Mailchimp fraudulently charged my credit card for spambot activity… Really!

via GIPHY

Wait seriously, you ask? Isn’t Mailchimp in the business of identifying, and protecting us from spam? Uh, yes indeed they are.

Join 35,000 others and follow Sean Hull on twitter @hullsean.

I’m still in disbelief myself. And while I got the problem cleared up in the end, I really have to share the story.

1. The precipitating event – a charge to my credit card

I love when I pay for a service, and their method of communicating with me is to charge my credit card. Of course I pay attention to when someone is taking my money, and I perk up.

At first I thought they were raising the prices again. They’ve done that recently, so I thought it was odd.

But sure enough I got an email with the following message:

Your account has been adjusted to another billing tier. Old plan $22.49, new plan $31.49.

Wait huh? I add about 2-3 new subscribers per day. How could this be?

Read: What I learned from 10 years of blogging

2. After digging I found spam emails

After looking at my list, I found that I had added 600 new subscribers last week in three days. How is that even possible? I wasn’t mentioned on BBC. That must be spam, I thought.

So I emailed support. They sent me all sorts of links, but didn’t seem to understand the issue. So I emailed back again and they said they were working on it.

Related: 6 Devops interview questions

3. Mailchimp communication – a warning

This *warning* is problematic. For one thing is it buried through various menus and pages. Only because I was looking for spam did I find it.

Plus Mailchimp doesn’t take responsibility.

In fact they kind of imply that I’m a bad actor here. Seriously? Is that how you communicate with your customers?


Warning

We noticed a 0.55% abuse rate on your campaign “Welcome Message”. This is above industry standards, so we strongly recommend you review your collection process, audience management, and sending frequency.

Internet service providers set strict limits on unsubscribe rates, undeliverable mail, and abuse complaints. Mailchimp is required to observe these limits. If your emails continue to generate high rates of unsubscribes, bounces, or abuse complaints, we may need to review or restrict your account. Please take the opportunity to address this now.

Read: High availability what is it and why is it important?

4. Can’t get someone on the phone

I did some google searching because I could not find the phone number. Turns out you *CANNOT* call Mailchimp. A lot of these services internet companies are going this route. Sure it saves them lots of money, but the customer service goes straight to the trash.

So I begrudgingly jump on a chat session. It took

Read: Service Monitoring – what is it and why is it important?

5. The chat transcript in full

Sean Hull
I've been hacked.

THEN MAILCHIMP CHARGED ME!

This is strange.

Does mailchimp protect me?

Mailchimp Support
We apologize for keeping you waiting and appreciate your patience. Our operators are busy at the moment. One of our agents will be with you as soon as possible.
Sean Hull
Thank you ... waiting patiently.
Mailchimp Support
We didn't forget about you. We apologize for keeping you waiting and appreciate your patience. Our agents are busy at the moment. One of our agents will be with you as soon as possible.
Sean Hull
thank you robot person...
how is the progress?
7 more! :)
4 more!
we are almost there!
Neo joined the chat
Sean Hull
hi neo
Neo
Hey there Sean, thanks for reaching out to Mailchimp support. Give me just a moment while I pull up your account.
Sean Hull
ok thank you
Neo
Alright Sean, what is the exact issue you are facing within your account?
Sean Hull
mailchimp charged me for fake subscribers.
if you look at my email list, you'll see it typically grows by 2 or 3 maximum per day
recently a hacker dumped 200+ per day into my list.
Mailchimp didn't monitor things, and then CHARGED ME to my credit card.
Does mailchimp protect me?
hi Neo, are you still there?
Neo
I'm still with you Sean. One of the main ways that Mailchimp prevents spam signups is through the use of ReCAPTCHA. This is a setting you can add to your embedded form from the "Audience name and defaults" page, which you can read more about here: https://mailchimp.com/help/about-fake-signups/#How_we_prevent_it
Sean Hull
ok. that is helpful. for the time being i enabled double opt-in.
but I also see that mailchimp has a WARNING.
about recent activity on my account, and possibly shutting it down. do you see that?
Neo
Are you referring to the "Account issue" that is referenced in the bar at the top of the screen?
Sean Hull
Warning

We noticed a 0.55% abuse rate on your campaign "Welcome Message". This is above industry standards, so we strongly recommend you review your collection process, audience management, and sending frequency.

