I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 5 posts from the blog 'Postmark.'
Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!
I’ll start this post in the same way every blog post about GDPR starts: by saying, in capital letters, that I AM NOT A LAWYER. No seriously, I hope this post will be helpful to those who are trying to figure out what they need to do about GDPR. But you should definitely, absolutely, talk to a lawyer. There is simply no way you can do this yourself.
With that disclaimer out of the way… We’ve been working on getting ready for the EU General Data Protection Regulation (GDPR) for the past few months, and we’re finally at a point where I’m pretty confident in saying that Postmark is fully compliant and ready for when the law goes into effect on May 25, 2018. We had to make some interesting decisions and trade-offs along the way, especially since we’re a small company without legal counsel on staff. I wanted to share a few thoughts on what we learned along the way to becoming GDPR compliant, with the hope that it will help streamline the process for your business.
Side note: if you're a US company with no EU presence and you're wondering if you should care about this, the answer is YES. Even if you don’t care about it, your EU customers do, and it will affect whether they use your product. From a purely legal perspective, if you process EU citizen data, which will be [checks clipboard] pretty much every company, this law applies to you.
First, it’s important to note that this is not just another obscure privacy law that you can ignore. TechCrunch accurately describes the law as “Data protection + teeth”. Karen Cohen wrote a very succinct summary of what this means for you:Businesses that are not compliant may get sanctioned up to 4% of the annual worldwide turnover or fined up to € 20M (the higher of the two), per infringement. If your company processes any information of EU citizens you should start paying attention.
TLDR; When you collect data linked to a citizen of the EU, they are entitled to know what data is kept, for what purpose, and for how long. Users are entitled to access (“Right To Access”), export (“Right to Data Portability”), change, and permanently delete (“Right To Be Forgotten”) all their data from your systems (read more here). They should be able to access their data as easily as they entered it in the first place.
Changes every company will need to make to become compliant with GDPR include (but are not limited to):
- Changes to your sign-up process to ensure explicit consent is given to collect this data (no more “by clicking on this button you agree to blah blah blah” shenanigans).
- Have a process in place to respond to DSR (Data Subject Rights) requests such as exporting or deleting customer data.
- Make sure that appropriate data security is in place to prevent unauthorized access to customer data (GDPR calls this “Data protection by design and by default”), and make these security measures abundantly explicit. This includes binding commitments on what you’ll do if a data breach occurs. In most cases this will require you to have a Data Processing Addendum (DPA) in place with your customers. (Spoiler: this is going to be the most time-consuming and expensive part of the process.)
The GDPR Alliance posted a nice overview that explains exactly what the new law requires with regard to personal information:
- Requires that consent is given or there is a good reason to process or store personal information.
- Gives a person a right to know what information is held about them.
- Allows a person to request information about them is erased and that they are ‘forgotten’ — unless there is a reason not to do this — e.g. a loan account.
- Makes sure that personal information is properly protected. New systems must have protection designed into them (“Privacy by Design”). Access to data is strictly controlled and only given when required (“Privacy by Default”).
- If data is lost, stolen or is accessed without authority, the authorities must be notified and possibly the people whose data has been accessed may need to be notified also.
- Data cannot be used for anything other than the reason given at the time of collection.
- Data is securely deleted after it is no longer needed.
I want to stress this again: you will need a lawyer for this part. There is no way you can just wing these changes. The penalties for getting it wrong (or providing misinformation) are huge.Explicit consent
Second, no more of this:
- Put the "Register" button right underneath the call-out line so that it is not possible to miss (see our example below).
- Retain the following information in connection with each clickthrough so you can prove you acquired consent properly: who consented, when they consented, what they were told at the time (terms and policies they agreed to), how they consented, and whether they have withdrawn consent (and if so, when).
In short, this is the new normal for your app:
Data protection and cross-border transfers
Like many companies, we put a lot of our hope in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Certification through this framework was supposed to solve all our cross-border data transfer problems. And in theory, it does. Privacy Shield is a mechanism jointly implemented by the European Commission and the US to enable companies to lawfully transfer personal data of EU residents to the US. The problem is that Privacy Shield is subject to legal challenge, with critics claiming that it does not fully protect the fundamental rights of individuals provided under EU privacy law.
