20 Ways Opt-in E-Mailers Can Outsmart Spam Filters
by Dr. Ralph F. Wilson, E-Commerce Consultant
Web Marketing Today, Issue 119, December 3, 2002
It’s a jungle out there. Assurance Systems estimates that 5% of e-mails are blocked by spam filters. MarketingSherpa found a similar number but estimates that many companies will be instituting filters in the near future.
After several of my friends informed me that my Doctor Ebiz newsletter had been rejected by SpamAssassin, I decided to do some checking on my own to see how this could happen. I’ve done some evaluation on tests performed by SpamAssassin ver 2.43 (http://www.spamassassin.org/tests.html). I make no claim to be an expert, but I learned a lot from studying their tests.
Filters these days are much more sophisticated than the typical e-mail filters in Eudora and Outlook that can be made to delete an e-mail message that contains a “bad” word. Filters such as SpamAssassin look for patterns and add or delete points for certain factors. Then, if the total score reaches a predetermined level, the message is flagged as spam. By looking at what adds points (bad) and subtracts points (good), I’ve learned how to construct e-mails that will do better with the filters, if not escape them entirely.
Note: spam filters are a moving target, and my suggestions may not be as useful a few months from now. Moreover, the SpamAssassin defaults listed here can be (and sometimes are) adjusted by over-eager spam-adverse ISPs, so don’t count on them. They’re best used as a way of seeing what the filters consider bad or good, rather than as a precise measure.
I’ve found 20 different strategies that can help. Some of these are crucial; others are only of minor importance. But taken together they can help you get more of your legitimate opt-in e-mails through the obstacle course to your recipients.
1. Avoid E-Mail Software or Listservers Used by Spammers
Certain desktop e-mail listserver programs, as well as ASP hosted listservers, have developed a bad reputation for sending spam.
SpamAssassin looks for “fingerprints” of programs on its “bad list,” and adds points to your spam score if it detects them. For example, any e-mail address that includes @email-publisher.com costs you 1.00 points. Employing various free web hosting services that are commonly used by spammers can hurt, too.
The desktop e-mailing software used most often by spammers (if it can be identified as such by SpamAssassin) is penalized from 3.0 to 2.0, in descending order: jpfree, VC_IPA, StormPost, JiXing, MMailer (Gammadyne, 2.73), EVAMAIL, IMktg, screwup1, Outlook 3.14159. GroupMail, hash 2. Group Mail (ver 2.0) is dinged 1.84. Other identifiable bulk mailers are penalized about 1.00 points. (Note: While I don’t spam, I use Gammadyne Mailer routinely. The current version has no tell-tale headers identifying it as in some earlier versions. I am told Group Mail 3.x does not use such headers either.)
You might study e-mails sent out for any header lines that indicate the brand of mailer. You’ll sometimes see this in the user agent and x-mailer header lines. If you find them, disable them or insist that the software vendor remove them. It is better to send e-mail from an unknown e-mail program than one which can be identified as used by spammers. Or use Apple Mail which has such a good record (spammers can’t make it work well for them?) that your point score is reduced by 1.78. (Just kidding.)
2. Use Capitalization Carefully
Capital letters are seen as “yelling” and spammy. Excess capital letters cost you .21. I had been using capitalized titles until I found that I was being penalized for these. Since then, I’ve stopped using whole lines of capitalized type as headlines in my text newsletters. Instead I limit capitalization to partial lines only.
3. Keep HTML Simple
According to SpamAssassin, if your HTML message has more than 50% HTML tags (that is, has very specific formatting), you are fined 0.31 to 1.78 points. The lesson is to keep your HTML very simple. Highly stylized formats can hurt your score. Here are a few more elements to avoid, if possible:
- An HTML table with a thick border (0.41 points)
- JavaScript contained in the message (21 to .30 points)
- HTML comments “which obfuscate text” cost 2.08 (whatever that means).
- An HTML form in your e-mail message can also be costly. An “obfuscated action attribute” in an HTML form costs 1.00 point.
4. Watch Your Hyperlinks
SpamAssassin gives links a good looking over, so be careful.
- Links without an http:// prefix cost 1.28. Oops. I’ve been shortening them, but does that spamify my newsletters? I hope not.
- Don’t link to URLs using IP address numbers instead of a domain name (3.1).
- More on mailto links below under unsubscription systems.
5. Use Color Judiciously
Realize that high art is likely to cost you something. A font color tag that isn’t formtted quite right can cost you .21. If you are using special font colors that aren’t in the palette of 217 web safe colors, you are dinged .30 points. Hidden letters (same color as the background color) cost you .34 points. Beware the color police.
| Black |
0 |
| Blue |
.21 |
| Red |
.32 |
| Gray |
.33 |
| Green |
.41 |
| Cyan |
.41 |
| Yellow |
.42 |
| Unknown color |
.42 |
| Magenta |
.44 |
Black fonts are safe, but I’m not ready to desert color yet. I’ll try to avoid using it in font tags, however. Rather I’ll control color with style sheets and see if that helps. Unfortunately, many e-mail client programs don’t handle style sheets very well yet. Also be aware that using a background color other than white is suspect, and racks up 0.317 points.