Internet service providers set strict limits on unsubscribe rates, undeliverable mail, and abuse complaints. Mailchimp is required to observe these limits. If your emails continue to generate high rates of unsubscribes, bounces, or abuse complaints, we may need to review or restrict your account. Please take the opportunity to address this now.
This is what it says...
so to explain more...
first off this is fraudulent activity.
so I'm concerned that mailchimp would just charge my account, without warning of some problem.
and further, it seems that mailchimp *monitors* to INCREASE BILLING and monitors to DISABLE YOUR ACCOUNT, but they don't monitor to protect their customers.
Is that correct? Because if there is some type of monitoring I can enable, that would certainly be very helpful.
Also is it possible to DISABLE AUTO PAYMENT on my credit card?
Neo
For the sake of clarity, let's tackle your questions one at a time. I'm getting some more information for you at the moment and will follow up with you shortly. Thank you for your patience.
Sean Hull
thank you Neo.
you're awesome !
do i need *both* double-opt-in and RECAPTCHA? or is RECAPTCHA enough?
Neo
It certainly couldn't hurt to use both. Using double op-t in will help ensure higher engagement rates overall and less likely to present warnings such as what you've seen. Here is some more information on double opt-in: About Double Opt-In: https://eepurl.com/dyij4v
Sean Hull
i mean the warning is a mistake from mailchimp isn't it?
because these automated systems just sent that because of the hacking.
i feel mailchimp should be protecting me, so I'm confused by that.
I am a paying subscriber of the service. and the price has gone up in recent months. so i think we can agree there should be protection from spambots.
is it possible to disable AUTOPAY on my credit card? BC i don't want to get further fraudulent charges from mailchimp, because of a spam problem.
does that make sense?

Neo
The method of protecting your account would be through tools provided to avoid spam signups, which would be double opt-in and ReCAPTCHA. Additionally, our teams, such as Compliance and Billing, would be happy to look into your account with you to help resolve any issues you may be experiencing.

I would also like to let you know that I understand the situation you are facing is frustrating, so I will be submitting feedback on your behalf internally.
Sean Hull
anyway, could you scan my account for further spam signups? I think around july 19th there was a bump in signups of 80 people. I tried the segment method but couldn't find which day they were from.
Neo
Sure thing, allow me a moment to take a look.
Sean Hull
thank you Neo, i do appreciate that.
i mean at the end of the day I'm not an email spam expert, so that's why I pay for a service like mailchimp. to avoid problems and run a really clean list.
so for example that RECAPTCHA thing should be ON BY DEFAULT. probably that would have avoided all this to begin with.
also mailchimp should SCAN FOR SPAM FIRST. not charge customers first, then realize there is spam and charge back. Because that is a fraudulent charge. which i find super frustrating. I do realize these are all automated systems. But mailchimp should be more sophisticated to protect good customers like me.
Neo
I can certainly see how that is frustrating and would be useful to users such as yourself, so I would highly recommend leaving feedback on the matter via the "Feedback" tab at the right side of your screen.
Additionally, I’ll certainly be routing your concerns and feedback to our internal teams.
Sean Hull
Is that part of "chat comments"?
i left a good review of your help :)
okay thx again Neo.
I'll see if I can find that feedback tab
have a nice night :)

Neo
You can find it within your Mailchimp account on any page on the right side of the screen. Please don't hesitate to reach back out if you have any further issues, and have a great rest of your night.
Sean Hull
thx
laters

The remedy as you can see above was the enable recaptcha and also double-opt-in. That was fairly easy once I knew where to look.

From there I created a "segment" which is a collection of emails. And I selected the date range for the three days where I got spambot hit. And then clicked UNSUBSCRIBE for all those.

Why didn't Mailchimp do this for me? Read more to find out why I think they don't automatically fix this.

Read: How do I migrate my skills to the cloud

6. What Mailchimp did wrong

o They monitored the account to increase a SALE.
o They monitored my account to warn me about shutdown.
o They did not warn me about RECAPTCHA.
o They did not alert me when I got aberrant signups. When you see a 100x increase in signups, it doesn't take a rocket scientist to see that's a hacker of some kind.

o Then Mailchimp fraudulently charged my account!

