e-commerce deliverability white paper

Identifying and managing domain-specific deliverability

June 2006

An Experian CheetahMail white paper

© 2008 Experian CheetahMail, Inc. All rights reserved.

By navigating the rules of each web domain, marketers can ensure that their email successfully reaches the inboxes of their subscribers

Overview

OverviewUnfortunately, the English language does not have a plural use of the term ‘deliverability’. It would be helpful if we did, since the topic of managing deliverability is not a singular use term, but rather one that applies to hundreds of specific domains who each receive email via different filtering methodologies. This whitepaper describes and advises emailers with some of the specific filtering attributes implemented by the largest email receivers in the world and how to help ensure delivery to those receivers.

In recent years, we have witnessed a renaissance of communications and developments between legitimate email senders and email receivers, of which CheetahMail has been a leading participant. One of the most recognizable outcomes of these discussions is the availability of the junk mail/abuse feedback loop (FBL), which is a direct data feed from the receiver to the sender of recipients who have pressed the ‘junk’ or ‘spam’ button. While each receiver’s implementation of the FBL is slightly different (and there is a pending Internet standard to homogenise these approaches), the bottom line is that senders who receive this data are now in a position to finely tune their email delivery campaigns to ensure that messaging does not exceed acceptable abuse thresholds with these receivers. As we progress through this paper, CheetahMail will list some of the benchmarks and acceptable use metrics senders can use to help manage this new data resource.

Two other recent developments in the war against spam are the use of Bayesian filters and the use of third party accreditation services. A Bayesian filter is a machine-learning technique that continuously imports message types and content into a filter and refines rules based on observable behavior of email users such as abuse complaint feedback. Receivers such as MSN/Hotmail have spent tremendous amounts of time and effort building Bayesian filters and are continuously adding filtering rule emphasis to it versus other types of filtering mechanisms. Finally, we have recently communicated on some receivers’ use of third party accreditation services such as AOL’s relationship with Goodmail Systems’ Certified Email programme and Microsoft’s relationship with Return Path’s SenderScoreCertified programme and will highlight their respective receiver implementations in this paper as well.

FYI: Types of filtersFor the purposes of this white paper, there are three key types of filters which guide us through the ISP deliverability landscape:

Gateway FiltersThese filters determine message acceptance before they are routed through the actual receiver processing servers. In the positive sense, this is where a ‘whitelist’ may be enacted to ensure the first level of routing success or where a ‘blacklist’ may bounce messaging back to a sender before the receiver actually processes the mail.

Server FiltersOnce past the Gateway, a receiving server will use many different layers and types of email filters to determine how to process the email. In this category are the Bayesian filters described earlier as well as reputation filters such as spamtrap and complaint-rate monitoring. Finally, this category of filter also monitors messaging content such as spam-related keywords and problematic uses of images.

User-Level FiltersThis last category is the filter where not even the most advanced sender, receiver postmaster, or third party accreditation service can modify these settings. In most cases, these filters can be positive in the case of addressbook entries, but in some cases can be negative in cases where a user blocks senders. For our purposes, we will also note image deployment scenarios in this category.


In the past two years, MSN/Hotmail’s postmaster group has significantly progressed in their efforts to increase transparency and cooperation with the sending community. Some of the highlights of their recent efforts include:

Sender access to a Smart Network Data Services (SNDS) web portal which is a valuable resource for senders (who control their IP administration) to track and monitor the mail they send to MSN/Hotmail. Included in this portal are daily updated statistics per IP address on the number of spamtraps sent-to, estimated complaint rates, and SmartScreen filter status.

Implementation of the Junk Mail Reporting Partner Programme (JMRPP), an abuse feedback loop from MSN/Hotmail users who click the ‘Junk’ button (or ‘Report & Delete’ button in Windows Live) and directly send this data to senders who agree to suppress those addresses and mitigate future complaints. A partnership with Return Path to offer the SenderScoreCertified third party whitelist, enabling senders who pass accreditation to bypass all MSN/Hotmail gateway/server filters.

A Snapshot of MSN/Hotmail Filtering Techniques:Gateway FiltersMSN/Hotmail has a long standing relationship with Symantec Brightmail, a third party enterprise filtering provider used by many ISP’s. Brightmail utilises spamtraps (often times recycled from previous MSN/Hotmail inactive accounts) and decoy addresses (never used addresses) to identify senders whose mailing practices are suspect. When identified, Brightmail has two distinct filters ISP clients can utilise:

An IP-based filter identifying the sending IP address and filtering all mail from that address, or;

A content-based filter identifying keywords, including domain names, of senders or advertisers.

