Crossing a treacherous landscape

Editor’s note: Ann Ray is vice president of operations at Apian Software, Seattle.

Web surveys have fulfilled their promise as a fast, cost-effective option for many researchers. Unfortunately, just as telemarketing has impacted telephone surveying, one of the most effective ways of driving respondents to online surveys is being hindered by the proliferation of spam. If you’re currently sending e-mails to potential respondents, you need to stay abreast of legal, technological, and cultural hurdles - all of which are rapidly evolving.

So we’re all on the same page, here are a few key definitions:

Bulk e-mail: This refers to any e-mail sent to a large number of respondents.

UCE: A flavor of bulk e-mail formally known as unsolicited commercial e-mail, and more commonly known as spam.

Opt-out: When list members take action to refuse contact, such as marking a box to say they decline e-mails, or unmarking a box which defaulted to signing them up.

Opt-in: Lists where the members take action to join the list. “Double opt-in” refers to a two stage sign-up process, where respondents reply to a confirmation e-mail (preventing third-party sign-ups).

Legal issues

Spam legislation makes the news periodically, but is only half of the legal tangle. In addition to federal, state and international legislation, you need to keep tabs on the contracts your organization has with service providers.

In January 2004 the federal CAN-SPAM law went into effect, which is both good and bad news for researchers. The good news is that it superseded an array of state laws, simplifying the domestic legal landscape. The bad news is it’s less restrictive than many of those state laws - though that could be considered a neutral factor as most experts do not expect legislation to fix the spam problem. (If you think the general spam problem is not an issue for you, keep reading.)

The most severe penalties in anti-spam legislation are still reserved for behavior in which no researcher should ever engage. Two of the most common acts are falsifying the “from” addresses or ID of the sending server (also known as spoofing), and routing messages through third-party mail servers - tactics both used by spammers to hide message origins. Other prohibited activities include harvesting e-mail addresses from Web sites (just as search engines index page content) and generating random e-mail addresses (such as sending to “info@” every domain registered). Laws also prohibit misleading subject lines, so while a teaser subject may sound like a good idea, it’s better to use something descriptive of your project.

Beyond these restrictions, the legal issues are less clear, particularly for survey research. Traditionally, surveys have been considered non-commercial, and have been exempted from telemarketing legislation. While anti-spam laws generally do not addresses surveys, they do tend to refer to commercial mailings rather than generic bulk mailings. However, where do you draw the line? Is an invitation to join a paid panel commercial or not?

In addition to anti-spam legislation, you need to be aware of how privacy law ties in to e-mails. Privacy law kicks in when you’re collecting “personally identifiable information” such as a name, address, customer ID or e-mail address. Right now, the U.S. has irregular privacy coverage, with well-defined protection related to children, health care and financial services (the European Union has more stringent legislation). You’ll need to check the legislation to see what applies to your surveys, and stay abreast of new developments (see the list of resources at the end of the article).

When you use e-mails to reach respondents, it is possible for an otherwise anonymous survey to indirectly collect personally identifiable information. This happens when the respondents are e-mailed unique passwords or URLs that they use to access the survey. Now a link exists between the anonymous questionnaire and an e-mail address. So, if you’re surveying in an arena covered by privacy law, just be sure you comply with the applicable legislation. This is also an area where a third party may be helpful, by removing that identity link before you receive the data.

While legislation has made significant strides recently, many of the clauses are just catching up to contracts that service providers have been using for years. The Internet service providers (ISPs) you use - both to connect your mail server to the Internet and to host your Web server - have “acceptable use” policies to which you agreed on sign-up. Unlike anti-spam legislation, these policies tend to address any bulk e-mailing, not just commercial mailings. And while there is a (small) chance that someone may take you to court over a legal violation of privacy or spam law, an ISP has the painful and immediate recourse of pulling the plug.

Technological barriers

Warren Buffett once said, “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.” ISPs practice real-time monitoring of their servers, so it may take less than five minutes for you to ruin your domain’s reputation. Spam makes up approximately 50 percent of mail server traffic, and to stem the tide, large mail providers such as AOL, Earthlink, MSN, Yahoo, and Hotmail are continuously tuning their filtering software.

Spammers tend to be indiscriminate in their mailings, sending to thousands (or sometimes millions) of addresses at once, looking for the fraction of a percentage that will buy. Because spammers don’t bear the full cost of these mailings, it’s more economical for them to send 10,000 extra messages, rather than clean the bad addresses from their lists. Therefore, ISPs monitor real-time for both large inbound mailings and also for mailings generating a significant number of bounces (messages returned due to invalid addresses). In some cases, those real-time red flags can be enough to get you blacklisted.

Blacklists are collections of e-mail addresses, domains, or IP addresses (the numeric value underneath a domain) for which any communication will be rejected. To reach a potential respondent, your message may have to clear several blacklists at the ISP, corporate and desktop levels. While many blacklists take an “innocent until proven guilty” stance, some have neither notification nor appeals processes. A handful of lists take pre-emptive strikes, declaring certain ISPs “spamhauses” and blocking that service provider’s entire range of IP addresses - a practice which naturally includes a large number of innocent domains.

ISPs, companies and individuals use content screening software to filter the e-mails that make it past blacklists. These filters look in the subject line and message body for specific phrases, or compute a score of dubious elements for each message. If you think your invitations won’t trip a content filter, here are two increasingly typical examples:

  • An invitation with the subject “Tell us what you think” was rejected because an individual was blocking ink and toner cartridge spam.
  • A corporate filter rejected several invitations because they included unsubscribe information in the footer.

