Best practice for mailing lists

Click here to read it in Danish

TO SUBSCRIBE

The necessary e-mail addresses for a mailing list can be obtained in different ways.
a) on paper (e.g. at a fair for rekeying back at the office)
b) via a website
c) via a spam website where anyone can be signed up

It is important that only those who actually wish to be on the mailing list are included. The "double opt-in" method to ensure this works like this:

1. Sign up request received (a,b,c)
Consider, that it should not be possible to sign up email addresses such as postmaster@ abuse@ webmaster@ and mailer-daemon@.

2. A confirmation e-mail is sent, containing:

  • A unique link (that is not possible to guess). The e-mail recipient needs to click this link to confirm the sign up request.
  • Text explaining that if no action is taken, the e-mail address will NOT be subscribed.
  • Possibly a unique code to allow an e-mail reply for subscription. (It is important that the address is not added if the e-mail bounces.)
  • Possibly a unique code, that can be typed into a website, if the link fails.
  • Possibly information about the IP address, date, time and time-zone as evidence of the original request. As a minimum this information needs to be held by the owner of the mailing list in case of abuse.
  • It is important that this confirmation e-mail does not contain adverts or be a genuine newsletter - to avoid it being treated as spam.

3. Once the recipient has followed the link, responded to the e-mail or typed in the code, the e-mail address may be added and only now may the first newsletter be sent to them.

TO UNSUBSCRIBE

  • An e-mail should be sent to confirm that the address has been removed from the list.  Alternatively, use the same principles set out above for a "double opt-out". This can avoid the situation that a genuine subscriber is unsubscribed by accident - for example by someone they have forwarded the newsletter to. REMEMBER: It should always be easy to unsubscribe from the list.
  • Please see http://www.list-unsubscribe.com

UNSUBSCRIBE FOLLOWING SERVER ERROR MESSAGE

  • E-mail addresses that are no longer in use should be removed from the list immediately. Mail servers may have very different answers - one example "550 User unknown". Here it is up to the mailing list owner to ensure the user is removed from the list.
  • Make sure the bounce messages is not caught by RBL or spamfilters.

ISP RECOMMENDATION

  • When a user closes their e-mail address, it should be quarantined to allow time for others to "discover" that the address is no longer valid and remove this address.  

MISC

  • A mailing list should not allow confirmation mails to be repeatedly sent, and thus be used to harass people. It is good practice to prevent sending more messages while a response from the recipient is expected (e.g. 1-3 days) to prevent harassment.

CONSEQUENCES

  • If addresses are not correctly removed, over time the list will send mails to more and more unknown recipients. This can make a distribution appear like spam, resulting in the receiving mail server blocking further messages - even to legitimate recipients.
  • Failure to remove addresses following error messages such as "55x User unknown" risks the address being re-used (after a quarantine period) and the new address user receiving an unwanted newsletter to which the old e-mail holder had subscribed.
  • If a mail address is no longer used, it may, after a quarantine period, be changed into a spam trap. A spam trap is an automatic mailbox that is used to detect if the sender has no control over who it is sending to. Most providers have tens of thousands of spam traps and content of these forwarded to a spam filter that "learns" from those spam mails. Typically the IP address that sent such spam mail will be blocked for further dispatch in x hours. Very often an email is also circulated (a feedback loop in ARF format) to the owner of IP address (typically the ISP).

   IMPORTANT: This feedback loop is not intended as an aid to clean up in a mailing list. It is a complaint that the rules for de-registration above are not followed. The way the mailing list works should be rectified.

  • If you ignore this best practice, it may be very difficult to get your newsletter to your subscribers and, unfortunately we won´t be able to help further. But follow this guide, you will receive a stable transmission.

See also this extract from the danish law on data protection: persondataloven.

The data controller must take appropriate technical and organisational safeguards to ensure that the data is not accidentally or unlawfully destroyed, forfeited or impaired, or that the data is disclosed without authority, abused or otherwise treated in violation of the law. The same applies to data processors.   

See also Wikipedia and mailchimp

TDC is a member of ETIS & MAAWG where you can find more "Best Practice" for mail.

Contact in connection with this article: fbl (at) abuse.mail.dk