Often times, when there is a gateway-level block at MSN/Hotmail, senders are required to contact Brightmail directly for resolution and they have the authority to lift a block on behalf of Microsoft.

[One important note is that in some cases, a Brightmail-related block does not

•

•

•

•

•

Unfortunately, Windows

Live Mail has also made

it easier to report junk

mail when clicking the

‘Report & Delete’ button.

Adding this button to the

message-specific interface

and including the word

‘delete’ are some reasons

why the percentage of

MSN/Hotmail abuse data

exceeds that of other ISP

MSN FEEDBACK DATA

3X MORE VOLUME THAN AOL


trigger a bounce error message, but rather deletes the message prior to it reaching the recipient. In these cases, senders are required to closely monitor domain performance reports to account for any discrepancies in performance activity.

Server FiltersAs the largest software company in the world, it’s not surprising the Microsoft has developed a Bayesian software-based filter that is in use across its servers. The software is called SmartScreen, and learns from more than 500,000 Hotmail users on how they should be identifying spam or junk mail based on complaints and other behaviors. As noted earlier, the SmartScreen filter status of an IP address is presented in the SNDS interface.

One recent update to SmartScreen is that when a message fails their Sender-ID authentication check, it receives a visible warning in the user interface as well as a negative filter result which could lead to Junk folder delivery.

User FiltersThe introduction of Windows Live Mail has made things better and worse for email senders with respect to user filters. The bad news is that messages do not show images by default. The good news is that there are two options for users to enable images by default for senders:

The ‘Allow sender’ button adds the sender to an ‘Allowed Senders’ list.

The ‘Add contact’ button adds the sender to the users’ address book.

Unfortunately, Windows Live Mail has also made it easier to report junk mail when clicking the ‘Report & Delete’ button. Adding this button to the message-specific interface and including the word ‘delete’ are some reasons why the percentage of MSN/Hotmail abuse data exceeds that of other ISP FBL’s. Another concerning note is that the ‘Report & Delete’ button also adds a sender to the users’ ‘Blocked Senders’ list.

MSN/Hotmail Complaint Rate Benchmarking: As a participant in the JMRPP, every CheetahMail client now receives direct ‘Junk’ mail feedback data from MSN/Hotmail. From a volume perspective, this feedback data exceeds comparative volumes of feedback from messages sent to AOL by an average margin of three times (3x).

To ensure deliverability, CheetahMail recommends these percentage benchmarks for MSN/Hotmail complaint feedback maintenance as a percentage of net delivered messages:

Normal: Less than 1% Concerning: Between 1% - 2% Moderate risk: Between 2%-3% High risk, investigation warranted: More than 3%

Sender Management Techniques for MSN/Hotmail:

Avoid mailing to addresses older than six months that may not have been bounce removed as they could be recycled as spamtraps.

If a mailing from a private IP network goes into bulk, request that day’s SNDS SmartScreen filter status from your account manager or by emailing [email protected].

•

•

•

••••

•

•

Regularly download and

separate your abuse

complaints by domain and

continuosly monitor

complaint rates by

acquisition source,

frequency of mailings, and

behavioral history and

modify messaging

according to trends.



Avoid uses of large file images or entire body single images.

Regularly download and separate your abuse complaints by domain and continuosly monitor complaint rates by acquisition source, frequency of mailings, and behavioral history and modify messaging according to trends.

Consider a specialised welcome campaign for MSN/Hotmail subscribers informing them that images will never display by default unless they add to the addressbook or press ‘Allow sender’.

MSN/Hotmail Trends and Notes: Over the last few months, MSN/Hotmail’s postmaster team has begun requesting that senders who land in the bulk folder or have other deliverability escalation requests participate in Return Path’s SenderScoreCertified (SSC) programme.

However, participation in the SSC programme does not result in increased brand recognition in the MSN/Hotmail user interface and should not be considered a resource to drive increased ROI other than that through ensured Inbox delivery.

CheetahMail offers the SSC programme to clients at 20% discount.