So I'll tell you this. It might be the law, but I have spoken to very few EU companies who equate the legality of Privacy Shield with the “enoughness” of Privacy Shield. To put it another way: nobody trusts this thing. So even though we are certified under Privacy Shield, we realized pretty early on that we were going to lose a lot of customers if we didn’t also put something more rigorous in place.
Enter Data Processing Addendums (DPAs) and Model Clauses. The DPA offers contractual terms that meet GDPR requirements and that reflect a company’s data privacy and security commitments to their clients. And since Privacy Shield is not considered “enough” by many companies, the EU Model Clauses add standardized contractual clauses to the DPA to ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law.
Here’s the hard truth about DPAs: they’re expensive. Right now every company is scrambling to create DPAs and be the first out of the gate to get them signed with all their customers. If you’re on the receiving end of this, you’re going to have to spend a lot of legal fees to get each DPA reviewed as it comes your way.
For a small company like ours, that is simply not possible. So we made a tough call on this one. We don’t sign other companies’ DPAs, and we don’t allow companies to make any changes to the DPA we created. We understand that we might lose a few customers because of this. But the cost of a lost customer is way less than the cost of passing every change to our lawyer and having a back-and-forth about it with the client (not to mention the cost of maintaining multiple versions of this thing). Here is how we explain this to our customers:To ensure no inconsistent or additional terms are imposed on us beyond that reflected in our standard DPA and model clauses, we cannot agree to sign customers’ DPAs. As a small team we also can’t make individual changes to our DPA since we don't have a legal team on staff. Any changes to the standard DPA would require legal counsel and a lot of back and forth discussion that would be cost prohibitive for our team.
In short: our DPA is 100% accurate in terms of our privacy and security practices (and those practices are more than adequate to satisfy GDPR requirements). We are therefore not going to make any changes to it, because we’d be promising things we don’t do (which, you know, you definitely shouldn’t do in a legally binding contract).
So here’s my advice for small companies: Spend a lot of money upfront on a good lawyer to get a really good DPA in place. And then stick with it.
We went a step further with this. On our EU Privacy page, we allow customers to sign our DPA electronically. This has been another huge time saver for us. But not just that, it shows our commitment to Privacy, Security, Customer Success, and GDPR in particular. It might be a boring page, but it’s my favorite Postmark “feature” in a long time.Data Subject Rights
Data Subject Rights (DSR) is a big topic in GDPR, but for most SaaS apps it will be related to two main things: the right to be forgotten (delete) and the right of data portability (export). For delete requests, all personal data must be deleted within thirty days of receipt of the request. For export requests, customers require all personal information that is held for more that forty-eight hours to be easily accessible upon request.
Since our customers typically have customers of their own, some of our customers have asked us for a new API endpoint to service delete and export requests so that they can easily fulfill DSR requests with multiple vendors. This is obviously a big investment, and for the moment we have opted not to do that. The truth is we simply don’t know how many of these request we will receive.
GDPR law states that DSR requests have to be fulfilled within 30 days of the request being received. So we are, instead, committing to our customers that we will respond to their DSR requests within 7 days of receiving the request. That should give our customers plenty of time to respond to their customers if/when they receive such requests.
Whatever way you choose to go, this is another important aspect to thing through for GDPR.We’re in this together
The other day I tweeted that this appears to be every company trying to get ready for GDPR right now:
It’s true that we’re all stumbling around a little bit. But it’s also great to see so many companies take this law seriously — as they should. My sincere hope is that this post contributes a little bit to the discussion, and helps some of you figure out what you need to do to prepare for this law to go into effect.
Last week Chris wrote a blog post about The Little Survey That Could. We asked our customers one simple question: “What annoys you about Postmark?” The results have been… well, I’m just going to let Chris tell you about it:The response has been incredible. This was a one-question survey. It didn't ask about onboarding, or target a certain group of users. Instead, we asked a single leading question knowing that we must have those little annoying parts that wear people out every time they use our product.
