The adult Internet industry has long had a somewhat hypocritical attitude towards spam (unsolicited email). Most people will agree that spam is a nasty problem, but many people will turn an ethical blind eye when they see the opportunity to make additional revenue.The adult Internet industry has long had a somewhat hypocritical attitude towards spam (unsolicited email). Most people will agree that spam is a nasty problem, but many people will turn an ethical blind eye when they see the opportunity to make additional revenue. It’s my hope that this era of trying to get away with spam is nearing an end. With that in mind, this article is here to educate you on how to operate a best practices mailing list.

There are several strong arguments for not engaging in spam. From the philosophical to the pragmatic, they are:

1) Spam is evil. We all hate it. It makes email less useful, wastes everyone’s time, provides a means for scam artists to operate, and is generally the Wrong Thing To Do.

2) The adult Internet industry is growing up. We’ve seen industry consolidation, the barriers to entry are higher than ever, and the general level of professionalism seems to be on the upswing. Sure, there are exceptions, but for the most part the industry as a whole is looking for more respect.

3) Spam fighters are getting increasingly good at getting spammers TOS’d from their ISPs and causing other business headaches. Is it really worth the extra revenue if you have to move ISPs every few months?

4) More and more states and countries are passing anti-spam legislation. There’s increasing civil and even criminal liability for spam. An indicted spammer is not going to have great chances in front of a jury.

So you’re convinced. You may or may not have engaged in spam in the past, but you’re ready to swear it off forever right now. You want to build a legitimate brand with some chance of mainstream credibility, and you want to avoid the legal pitfalls that spammers will face over the next few years. You’re cured!

Unfortunately, it’s not that easy. The reason spam is so prevalent is because it’s so easy to do. Even with the best of intentions, you may still be a spammer. Or, perhaps even more frustratingly, you may be perceived as a spammer even if you’re not.

Top Secret Address

The only easy way to avoid any chance of being a spammer is to not operate a mailing list. Ha! We all know that mailing lists are a hugely important source of revenue. Just closing them down is not an option. So instead, it comes down to operating mailing lists in accordance with absolute best practices.

It is critical that you never buy, borrow, copy, or otherwise acquire a list of addresses from anyone. Yes, it’s tempting to bulk up that subscriber base, but if someone is providing you with the addresses, they’ve probably also already provided lots of other people with the same addresses. You are not buying a list of happy consumers who may be interested in your product – you’re buying a list of irate people who are very upset at the amount of spam they’ve been getting. They will be just as irritated with you. You do not want to email these people!

That’s not to say that you can’t promote your product to addresses that you haven’t personally collected. However, you should be very, very careful about doing so. You definitely don’t want to do business with anyone who will hand over addresses to you. If you’re looking to do a targeted mailing, find someone who operates a best practices mailing list and pay them for the advertising opportunity on their list. Do your research – try signing up for their list yourself and confirm that it is operated properly. And do a quick Google search on news.admin.net-abuse-email and see if the list is getting many complaints there.

The corollary here is: never, ever give out the addresses you collect. It’s absolutely crazy that some people go through the time and effort to build a mailing list, then completely devalue it by allowing other folks to spam it. Not only will the list members be angry at the spammer, they’ll be angry at you for providing their addresses to the spammer. And they’ll be worthless to you in the future. Don’t do it!

Collections Department

Collecting email addresses requires that you be very careful. What you want is a list of people who want your email. Not people who thought they were entering a contest, or who were told the email was needed for some kind of account verification. You want people to feel that they specifically asked for what you’re going to send them.

To achieve that, there are a few steps you absolutely must follow. First, if you’re collecting addresses on a Web page you absolutely MUST confirm that they want to receive your email with a follow-up confirmation email (know as “double-opt-in”). You don’t want to be the middleman in a prank.

Best practices for this confirmation email are:

1) Make sure your software throttles signup requests for any given email address. It’s very easy for script kiddies to submit some poor person’s email to your system 1,000 times a second. The person on the receiving end of this barrage will not be happy with you. You should allow no more than one confirmation email per address per day.

2) To further prevent abuse, keep a blacklist of addresses that you will not send mail to.

3) Surprisingly enough, the confirmation email should have a mechanism for confirming that the recipient wants future emails from you. You can achieve this with a URL, a reply-to address, or both. However, the confirmation MUST have a unique ID. If the URL is simply “http://yoursite.com/confirm?email=joe@hotmail.com”, it’s very easy for malicious folk to sign someone else up and confirm them. A better URL would be something like “http://yoursite.com/confirm?id=9b71-8765-d4f809ca-9aa2”.

4) The confirmation email should include the IP address that requested the subscription as well as the contents of the HTTP_X_FORWARDED_FOR header. That header will be present if the request was done from behind a proxy server. This information will help the victim of a malicious signup track down the perpetrator. It will also make your system less appealing for pranksters. If someone is up to no good, they’ll pick a system that’s more conducive to abuse.

5) When someone does click the URL (or replies to the reply-to address), you can activate his mailing list subscription based on that unique ID. At this point, you must save the IP address that did the confirmation (along with the HTTP_X_FORWARDED_FOR address, if present) as well as the date and time. You will want this data later!

So now you’ve got a list of folks who have confirmed that they want your mailings. It feels good, doesn’t it? Now you want to send them stuff to bring them back to your site, sell them memberships, or otherwise generate revenue from your happy subscribers. Well, it’s still not that easy…

[Editor’s Note: Stay tuned for part two of “How NOT To Be An Evil Spammer” in next week’s issue!]

Aiken is the co-owner and founder of Bondage.com, a Website dedicated to the Bondage, Domination and Sado-Masochism (BDSM) community since 1995. Aiken is also a Tech Chat Board Moderator here at YNOTMASTERS. Aiken can be reached via email at aiken@bondage.com.