Read: How to hire a developer that doesn't suck?

7. The sinister side

This charge could be innocent. A left over part of an automation system that hasn't evolved with the spambots. But I wonder.

From the help forums, they are clearly AWARE of the problem.

And the company *could* go and FORCE enable RECAPTHA for all lists. They could then email customers about the change, and for those who this poses and problem, the user could then go and manually DISABLE it.

They haven't done that. And certainly RECAPTCHA was not enabled by default.

Please don't call me paranoid when I say that there is a *huge* revenue stream to be had for users who fail to notice, this, get charged, and don't even know their own negligence. Think of all that revenue. My list has under 1500 subscribers, but others have 5000 or 10,000. Imagine how easily a *higher billing tier* could get overlooked.

Yes folks, it's dark.

And I'm not happy with Mailchimp now.

I'm happy to pay for a service, when it is done well. But I'm not a fan of these dirty tricks.

Read: 5 things toxic to Scalability

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don't work with recruiters

Lost and forgotten nuggets of ideas and advice

via GIPHY

I’ve been blogging for so long, sometimes, I forget about all the old material I’ve written.

Join 35,000 others and follow Sean Hull on twitter @hullsean.

And I was just recently digging through some of the old titles, and thought it would be fun to repost some good ones.

1. What is it, and why is it important?

Infrastructure provisioning, what is it and why is it important?

Root cause analysis – what is it and why is it important?

Zero downtime – what is it and why is it important?

Stress testing – what is it and why is it important?

Data spot checks – what is it and why is it important?

Service monitoring – what is it and why is it important?

Decoupling – what is it and why is it important?

Read: What did Matt Ranney discover scaling Uber to 1000 microservices?

2. Thought provoking

Is AWS too complex for small dev teams?

The myth of five nines – Why high availability is overrated

Why are generalists better at scaling the web?

How to hire a developer that doesn’t suck?

What 5 things are toxic to scalability?

Is there a 4 letter word dividing dev and ops?

Related: Can humility help you in your career?

3. Consulting

Can progress reports help engagements succeed?

How do you handle the onboarding of a new engagement?

Why I ask clients for a deposit

How to avoid legal problems in consulting?

How best to do discovery in cloud devops engagements

When you’re hired to solve a people problem

When you have to take the fall

When clients don’t pay

Read: What happened when I offered advice outside my pay grade?

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don’t work with recruiters

What hidden things does a deposit reveal?

via GIPHY

I like this idea of how integration tests in software development show you that everything is working and connected together properly.

Join 38,000 others and follow Sean Hull on twitter @hullsean.

I think it’s interesting to consider how a deposit may serve a similar function across the financial space & contractual space.

1. Alignment across business units

In really small organizations, everyone is in tight communication. Finance knows what engineering is doing. In medium to large organizations, there can be a disconnect. Engineering may be 100% ready to start today, but finance is not ready. In some cases finance may not even know a consultant is being hired. Each case is different.

Some CTOs get this right away, and are already ahead of the request. While others might ask, “Well we’re ready to get going today, do you really need the deposit first? Because that might take some time.”

My thinking is, yes the engineering department is ready, but the organization is *not* completely ready. And it’s better that there be alignment across the organization. Ironing out that alignment, helps avoid other problems later on.

Related: When you have to take the fall

2. Organization or disorganization

Sometimes there is complete alignment, the contract is already ready, and the whole org really is ready to go. In other cases there can be some disfunction. For instance the lawyers have a lot of hoops that want us to jump through, in terms of a contract.

In other cases finance may only cut checks on a certain day of the month, or only pay 30 days after receiving an invoice. There are a lot of different policies. By insisting that we receive a deposit, however small, we iron out these things early.

If the engineering manager or CTO hiring you promises one thing, but finance has a policy against that, you’ll want to know early to avoid misunderstandings.

Related: Why generalists are better at scaling the web

3. Trust

The amount of a deposit is really irrelevant. It’s all about getting ducks in a row. Both in terms of what may be required of you the vendor, and what the company’s policies may be when onboarding consultants.

By ironing out these issues early, the customer is showing some faith in you as a vendor. They want you in particular, and will do what they need to, to make it work.

Related: Is AGILE right for fixing performance issues?

