A client recently questioned why he couldn't send emails to a purchased email list. After all, how would MailChimp know that he was blasting people with unwanted emails. It's 2024. We should know by now that email services like MailChimp do indeed know what you're doing. And yet the question is still being asked, and the rules ignored.
There are sound business reasons for that including:
The CAN-SPAM law in the US makes it illegal to send mass emails without permission. Other countries have similar protections in place.
Email service providers (MailChimp, ConvertKit, etc.) commit to operating within these legal boundaries to protect not only the recipients but also the provider's ability to send emails through their mail servers.
Senders risk being labeled by recipients as spammers, harming the sender's reputation.
A Simple Email Spam-Checking Flow
To answer our client's question, "How will they even know", here's the high-level, non-technical flow and spam filtering steps your hypothetical email takes. We could go a lot deeper and explore the technical tactics used, but this short overview will start the conversation.
You compose your email and send it to the addresses on the purchased mailing list.
Your email server (such as MailChimp, ConvertKit) receives the request to send your email.
Before sending, some email servers perform an initial spam check. They might scan for suspicious content or check if the email addresses are on a blacklist. (More about blacklists in a minute.)
Once the email passes the initial spam check, the mail server sends your email over the internet using the Simple Mail Transfer Protocol ( SMTP).
Your email is routed through a number of network points and servers before it finally reaches your recipient's email server.
The recipient's email server receives your email.
Before your email is delivered to your recipient's inbox, this mail server performs more indepth spam filtering than your sending server. This might include:
Is the sender's email address or IP on a blacklist?
Does the email subject line, content, and HTML code (email formatting code that you don't see) contain common spam characteristics such as certain phrases, keywords, or excessive links?
Are there inconsistencies or signs of spoofing in the metadata (data about other data)?
How many emails have been sent from the sender's email address or IP that might indicate spam?
If your email passes the spam filtering tests, then it's delivered to your recipient's inbox.
If the email has been flagged as spam, then it might be sent to the recipient's junk or spam folder. This depends on how their email account is configured on their server.
If the email fails critical spam checks, it might be rejected by the server and not delivered at all.
Servers aren't the only way your email can be flagged as spam. Recipients can mark an unsolicited email as spam, providing feedback to their email server for future spam filtering algorithm updates.
What is a Blacklist?
In the context of email, a blacklist
is an actual database list. It's used to identify and block IP addresses
and sometimes individual email addresses from sending spam or malicious content.
Since IP addresses are most often used because of email address privacy considerations, this means that your email service provider is continuously monitoring the email sent from its servers. Their IP addresses are essential company assets that must be protected.
Being blacklisted prevents emails from being sent from their IP addresses. This brings us back to the original question "How will MailChimp know I'm sending spam?". An email service provider's IP addresses are essential business assets that must be guarded. It's their business at risk so they have to know.
How Long Does Someone Stay on a Blacklist?
Some blacklist entries are temporary and are removed after a certain time period or after the bad behavior stops. Others may remain on the list indefinitely or permanently.
What happens if an IP address is incorrectly listed? There is a process called delisting
where the responsible party can request removal.
While blacklists, by their very name, sound punitive, they are an invaluable tool in the neverending battle to protect all of us from unwanted emails, annoying sales tactics, and malicious attacks. Remember, email is one of the leading sources of phishing and malware.
Did Our Client Listen?
The short answer: no.
In spite of our explaining why a purchased email list was a bad idea, they weren't ready to listen. So we shared links to the clearly written policies from MailChimp, our recommended provider, about permissions, purchased lists, and the consequences.
But the client had a better idea. Since they had a free trial to Constant Contact, they would use Constant Contact instead of MailChimp. It didn't matter that the written guidelines were the same as MailChimp's. The client was determined to ignore the rules.
After all, if you don't read them, then the rules don't apply.
As expected, 4 days later their 8,000 email address campaign got their Constant Contact account blocked. Shut down.
Wrapping It Up
We all should know this by now, but it's worth repeating one more time ---
Don't get clever and think you can bypass the email service provider's guardrails by sending mass emails from your personal Outlook or Gmail account. That's a surefire way to land on a blacklist. The consequences: you will no longer be able to send or receive any emails with your email address.
Email is an essential tool we all rely on to communicate, share information, and build relationships. Responsible users don't abuse inboxes.