How to Safely Share User Content via Email

Are you using creative viral marketing approaches that encourage users to share their content via email? Examples include invitations, blog comments, file sharing as well as product reviews and user feedback. When done right, this strategy can pay large dividends, but there’s a dark side. If done wrong, it can interfere with the success of your email campaigns and harm the reputation of your brand. Let’s explore these risks and how to avoid them.

Sending emails with user generated content is especially risky for two reasons. Firstly, unlike regular email marketing campaigns and transactional email, you are not in complete control over what is emailed. Secondly, your users choose who to send the content to. These two elements form a volatile mix and can attract trouble. Bad actors are always on the lookout for vulnerable systems to send spam or phish from. Don’t let them exploit yours. Don’t give them unfettered access. Limit the information they can share. Here are some guidelines:

This may seem obvious, but limit the amount of mail your users can send. This reduces the incentives for bad actors to target your platform for abusive purposes. If they can’t distribute their mail in large quantities, they’ll go elsewhere to find another service that will.
Know who is sending and uniquely identify senders. Don’t let them spoof the identity of others. For example, set the “From” address for them; don’t allow arbitrary “From” addresses, even the “Friendly From” field which is often all that is displayed by mobile clients. Tag outbound messages with the sender’s identity so that you can correlate abuse back to the source.
Listen carefully. Set up a feedback mechanism so you’re aware of unwanted user content that slips through your defences.
Know who’s naughty or nice. Establish a reputation for your users’ mail. Tie the reputation to the sender’s identity. Restrict unknown or untrustworthy senders to lower thresholds, which could be slower sending rates or longer pauses between staggered sends.
Interrupt the message flow once a sender receives too much bad feedback, downgrading their reputation.
1. Modulate the flow of outbound user generated content based on risk, reputation and feedback.
2. Set a reasonable cap on how many recipients someone can “share” with. Is their “share list” growing at a reasonable rate (organically), or did it suddenly become large?
3. Stagger larger sends. Trickle some messages out and wait for feedback to flow back in the form of bounces and complaints. If OK, trickle out some more. Rinse and repeat. (The larger the campaign, the more careful you’ll need to be).
Manage the message content
1. Don’t allow users to put URLs in their mail — this almost always leads to trouble.
2. Don’t allow attachments or user-generated images. (Remember the “image spam” fad?)
3. Put a size limit on the user generated content portion of the message.
4. Scan for spam. Before sending, pre-screen user generated content with a purpose-built web comment spam detection system.
Prevent mailbombing. Keep track of how many times your system sends user generated content or invitations to a particular recipient. Limit the amount of user generated content any single recipient can or will receive during a particular time period.
Honour unsubscribes. Include an unsubscribe link in the footer of all user generated content email. Use a list-unsubscribe header to make unsubscribing even easier and safer.
Segregate your mail streams. Don’t send riskier messages (like user generated content) via the same IPs and domain/subdomain as your essential mail (like sign-up notifications, password resets, etc.). Instead, reduce the risk of unwanted side effects by sending your user generated content via a separate IP and subdomain. If your user generated content forms are managed by a third party, set up different delivery channels for the different brands/sites/campaigns that send user generated content.
Prevent sign-up abuse.
1. Know who is signing up for your service. Screen out troublemakers by monitoring new sign ups. To do this at scale, automatically assess the riskiness of new sign ups and accounts that upgrade.
2. Your sign-up flow should have different “paths” for different levels of sign-up risk. The riskier the sign up, the more thorough your sign-up process should be. Add appropriate amounts of friction to your sign-up process when warranted. Possibilities include adding CAPTCHAs, SMS verification, telephony callback, multi-factor authentication or credit card validation to your sign-up flows.
3. Prevent snowshoeing. Don’t allow the same person, device or IP to easily sign up for many accounts. They will try to circumvent your thresholds by trickling many low-intensity streams of spam in parallel. (Trivia: This spammer strategy is called snowshoeing because it spreads the weight of their campaigns across a larger surface area.)
4. Beware of bots. Detect automated scripted (robot) sign-ups by tracking and auditing patterns in user IDs and the timing of activity during sign up. Are your registration forms being filled out faster than humanly possible? Randomly reorder the fields and flow of your signup forms, or use CAPTCHAs to thwart scripted sign-ups.
5. Spammers may leave some accounts dormant in the hope that you’ll trust older accounts more than newer accounts. If your reputation systems treat new accounts differently than established accounts, be clever in how you define “new.”

At SendGrid, we’ve found that customers who follow this checklist increase the effectiveness of their viral marketing campaigns without harming their brand or their other email programs.