•

•

•

•

•

•

Image Deployment Chart

AOL Software AOL.comAIM Mail

MSN/HotmailWindows Live Beta

Yahoo!Mail Beta

Gmail

AddressbookAccess

SenderWhitelist

Always DisplayImages Option

Images Displayedby Default in Inbox

Right-Click(when mail is opened,

or side-bar icon)

One Click(text next

to ‘from’ address)

Right Click(or one-click icon,

or drag to contacts)

No(although there is a blacklist)

One Click(in header)

Two Clicks Two Clicks

No No

NoYes (in Mail Prefs. option)

Yes (in Settings option)

Yes Yes

Yes Yes

EnhancedWhitelist Only

No

No No

Domain image deployment chart:

In recent months, AOL

has made two leaps of

faith which will have some

impact on email senders,

with the first being the

launch of the free AOL/AIM

webmail service, and the

second being their much

publicised relationship

with third party

accreditation service,

Goodmail Systems.


AOL has traditionally been the most sender-cooperative ISP in the world, employing a large team of call center employees specifically to handle any sender inquiry. However, AOL is also the most trigger-happy when it comes to blocking a sender based on excessive abuse complaints and holds senders more accountable to abuse feedback management than any other ISP. In recent months, AOL has made two leaps of faith which will have some impact on email senders, with the first being the launch of the free AOL/AIM webmail service and their migration away from paid-only subscribers. The second leap is their much publicised relationship with third party accreditation service, Goodmail Systems and their Certified Email product, which bypasses AOL’s gateway and server-level filters for a per-message fee.

A Snapshot of AOL Filtering TechniquesGateway FiltersAOL has a long standing reputation for being the first ISP to offer a whitelist programme. Being on this whitelist is critical to bypassing the first gateway level filter. To our knowledge, AOL does not utilise any commercial or free enterprise filtering programmes or blacklists.

One minor difference with AOL is that their Gateway actually accepts all mail before processing a unique error code message. This is how they are able to offer a unique description of the type of block they are processing, but also why CheetahMail does not report real-time bounce percentages in our client interface. It is our understanding that AOL will begin processing errors in real- time by the end of 2006.

Server FiltersAs one of the first email platforms, AOL has built layers upon layers of server-level anti-spam filters. Two notable filters are:

The Enhanced Whitelist (EWL): Senders should be cognizant of the fact that all messages off a specific IP address to AOL are tracked on a rolling 30 days basis for abuse complaints, and those with minimal levels of complaints will have images displayed by default.

A Bayesian filter, while not as weighted as Microsoft’s, also monitors users and recognises common spam-related keywords and tactics.

User FiltersThe introduction of AOL.com/AIM mail may change the dynamic of AOL users. Of note are these key differentiations between AOL software and AOL.com/AIM mail:

•

•

•

As a result of their

migration away from the

software application,

AOL.com/AIM mail

should increase AOL

email user ROI over time

as most emails are

delivered to a single main

folder and images are

displayed by default.


AOL.com/AIM mail removes the software version distinctions of ‘People I Know, Bulk Senders and Unknown Senders’. Instead, there is only ‘New Mail, Old Mail, and Spam’

Very few messages are ever sent to the ‘Spam’ folder, which does not change between web and software versions.

Important: AOL.com/AIM Mail that is not on the EWL has a question mark icon (?) adjacent to the ‘From’ address, but still has images displayed by default.

AOL.com/AIM mail requires a user to click on the email address to add to the addressbook whereas AOL software easily enables users to right-click add, or click on the right side-bar to one-click add.

As a result of their migration away from the software application, AOL.com/AIM mail should increase AOL-email user ROI over time as most emails are delivered to a single main folder and images are displayed by default.

AOL Complaint Rate Benchmarking: AOL is vigilant about requiring senders to closely monitor their FBL data. In addition, AOL has taken the initiative of including some spamtraps in the FBL to test whether senders are adhering to their FBL suppression policy.

To ensure deliverability, CheetahMail recommends these percentage benchmarks for AOL complaint feedback maintenance as a percentage of net delivered messages:

Normal: Less than .25% Concerning: Between .25% - .5% Moderate risk: Between .5%-1% High risk, investigation warranted: More than 1%

Sender Deliverability Management Issues for AOL: If an email includes third party advertiser links, be wary of including links from parties who may also be running large affiliate email acquisition campaigns as AOL often times blocks domains that have received high complaints across their network.

Since most AOL users are still using the software version, always check and make sure images are displayed by default. If they are not, then investigate complaint rate percentages by segment and/or acquisition source and minimise at-risk segment mailings over a thirty day period.

If subjected to a dynamic 24-hour block, consider redeploying the remaining bounces from the campaign following the block resolution period to minimise its impact on your EWL status.

