
After a honey pot email address is set up, it then lies in wait on a website for scraper software to “harvest” it. The scraper software scoops up the honey pot addresses, thinking they’re like any of the other hundreds of thousands of addresses they steal. The person operating the scraper software – the spammer – then inadvertently adds these stolen addresses to their spam list.
Unfortunately, the spammer may also sell these harvested email addresses (including the honey pots) to a legitimate email marketer. The spammer may have to lie and say these are double opt-in email addresses, but that’s no big stretch for a spammer. Another way a spammer’s harvested names can get on a “legitimate” email list is if a marketer uses co-registration with a shady partner, or if they do an email append with an email service that gets its names from less than trustworthy sources.
3) Malformed email addresses, aka typo domain traps.
These kinds of spam traps often catch legitimate email marketers. Malformed email addresses are any email address that’s got a misspelling in it, like email@example.com or firstname.lastname@example.org. It is quite common for these kinds of malformed addresses to get added to email lists when someone is writing out their email address on a printed form – like at a brick and mortar store – or if the email capture is not vetted by double opt-in.
To give you an idea of how many emails go out to these malformed domains, consider that one of the largest email service providers said in a blog post that they mailed “approximately one million emails to typo-squatting domains” just in November of 2011 alone. That was several years ago, and while I’d like to report that there are fewer emails going to these kinds of addresses, there aren’t.
Occasionally, someone filling out an online opt-in form will also make a typo and send an email to a spam trap. These are the least severe of all traps, as they are most often simply caused by user error. If the sender of the email is using double opt-in, this will mean they at least send only one email to the trap. But even if you’re using double opt-in, if you’ve got a high-traffic site with thousands of people typing in their email addresses, it’s bound to happen every so often.
Another variation on this problem is when people deliberately type in false email addresses – like email@example.com for example, or firstname.lastname@example.org. Occasionally, someone will type in an email that just happens to be a spam trap. Once again, if the marketer is using double opt-in, this will minimize the damage.
How to Tell If You’ve Got a Spam Trap on Your List
Most email marketers find out they’ve got a spam trap only after they see their deliverability rates tumble. But you can use tools like the Windows Smart Network Data Services, Return Path’s Sender Score tool or ProjectHoneyPot.org to see if any of these bad apples are on your list.
What happens if you do get on a spam trap?
The consequences of triggering a spam trap varies depending on which spam trap you’ve triggered and how often you’ve triggered it. In other words, mailing to a malformed email address once is bad. Mailing to a honey pot that was embedded on a website once is very bad. Mailing more than once to that honey pot is very, very bad.
One major email deliverability service reports seeing a mailer’s SenderScore drop as much as 20 points after mailing to just one spam trap one time. SenderScore is a rating of zero to 100 – anything below 90 is considered a problem, so that one email created quite a deliverability disaster. In another example of an extreme penalty of mailing to a spam trap, a sender’s inbox placement dropped below 81% (that’s how many emails they send that actually reach peoples’ inboxes).
While those kinds of consequences are severe, they’re not uncommon. Mailers who trigger spam traps often end up on one or more blacklists, and can have many other problems. In short, you don’t want to mess with spam traps. Even one or two triggered spam traps can crippled your profitability.
The Best Way to Get Out of a Spam Trap
So what happens if you find a spam trap in your list? The single best way to identify a spam trap is to look for no engagement with your email messages. Start by going back six months, and remove everyone who has never opened an email. If that seems too extreme, you could go back and remove everyone who has never clicked one of your emails in the last six months.
The next, less effective way is to remove malformed domain names. The third method would be to remove emails with job functions (known as role accounts), like email@example.com or firstname.lastname@example.org. That third method should be used only as a last-ditch effort – you will probably delete quite a few legitimate email subscribers if you purge those kinds of addresses.
How to Never Get on a Spam Trap in the First Place
Given how severe the consequences are of triggering a spam trap, what can you do to never get on one? Fortunately there are several easy, proven ways to never have to tangle with spam traps.
1) Never buy an email list.
It’s SMTP2GO’s policy to not let our users use purchased lists. We do this to protect the deliverability rates of our network for all of our customers, but also because we just don’t want you to get burned the way so many other people have with purchased lists. Note that we also do not tolerate “harvested” email lists.
2) Use double opt-in.
Double opt-in is when you send a confirmation email to a new subscriber after they’ve entered their email address in your opt-in form. The prospective subscriber has to click a link in that confirmation email in order to be subscribed.
This does create an extra step for people to get on your email list, but it is also one of the best ways to never have to worry about triggering a spam trap multiple times. Spam traps aren’t the only reason to use double opt-in though – you’ll also enjoy nearly double the open rates and click-through rates if you set up double opt-in, and you’ll get fewer unsubscribes and spam complaints. Double opt-in will cost you a few subscribers on the front end, but for long-term list engagement and profitability, it beats single opt-in hands down.
If you really must use single opt-in, at least send a welcome email to every new subscriber. If that welcome email bounces, consider removing the new subscriber.
