Got $1-10 million dollars to lose? No? Then it’s time to get onboard with the new Canadian Anti-Spam Law. CASL went into effect on July 1st of this year, and while we’ve all got three years before the multi-million dollar penalties start showing up, it’s definitely time to get CASL compliant.
Before we get too far into the details of international law, please note that we are not lawyers. You should seek a competent attorney to decide exactly what is or is not right for your business.
While we aren’t lawyers, we are in the email industry, and so we’ve done a lot of research on what CASL says and what it might mean going forward. The good news is that it’s always better to respect subscribers’ preferences and to preserve the quality of your list. CASL will definitely make us do that. The bad news is some tried and true email marketing techniques are about to be history.
In an effort to lighten up what might otherwise be a somewhat dry topic, we’ve elected to explain CASL with the help of some kittens. Hopefully adding a little fur and cuteness will make spam compliance just a little more interesting. We considered the Mole Rats Guide to CASL, but mole rats aren’t nearly as viral.
8 essential things to understand about the Canadian Anti-Spam Law
1) There is a 3-year transitional period that started on July 1st. After that, any Canadian can sue any person or company they believe has sent them a message in violation of CASL.
2) CASL fines are the most expensive in the world. Corporations who violate CASL can be fined up to $10 million dollars PER MESSAGE. Individuals who violate CASL can be fined up to $1 million dollars PER MESSAGE.
3) Not all businesses have to follow CASL, but if you can answer yes to any of the questions below then you do.
4) CASL does not apply to communications from
• political organizations
• family members
• people associated with your business (like vendors)
• people you have an “established personal relationship” with
• business or personal referrals
• people who have contacted your business within the last 6 months
5) CASL applies only to commercial digital communications, aka “Commercial Electronic Messages” (CEM), like:
• text messages
• some social media communications
• any other message sent to an email address, phone number or a social media account
To be defined as commercial, the message must promote commercial activity or encourage the recipient to participate in promoting something commercial (like a Facebook contest, or writing a product review).
6) Some types of digital communication are exempt, including:
• anything related to a purchase – shipping updates, receipts or return information
• warranty or recall messages
• any communication for legal purposes (court orders, class-action suit messages)
7) CASL is hinged on the concept of consent, namely “express consent” and “implied consent”. Express consent is when someone voluntarily opts into a compliant opt-in form. Opt-in forms with pre-checked boxes are NOT compliant.
Once you’ve got express consent, you never have to ask for it again (unless the subscriber opts out).
The second type of consent is implied. You have the implied consent of an individual if they’ve done business with you in the last 24 months.
Just so you’re 100% clear on implied versus express consent, here’s part of an infographic from the CASL site.
8) You need a record of consent.
Anyone using double opt-in (aka confirmed opt-in) will already have a record of consent. But if you’re buying or renting lists, you’ll want to see the records of consent before you mail. You need to know when people signed up, how they signed up, and preferably which IP address they signed up from.
6 major implications of CASL
1) Co-registration companies and co-reg forms will see fewer opt-ins, now that they can’t use pre-checked forms.
This is not a huge loss (unless you’re a co-registration company). Using pre-checked forms has always resulted in poor-quality lists, so while the CASL compliant lists will be much smaller, they’ll be of better quality. This might end up being a good thing in the end.
2) Buying a list will become even less of a good idea.
With multi-million dollar penalties in play, you’d better trust your list broker. Or better yet, just let this bad email marketing practice go entirely (we have – purchased lists can’t be used with SMTP2GO). Besides, it’s not that hard to build a list.
3) Remarketing and shopping cart abandonment emails will have to stop – unless the recipient has opted into the company’s list with a valid opt-in form.
Again, if they haven’t signed up specifically for your list, don’t send them email. Having them be signed up for someone else’s email list (in this case, the remarketing company’s list) is not good enough.
4) Send to a friend emails will have to go away.
Send to a friend emails, (also called referral emails), are when someone likes an article, product, or anything else enough to tell someone about it via email. So they click the “email to a friend” link on that page, fill out their email and their “friend’s” email, maybe include a message and then send their friend a link to that page.
The problem is, the friend never said they wanted to get emails from that company. So that email, though well-intentioned, is unsolicited.
5) Single, or unconfirmed opt-in is riskier.
Now that we have to be able to prove when and how someone signed up for a list, not having people confirm their email addresses creates a problem. What if the single opt-in people on your list didn’t actually signup? What if someone else used their email address to “get them”… the same way some people used to ponder signing their enemies up for magazines with all those mail-in postcards?
