Thursday 26 May 2011

Interface update

We rolled out some small interface changes today.

  • Most obvious is a new font (Ubuntu), which will tie in with our soon-to-be-released web site.
  • The login page now redirects straight to the home page if you're already logged in.
  • Switched to monospaced fonts in places where you'll be editing HTML code.
  • Several clean-ups and minor fixes for Javascript, especially in IE.
  • More space to work on the templates page.
  • Gravatar icons in a few places.

Don't buy that list!

We get asked fairly frequently by some of our customers about various cheap list providers. These often contain a million or so contacts, and are priced around the £300 mark. I don't think we can put it any clearer than:
Don't buy that list!
It all sounds like a great deal, but it's not. Despite the promises of such data providers, this is junk data and will do you more harm than good. What we've typically found with this kind of data:
  • Up to an 80% bounce rate, damaging future deliverability.
  • Massively out of date - we tried contacting several supposed subscribers and found they hadn't worked at  those companies for 10 years!
  • Poor validation - addresses like "" are blatantly harvested, suggesting the rest of the data is too.
  • If they're harvested, they very probably contain spam traps that will poison the whole of your list and our service, resulting in all your future mail being blacklisted, blocked or consigned to spam folders. There is no way of spotting spam traps.
  • No provenance: no IP addresses; date, time and how the address was obtained, date of last mailing. All are legal requirements.
  • Long provenance chains: these lists are often obtained elsewhere from other list sellers. When data is passed around so much, it tends to suffer.
  • No third-party authorisation - without explicit proof, chances are the subscribers did not provide explicit permission for their data to be resold, if they ever opted in at all.
  • No additional data: decent list providers will usually be able to tell you accurately a person's name, company name, address, home number, and more.
  • Low quality data: If data is provided (e.g. if it was obtained from survey sites), it will often contain uncleaned rubbish data, such as first names of 'asdf', swearing, hack attempts etc.
  • Large lists are often sourced from survey sites who pay people (nominally, for example in some kind of loyalty points or discount coupons) to complete surveys. Such participants are usually in it for the points and not in the least bit interested in anything else.
  • If recipients didn't really opt-in, it's extremely likely they will be disproportionately annoyed by messages from you, and tell others, twitter, spam reporting services and their ISPs all about it, dragging any brand credibility you had through the mud in a very public way.
  • These lists are sold over and over again, meaning that anyone who does get mailed on it is probably pretty annoyed with their level of spam already.
  • Bad providers typically don't ask for bounce data back, meaning they don't maintain these lists and quality will just get worse over time.
  • While convictions are rare, if addresses have not been obtained legitimately, you can be liable for a fine of up to €12,000 per message, and jail time in some EU countries (which has happened for a single message in Spain and Germany)!
It's common for such providers to say "but they're all business addresses, so are exempt from opt-in", however, there is no such exemption for business email from the US CAN-SPAM legislation, so you'd need to drop all .com, .net etc addresses to be compliant (and even that is approximate), plus it's been held (in UK courts) that any addresses on public services such as hotmail, gmail, yahoo and aol should always be considered personal. By the time you've knocked those out, there's probably not much of the list left!

Many supposed marketers still fall for it and say, "well, I might get a few queries, which is worth £300, and I don't care about the rest", but this is exactly what spamming is. The net result is this; across-the board reduction in quality and performance for everyone.

A really simple approach before you spend any money with a list provider is to search for their name: if they are bad you'll find the search results are filled with scam reports and horror stories, so they're easy to spot. Even 'positive' reviews such as "the list only contained 20% bounces" should also set alarm bells ringing - a good legitimate list will have a bounce rate around 0.3%.

Growing and maintaining good quality lists is difficult and expensive, so don't expect to get such data cheap. As in many scenarios, if it seems too good to be true, it's probably a scam. There are good list providers, but you won't find them in the same cost ballpark as these bottom-feeders.

We've decided to name names on this, so here are some providers we've seen bad data from:
We'll add more as we encounter them.

Monday 23 May 2011

The EU Cookie Directive

This Wednesday (May 25th), a new law comes into force affecting the ability of web sites to issue cookies to visitors. Under this legislation, web site hosts will require explicit informed consent from visitors before issuing cookies unless they are 'strictly necessary' to provide the service. Unfortunately the UK has been slow to legislate on this directive, so the law is extremely vague. What exactly 'strictly necessary' means is currently undefined, however, an example of a cookie that would not be considered 'strictly necessary' is the ability to remember your login on a login page.

There is a document issued by the UK Information Commissioner's office contains an overview of the new law and how it will apply to businesses that you might like to read.

For our part, we think we're in a good position for compliance. We don't use cookies to store login details or other account preferences - browsers do a good enough job of that nowadays. We do use session cookies for authenticating logins, but they would fall under the 'strictly necessary' use case (our service simply won't work without them). They contain solely a random number hash, are deleted on logout, and expire after a couple of hours, so have very little scope for any kind of personal data leakage and certainly no cross-site tracking, which is one of the chief concerns of the legislation.

We don't issue cookies to normal visitors at all, including those that are opening or clicking through from links in email messages. That said, another aspect of this legislation may apply to the use of tracking images (a.k.a. web bugs or beacons), but it remains to be seen what regulations are made in that area.

The most obvious point of concern for this legislation is for services that do track activity across sites, most obviously pretty much any web analytics system such as Google Analytics and many ad issuing services, such as Google AdWords, doubleclick etc. Google have yet to comment on the issue, but there is some discussion of it here. We're not concerned by ads since we don't use them anywhere, but Google Analytics is a very useful service that we do link with, and while we don't use cookies in conjunction with it (we just generate the specially formatted URLs it uses), you may well do on your own site. The requirement to obtain explicit informed consent for such services may prove extremely detrimental to both consumers and providers alike. Without that consent, providers can't target incentives and campaigns appropriately to visitors, and web advertising is likely to become much more random as a result.

In the short term there's little to be worried about. Communications Minister Ed Vaizey has said "We do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies."

We'll keep you posted on any changes that may affect your use of our services.

Monday 2 May 2011

Scheduled maintenance May 4th - updated

We are performing a major software upgrade on our mail servers on the evening of Wednesday May 4th, starting from 6pm UK time and lasting for 2-3 hours. The Smartmessages web interface will remain available, but no mailshots will be sent during the maintenance window.

Update: I'm sorry to report that our software upgrades were curtailed by a major hardware failure last night. We're working on a fix.

Update: We've now provisioned new servers to take over the failed servers and all services are now running normally. Many apologies for the delay to today's sends.