6. Use Large Fonts and Characters Judiciously
Fonts larger than +2 or size 3 (normal) cost you 0.34 points. I don’t believe this includes H1, H2, H3 (presumably not), so I’ll probably use HTML headers in the future rather than font tags to increase font size.
7. Avoid Suspect Spam Phrases
This list is a long one. I’ve included it on its own webpage so you can print it out for easy reference — “Words and Phrases that Trigger Some Spam Filters,” Web Marketing Today, 12/3/02. http://www.wilsonweb.com/wmt8/spamfilter_phrases.htm
Does it help to include * or ^ characters in place of vowels? The jury’s still out. I suspect that some spam filters are smart enough to detect this ruse, but I’m not sure.
8. Be Careful with Subject Lines
SpamAssassin is particularly interested in subject lines. Here are a few subject lines no-nos to learn from:
| Contains “FREE” in CAPS |
0.43 |
| Starts with dollar amount |
1.10 |
| GUARANTEED |
0.62 |
| Starts with “Free” |
0.30 |
| Starts with “Hello” |
1.58 |
| To: username at front of subject |
2.86 |
| Subject includes a question mark or exclamation point |
0.10 |
| Subject contains lots of white space |
2.64 |
| Subject is all in capitals |
0.48 |
| Subject talks about savings |
0.41 |
| Subject talks about losing pounds |
0.51 |
| Subject is missing |
0.34 |
9. Carefully Word Your Unsubscribe System
It seems ironic that legitimate opt-in e-mailers are penalized for having unsubscription information. But since so many spammers have bogus systems, it is apparently a spam indicator. For example:
| List removal information |
1.00 |
| Click-to-remove with PHP/ASP action found |
0.30 |
| Claims you can be removed from the list |
2.70 |
| Claims to listen to some removal request list |
1.00 |
| Says: “to be removed, reply via email” or similar |
0.45 |
| Header contains exists:X-List-Unsubscribe |
1.11 |
You need to include ways to unsubscribe, of course, but avoid the phrase “click here to…” and substitute something like “use this link to ….” You’re especially hurt by using mailto e-mail links with “remove” — or anything, for that matter — in the subject. Make sure that the program you are using to unsubscribe people doesn’t have “unsubscribe” or “remove” in the URL.
10. Flaunt Being a Newsletter
Fortunately, being a legitimate newsletter lowers your spam score.
| Subject contains newsletter header (list) |
-0.22 |
| Subject contains newsletter header (news) |
-0.62 |
| Subject contains newsletter header (in review) |
-1.00 |
| Subject contains a frequency – probable newsletter |
-0.73 |
| Subject contains a month name – probable newsletter |
-0.48 |
| Subject contains a date |
-1.60 |
Other words and phrases which may help you include a PGP signature, or something about a forgotten password or a registration system.
11. Use a Signature
You’re helped if your e-mail contains an e-mail signature — since so many spam messages don’t.
| Short signature present (no empty lines) |
-0.30 |
| Short signature present (empty lines) |
-2.09 |
| Long signature present (no empty lines) |
-3.13 |
| Long signature present (empty lines) |
-0.30 |
| Contains what looks like an ‘E-Mail Disclaimer’ |
-0.70 |
| Contains what looks like an email attribution |
-1.63 |
| Contains what looks like a quoted email text |
-0.83 |
12. Don’t Mention Spam Law Compliance
It’s very unwise to claim that you observe all the spam laws. Only spammers say that. SpamAssassin will assess you from .91 to 3.47 points for this. If you mention House Bill 4176 you’ll be fined 2.02 points. H.R. 3113 dings you 2.93.
13. Message Size of 20K to 40K Helps
Since so many spam messages are under 20K, SpamAssassin gives you credit for a message size between 20K and 40K (-.71). Over 40K helps you less (-.12).
14. Remove Spam Flag Addresses from Your List
Occasionally, evil-minded people will add e-mail addresses to your list just to get you in trouble with the anti-spammers. Try scanning your e-mail database for an e-mail address that starts with abuse@, postmaster@, or nospam@. Sometimes an e-mail address will be inserted that subscribes you to an autoresponder each time you send out an e-mailing. You might scan for the word “subscribe” among your e-mail addresses (though this one won’t affect you with the spam filters).
15. Monitor Your “From” E-mail Address for Challenge Systems
I am seeing a small but increasing number of recipients who use systems that block all e-mails except those that take the trouble to respond to an e-mail message, and perhaps give a name and reason for the e-mail. Thus, it’s important to monitor the mailbox for your “From” e-mail address to catch these.
16. Ask Subscribers to Put Your Address in their “Whitelist” or Address Book
Some e-mail client programs such as AOL 8.0 and Hotmail have recently changed their interface to allow users to sort their mail into preferred folders. As people subscribe, ask them specifically to place you in their address book (AOL), “safe list” (Hotmail), or “whitelist” (some spam filters). That way your e-mail will come directly into their inbox. Asking may be a little trouble, but it may make the difference between your recipients seeing or not seeing your e-mail.