6) Companies can no longer send gifts to customers who have complained online.
Here’s the scenario: A customer has a rotten experience with a company. They complain about it via Twitter. In the past, the company might send them a coupon or offer some other freebie to try to make up for the bad experience. But according to CASL, that’s not OK – a customer’s complaining about a company online does not constitute opting into their list. The company’s tweet is also promotional, in that it urges the complaining customers into buying again, and so the tweet, though well intentioned, is not OK.
Companies can reply to complaining customers, but only to ask them to contact customer service. If the customer chooses to follow through and contact customer service, then it is okay for the company to offer the coupon.
Those are the must-know facts and possible effects of CASL. Have you made any changes to your email marketing yet? Let us know in the comments.
This month’s SMTP2GO updates include a range of stability and bug fixes. We have also implemented some delivery improvements.
- Adjustments are continually made to our hard/soft bounce classification system, to ensure that it stays as accurate as possible. We have added and classified a significant number of known responses given by recipient mail servers.
- Email quota alerts are now sent to all account types. Previously, only paid accounts would receive notification when they reached 80%, 90% and 100% of their quota. Free accounts now receive the same information.
- Quota alert messages have added information to make them even more useful. Notifications now include the date and time the account email quota will be reset.
- An issue where reports downloaded from the SMTP2GO dashboard in CSV format were corrupted has been resolved.
- A small fix was applied to make bounce and spam lists downloading more efficient.
In other exciting news, the member dashboard is being completely redesigned. The new design will make managing SMTP2GO accounts more streamlined. The new design is currently being developed and tested and should be released to members soon.
Though it may not be a layman’s term, everyone who has an active email account has probably received transactional email at some point. Transactional email refers to an email generated by some action involving the user; it does not necessarily refer to any sort of financial transaction. This could include an action directly on the part of the user, an action targeting the user, or sometimes even a lack of action by the user. Below are a few examples of transactional email instances.
Direct User Action
The most common example of this type of transactional email is the email delivered when a user signs up for an account on a website. In this case, the “transaction” is the act of the user signing up for the site. The welcome email is sent as a result of this transaction.
A sample transactional welcome email.
Actions Targeting Users
These types of transactional emails are sent when the user receives, for example, a comment on a social networking site. An automated email is sent to the user to notify him or her that the comment has been posted. This is not a direct user action; rather, someone else’s action is the trigger. (Note: Gmail will generally place these emails in the “Social” tab of the updated inbox.)
Sample passive user-action transactional emails.
Examples of transactional emails received due to user inaction are the “Come back/We miss you” emails sent as part of email win-back campaigns. The user in this case has subscribed to a mailing list, but has either not responded in some time to any emails sent, or has never responded at all.
Other Examples and Synonyms
As previously stated, transactional email refers to essentially all triggered and automated emails to users who have subscribed to services or mailing lists on a website. Other commonly encountered examples of transactional emails include:
- Password resets
- Support ticket requests
- Email confirmations
- Online purchase receipts
- Weekly activity manifests
Transactional emails can also be referred to as “triggered,” “automated/automatic,” and “real-time.” These all mean essentially the same thing; the different terms are simply used by different companies according to their needs and the services they provide.
SMTP2GO is attending HostingCon 2014 at Miami Beach, Florida.
If you’re also there, and are thinking you might like to partner with an SMTP provider (or just want to say hi!) let us know.
Lukas has flown in from New Zealand, and Rocky has flown in from Texas.
Get in touch by messaging the team via Skype (lukaswilliams).
SMTP2GO’s latest release brings several bug fixes, updates and some useful new features.
- Optional sending rate limits have been introduced and can be set globally for all SMTP users in an account or applied on a per user basis. To apply a limit to all SMTP users in an account, log in to your SMTP2GO dashboard, click “Settings” then “Authentication”. Near the base of the page on the right hand side, there is a toggle labelled “Custom rate limit”. From here, set the limit or volume of messages followed by the time period in which those messages can be sent. For example, you may wish to limit a user to only sending 50 emails per day or 200 per month.
Once this is turned on, you can set the limit and the time period. To apply limits to individual users, log in to your SMTP2GO dashboard, click “Settings” then “Authentication” and edit a user. The last option in the list is labelled “Custom rate limit”.
Turn on the “Custom rate limit” toggle and select the limit or volume of messages followed by the time period in which those messages can be sent.
- If you are subscribed to one of our high volume plans, you can now view your dedicated IP address. It can be found by choosing “Settings” then “Authentication” when logged in to the SMTP2GO dashboard.