3) Be very, very careful about which companies you pick for co-registration or email append services.
Co-registration is when you sort of piggy back on another company’s opt-in form. Typically, the prospective subscriber fills out your co-registration partner’s form, and then checks a box bear the bottom of the form that says they also want to opt into your list.
This technique used to work very well, but it’s always been a bit borderline spammy, and it’s never resulted in high-quality lists. Now that we have CASL, co-registration forms also cannot be pre-checked, so if your co-reg partner is still using pre-checked boxes (i.e., pre-checking the boxes so people are opting into your list by default), either get them to uncheck that box, or stop doing business with them.
Email append services are where you have, say, a list of 10,000 postal mailing addresses, and you want to get email addresses for those people. An email append service can do that. Once again, these tend to create poor quality email lists.
In the end, the only good way to get an email list is to build it, subscriber by subscriber. Fortunately, it’s not that hard, and can often be cheaper than trying to buy lists that end up performing poorly.
5) Practice good list hygiene.
Every six to 12 months, purge your list of anyone who has never opened or clicked one of your emails. Yes, this will reduce your list size. But it will also preserve and improve the deliverability of the names you do have, it will keep you off spam traps from recycled addresses. It will even reduce your overhead costs for your remaining names. There’s a reason list hygiene is one of the most recommended best practices – it’s worth the effort.
If you’re seeing more than 5% bounce rates after you mail to a portion of your list, then before sending any further emails we recommend cleaning your list using one of our recommended email verification services:
You may need to run your list through these services if your list is very old or out of date. Part of our terms of service – set to preserve our deliverability rates for all customers – requires that very old or out of date lists be verified.
6) Use CAPTCHA on opt-in and contact forms.
There’s no better way to ensure you’re dealing with an actual human than to add a CAPTCHA to your opt-in and (especially) to your contact forms. This will serve as another potent deterrent to keep spam trap emails off your list.
7) Use a company-wide suppression list.
Leverage other people’s work. If you’re in a company large enough to have multiple email lists, pool your resources and create a list of addresses no one in your company should mail to. This isn’t a foolproof way to steer clear of spam traps, but it definitely helps the cause.
Fortunately for you, SMTP2GO maintains a large list of known spam trap domains, and we block any attempts to send emails to those domains. This protects both your reputation and ours. It also instantly notifies you about potential problems with your list, or with a compromised computer within your network.
Got $1-10 million dollars to lose? No? Then it’s time to get onboard with the new Canadian Anti-Spam Law. CASL went into effect on July 1st of this year, and while we’ve all got three years before the multi-million dollar penalties start showing up, it’s definitely time to get CASL compliant.
Before we get too far into the details of international law, please note that we are not lawyers. You should seek a competent attorney to decide exactly what is or is not right for your business.
While we aren’t lawyers, we are in the email industry, and so we’ve done a lot of research on what CASL says and what it might mean going forward. The good news is that it’s always better to respect subscribers’ preferences and to preserve the quality of your list. CASL will definitely make us do that. The bad news is some tried and true email marketing techniques are about to be history.
In an effort to lighten up what might otherwise be a somewhat dry topic, we’ve elected to explain CASL with the help of some kittens. Hopefully adding a little fur and cuteness will make spam compliance just a little more interesting. We considered the Mole Rats Guide to CASL, but mole rats aren’t nearly as viral.
8 essential things to understand about the Canadian Anti-Spam Law
1) There is a 3-year transitional period that started on July 1st. After that, any Canadian can sue any person or company they believe has sent them a message in violation of CASL.
2) CASL fines are the most expensive in the world. Corporations who violate CASL can be fined up to $10 million dollars PER MESSAGE. Individuals who violate CASL can be fined up to $1 million dollars PER MESSAGE.
3) Not all businesses have to follow CASL, but if you can answer yes to any of the questions below then you do.
4) CASL does not apply to communications from
• political organizations
• family members
• people associated with your business (like vendors)
• people you have an “established personal relationship” with
• business or personal referrals
• people who have contacted your business within the last 6 months
5) CASL applies only to commercial digital communications, aka “Commercial Electronic Messages” (CEM), like:
• text messages
• some social media communications
• any other message sent to an email address, phone number or a social media account
To be defined as commercial, the message must promote commercial activity or encourage the recipient to participate in promoting something commercial (like a Facebook contest, or writing a product review).
6) Some types of digital communication are exempt, including:
• anything related to a purchase – shipping updates, receipts or return information
• warranty or recall messages
• any communication for legal purposes (court orders, class-action suit messages)
7) CASL is hinged on the concept of consent, namely “express consent” and “implied consent”. Express consent is when someone voluntarily opts into a compliant opt-in form. Opt-in forms with pre-checked boxes are NOT compliant.
Once you’ve got express consent, you never have to ask for it again (unless the subscriber opts out).
The second type of consent is implied. You have the implied consent of an individual if they’ve done business with you in the last 24 months.
Just so you’re 100% clear on implied versus express consent, here’s part of an infographic from the CASL site.
8) You need a record of consent.
