On Wed, 25 Jun 2003, Callahan, Richard M, SOLGV wrote:
Good Afternoon and forgive the new guy if I break any rules or conventions.
The old rule used to be: Thou shalt not be excessively annoying. Billions of solicited and confirmed mail messages are sent everyday with few problems. 1. Follow the old conventions. No HTML, wordwrap at 72 characters, Mixed Capitalization, clear explanation why this address (some personalization) received the message. Don't write a novel, don't fill it with lots of URLs. You should have a random nonce authenticator for the confirmation. 2. Run it through SpamAssassion. If SpamAssassion thinks its Spam, it'll will end up in the junk folder (or trash folder). 3. Make sure everything is reasonable and makes sense to an outsider such as From addresses (envelope and header), received from headers, in-addr.arpa, etc. Cleanup your ARIN and Domain registry records to accurately identify you. 4. Handle bounces. If you are sending out millions of messages, expect some percentage to bounce. Not handling bounces fills up ISP spools, annoying ISPs. 5. Remember bounces, failed attempts and non-responses. Set a reasonable limit and then require intervention before sending more mail to the same address (user, and domain to prevent dictionary attacks). One confirmation message to an address is good manners, thousands of confirmation messages is annoying. 6. Working abuse and postmaster adddresses. Someone will complain. If a person asks you to stop sending mail to their address/domain/etc, stop. You should maintain your own internal list of "do-not-mail" addresses you never send e-mail too. 7. Make sure your systems don't have any open relays, open proxies, mailfrom.cgi problems. 8. Consider using "human detection" on the web form to prevent robots from generating lots of confirmations. For example, a picture containing a few random numbers the human must read and type in. Unfortunately, this probably violates the Federal ADA rules for web sites. Expect some joker to try to seed some spamtrap addresses through your web page. It will result in some of the more extreme spam blacklisters listing you as a spammer. There is probably nothing you can do or say to change the minds of the most extreme folks. But most of the others are reasonable if you can show basic due dilgence.