AOL Trends and Notes: Goodmail Systems CertifiedEmail pay per email system is now turned on for ensured delivery to AOL users. As of today, AOL has yet to modify the user interface settings for the web or software clients nor have they announced the user interface change to their users.

CheetahMail is a reseller of Certified Email and can offer clients a discount off the current rate card. Until an increased performance

•

•

•

•

••••

•

•

•

•

•


benchmark metric has been determined with use of CertifiedEmail, CheetahMail can not validate claims that use of Certified Email increases ROI.

CheetahMail recommends that any financial services firms or merchants who run a risk of being misperceived by recipients in connection to phishing or other fraudulent email practices consider testing Certified Email.

•

1%

0%

2%

3%

Select ISP Complaint Rate ThresholdsISP-specific complaint thresholds


While Hotmail may still be the largest web based email provider in the U.S., Yahoo! has extended its email prowess by establishing relationships with some of the largest telecommunications and cable providers in the world to provide their email services, including SBC, Verizon, BellSouth, British Telecom and Rogers Cable. While some of these ISP’s may also have their own in-house filtering processes, Yahoo!’s SpamGuard technology is now the widest reaching global email filtering platform for webmail users.

A Snapshot of Yahoo! Filtering Techniques: Gateway FiltersSince Yahoo! is the author of the DomainKeys (DK) email authentication protocol, it is not surprising that Yahoo! has implemented a DK signature filter into its gateway to positively route and identify DK senders in their user interface. Yahoo! also maintains a long-standing whitelist for reputable senders. To our knowledge, Yahoo! does not utilise any commercial or free enterprise filtering programmes or blacklists.

One important note: Yahoo! hopes to further drive implementation of DomainKeys and has suggested that they may make it a requirement for whitelisting.

Server FiltersOne of the main reasons other ISP’s have decided to outsource email services to Yahoo! is because of their proprietary SpamGuard antispam filtering programme. SpamGuard is a Bayesian filter which dynamically learns from Yahoo! users.

From CheetahMail’s perspective, SpamGuard does the best job of any webmail filter in not mistaking legitimate messages as spam while keeping true spam out of the Inbox.

User FiltersWhile SpamGuard works great by default, the SpamGuard Plus upgrade option for users takes the filter to the next level by providing a more tailored Bayesian filter for individual users. This filter enables a user to easily accept, bulk, or block any type of sender based on their experiences with that senders’ mail.

The Yahoo! Mail Beta interface shows all Inbox images by default, while blocking most Spam folder images.

•

•

•

Yahoo! has extended its

email prowess by

establishing relationships

with some of the largest

telecommunications and

cable providers in the

world to provide their email

services, including SBC,

Verizon, BellSouth, British

Telecom and Rogers Cable.


The Yahoo! Mail Beta enables easy one-click addressbook entry through an icon next to a senders email address. A user can also drag the message from the Inbox to the Contacts folder as another way to add the sender to an addressbook.

Sender Deliverability Management Issues for Yahoo!:Identify all mail through a DomainKeys (or DKIM) cryptographic signature.

CheetahMail supports DomainKeys at no additional fee for all private network clients with a delegated subdomain or dedicated domain name.

Yahoo! is also especially diligent about investigating senders with DomainKey signatures who mistakenly go to the Spam folder.

Yahoo! Mail Beta enables a preview pane by default. Similar to MS Outlook, senders should optimise ‘above the fold’ content and consider potentially inflated user open rates.

Yahoo! Trends and Notes: In addition to AOL, Yahoo! has publicly stated that it plans to enable Goodmail Systems Certified Email solely for transactional messages that are signed with DomainKeys.

Yahoo! has publicly stated that it may require DomainKey compliance for receipt of their pending abuse feedback loop. (Expected before the end of 2006)

•

•

•

•

•

•

•

Legitimate Message False Positive Report Card

AOL* Hotmail Yahoo! Gmail

*includes ‘unknown sender’ folder in software.

C B A DISP-specific complaint thresholds


Comcast is now the largest cable and broadband provider in the U.S.

Similar to MSN/Hotmail, Comcast relies heavily on the Symantec Brightmail filter, which on occasion results in false-positive situations.

Since most of their email is accessed via a ‘pop’ account, CheetahMail does not expect to receive an (proportionately accurate) FBL from Comcast.

Earthlink is still the second largest dial-up ISP behind AOL.