The responses that came back brought a huge smile to our faces. It wasn’t the quantity of responses, it was the granularity of the responses. While some of the things are known, we uncovered a list of small but valuable changes we can make to improve the daily experience for customers. And while they seem like little annoyances, they are actually giant inconveniences. Things like organizing the servers page, or searching sender domains. Solving each one can have just as much impact as the next big thing, and we plan to do just that.
Overall 81 people responded, and we want to let you know what the biggest annoyances were (and what we plan to do about them). There were a few one-off things as well, but in this post I’ll focus on the things that came up more than once (don’t worry, we’re working on some of those one-off things as well!). So here they are, in order of frequency… the things that annoy you most about Postmark.Sender Signature search
We always knew the ability to search the sender signatures page was an important feature, but I don’t think we realized how annoying it is to our customers — especially if you send from a bunch of addresses. This was by far the most frequently mentioned annoyance. Luckily we were right in the middle of working on this feature when the survey went out. So this one is easy: sender signature search is now available! You can read the announcement blog post here.Server page design and organization
This one wasn’t really on our radar until we sent out the survey. Quite a few people mentioned that the main Servers page needs some work.
You asked for a few things in particular: the ability to sort servers, drag and drop them into a manual order, switching to a more compact view, and showing a bit more information (such as spam complaint percentage). Those are all good ideas, so we’re already exploring some ways to improve it.Spam complaint reactivation
A few of you mentioned that it’s really annoying to have to email us to reactive an address that one of your customers mistakenly marked as spam. This is a tricky one… we can’t allow you to reactive any address that gets marked as spam, because that would defeat the purpose. In the vast majority of cases, if one of your customers marks a message as spam, it really does mean that they don’t want to hear from you. In those cases it’s important to make sure your customers expect your emails, and that the content is relevant to them.
That said, we’ve been discussing this and there are some things we could do to improve the spam address reactivation process for you. We have ideas but no definitive plans yet — we’ll keep you posted.Improvements to the Activity page
Towards the end of last year we released a brand new Activity page. Overall the response has been extremely positive, but we knew we weren’t done yet — there are still things we want to improve about it. And the survey confirmed that for us, as quite a few of you brought up improvements you’d like to see. This includes things like remembering your last filter, adding additional filters, and searching by content. The good news is that we have plans and solutions for most of these issues (and more).Customize Sender Signature email
For those of you who send email on behalf of your customers, we often get requests to allow you to customize the “confirm sender signature” emails that go out to those customers. You’d like to include some branding or a personal message so that your customers aren’t confused when they get an automated email from Postmark instead of from you. This came out quite a few times in the survey, and it’s another feature that is already on our roadmap.Mobile app
This is another one that made us smile… A few of you asked for a mobile app so that you can manage email issues on the go. Well, you’re in luck! We started our year with a 2-week “Hack Week” stretch, and Matt decided to build an iOS app as his hack week project. It’s currently in beta testing, and if you’d like to help us test it, you can sign up here.
In closing I want to mention again that this was a really invigorating and enlightening experience for us. It went from idea to execution in one hour, and the usefulness of the feedback we received way overshadowed the time it took to make it happen. So on a side note, we’d love for other companies to try this too, and let us know how it goes for you. Maybe we can start a trend. 🙂
If you have any other feedback or annoyances you’d like to share, please get in touch with us at firstname.lastname@example.org.
This one has been a long time coming… Today we’re happy to announce that you can now — yes, finally — perform searches on the sender signatures page. No more going all the way to page 594 (yes, some accounts really have that many sender signatures!) to find that one elusive one you’re looking for.
Sender signature search works on all fields: you can search by the “From” email address, the “From” name, or the “ReplyTo” address. The search results will bring up all domains that match any of those results.
This is one of our most requested features. So accounts with a lot of sender signatures, we rejoice with you, because this is a small feature that’s going to make a big difference for you, and we like that very very much.
As always, please let us know if you have any feedback about this (or any other!) feature.