Two final elements that may result in messages being blocked are improper reverse DNS and open relays. Both attributes relate to ways spammers try to obscure message origins.

The value underlying a domain name is an IP address such as 65.61.185.49. This is the server identifier used to route messages and URLs around the Internet. Forward DNS lets servers look up an IP based on a domain name, while reverse DNS allows systems to look up the domain when they have an IP address. Messages where the forward and reverse DNS are not mirror images are more likely to be spam, adding to your message’s “score” or prompting rejection in and of itself. In some cases you can’t achieve an exact mirror (a single mail server may send mail for several domains), but at the least you want the reverse DNS to exist, and to be a domain with a clean spam record.

Open relays are mail servers which allow third parties to forward mail through their system, in the process stamping that mail server’s information on each message they route. If you’re sending mail from a server with an open relay, many systems will block your communications.

When messages are blocked or flagged, the screening software will take one or more of these actions: confirmation, bulk mail folder, bounce, black hole, or abuse reporting.

  • Confirmation - A reply is sent to the message sender asking them to confirm their e-mail was not spam. As spammers generally do not monitor replies, this is a very effective screen. Once you confirm (either by replying or via a form), the message is released from quarantine and sent to the addressee.
  • Bulk mail folders - These are primarily used for dubious messages, routing potential spam into a specialized folder from which the recipient can check (or ignore) e-mails at their leisure.
  • Bounces - Contrary to common perception, bounces are a good thing. While the language is often obscure, you can usually discover why your messages are being blocked, such as improper reverse DNS. If the problem is the ever-common “user unknown” error, then you have the opportunity to clean your list, reducing bounces on future mailings.
  • Black holes - More and more frequently, spam filters will simply trash messages, never notifying either the sender or recipient that a message was discarded.
  • Abuse reporting - Some software will send a rejection notice not just back to the sender, but also to the administrator of that e-mail’s domain and to the ISP hosting it. The two commonly used addresses are abuse@yourdomain.com and postmaster@yourdomain.com. Be sure someone in your company is both monitoring these addresses and promptly resolving any complaints.

Cultural shifts

At this point there is a lot of venom directed towards spamming. While a few people have inboxes blessedly free of spam, others are deluged with a combination of time-consuming quantity and extremely offensive content. What this boils down to is quite simple: If the recipient does not recall specifically requesting a message, it is spam.

When you ask people to complete a survey, you are asking them to do you a favor. Don’t think that an offer of payment or a prize changes that - if they didn’t want to receive the original message, then offering compensation just makes the e-mail look more like spam.

For market research, this can create challenges. You may have a great opt-in e-mail customer list, perfect for your study about new products or purchasing decisions. However, to use that list, you need to indicate who provided it, possibly biasing responses. So if company anonymity is critical, you may need to resort to postal invitations to your Web survey.

Recommendations

1. Begin to educate yourself, your clients and your organization about e-mail issues. People have radically different understandings of the issues, so it’s best to make sure everyone is using the same definitions for terms such as opt-in.

2. Set e-mail policies for your firm and stick to them. This can be very difficult, especially when it translates to losing a client to a less diligent competitor. Remember that your careful e-mail practices and clean record help ensure that the messages you do agree to send will continue to reach respondents. It helps to publish your policies on your Web site, both for clients and for anyone investigating spam complaints.

3. Begin building clean opt-in lists now. All it takes is a simple message inviting your customers, contacts or panelists to join your new opt-in list. Be clear about the list purpose, and do not include additional marketing material in the mailing - just the subscription information. Also, while opt-in invitations are inoffensive (assuming the recipient has some relationship with you), those about opting out of future mailings tend to irritate people. Try to phase out any current opt-out lists, preferably before the government mandates it. Also, remember that signing up for a list is an exchange - you need to offer value in return for their permission. Be sure to keep the sign-up language open enough to send a variety of communications, i.e., “news mailings” is much better than “our newsletter.”

4. Always include unsubscribe information in your mailings. If the mailing is apart from the typical communication, it’s also helpful to say something like “Because you signed up for Acme news, we’re sending you this survey invitation.”

5. Pursue whitelists, the approved sender counterpart to blacklists. Some large ISPs maintain lists, and you should also ask individual members to add you to their personal filters. For the latter, it helps to use a consistent “from” address, so whitelisting “news@yourdomain.com” will let all your bulk messages through.

6. Create list management systems, with audit trails when people subscribe or unsubscribe. Ideally, list members should be able to manage their own subscription information and status. If you ask people to sign up while on the phone, you may want to use the double opt-in approach and send a confirming e-mail.

7. Check policies and references for any firm from which you rent opt-in lists, or to whom you provide your lists for drops. Ideally you want someone with the same philosophy toward customer contact as your firm.  | Q

Resources

Note: For a few of these you really want to get the domain extension (.com/.net) right.

www.cauce.org  - an anti-spam organization

www.spamlaws.com  - a listing of state, federal and international legislation

www.spamcop.net - a moderate spam reporting/filtering site

www.spews.org - an extremist spam reporting/filtering site

www.ftc.gov  - an official U.S. site, particularly useful for privacy law

www.export.gov/safeharbor/ - resources for understanding EU privacy laws

www.ordb.org - test for open relays

www.samspade.org - DNS and IP lookups

www.webopedia.com - general dictionary/reference