In recent weeks, Yahoo and AOL have made changes to their respective DMARC policies, and it is likely that other ISPs will follow suit in the near future. This guide will attempt to answer any questions you may have about the changes, and provide insight on updating your outbound email strategy according to the new policies.
What is a DMARC policy?
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. DMARC allows the owner of a domain to publish DNS records that indicate to recipient domains what should be done with messages that do not authenticate. In the words of John Levine, an author and consultant who has spent considerable time crafting DMARC standards:
“DMARC lets a domain owner make assertions about mail that has their domain in the address on the
From: line. It lets the owner assert that mail will have a DKIM signature with the same domain, or an envelope return (bounce) address in the same domain that will pass SPF validation. The domain owner can also offer policy advice about what to do with mail that doesn’t have matching DKIM or SPF, ranging from nothing to reject the mail in the SMTP session. The assertions are in the DNS, in a TXT record at _dmarc.domain.”
Yahoo’s updated DMARC record; the “p=reject” segment indicates that the DMARC policy will reject and block messages from improperly authenticated or unauthenticated senders.
The Wikipedia article on DMARC policy also states the following:
“DMARC requires that a message not only pass DKIM or SPF validation, but that it also pass alignment. For SPF, the message must PASS the SPF check, and the domain in the
From: header must match the domain used to validate SPF (must exactly match for strict alignment, or must be a sub-domain for relaxed alignment). For DKIM, the message must be validly signed and the d= domain of the valid signature must align with the domain in the
From: header (must exactly match for strict alignment, or must be a sub-domain for relaxed alignment). Under DMARC a message can fail even if it passes SPF or DKIM, but fails alignment.”
What changes have been made?
Due to recent increases in security issues, AOL and Yahoo have both decided to require strict alignment between the
From: header address and domain authentication. Email spoofing will no longer be permitted, and its use will result in the sender’s emails being blocked.
How will the new DMARC policies affect sending?
The only senders who will be affected by this change are those who use Yahoo or AOL email addresses in their
From: headers and do not send directly through their respective SMTP servers.
Note: Yahoo’s DMARC update affects only @yahoo.com email addresses; @ymail.com and @rocketmail.com addresses are currently unaffected. In addition, many regional Yahoo servers are unaffected (e.g. yahoo.co.jp).
What can be done to resolve the issues?
At this point in time, we strongly recommend that affected clients consider switching to their own domain for outgoing email traffic. Switching to another free email provider such as Gmail or Hotmail will provide a temporary solution to the problem, but it is only a matter of time before other providers follow in the footsteps of Yahoo and AOL. Security breaches are becoming more and more widespread, so it only makes sense that more email providers will take precautions to protect their users. A custom domain will prevent future deliverability issues from cropping up when ISPs change their policies according to security needs.
If you need assistance setting up a new domain or email addresses, please feel free to contact technical support.
When first sending emails out on a brand new dedicated IP address or range of IP addresses, it is important to keep in mind best email practices in order to keep your emails out of your recipients’ spam folders, even if you are simply switching email service providers. A brand new IP address will not have any sort of mailing history, so there is no way for ISPs to tell whether a new stream of email traffic is legitimate, or perhaps due to a mail system being compromised. The following guidelines will provide some insight on bolstering the reputation of your IP address (with some SMTP2GO-specific advice included).
Gradually Increasing Sent Mail Volume
Once you’ve checked your SPF record, and considered setting up a custom DKIM signature, you will need to gradually ramp up the number of emails you send out in order to avoid the risk of being blocked.
SMTP2GO pre-warms up dedicated IP addresses to a certain extent. However, if you suddenly send out 100,000 emails from a brand new SMTP2GO high volume (dedicated IP address) account, some ISPs may assume that your mail system has been compromised, and the emails will be blocked. Most ISPs have fail-safes in place that identify mass mailings from unknown IP addresses as spam.
In order to prevent your emails from being flagged, you will need to gradually increase your outbound traffic so as not to trigger the fail-safes. This is a simpler task if you are just starting a new campaign with a relatively small number of contacts, but rather more daunting if you’ve already established many business relationships and have just switched to SMTP2GO. In either case, the solution is similar; the only major difference lies in the numbers.
To ramp up outbound email traffic at an appropriate rate, make an estimate of the number of emails you plan to send out monthly, and then divide that number by 30. (Example: if you plan to send out 100,000 emails in your first month, divide 100,000 by 30, and send out around 3,000 to 4,000 per day, as a rough guide.) This is a slow process, but a steady stream of outbound emails gives a recipient ISP time to properly test the quality and nature of your email traffic, and build up a secret reputation figure for your IP address. Content and domain reputation is also very important, and this is likely to be built up at the same time as your IP reputation.