4. We want you to rush, but we don’t

I’ve encountered many cases where engineering was “ready” but finance was not. It’s tough. From the perspective of the CTO it may be a moot point to get stuck on.

My thought is to hold the frame of two organizations working together. When the organization has alignment that hiring this engineering resource is a priority, it will get things done that it needs to.

Related: How to hire a developer that doesn’t suck

5. Stress tests or organizational integration tests

In software testing, we have something called an integration test. It might be confirming that a login works, or a certain page can load. Behind the scenes that test requires the database to be running, the queuing system to work, an API call to return successfully, and so on. A lot of moving parts all have to be working for that test to succeed.

In a very real way, a deposit is the financial equivalent of an integration test. It confirms that we’re all aligned in the ways we need to, and are ready to get started.

Related: How do I migrate my skills to the cloud?

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don’t work with recruiters

What have I learned in 10 years of blogging?

via GIPHY

I was just reading Andrew Chen’s latest posting, where he distills many of the things he’s learned from blogging over a decade.

Join 38,000 others and follow Sean Hull on twitter @hullsean.

This reminded me that I’ve been blogging that long as well. And to be sure it has brought great benefits. In the way that public speaking gives you visibility, but also forces you to communicate better, form your voice, and so on.

All the great things you gain by talking to other people, and getting into the conversation.

1. Understand your audience

I struggled with this when I first started blogging. As any engineer might approach things, I thought I should publish technical material. What better way to show what I know. And further how I can help a customer.

What I didn’t realize is that all of your readers aren’t technical. So it goes a long way if you can appeal to a broader audience.

I found that my readers fell into a few big categories.

1. Fellow engineers & peers
2. Hiring managers & startup CTOs
3. Recruiters & other publishers

This really helped me divide up the types of content I would write, some directed towards each of the different audiences.

Related: Why does Reddit CTO Martin Weiner advocate boring tech?

2. Tell your story

I’ve written often about why I wrote the book on Oracle. In it I outlined a long arc of datacenter evolution which started with the maturity of Linux, and today provides the bedrock of the cloud that is Amazon Web Services among others.

What this also allowed me to do is tell my own history.

Related: 5 reasons devops should blog

3. Form your voice

Forming your voice is different than speaking to specific audiences. It’s about having opinions & getting into the line of fire. Being passionate about a subject, you’re sure to care & sit on one side or the other of a particular argument.

For example I argued the Android ecosystem was broken. Although Google has fixed some of these problems, many remain as a symptom of the platform itself.

I also argued with Fred Wilson’s estimation of Apple being overvalued. At the time in May 2014 the price was at $85. Now it sits comfortably at $177.

Related: How to hire a developer that doesn’t suck

4. Put yourself out there

Putting yourself out there isn’t easy. You’ll be open to criticism. And sometimes you’ll be wrong. But by challenging yourself in this way you’ll grow too. And prospects will notice this. More than engineering might, and power at the keyboard, your perspective of what’s happening in computing generally, and what is on the horizon is invaluable to customers.

Related: 30 questions to ask a serverless fanboy

5. Learn & Share

Writing howtos is a great challenge too. By forcing yourself to teach something, you in turn learn the material better. You become better at executing, and formulating solutions.

As you share knowledge, you’ll also learn from others. As the disqus.com comments on my site can attest. Sure you get much of this same value from having an active account on Reddit.com, but your own real estate carries even more weight for your personal brand.

Related: Why you should always be publishing

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don’t work with recruiters

5 data points I track for reputation & career building

When I tell people I’ve been independent for two decades, they often look at me surprised. How do you do that? How do you keep business coming in?

recent linkedin views

Join 32,000 others and follow Sean Hull on twitter @hullsean.

As a freelancer you surely have to be on top of changing trends, and where the wind is blowing. But whether you’re a CEO or CTO of a larger firm, or a developer, HR or marketing director, you can also benefit by actively tracking yourself. Career building never ends…

1. Real Leads

This is probably the hardest metric to track, but the most important. A lead is anyone who may potentially hire my services. These can come from Linkedin, newsletter subscribers, or via a Google search. I track how they reached me, and how warm the lead is.

I do also track when recruiters reach out, as I think this can serve as a useful barometer as well. Also as my blog has grown, I get a lot of SEO bloggers, fishing for sites they can post backlinks on. Although I rarely entertain them, it is a useful reflection of how popular your site is getting.