Anyone using double opt-in (aka confirmed opt-in) will already have a record of consent. But if you’re buying or renting lists, you’ll want to see the records of consent before you mail. You need to know when people signed up, how they signed up, and preferably which IP address they signed up from.
6 major implications of CASL
1) Co-registration companies and co-reg forms will see fewer opt-ins, now that they can’t use pre-checked forms.
This is not a huge loss (unless you’re a co-registration company). Using pre-checked forms has always resulted in poor-quality lists, so while the CASL compliant lists will be much smaller, they’ll be of better quality. This might end up being a good thing in the end.
2) Buying a list will become even less of a good idea.
With multi-million dollar penalties in play, you’d better trust your list broker. Or better yet, just let this bad email marketing practice go entirely (we have – purchased lists can’t be used with SMTP2GO). Besides, it’s not that hard to build a list.
3) Remarketing and shopping cart abandonment emails will have to stop – unless the recipient has opted into the company’s list with a valid opt-in form.
Again, if they haven’t signed up specifically for your list, don’t send them email. Having them be signed up for someone else’s email list (in this case, the remarketing company’s list) is not good enough.
4) Send to a friend emails will have to go away.
Send to a friend emails, (also called referral emails), are when someone likes an article, product, or anything else enough to tell someone about it via email. So they click the “email to a friend” link on that page, fill out their email and their “friend’s” email, maybe include a message and then send their friend a link to that page.
The problem is, the friend never said they wanted to get emails from that company. So that email, though well-intentioned, is unsolicited.
5) Single, or unconfirmed opt-in is riskier.
Now that we have to be able to prove when and how someone signed up for a list, not having people confirm their email addresses creates a problem. What if the single opt-in people on your list didn’t actually signup? What if someone else used their email address to “get them”… the same way some people used to ponder signing their enemies up for magazines with all those mail-in postcards?
6) Companies can no longer send gifts to customers who have complained online.
Here’s the scenario: A customer has a rotten experience with a company. They complain about it via Twitter. In the past, the company might send them a coupon or offer some other freebie to try to make up for the bad experience. But according to CASL, that’s not OK – a customer’s complaining about a company online does not constitute opting into their list. The company’s tweet is also promotional, in that it urges the complaining customers into buying again, and so the tweet, though well intentioned, is not OK.
Companies can reply to complaining customers, but only to ask them to contact customer service. If the customer chooses to follow through and contact customer service, then it is okay for the company to offer the coupon.
Those are the must-know facts and possible effects of CASL. Have you made any changes to your email marketing yet? Let us know in the comments.
This month’s SMTP2GO updates include a range of stability and bug fixes. We have also implemented some delivery improvements.
- Adjustments are continually made to our hard/soft bounce classification system, to ensure that it stays as accurate as possible. We have added and classified a significant number of known responses given by recipient mail servers.
- Email quota alerts are now sent to all account types. Previously, only paid accounts would receive notification when they reached 80%, 90% and 100% of their quota. Free accounts now receive the same information.
- Quota alert messages have added information to make them even more useful. Notifications now include the date and time the account email quota will be reset.
- An issue where reports downloaded from the SMTP2GO dashboard in CSV format were corrupted has been resolved.
- A small fix was applied to make bounce and spam lists downloading more efficient.
In other exciting news, the member dashboard is being completely redesigned. The new design will make managing SMTP2GO accounts more streamlined. The new design is currently being developed and tested and should be released to members soon.
Though it may not be a layman’s term, everyone who has an active email account has probably received transactional email at some point. Transactional email refers to an email generated by some action involving the user; it does not necessarily refer to any sort of financial transaction. This could include an action directly on the part of the user, an action targeting the user, or sometimes even a lack of action by the user. Below are a few examples of transactional email instances.
Direct User Action
The most common example of this type of transactional email is the email delivered when a user signs up for an account on a website. In this case, the “transaction” is the act of the user signing up for the site. The welcome email is sent as a result of this transaction.
A sample transactional welcome email.
Actions Targeting Users
These types of transactional emails are sent when the user receives, for example, a comment on a social networking site. An automated email is sent to the user to notify him or her that the comment has been posted. This is not a direct user action; rather, someone else’s action is the trigger. (Note: Gmail will generally place these emails in the “Social” tab of the updated inbox.)
Sample passive user-action transactional emails.
Examples of transactional emails received due to user inaction are the “Come back/We miss you” emails sent as part of email win-back campaigns. The user in this case has subscribed to a mailing list, but has either not responded in some time to any emails sent, or has never responded at all.
Other Examples and Synonyms
As previously stated, transactional email refers to essentially all triggered and automated emails to users who have subscribed to services or mailing lists on a website. Other commonly encountered examples of transactional emails include:
- Password resets
- Support ticket requests
- Email confirmations
- Online purchase receipts
- Weekly activity manifests
Transactional emails can also be referred to as “triggered,” “automated/automatic,” and “real-time.” These all mean essentially the same thing; the different terms are simply used by different companies according to their needs and the services they provide.