Marketing’s Weekly Dose of the Truth

Ken Magill

About Us

Shocker! DMA Was Blacklisted by Spamhaus

2/28/12

By Ken Magill

The Direct Marketing Association was blacklisted by Spamhaus and other anti-spam blacklist operators multiple times during the last six months, according to an internal DMA document marked “confidential” obtained from a reliable source by The Magill Report.

However, the DMA claims to have only been blocklisted once in November.

Spamhaus maintains a list of IP addresses it deems as sources of spam. Many email administrators and major inbox providers use Spamhaus as at least part of their formula for filtering spam. A listing on Spamhaus can cause serious delivery troubles.

The DMA was also listed by anti-spam concerns Cloudmark and Spam and Open Relay Blocking System, or SORBS, according to the document.

The DMA was blacklisted in August and multiple times in November, the document said.

According to Debbie Sharken, senior vice president, chief marketing officer for the DMA, the document obtained by The Magill Report was part of a preliminary investigation requested by her and has since been determined to contain some inaccuracies.

For example, Sharken said she has been with the DMA since May and she does not recall the organization having issues with Spamhaus in August.

She said the DMA was blacklisted by Spamhaus in November and experienced delivery issues for about a week until the situation was resolved.

“We quickly worked with Yesmail, our email service provider, to rectify the situation,” she said. “Once it was rectified with Spamhaus, we continued to work with Yesmail for about another month to make sure we were in compliance with anything and everything moving forward so we would not have this issue come up again.”

And though the DMA’s spamming issues have apparently since been resolved, the document indicates some pretty sloppy list-hygiene practices—at least prior to August.

For example, executives at Yesmail—the DMA’s email service provider were told by the postmaster at Cloudmark that the DMA hit 44 spam traps on August 4, the document said.

Moreover, DMA email was generating a lot of spam complaints and even hit some honey pot addresses, according to Cloudmark, the document said.

Honey pot spam traps are email addresses that have never been signed up for anything. They are published on the Internet solely to catch spammers.

The only way to hit a honey pot address is to either scrape addresses off the Internet or accept addresses from a source that has scraped addresses.

Sharken said the DMA neither harvests nor buys email addresses.

“We don’t scrape addresses at all,” she said. “I can say with confidence we do not buy email addresses. We’ll rent a list [to be contacted by the list owner on the DMA’s behalf] but no email, unless someone has raised their hand, comes into our database. There is no scraping. There is no buying email addresses. … Unless that person has responded to something and input their user ID and email into our database there is no other way to get into the DMA marketing database.”

Sharken said the DMA’s Spamhaus problems may have been the result of hitting large numbers of laid-off workers’ dormant email addresses.

She did not deny the possibility that the DMA hit spam traps.

Steve Linford, executive director at Spamhaus, confirmed the DMA had been blacklisted.

“Yes it's true,” Linford wrote in an email exchange with The Magill Report. “But we did not know the spammer was the DMA, all we were seeing was a lot of spam to our spamtraps coming from Yesmail IPs. We had no idea that the Yesmail customer sending the spam was the DMA. We only found that out later after the spamming was stopped and the issue closed.”

Generally, when an organization is placed on a spam blacklist—or blocklist, as their operators prefer them to be called—the only way to get delisted is to identify the problem and explain to the blacklist operator what is being done to correct it.

In order to fix the DMA’s blacklisting troubles, Yesmail took a number of steps and outlined them in the document obtained by The Magill Report.

For example, Yesmail created a 25,000-address subset of the DMA’s database that had neither opened nor clicked on a message in the 18 months the DMA had at the time been a Yesmail client, and turned them into a suppression file, according to the document.

As a result, the DMA’s daily news round-up email, 3D, dropped in circulation from 16,500 recipients to 14,600, the document said.

Yesmail then further trimmed the 3D list to include only those who had opened or clicked in the previous six months, dropping its circulation to just under 11,000, according to the document.

The document said the cuts did not significantly change the number of opens and clicks 3D was generating, indicating that even the 6,500 additional recipients being suppressed weren’t regular readers.

Yesmail also moved the DMA’s email from four dedicated IPs to shared IPs, according to the document.

Mailers with good reputations prefer having their own IPs because they don’t want to risk having their reputations damaged by other, possibly sloppier, marketers mailing off the same IP.

However, email service providers have been known to place mailers with less-than-stellar reputations on the same IPs as mailers with good reputations so the sloppy mailers can benefit from a halo effect generated by the careful ones.

It is not clear that the halo effect was Yesmail’s goal in moving the DMA off four dedicated IPs to shared IPs.

The DMA is now back on its own dedicated IPs, according to Sharken.

When contacted for comment, Yesmail released the following statement: “Yesmail Interactive is working closely with DMA on improving their data intake and collection practices and procedures to resolve any existing/future blacklisting issues. 

“DMA’s current IPs and Domains with Yesmail Interactive are inboxing at a rate of 94.5 percent across the top American ISPs, which resemble a strong sending reputation. In fact, this is 12.4 percent higher than the industry benchmark as published by Return Path.”

Comments

Show: Newest | Oldest

Post a Comment
Your Name:
Subject:
Comments:
Verification:
Please type the letters in the image above

Terms: Feel free to be as big a jerk as you want, but don't attack anyone other than me personally. And don't criticize people or companies other than me anonymously. Got something crappy to say? Say it under your real name. Anonymous potshots and personal attacks aimed at me, however, are fine.

