The email industry is very good at fixing problems. It is considerably less good at preventing the need for a deliverability crisis response in the first place.
Watch a first-generation Roomba navigate a room, and you will see the industry’s posture made physical. The robot moves in a straight line until it hits something, backs up, turns at random, and tries again. It is not mapping the room. It is responding to whatever it bumps into. This method, called “random bounce,”1 is trial-and-error and can overlook some open space. The Roomba’s sensors attend to obstacles. Everything that does not announce itself as a problem goes unexamined.
That is a reasonable engineering trade-off … for a vacuum cleaner. For an industry that handles billions of messages a day and sits at the center of how many businesses communicate with their customers, it is a significant liability.
There’s a pattern to it. A major mailbox provider tightens its filtering. Senders who had been coasting by with a marginal reputation suddenly find themselves in the spam folder. The industry scrambles: blog posts, webinars, emergency audits, consultants with full calendars for six months. Authentication gets implemented. Complaint monitoring gets attention. List hygiene becomes a talking point. Then the acute phase passes, and the investment follows the urgency back down.
The same cycle runs on the compliance side. A regulator brings a high-profile enforcement action, and suddenly everyone wants a compliance review. Six months later, the regulator has moved on to other priorities, and so has the demand for compliance work.
This is not a criticism of individual senders. It’s incentivized behavior. A crisis is visible, but prevention is invisible until it fails. A deliverability problem that never materializes never generates a war story. Neither does the enforcement action that never came because someone read the statute carefully three years ago. Organizations fund responses to problems they can see and measure, which means the steady-state work competes for resources against everything else that is also not on fire. So it becomes easy to consider keeping authentication records up-to-date, auditing how consent is captured, and reviewing how a suppression list is put together and when it is applied as “tech debt” that goes on the pile with everything else.
The industry reinforces this dynamic rather than correcting for it. Deliverability vendors sell monitoring and remediation. Consultants get hired when something breaks. The content calendar even moves from one holiday to the next. The professional conversation is organized almost entirely around what went wrong rather than what to build to prevent it.
There is nothing wrong with being good at crisis response. The problem is treating it as a complete program. The Roomba eventually maps the whole floor, but only because the algorithm accounts for the open space the sensors would otherwise miss. The email industry has a crisis-response algorithm. The proactive monitoring — the part that attends to what is not yet a problem — mostly gets treated as optional.
Except it isn’t.
Footnotes
- Chris Woodford, How Do Roomba Robot Vacuum Cleaners Work?, Explain that Stuff (2009), http://www.explainthatstuff.com/how-roomba-works.html (last visited Sep 18, 2024). ↩︎
About the Author
Mickey is a Consultant & Attorney with over 28 years of experience in Email Deliverability & Privacy Law. He has a strong background in email authentication infrastructure (SPF, DKIM, DMARC), ISP and mailbox provider relations, anti-spam policy and compliance, CAN-SPAM and state anti-spam law gained through overseeing the Abuse & Compliance team at Salesforce Marketing Cloud, originating the ISP relations role at Informz (now part of Higher Logic), and working in the fight against spam since 1997. He holds a B.A. in Government, a B.S. in Computer Information Systems, and a J.D. from the University of Houston Law Center. He is a certified CIPP/US professional and a certified CIPM professional.
