1. Ignoring "unsubscribe" requests.
This may sound like a no-brainer, but if you don't stay on top of your "unsubscribe" requests, you might get an unwanted surprise from a frustrated user who gets your newsletter once too often -- getting dropped into the spam bucket of his or her email service.
2. List "repurposing."
Recycling customer email lists may be handy to the marketing department, but it could hurt your business in the end. And sharing addresses with your sister company counts, too. Symantec's Fubini says he's seen cases where a company builds up a mailing list for one product and decides to just apply that mailing list to a new, unrelated product, which can cause problems. You have to ask whether the customer really wants to hear about this second product, he says.
3. Providing unclear privacy checkbox instructions, and ignoring users' responses.
If a box is pre-checked to opt in, that may appear suspicious and unprofessional. And if the opt-out instructions are confusing or unclear, you could turn users off -- and potentially get into hot water.
4. Losing track of internal desktop and server machines that can be used against you.
Andrew Lee, chief research officer for Eset, says he recently conducted an audit for a client and found an infected machine sitting under some tables in the janitor's broom closet. It was pumping out thousands of IP scans per minute. "No one had any idea it was there, or why it was there, and by the age of the hardware, it had been there a very long time," he says. "It's very hard to get free of the taint of being a spammer, or being associated with an IP that is on a lot of block lists. And it can be really hard to clean that up."
Lee recommends instituting strong policies and good accounting of your servers, desktops, and other computing resources -- and their configurations. And be sure any desktop machines that store your customers' email addresses don't get infected themselves.
5. Not keeping databases and address lists up to date.
It's not enough to keep close tabs on the desktops and servers that house your mailing lists. You should be careful when you reuse an old mailing list. An older mailing list may not have the updated "opt out" information on your customers. If your company is growing through acquisitions and new databases are cropping up, synchronization can be dicey. A customer may have opted out of all of your mailings, but the removal might only be recorded in one database. The customer's reaction: "You didn't respond to my unsubscribe question, therefore you are a spammer," he says.
6. Having vulnerable mailer forms on your Website.
SMTP relay-driven spam is not as common today -- botnets push most spam -- but if you have a mailer form on your Website that is vulnerable to an open relay, an old-school spammer could use this to shoot his mail through, notes Eset's Lee. "This is much less common now. But it still happens, particularly in smaller businesses where there is less expertise in the organization."
Be sure to restrict the exposure of your own users' email addresses on the Web. If your email addresses are available via the Web, spammers can use them as spoofed addresses in their spam runs which puts the spam blame on your organization.
7. Working with non-reputable third-party mailers.
Careful who you entrust your mailings to: some providers can be disreputable. They may be sending your newsletter to users who are not interested in it -- and you could get slammed as a spammer by proxy. One way to tell if you've chosen a good outsourcing service is to be sure these firms practice the same policies as you -- checking email addresses and maintaining clean databases.