Posted by: Marge Walsh
Date: 2012-07-24 20:45:06
Subject: DMA span attack

I had almost no spam or junk email thanks to my Optonline.net email account and my McAfee Internet Security. Then I made the MISTAKE of registering with the DMA opt-out for spam! Now, every day I get numerous - probably a dozen or so - of span and junk email. My son thought I had fallen for a trick site, but I went back and referenced my confirmation at DMA. The perfect scam - pretend to protect me and instead sell me down the river. Thanks DMA - some corporate integrity!
Posted by: Andrew Stephens
Date: 2012-04-21 10:56:57
Subject: RE: Double Opt-In

James, I concur that the DMA did not show good list engagement and hygiene efforts and definitely should have re-confirmed the recipients' desire to receive their communication. What I DO NOT concur with is that the action of mailing to an old subscriber list makes you a 'spammer'. Permission sets the standard as far as I know. While I agree that he reaction of a recipient sets the most significant standard, Spamhaus (for one) does not consider the recipient in their DNSBL listings and act as a third-party 'bouncer' of sorts. So, the DMA was genuinely over-scrutinized and that is more than likely a result of Spamhaus' disagreement with the Can-Spam Act (strongly supported by the DMA). This is just another case of Spamhaus grasping for media off the backs of hard-working Americans.
Posted by: James
Date: 2012-02-29 12:27:40
Subject: Double Opt-In

Andrew, I think the bigger question is what are the list hygiene practices being used to begin with. While you're correct about injecting Honeypots into single opt-in subscription forms, I would contend that continuing to send email to addresses that you've had absolutely no response from in 18 months (not even an open) shows poor list management practices by the DMA. It's even possible that those emails may have been unresponsive for much longer than that - that's just the period of time that YesMail has been working with the DMA. There certainly are options: you could choose to perform a campaign to those emails to reconfirm their subscription after a certain period of time, you could move to a double opt-in model to make certain that the requestor intended to subscribe, you could even (as YesMail did after the fact) purge your list after a certain period of time of addresses that are totally unresponsive. Seth Godin (whom the DMA has had as a keynote speaker in the past) has been a pioneer in the area of permission based marketing. Perhaps the DMA could use some advice from him on what that term actually means.
Posted by: Tom
Date: 2012-02-29 11:53:26
Subject: List Rentals

The list maintainer is responsible for ensuring that permission is properly obtained, _including_ the permission to allow third parties to email to that address if that is the intended purpose of the list. The advertiser is responsible for ensuring that the company that they entrust these mailings with has done this before the mailings go out. The problem is, the advertiser cannot be 100% sure of this, so there is unquestionably some risk involved. The advertiser will be tied to the mailing, usually through links to the advertiser's website. If the list maintainer did not properly obtain permission to use addresses on the list for third party mailings, the emails can be reported as spam--including reports to the hosts of websites linked in the mailing. Many webhosts will terminate service to sites advertised through unsolicited email. Spamcop will parse spam reports for links and report those, in addition to the actual email source. If you are an advertiser using a list rental service to advertise, you are responsible for determining whether the service has a good enough reputation to stake your website hosting on.
Posted by: Andrew Stephens
Date: 2012-02-29 11:32:47
Subject: Tom - I agree

I agree with you Tom, but I guess my disconnect is who is liable for the mailer to use best practices in their own efforts. If they are spamming, they should never be a client again...but how does that make it my fault for leasing my hard-earned leads to try to get some of the list building capital back?
Posted by: Tom
Date: 2012-02-29 10:16:54
Subject: List Rentals

Andrew, the problem with list rentals is that you (as the sender) are trusting the renter that they have done the proper confirmation process to ensure that they have permission of the receiver to receive emails from you. While it is possible that they have done so, you take a risk that they have not, and there have been so many examples of these "third party" senders being careless or outright spammy in their list building practices that if I were doing a large mailing, I would rather do the list building myself.
Posted by: Andrew Stephens
Date: 2012-02-29 08:57:34
Subject: Honeypots are injected

There is a bit of untruth in this statement, " 'Honey pot spam traps are email addresses that have never been signed up for anything.' As you can see at ProjectHoneypot.org...I can get a bunch of Honeypots and easily go injected them into single opt-in subscription forms. Does that mean that single opt-in is NOT permission from the subscriber. Well it is if someone isn't being dishonest, be that a spammer or...yes, even a spam-fighter.
Posted by: Andrew Stephens
Date: 2012-02-29 08:52:16
Subject: Actually Tom, you are wrong

Actually Tom, according to Nanae regulars as well as many industry professionals, it is perfectly ok to lease your subscriber database to a third-party if you are keeping the data within that database confidential. This is called co-registration or "Recommendations" marketing and permission is secured by the list builder...not the list user in this case. No one but the recipient has the right to tell that recipient the extent their permission is allowed to go. If they give permission for third-party communication...it is their right to give that permission away.
Posted by: Tom
Date: 2012-02-29 07:10:48
Subject: They don't get it.

"I can say with confidence we do not buy email addresses. We’ll rent a list [to be contacted by the list owner on the DMA’s behalf] but no email, unless someone has raised their hand, comes into our database." The issue of whether or not you actually see the email address you are sending to has nothing to do with whether you are a spammer or not; just whether you have permission from the user of that address. In fact, renting a list in this manner makes it harder to know if you are sending to people who have given you permission precisely because you don't see the addresses. Any sender who does this takes a large risk because you are trusting a third party to manage your confirmations rather than doing it yourself.
Posted by: Chris Haskett
Date: 2012-02-29 06:52:08
Subject: Shocker! DMA Was Blacklisted by Spamhaus

I think I'll send the DMA the bill for replacing my irony meter.
Posted by: Deb G.
Date: 2012-02-28 18:22:15
Subject:

This kills me!

Xverify