17. Monitor Blacklists and Test Accounts
ISPs and spam filter systems often check blacklists of known spammers to help them reject e-mails. If your listserver’s IP address or domain — or yours — gets on a spam blacklist because of complaints of spam, it will prevent some of your e-mails from getting to their recipients. Your listserver vendor should be actively working with ISPs and anti-spam services to keep an excellent reputation in the e-mail community and resolve any problems. But if they fail to — or cater to spammers — your e-mail delivery can suffer.
SpamAssassin currently checks three blacklists, and addresses that appear on such lists cause substantial penalties to any e-mails coming from them.
- Razor2 (http://razor.sf.net)
- DCC List (www.rhyolite.com/anti-spam/dcc/dcc-tree/dcc.html)
- Pyzor (http://pyzor.sf.net)
Some other blacklists that may prevent your recipients from receiving their e-mail include:
- Mail Abuse Prevention System (MAPS, www.mail-abuse.org) maintains the Realtime Blackhole List, an important blacklist, and has many ISPs as subscribers.
- Network Abuse Clearinghouse (www.abuse.net)
- NJABL.ORG (Not Just Another Blacklist, www.njabl.org)
- SPAM Blocking Blackhole List (http://blackholes.bruli.net)
Other anti-spam organizations are listed in Yahoo! Directory under “Email > Spam”
You can check many blacklists at once to see if your domain is on it using a utility from OsiruSoft Research & Engineering (http://relays.osirusoft.com/cgi-bin/rbcheck.cgi).
In addition to checking blacklists periodically, it might be a good idea to subscribe to some of the more important ISPs (or find a friend who subscribes) so you can monitor if your e-mails are getting through. ISPs with the largest blocks of subscribers include America Online (with CompuServe and RoadRunner), MSN, Earthlink (with Mindspring and others), United Online (Juno and NetZero), and SBC/Prodigy. If you find your newsletter blacklisted, contact the service(s) involved and actively work to see the ban removed.
18. Move Immediately to Confirmed Opt-in
As I argued a few months ago in “Why I’m Moving to Double Opt-in Subscription Confirmation,” Web Marketing Today, 9/10/02 (www.wilsonweb.com/wmt7/double_optin.htm), the time has come for each company to require the higher standard of confirmed opt-in for new subscribers. If the government doesn’t require it, then the free marketplace driven by spam filters may require the higher standard. When you’re falsely accused of spamming, it’s a whole lot easier to argue your case before an ISP or blacklist when you have a confirmed opt-in standard than if you don’t.
19. Use the Habeas Header If You Qualify
Finally, if you do use a confirmed opt-in system and qualify to apply for a Habeas warrant mark (www.habeas.com), then I suggest you purchase a license to use it. Habeas is actively working with the anti-spam community and leading spam filters to have their mark (contained in headers) recognized as certifying your e-mail as confirmed opt-in. SpamAssassin, for example, subtracts 4.00 points from your score if the e-mail message contains the Habeas header lines. For more information on Habeas, read my Review of Habeas, Web Marketing Today, 1/7/03 (www.wilsonweb.com/reviews/habeas.htm).
I wish that I could guarantee that if you took all the above steps, your legitimate opt-in e-mails would get through the spam filters. But I can’t. I can’t even get all my newsletters through. Another important piece of this problem is to reduce the quantity of spam, and to do that requires legislation.
20. Use a Spam Checker to Test Your Message
We’re now seeing some services you can use to test the spam quotient of your e-zines and e-mail offers before sending them out.
- SiteSell SpamCheck Report tests your message at no charge using SpamAssassin and sends you a report. Send your test e-mails to mailto:sales-spamcheck@sitesell.net Be careful, however, that you put the word TEST as the first word in the subject — and make sure it is capitalized. Otherwise, the system will delete the mail, thinking it’s spam. Following the word TEST, add the subject line that would appear in the email normally.
- Assurance Systems offers three functions as part of a paid service. (1) Message Checker rates your e-mail message for spam. (2) Mailbox Monitor checks test addresses for each of the major ISPs to make sure your e-mail is being delivered. (3) Blacklist Alert lets you know what blacklists you are appearing on so you can work to get your domain or IP number off the list. http://www.assurancesys.com
I don’t want intrusive government regulation any more than you. But I believe that the time has come for clear federal regulations to prohibit spam in the same way as unrequested faxes are prohibited. State and provincial laws can’t really regulate what is a national and international problem. Federal regulations won’t stop spam entirely, but they’ll certainly put a dent in it. Yes, some spammers will move offshore. But thousands of small spammers who are willing to spam now because it’s cheap and legal will no longer spam because it illegal, and the risks are too great. I encourage you to advocate with your legislator for federal anti-spam regulations in your country. Perhaps we can recover for legitimate business use a communications medium that was once called the “killer ap.” I hope so.
additional info: http://www.list-unsubscribe.com/