SPF, DKIM, EXIM… WTH?

Whew… It’s been a loooooong night.  It’s 9:30am and I haven’t been to bed yet.  Not terribly uncommon… but this is probably the 3rd time in the past week it’s happened.  Uggh.

Why this time?

I’ve slowly been moving off my GetResponse account and onto my own mail serving platform (i2icontact.com).  It’s been a long, slow process.  I’ve owned i2icontact.com for *years* and never really got it much past logging in.

But I finally went live with a new list on it last week.  And it was a smashing… headache.

The deliverability was abysmal.  If you bought Site Sniper Pro from me last week you know what I’m talking about.  It didn’t seem like my emails were getting through to *anybody*.

If I had any hair to pull out it would be gone by now.

So I  kept the list on my server and outsourced the smtp sending portion of it, thinking that would make a difference.  Not really.

So I got really serious about it last night and was determined to solve the deliverability issue (at least to the extent that it’s reasonable again).

And that led me down a crazy path of emerging standards and security and authentication and hassles and triumphs that everyone wants to know about… but it seems like very few ever figure out.

Now, I’m not about to claim I’ve figured out how to deliver everything… but I’ll take even a small victory right now.

And here it is…

Received-SPF: pass (google.com: domain of support@i2icontact.com designates 207.58.191.151 as permitted sender) client-ip=207.58.191.151;
DomainKey-Status: good
Authentication-Results: mx.google.com; spf=pass (google.com: domain of support@i2icontact.com designates 207.58.191.151 as permitted sender) smtp.mail=support@i2icontact.com; domainkeys=pass header.From=support@i2icontact.com
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=i2icontact.com;
	h=Received:MIME-Version:Date:From:To:Subject:Message-ID:X-Sender:User-Agent:Content-Transfer-Encoding:Content-Type;
	b=ajo1KCm/+flKwwdR9+pcbijbcYMy9/upJ8lptmb9DV9magDeoHjCPHDEq+umvaQMo9sil4GVxRuI6P/KB1eRCc4Om90FcCm76TJGAj3bPDNksDiNCOShHMEljPBtrSiw;

That’s a partial email header from gmail for a message I just sent from my server.

I know… it doesn’t look like much… but it means I got both SPF and Domain Key authentication working on my exim MTA server last night / this morning.  Woohoo!

Don’t know what any of that is?  That’s ok… I barely did when I started this whole thing.  But do a little searching and you’ll find it’s pretty cool.  And pretty hard to piece everything together (until you know where to look).

And, in a nutshell, it means Google and Yahoo (not sure about AOL) can now authenticate my email messages back to me and my server.  And that means they let me (so far) have a free pass to the inbox… provided I don’t screw it up.

I still have some other things to implement, since it seems like everyone has a different standard they want me to support… but I’m closer than I was yesterday.

I’ve oversimplified what this lets me do… but it’s been a thorn in my side for several years now.  Heck, just figuring out what I needed to do took a virtual act of God.  Maybe I’m just dense (not), but it certainly shouldn’t be this hard.

Anyway… I’m off to bed.  Sleeping peacefully knowing that I’m 1 step closer to getting past the demon gatekeepers of the email world.

Permission or Forgiveness?

Do you know the saying “It’s easier to ask for forgiveness than permission?”  That’s generally something I believe in wholeheartedly.  Especially when it comes to marketing.  So few people really get what we’re doing as internet marketers that asking permission often leads to a lot of “no” answers.  Especially if I’m getting “creative.”

However, I should know from my experience with Amazon.com, that this strategy often backfires when it comes to people suddenly writing big checks out of nowhere.

And so it was that I made a silly mistake last week.  Not a major one.  But silly.  And frustrating.

A friend of mine wanted to run a campaign for Site Sniper Pro.  Only he wanted to put together a special package to offer and wanted to bypass my order page, which is run by RegNow.com.

No problem, right?

There are lots of ways to do that… with perhaps the easiest being PayPal.  I mean. I have a PayPal business account.  It’s nice and seasoned.  In good standing.  A decent number of transactions over time.  What could go wrong?  Right?

I don’t typically do a whole lot through it (I almost never do direct product sales… I usually have a payment processor that handles affiliates, fulfillment, etc.).  But I do anywhere from a few hundred to a few thousand dollars a month through PayPal in odd payments, small deals, and the (very) rare occasion when I mess around with PayDotCom (I’m not a big Filsaime fan… long story).

And so I ran this offer directly through my PayPal account.  I didn’t think it would be a big deal.  To be honest, I wasn’t really expecting a whole lot from this campaign.  It was a favor for a good friend and his customers.  I would have been pleased with $4,000 – $5,000.  And I didn’t expect much more than that.