Even though you can currently use Zapier to get notifications for a variety of Postmark events, we’re currently working on expanding your options for getting notified of bounces and ways to handle them. So one of the (many!) projects we worked on during our hack weeks at the beginning of the year is an official Postmark Slack App, and we’re happy to announce that it’s now live and ready to use. This is just the beginning, and we have some big plans for expanding it. For now, here is what you can do with the app.Bounce notifications
Send Bounce notification messages from Postmark to a Slack channel of your choice. Each notification also provides a direct link to the Message Details page so that you can investigate further. Like so:/postmark command
We'll continue to add more functionality to the /postmark slash command, but for now here's what you can do:
- /postmark status --> Provides the current status of Postmark's services, with basic incident details and a link to view the full incident page
- /postmark docs --> Post a URL to the API documentation for easy access
Here's an example of what a status message looks like:Installation
Installation is really simple:Step 1
Click the "Add to Slack" button below, and select a channel you would like to post Bounce notifications to. Don't worry, the /postmark command will work in any channel.
Once you authenticate successfully, you will receive a message in Slack with your unique bounce webhook URL. You'll only get this message once, so please save the URL immediately.
To see bounce notifications in your chosen channel you need to add that URL to the Bounce Webhook field in your Postmark account (Settings / Outbound):Step 3
Enjoy! Please let us know if you run into issues, and if there are other things you'd like the Postmark Slack App to do.Notes, limitations, next steps…
Here are a couple of things to keep in mind as you use the app:
- You can currently only specify one bounce webhook URL per Postmark server. We know that means that you may not be able to add the Slack App's URL since you may already have a different webhook URL in use. We'll be working on a solution for this limitation.
- To stop receiving bounce notifications, remove the URL from your Postmark account.
We have quite a few plans for expanding the app (such as showing recent stats, showing recent activity for a specific email address), but we really want to know what you think as well. What do you think we should add? What would you like the app to do? Let us know at email@example.com.
In the last two months we’ve had two big maintenance windows. During this time we had to queue messages and bring most services down. This caused significant delays (up to 30 minutes) for the important, time sensitive emails that you need to get to customers. Even though it was a planned maintenance, our goal is to perform zero downtime maintenance windows. I’d like to give some background on what happened and what we need to do next.
The majority of Postmark’s infrastructure resides in a data center where we purchase and manage the hardware. This has allowed us to have full control over the growth and performance of the product over time. We’ve had the opportunity to be very specific in our needs, whether it is NVMe drives for mail servers or MySQL performance, or 10GbE networking across our cabinets.
This year, we realized we’d need to upgrade the physical firewalls in our cabinets to keep up with the demand as Postmark grows. We invested in new cabinets, a brand new Juniper networking stack, much more powerful firewalls, and more hardware to sustain the growth. Overall it’s been fantastic. We’ve nearly doubled our growth and maintained our internal expectations for time to inbox and performance.
The last effort is to migrate over to our new firewalls. While in many cases this might be simple, we have many years of history on the current firewalls and needed to be careful. We knew this would be complicated and we knew it would require at least a short outage. Working together with our provider, Server Central, we planned the cut over for November 13th. It didn’t go well. After the cut over we realized some of the routes were not working, so we reverted. Fortunately we used our edge data centers to capture messages and queue them to avoid any lost data.
After a lot of testing, and breaking out the migrations into smaller pieces, we gave the final cut over another shot on December 27th. It went really well, except for one important subnet, which caused us to revert again. During this time we saved and queued messages again for about 30 minutes, but as I said earlier, these delays are not up to our standards.One more time
This has been a frustrating project internally. Not only from the issues it causes you, our customers, but the time it has taken from our team. This firewall cut over will offer huge room for growth and sets us up for a larger global data center expansion beyond our current edge networks. It will also allow future work that will avoid this kind of maintenance altogether. We are at the point where we need to finalize it, and we think we have the last pieces to make it work.
We’d like to give it one more shot on January 4th (10pm ET) week. Our hope is to have the outage down to 15 minutes or so. We will still queue messages, but the API and web UI will be down.
I’m writing this to give you some background and let you know this is not an acceptable scenario for us either. It’s important for the growth of the product and for making sure we give you the most stable service imaginable. In other words, I’m asking for you to put up with this one more time so we can put it in the past. We already have projects in the works for expanding Postmark’s global footprint and conducting zero downtime maintenance windows. It’s what you should expect from an infrastructure service.
Thanks again for your patience through all of this.