Mar 21, 2011

Letters to our Abuse Desk

As you can imagine, the MailChimp Abuse Desk receives some really nasty emails from people. Fortunately, we also get a lot of very positive emails from people trying to do the right thing, and who genuinely appreciate the measures we’ve put in place to protect the email ecosystem. If you work in an abuse desk somewhere — either an ISP or an ESP — this post is for you.

Here’s a nice email we got today:

"We just wanted to drop you a note to thank you for your patience and your advice last month as we migrated to your system.  We’re fairly confident now in our assumption that your fantastic deliverability was the cause for the elevated abuse complaint rate that we hadn’t seen before.  [Competing ESP] just didn’t get emails to those people it seems!

We had a few complaints this month as we migrated more of our database into your system, but they were at a manageable level and we saw complaints drop precipitously in the existing lists that had issues last month.  This is what we had hoped for and assumed would happen.  As our intake of new subscribers was at the normal rate, if the cause of our problems had been subscribers who felt duped somehow we assume the complaint rate would have stayed the same.  We’re very glad to see confirmed what we had assumed and hoped was the case.

So, this is just a note to apologize again for the problems last month and to say how much we appreciate your great service and your fantastic product.  We look forward to a long and fruitful relationship and we’ll always be here to answer to you if you have any questions or concerns :)   Thanks!"

The first paragraph is a common (and ironic) issue. Sometimes, better deliverability can actually get you into trouble. Some people send emails from their own servers for years, and don’t realize how bad their deliverability is. When they switch to an ESP, their deliverability improves, and suddenly their subscribers are getting their emails for the first time. What’s their reaction? Usually, something like, "Who are you? I signed up 2 years ago, and you’re just now contacting me with a newsletter out of nowhere?!?"

For the record, I have no idea if that sender will be fine moving forward. It’s very possible things will go wrong again, which is why we have automated processes constantly watching. But it’s always nice to see people who care about email, and want to take responsibility for what they’re doing.

Other encouraging notes:

"It is greatly reassuring to have both a great service and to feel this kind of security is in place to ensure deliverability.  Thanks a whole lot and I will be keeping watch to make sure it will not happen again!"

and here’s a bittersweet one from a user we unfortunately couldn’t help:

I wanted to thank you and the rest of the team there at MailChimp for the help on our accounts over the past few months.  We appreciate your efforts and your level of professionalism.  Job well done.

Unfortunately, the shareholders have expressed an interest in keeping the [REDACTED] and [REDACTED] brands paired and have secured another ESP for us to use.

Thanks, hope to work with you again and the [REDACTED] division will be staying with the Chimperoo.
: )

It’s been a looong time since I was running our abuse desk, but I can guess that the problem above was that the client wanted to combine two lists that were obtained by two different brands under two different permission circumstances. Our advice is to email each list separately to notify them of the impending "merger," then move forward with the combined lists. Sometimes, people just don’t want to do that. It’s their prerogative, but it’s our servers. It’s nice when customers get that.

If you work at an abuse desk just stop reading now, knowing that there are indeed good people out there who care. Happy thoughts. Rainbows and unicorns!

Shiny happy people




If you don’t work at an abuse desk, and you’re wondering what the big deal is, read on.

Some Bad Letters. Sigh.

Now for the ugly stuff.

Since we’re a self-serve ESP with over 650,000 users sending more than 1 billion messages per month, we kinda have to put autonomous abuse prevention processes in place. We call one of our systems "Omnivore," and it’s constantly scanning accounts and looking for warning signs like high abuse complaint rates, higher than average bounce rates, or bad email addresses on the list.  If it finds something suspicious, we temporarily suspend the account and send a few questions to the sender. We spend a lot of time making sure those questions we send aren’t accusatory, and we’re always recalibrating those messages.

Despite all the attention we put into crafting the most perfectly-balanced message, the questions still manage to get responses like this:

You had our account closed since feb 24th. For your slow review. I want my leads back and I will charge back an entire account for your terrible service. I have not done anything wrong. I gathered leads at the tradeshow from people I spoke with and they specifically asked to sent them PDF file with pricing information. Suspending the account for 20 emails accounts, you are out of your mind you stupid mailchimp company. Get a fucking phone support you bastards, so I can chew you up.