As I often do with these small projects, I set a goal for what I’m earning the money towards.  Usually a vacation or maybe a car, or something like that.  This time I decided it would be a success if I could get my wife a new MacBook Pro for Mother’s Day.  Romantic, aren’t I?  Sorry ladies… I’m taken.

So when I hit my goal a couple hours into the promotion I was very pleased.  Very, very.

And when I passed the $10,000 mark on the first day I was giddy (5-figure days are a special kind of fun… you should have one some day).  And it kept going.  Over $13,500 on day 1 in profit.

And day 2 was just about as good.

Now, this was a 2-day promotion only.  So by the end of day 2 I was cheerily checking my PayPal account in between mountains of emails from my 200+ new users (I also learned a lesson about fulfillment… but that’s another story).

And so this morning I woke up and logged into my PayPal account.  You know… just to check and make sure I really had all that money in there.  You know you’d do it, too.

And here’s what I saw…

4-25-2009 8-45-11 PM

Whoa!  Uncool.  Totally uncool!

It turns out it’s not really that big of a deal.  But it makes your heart skip a beat when you see something like that.

And I got hit with a long list of demands from PayPal to restore my account.  Most of which make absolutely no sense for me as a software publisher.

Like… I’m supposed to provide detailed supplier information and documentation proving I actually acquired enough “inventory” to fulfill the orders.  And tracking numbers to confirm that I shipped my products.  And invoices.  And receipts.  PAPER receipts, by the way (electronic documentation not accepted).

So, I understand why PayPal did it.  And it was painfully clear that they are still totally steeped in the eBay tradition.  There wasn’t a single question that even hinted at the possibility of digital products or electronic delivery.  So it was a little weird.  And it definitely made me nervous.

So now I’m in a state of limbo with PayPal.  It will all work out in the end because everything was real and done right.

But I can’t help but wonder… could I have avoided this?  PayPal assures me that we’ll have everything straightened out within i a week as long as I cooperate and everything is in order.

I believe them.  And I also know that I thought the same thing would happen with Amazon.com.  Until it didn’t.  And everything wasn’t worked out in a week.  And it took me months to get them to finally give me my money.

<rant>By the way, I’m not surprised by Amazon.com’s recent announcement not to pay commissions on direct-linking ads at all.  As much as I LOVE their technology and all the cool stuff I can do with their platform I am convinced they are anti-affiliate.  They seem to actively seek ways to cut their affiliates out.  Especially their big ones.  I can’t say I blame them… they certainly have the “weight” to do that.  And I think they should just be honest about it.

It’s interesting… because I don’t think they want big sites and affiliates funneling loads of traffic and sales to them… they want millions of small-time blogs and mom-and-pop sites linking back.  It actually makes a strange kind of sense.  But, again, I think they should just come out and say it like that.</rant>

Still… I do think this is just an understandable and easily fixed blip on the radar with PayPal.  No big deal.

But I should learn my lesson.

I know too many marketers who got explosive results, fast.  And got slapped down and beat up by unsuspecting and panicked partners/vendors/merchants (see Jonathan Van Clute & InfusionSoft).  I see it time and again.

I should know better.

And now, so should you.

Look, I’m all for (and all about) asking forgiveness over permission.  And yet there are definitely times when the whole permission thing is simply the easier way to go.  Even when it might lead to “no.”

I still don’t think permission is a good idea for everything.  It gets in the way.  And it’s slow.

But the instant you think something’s going to raise a flag (even if you’re right in the middle of it) I think it makes sense to pick up the phone, or shoot off an email, or something.  It’s time to be proactive.

Looking back, I knew my Amazon.com stuff was starting to go crazy.  When I went from $200 a month to $2,000 a month to $8,000 to $26,000.  In the back of my mind I was wondering if they would notice.  Sure they would.  And I should have raised my hand then.  And just let them know what I was doing.

What I was doing was different.  I knew that.  And I was scared they would tell me to knock it off.  And, honestly, I got greedy and hoped they were so big that no one would notice.

I should have called.

Same thing this weekend.  As soon as I knew that this was going to look totally suspicious to PayPal I should have done something.  They probably still would have done everything that happened.  But I would certainly feel more in control.

And if (when) I ever do a proper launch of any of my products I will *definitely* get permission from those who get the money first… not seek forgiveness later when all the red flags are flying high.  I know from experience it just isn’t worth the heartburn and stress of not-knowing and hoping and praying and keeping my fingers crossed.

Be warned.