Alternatively, if you are already sending out a very large number of emails per month and are simply switching to SMTP2GO, you may not want to wait a full month to be able to send out your desired quantity of emails. In this case, it may be better to spend a month phasing your emails from the old ESP to SMTP2GO (thereby warming up the new IP in the process).
One final point that seems obvious but bears repeating is that your results should be monitored constantly. Any spam complaints from your emails can be seen in your SMTP2GO control panel, so you can find out immediately if your recipients are clicking on the ‘Spam’ button for your email in Hotmail, Yahoo, AOL and others. You can also easily see your bounce rate. A high bounce rate can indicate problems with your mailing list, which can lead to bigger problems in the future.
Also worth noting is the fact that Return Path provides a way to view your exact inbox placement rate with most major ISP’s, however to view those statistics you do need to become Return Path certified (which we can help with), and it does cost several thousands of dollars in most cases. A more DIY approach is to create an email address at the major email providers (Gmail, Yahoo, AOL, Outlook/Hotmail) and be sure to always include them in each of your mailings. You can then periodically check them to see if your emails are being placed into the inbox of spam folder in each case.
To get a good overall idea of your current IP address’ reputation, visit SenderScore.org (which is operated by Return Path) and search for your IP address. You’ll see a variety of statistics to accurately measure your current standing. The reading from SenderScore will look something like this:
Warming up your new IP address has a bit of a learning curve, but if you follow the steps provided, you have a much higher chance of successfully getting your messages to the contacts you need to reach.
SMTP2GO’s newest release brings general enhancements and updates to improve the user experience.
- If you joined or upgraded your SMTP2GO account after June 2013 (and are therefore paying via our new payment processor called Fastspring) you now have the ability to purchase blocks of extra emails. You can do this to temporarily increase your email quota instead of upgrading to a higher plan.
- The account reputation percentage calculation has now been adjusted to more accurately reflect account behavior. Bounce and spam rate calculations are now more closely aligned with our recommended bounce and spam rates before the reputation percentage is lowered. This will also help to increase account reputation more quickly after a temporary sending issue has been resolved.
- Adjustments are continually made to our hard/soft bounce classification system, to ensure that it stays as accurate as possible. Simply checking the SMTP response code (e.g. 421, 450, 551, etc.) does not give a reliable indicator of whether a bounce is hard or soft, as a certain percentage of recipient mail servers (including some very big email providers) do not respond with sensible or relevant response codes. The only reliable way (what we do!) to determine if a bounce is hard or soft is to maintain a large database of known responses given by recipient mail servers, which have been properly classified.
- Your local currency is now selected by default when subscribing to a new SMTP2GO plan. US dollars can still be selected as an option.
- The Terms of Service Agreement has been updated to include restrictions on the use of SMTP2GO to handle ‘auto-forwarded’ messages. More information is available here.
We’re continuing to grow, and have been awarded a place in Deloitte’s 2013 Technology Fast 500 list for Asia Pacific for the 2nd consecutive year. Deloitte ranked SMTP2GO the 461st fastest-growing company in Asia Pacific for 2013. Winners for 2013 were selected based on the highest percentage of revenue growth from 2011 to 2013.
We’re aiming for 3 years in a row, so look out for us in 2014!
About Deloitte Technology Fast 500:
The Deloitte Technology Fast 500 is the pre-eminent technology awards program in Asia Pacific with 2013 being its 12th anniversary. Combining technological innovation, entrepreneurship and rapid growth, Fast 500 companies large, small, public, and private are on the cutting edge and are transforming the way we do business. The top 500 companies averaged a revenue growth of 356%, staggering by any measure, though this figure is down from last year’s average growth of 467%.
Emails sent to mail.ru email addresses can occasionally be blocked. Mail.ru provides a solution to this issue by allowing domains to be added to their list of approved senders. Adding these domains requires proof of ownership. This also applies to other domains controlled by mail.ru such as bk.ru and list.ru.
To do this, create a free mail.ru account. It is not advised that existing mail accounts, such as Gmail or Yahoo, are used to log in to this service.
Once the account has been created, go to the mail.ru postmaster page and enter your domain name. Note: the screenshots below may appear different when you view the site.
There will be three options for verifying and proving ownership of the domain. Choose one option and follow the instructions provided.