Set up DMARC and see who's sending email using your brand's domain.

The dangers of Send to Friend tools

In the not-so-distant past we used to do a lot of consulting work and specialized in social web applications (read: facebook-y stuff). One of the most common feature requests was always a way for a person to invite their entire address book to sign up for the new social network. There’s an obvious benefit here to a new application: get a ton of users in a single, easy step. But, unfortunately, there is an inherent flaw in this.

Here’s what happens. A user asks the app to access their address book, and then sends a mass mailing to everyone saying they want them to join their network on ABC social app. ABC sends the email from them, often in some cryptic manner that says nothing about how they got their email or what they are asking the person to do. The results of such a mailing? You guessed it, tons and tons of spam complaints. And, this isn’t really opt in, in case anyone is wondering. Opt in, at least how we define it, is sending an email to someone who has explicitly requested to receive it. Joe, your roommate from college 10 years ago did not ask you to join your social network, nor has he ever heard of ABC app.

Running Postmark we have noticed this to be the most common generator of high spam complaints for our very compliant customers. A single user, who emailed all 2,000 of their “friends” could generate 80 complaints. That’s about 79 more than is allowed for that volume. And it’s not really anyone’s fault. And there seems to be only one, not so pleasant solution.

I believe that aside from removing the functionality (which nobody will do), you must limit the number of invitations you allow to go out. Personally, I would only allow the user to send to 30 of their friends. And then, if the response is good, let them send to another 30. I mean honestly, who has 2,000 friends they can really say they know? Even 30 is a lot, in my opinion. 

The other part of a solution is to really make sure your email is super clear. I have argued that it should come from the user, so his “friends” can yell at him directly for sending the spam. Maybe that’s not a real option, but at least be very explicit with how you got their email, explain why they are receiving the email, and offer them a way to never be contacted again!

Just my thoughts. There is no guarantee, which is why I hate this feature in web apps. I can only guarantee this: if you get a lot of complaints, we will pause your sending and may terminate your account. We don’t want to, but we have to keep our IP reputation clean for all the customers around you.

Natalie Nagele

Natalie Nagele

Wildbit CEO. Love my kids, travel adventures and parties.