Wednesday, August 31, 2005

ClickZ Email Delivery: Can You Pass an E-Mail Reputation Audit?

All newsletters are sent from the domain "" Please use this domain name (not the entire "from" address, which varies) when configuring e-mail or spam filter rules, if you use them.

If you cannot read this, please click:

You are in the: ClickZ Network arrow

ClickZ Network

ClickZ Network
ClickZ News
ClickZ Experts
ClickZ's Cyberatlas
ClickZ Features
ClickZ's Search
ClickZ Resources

Write for ClickZ

ClickZ Features
Advice & Opinions. By & for Marketers

print this article | e-mail a colleague | send feedback | Read Feedback

Kirill Popov and Loren McDonald
Can You Pass an E-Mail Reputation Audit?
› › ›   Email Delivery

BY Kirill Popov and Loren McDonald
August 31, 2005

The auditors are coming! The auditors are coming!

This time, they don't want your tax records. Instead, they'll scrutinize every nook and cranny of your e-mail policies and procedures to determine whether you're a reliable e-mailer or a despicable spammer.

Unlike your average trip to the tax collector, though, this audit can actually do you some good.

In recent years, anti-spam efforts have moved steadily away from domain and content blocking. Reputation management and accreditation by recognized white-hat agencies count more heavily toward getting your e-mail delivered.

Accompanying that movement are third-party auditing and accreditation firms that specialize in assessing your performance as an e-mailer based on your subscription, delivery, and privacy practices.

TRUSTe, Habeas, and Return Path/Bonded Sender are the best known of these firms. All three use a battery of tests and questionnaires that measure what you say you do as an e-mailer and how you perform in the e-mail space.

It's no simple chat over coffee. After you pass a preliminary certification quiz, Habeas scrutinizes your e-mail operations with over 50 questions. TRUSTe uses a 15-page self-assessment.

After you finish the auditing process, you may feel as if you really did go through a tax audit, perhaps a root canal. Yet measuring your reputation and seeking third-party accreditation are steps to consider if you're serious about boosting your delivery rate and maximizing e-mail return on investment (ROI).

A reputation audit can reveal where you're vulnerable to blacklisting or blocking because of a program weakness. It could reveal you failed to secure your network against computer worms, Trojan horses, and other malicious invaders, for example.

An accreditation procedure evaluates your e-mail program against its best practices. If you pass, your e-mail messages receive an accreditation, such as a special code, recognized by participating ISPs. The code allows your messages to bypass their filters and go straight to recipients' inboxes.

Whether you anticipate using the services of one of these companies or not, you should know how your e-mail practices and policies would stack up in an audit.

Try our 22-question mini-audit. It's based on actual self-assessments. (Caveat: "yes" isn't always the correct answer. It could mean you're using methods that violate the accreditation company's standards.)

E-Mail Address Collection

  1. Do you use an e-mail service provider to send e-mail? If not, do you own the IP addresses you use to send e-mail? List all.

  2. Does your organization use any of the following sources to collect e-mail: list brokers, third-party marketing lists, co-registration offers, or permission transferred from affiliates or third parties?

  3. Can you provide proof of consent for names and e-mail addresses acquired through co-registration offers, including date, time, originating IP address, and Web page URL?

Privacy Notices

  1. Where on your Web site do you notify subscribers about the kinds of e-mail you'll send them: prominently above the form where e-mail addresses and personal information are taken; below the form but above the submit button; below the form; on a privacy page linked from the registration page; or no explicit explanation provided?

  2. How do you notify users of changes in your e-mail policies and practices: e-mail, Web page, other, or none?

Online Consent

  1. How do you collect consent from recipients to send commercial or promotional e-mail: double opt-in, opt-in with verification; opt-in; pre-selected option with verification; or other?

  2. How do you collect consent to share e-mail addresses with third parties or affiliates: double opt-in, opt-in with verification; opt-in; pre-selected option with verification; or other?

  3. How do you determine whether third parties who provide you e-mail addresses have obtained their users' consent: in writing; reviewed their consent method; reviewed the URL where the third party obtained consent; or other?

  4. Do you send commercial or promotional e-mail based on prior business relationships but without prior consent?

  5. Do you require users to accept your commercial or promotional e-mail as a condition of doing business with you?


  1. Do you have a procedure to manage e-mail bounces and update the status of repeatedly bouncing e-mail?

  2. Is your company registered at Network Abuse Clearinghouse?

Unsubscribe Process

  1. Does every e-mail message you send to your mailing list include an unsubscribe link that's functional for at least 30 days after the message is sent?

  2. How soon do you process unsubscribe requests after receipt?

  3. Which unsubscribe mechanisms do you provide: click on a link in the e-mail message; click on a link, then follow instructions on Web page; reply to message with unsubscribe request; log in to online account-management page; use offline methods; or other?

  4. Do you maintain an e-mail-address suppression list? If so, how often do you run your mailing lists against your suppression list: before each e-mail campaign, daily, or other?

Subscriber Information Management

  1. How can users update their subscription information and personal information?

  2. How do you verify the identity of a subscriber who wants to update his subscription or personal information provided at registration?


  1. Outline the steps you've taken to secure your system against open proxies, open relays, and transmission of viruses, worms, Trojan horses, and so forth over your network or IP addresses.

  2. How do you secure your database containing e-mail addresses and other information obtained at sign-up?


  1. Do you associate information collected through log files, cookies, Web beacons, or other tracking technology with individual e-mail addresses?


  1. Does your e-mail program fully comply with the CAN-SPAM Act, as well as with Michigan and Utah child protection regulations?

How did you do? If you've updated your e-mail program to follow industry best practices, you probably came out OK. If you spotted a weakness, you can start working on it now.

In a future column, we'll outline several of the most common failings these audits turn up and how you can overcome them before the auditors arrive.

As always, keep on deliverin'.

Want more e-mail marketing information? ClickZ E-Mail Reference is an archive of all our e-mail columns, organized by topic.