Good shipping practice reference document updated
M3AAWGone of the world's largest organisations working to prevent spam in any electronic medium, has published a new version of the best practices for legitimate commercial email senders. The document updates the 2008 document. The best practices published have been validated by ESPs (Email Service Providers), advertisers and ISPs (Internet Service Providers) and represent the only document of its kind that sets out industry-accepted best practices for protecting spam actors in all its aspects.
After careful analysis of the document, we have not found any aspect that substantially changes the body of the document. best practices that we already knew. In any case, it seems pertinent to us to gather the key points that every sender of commercial and marketing emails should consider according to this document. These are the ones that, for non-technical profiles, we consider most relevant:
- Opt-in process
The document describes three levels of obtaining user opt-in. Here they are ordered according to the level of recommendation (from least to most).
- Single Opt-in: the user leaves their email address accepting the legal conditions. From this moment on, and without prior mediation of any confirmation email, you will begin to receive the requested commercial information.
- Single Opt-in with notification: After registration, the user receives an email notifying them of their subscription. This is an informative email, which, in the context of the process, imprints a "heightened awareness" of the process that is taking place on the user.
- Confirmed Opt-in: this is the double opt-in, a process in which after leaving the email address, the user receives an email asking him to "confirm" his real desire to subscribe. If the user does not confirm the process (usually by clicking on a link in the confirmation email), the opt-in is not completed.
- Implied Consent
The document refers to the process of capturing emails at the point of sale or commercial event. It is common to assume that the person who leaves their email address at a physical point of sale is implicitly giving their consent for us to send them commercial information. To avoid confusion and possible problems, a good practice is to request, at the time of collecting the email, the user's confirmation (it can be a check box to be ticked). An alternative is to send, a posteriori, an email with the objective of confirming whether the user really wants to be on our list.
- Disenrolment process
It is recommended to include an unsubscribe link in the header of the message, making it more visible. This will reduce the number of users who may click on "mark as spam", one of the most influential factors in generating a bad reputation as a sender.
- E-mail authentication
Authentication refers to the set of systems that authenticate that the sender is who he or she claims to be. This is positive because it removes the possibility that at any given moment a sender may appear to be "impersonating" the identity of another sender. Senders may choose to adopt some or all of the following authentication mechanisms:
- SPF (Sender Policy Framework) validates the sending IP against the rturn-path (hostname).
- DKIM (DomainKeys Identified Mail) uses a digital cryptographic signature that can be validated against a specific domain in the headers.
- DMARC (Domain-based Message Authentication, Reporting & Conformance) gives email senders more control over how they handle unauthenticated email. Here is this video explaining it.
Source: M3AAWG
Further information on authentication can be found in the document updated in February 2015. The Training Series videos M3AAWG DMARCs presented by experts are also a good resource for those of you who are interested.
The document in question is extensive, and goes into technical aspects related to IP configuration, shared vs. private environments, feedback loops, connections, etc. that we will not go into here. You can access the full document by clicking on this link.
