We have a client that has an email marketing list of about 50k contacts that have at some point opted in to their mailing list. They haven't used the list for a while and on their last campaign got a lot of spam complaints - drawing the wrath of their email campaign provider.
We've been tasked with coming up with a way to help them clean up their list. The plan is to mail each of their customers and ask them to click on a link to confirm their subscription. If they don't click on the link within seven days, we'll remove them from the list. Of course, we'll scrub through the list first to remove addresses that are bad without attempting to email the user (DNS checks, valid email address form, etc). We'll also track which emails bounce and remove them as well. This will be done on a temporary server from one of their lesser used domains.
My question is, how can we send out email to 50k recipients without getting the server blacklisted? The things I have in mind are making sure the domain has DNS setup properly, that the server can be resolved through reverse DNS, has a SPF record, Domain Keys, and valid abuse and postmaster addresses. What else can or should we do?
Basically, you can't guarantee it at all. Blacklisting is at the whim of capricious and unaccountable self-appointed blacklist operators - if automated services decide it's spam, or recipients report it as spam, then you can end up on blacklists (whether or not it actually is spam, and whether or not you've sent similar to them before without problems).
The thing to do if that happens is to check on services which test many blacklists and see if you are on them, e.g.
http://www.anti-abuse.org/multi-rbl-check/
http://www.mxtoolbox.com/blacklists.aspx
Then follow the blacklist "how to remove yourself" instructions, if they have them.
You have considered the main things with valid SPF and so on - one other thing you could do is add a contact entry for yourself to http://abuse.net/ - oh and in your preliminary cleaning up checks, as well as making sure the domain exists in the DNS check, also test if it has MX records set and if they are contactable.
I don't really agree with bulk marketing email, but I also don't fully agree with IP blacklisting as currently practised either. It's not a great system for anyone, so just do what you can to make sure the list is clean and honest, and you follow up abuse reports politely, and if one of their lesser uses IPs ends up stuck on some blacklists for a while, well... it's not the end of the world.
it would be best to batch these into much smaller numbers and send out shots over a 24 hour period. use multiple mail-servers on different domain blocks if need be. all the actions you mentioned should be taken too as they will enable you to be tracked and thus less suspicious.
"some point" - how long ago was the opt in? start with the latest year and check those for continued opt-in first, then each year back.
be aware though: if lots of folks on that list already complained about SPAM, sending them more - even to check if they still want to be on the list is very bad form indeed.
Mailing from your own server is not really worth it for a one-off like this.
I have done this before with iContact (I am not recommending them - I just know they have a feature you can use for this)
Basically you do a CSV import and there is a process you can run to reconfirm all the opt-ins. IMHO this is the easiest way, despite the cost, because they handle all the SPF, opt-ins, etc..
Leave it for a couple of weeks to get all the opt-ins and then do a CSV export out.
I am not sure, but maybe the other services such as Aweber, Mailchimp, etc have the same thing..