CheetahMail has recently begun receiving Earthlink’s feedback loop and recommends these percentage benchmarks for complaint feedback maintenance as a percentage of net delivered messages:

Normal: Less than .35% Concerning: Between .35-.75% Moderate risk: Between .75-1.25% High risk: More than 1.25%

Note: Only a fraction of Earthlink users access their mail through their framed access software or webmail service which includes a ‘spam’ button, making these percentages not proportionate to actual Earthlink mail sent.

Earthlink is also a user of the Symantec Brightmail filter, but relies less heavily on it’s recommendations than either MSN/Hotmail or Comcast.

CheetahMail clients are all whitelisted at both ISP’s and receive FBL data.

Juno/Netzero, more than the other ISP’s, utilises their own bounce and decoy based filters to account and block senders who do not apply proper list hygiene.

Juno/Netzero is also the largest ISP to utilise the Habeas Certify accredited email sender whitelist.

••••


Gmail uses DomainKeys and SPF to help identify senders and filter mail.

Gmail continues to have the most instances of false positive spam folder delivery of any webmail service.

Google has no known plans to offer a whitelist, feedback loop or viable sender escalation process.

Its industry-wide connection limitation threshold often results in some delayed message delivery.

CheetahMail clients are whitelisted and receive a small volume FBL (most users access via a pop account).

Other Major ISP’s and Webmail Providers:

Outblaze: (back end host for Lycos, Mail.com and many others)CheetahMail clients are whitelisted and receive a FBL.

USA.net: CheetahMail clients are whitelisted and receive a FBL.


With increased insight and data, managing deliverability per domain has never before been easier. As noted throughout this paper, the key management techniques across each ISP are:

Track and monitor abuse complaint rates and segment these metrics by permission acquisition source. Optimise domain-specific performance within message creative and understand domain-specific user interfaces to request addressbook entry. Closely manage data hygiene and ensure messages are not sent to legacy or unknown source addresses.

In the coming months, CheetahMail will continue to alert you to ISP-specific deliverability management techniques and provide access to increased data sources to effectively minimise false positive issues. Finally, we plan to keep you abreast of third party accreditation and reputation monitoring relationships, such as those being offered by Goodmail Systems and Return Path.

If you have any ISP-specific questions or comments, never hesitate to contact your account manager or email [email protected].

About the author

Ben Isaacson

Privacy & Compliance Leader, CIPP

Mr. Isaacson currently serves as the Privacy & Compliance Leader for CheetahMail,

overseeing all interactivemarketing policy and email deliverability issues affecting

CheetahMail and Experian’s diverse marketing services client-base. Since 1996, Mr.

Isaacson has been an interactive industry leader assisting in the global development of

self-regulatory and regulatory policies, guidelines and best practices for the interactive

marketing industry.

Some of Mr. Isaacson’s many leadership efforts include serving as a Co-Chair of the

Email Sender & Provider Coalition’s (ESPC) Receiver Relations Committee, serving as

an Advisory Board Member to the International Association of Privacy Professionals

(IAPP), driving the adoption of Anti-Spyware Principles for the Web Analytics

Association (WAA), and leading CheetahMail’s participation with numerous other

industry groups including the Direct Marketing Association (DMA) and Messaging

Anti-Abuse Working Group (MAAWG). Mr. Isaacson’s recently published whitepapers

include CheetahMail’s Advanced Deliverability Strategies and Solutions and has

recently published articles for TrustE, ClickZ, and Credit and Collections Magazine.

1.

2.

3.

CheetahMail will be there to help you with all the latest developments in deliverability.

Summary

29 Broadway, 6th FloorNew York, NY 10006(1) 212 809 0825 T(1) 212 809 6378 Fwww.cheetahmail.com

Experian plcAll rights reserved.

The word ‘Experian’ is a registered trademark in the EU and other countries and is owned by Experian plc and/or its associated companies.

About Experian CheetahMailExperian CheetahMail is the trusted service provider of online marketing solutions for top enterprises worldwide. Offering industry-leading email marketing and customer intelligence solutions, as well as providing a broad range of client services, Experian CheetahMail enables clients to build data-driven, relevant relationships with their customers. Servicing the world’s most recognizable brands, Experian CheetahMail’s globally diverse client base includes Barclays, Borders Books, Discovery Communications, H&R Block, KLM, Sears Holdings Corporation and Wyndham Hotels. Experian CheetahMail, a business unit of Experian® Group plc (LSE:EXPN), was founded in 1998 and is headquartered in New York City with offices in Los Angeles, San Francisco, London, Dublin, Amsterdam, Paris, Barcelona and Melbourne.

e-commerce deliverability white paper

Documents