For the record, when people complain about "slow review," 99% of the time it’s because we sent them questions via email that they refuse to answer. They always insist that they call us on the phone, to "explain their business model" or, like in this case, to "chew us out." Sigh. There was a time when my co-founder and I handled this stuff (and these kind of people) ourselves. And we did it on the phone. That’s why we refuse to subject our staff to this. You either care about email etiquette, or you don’t. We don’t judge you if you don’t. You just can’t use MailChimp.

Here’s a follow up from that same user:


What a useless company. We have been paying you for so many months now. Spent hours learning your system and creating a tiny 25 email campaign and now we have to go back to Outlook. What is the point of your company then if we cannot have lists of our clients from the tradeshows.  Get a phone line! Talk to your customers and don’t simply hide behind chat and emails. Unprofessional company. I wish our cart would support [COMPETING ESP WITH NOTORIOUSLY BAD REPUTATION], cause you I’m very upset and I will looking somewhere else to spend money on emails.

Go and review our own links, I do not have time to look at your poorly written general tutorials. You cost me 4-6 hours of work today and I will not forgive that.

If I met 25 people at a trade show, who actually wanted my PDF (and weren’t just faking interest to make me go away), I’d email them personal, individualized emails. And yes, I’d do it from Outlook. That’s called sales. And in those emails I send — and in my PDF — I’d include links to more awesome stuff they could subscribe to (which is when a system like MailChimp comes into play).  Wait, let me back track. If I met 25 people at a trade show, who wanted my PDF, I’d be carrying the PDF. Already printed. Then I’d hand it to them. Or I’d email it to them right there, from my iPhone. Or I’d ask them to use a cool opt-in tool like — I don’t know — Chimpadeedoo. Point is, trade shows are fine and dandy. We’ve even built mobile apps for them. Just collect emails responsibly. But this guy’s a busy professional. No time to read tutorials. Kinda stings that he called our resources "poorly written" though.

Then there are the tweets.

We advised one user, who setup a list and got a very angry direct spam complaint, to contact his list and make sure they really wanted to hear from him (aka "re-confirm your list"). We know how it goes. Sometimes you collect a list of contacts that you’ve met over the years, and you want to get back in touch with them. No prob. But you should send them a nice email asking if they’re still around, and if they a) remember you, and b) still want to hear from you. If you send them an email marketing promotion out of the blue, you get spam complaints. You should re-confirm their permission. It’s the right thing to do.

We sent that advice to someone, and got this response:

Sorry, but your suggested process is unacceptable. I would rather consider it spam to receive a message to opt-in again to a newsletter that I subscribed to. This leaves me with the only option to move to another e-mail provider. I’ll inform my network about that.

and inform his network he did, with this tweet:

Mailchimp asking me to spam my complete network. Huhhh? Something is wrong here. #mailchimp #email

Hmm, we actually told him how not to spam his network, but I guess something got lost in translation.

Then there are the legal letters.

We recently received a very concerning letter from a company who told us they suspected some sort of data breach on their account, because their list was evidently being used by multiple competitors. We used our Email Genome Project servers to search our system, and found at least three other users — in the same industry and general geographic area — that had email lists with a high (greater than 90%) correlation with that sender. All were already shut down by Omnivore. In fact, the company who sent us the letter was just recently suspended from MailChimp too. It seems they were all using the same list (they most likely purchased it from the same source, or there was an insider selling the list to competitors). Whatever the case, it was a bad list that got consistent complaints, so we had to keep it off our system.

There was another legal letter from someone who got spam from a PR agency (read about how risky this industry can be for ESPs), who thought it would be a good idea to scrape emails from websites and blast out some client news. Unfortunately, one of the recipients was a guy who enjoys taking people to small claims court for violations of CAN-SPAM and other local state spam laws, in his pastime (he has a whole website boasting how many spammers he’s bagged). This, btw, is why we have an in-house counsel and privacy officer.

There’s some seriously nasty stuff going on out there, and the Compliance Team is here to protect our infrastructure against that nasty stuff. I’m not even going to talk about the money and resources we spend defending ourselves against users who get their computers infected by malware, and whose MailChimp accounts (not to mention all their other bank, personal, and business accounts) end up on the black hat market. People think we’re here to teach them how to run their business, or to "bust their balls for a couple spam complaints." They don’t realize the level of threats the Compliance Team deals with on a daily basis, how brittle deliverability is, and what kind of work we go through to make sure our infrastructure has a good reputation.

If you know someone who works at an abuse desk somewhere, go ahead and give them a hug today.