Also: Are we fast approaching cloud-mageddon?

2. Newsletter signups

I think of the newsletter as an extension of my blog. I invite everyone I’ve ever touched in business. This includes coworkers, to colleagues at meetups & conferences. I invite recruiters & headhunters as well, because name recognition & reputation building is also important.

The newsletter is a way to show up in the inbox of everybody you’ve ever worked with. Month after month, year in and year out, you’re plodding away & doing your thing. It’s a reminder that you’re out there, and colleagues, CEOs & CTOs refer me all the time. It’s been very valuable over ten years.

newsletter signups

I also track email opens & email clicks. Those range around 25% and 10% respectively. I know when I’ve hit a topic that resonates & try to have that inform future content direction.

Related: The Myth of Five Nines

3. Linkedin Views

Linkedin is super valuable too. They provide a nice graph of how many times your profile was viewed weekly through to the last 90 days. This is super useful to find out if your resume & profile is keyword rich.

I like to actively tweak my profile, for the latest trending terminology. For example in the 90’s Unix Administrator or Systems Administrator was common, but nowadays everyone likes to say SRE. What’s that? Site Reliability Engineer. Yes it’s a buzzword, and as it turns out people use trending terms & buzzwords to search for people with your skills.

So get on it, and edit those terms!

Read: Is Amazon too big to fail?

4. Website Visitors

In a services business you don’t usually sell widgets on your website. However, I like to think of a web presense as my business card. So in that light, more visitors means more renown. That projects your personal brand, and builds it long term.

website visitors

Also: When hosting data on Amazon turns bloodsport

5. Klout Score

Klout score is a rough measure of how active you are across social media. Twitter is a big one, but it also finds you on Linkedin & other platforms as well. Although the score is far from perfect, it does give you a sense of reputation & noteriety, which do ultimately translate to business.

Also: 5 Things Toxic To Scalability

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don’t work with recruiters

Why I like Etsy’s site performance report

etsy code as craft

Etsy publishes a great tech blog titled Code As Craft.

Join 28,000 others and follow Sean Hull on twitter @hullsean.

I was recently sifting through some of their newer posts & stumbled upon their Q2 2015 Site Performance Report. It’s really in-depth, though not impossibly technical. Here’s what I liked.

1. Transparency to business & public

Show real performance to customers

The first thing I thought while reading, is the strong show of transparency. The blog is public, so it’s not just an internally facing document that shares with the company, but sharing with the wider world. True, presented as a technical post it may only appeal to a segment of readers, but it’s great none the less.

Show real performance to non-technical business units

I think this kind of analysis & summary also provides transparency to the business itself. Product teams, business operations & sales teams can all view what’s happening. Where are there problems? What is being done to address them?

Also: When hosting data on Amazon turns bloodsport

2. Highlighting change

Added pagination to the cart

One thing that popped out, was the discussion of pagination changes, that impacted page load times in the shopping cart. Page load times in the shopping cart are particularly crucial, because that’s where customers can “abandon” an order out of frustration.

Illustrating performance impact to product decisions

When product is evaluating that new feature, and they can see how changes affect performance, it better *sells* what all those engineering resources are being used for.

Related: 5 reasons to move data to amazon redshift

3. Where we don’t have data

We can’t analyze what data we haven’t captured

The report highlights that data around the shopping cart is new. That’s great because it highlights what the value collecting data offers, by providing new insights that were not available previously. This also pushes for more metrics collection & analysis as the business begins to see the value of all of this gymnastics.

Read: Is Amazon too big to fail?

4. Product tradeoffs

The discussion around the shopping cart performance also illustrates how the business makes product decisions. The engineering team can only build & write so much code. Deciding to spend time on pagination, means time not spent on some other new feature. Which is more valuable? Selling new feature A in one corner of the product, that customers may spend real money on? Or speeding up page load times on page B?

Also: Is Apple betting against big data?

5. Cleaner data

At a Look & Tell event, I heard Lincoln Ritter talk about Data as a product to the business.

When you expose a performance report like this to the business, an iterative process begins to happen. The company gains insight from the report, makes better decisions, and thus can spend more energy time & resources on clean data. Cleaner data in term means better reports, which produce better decisions & so on.

Also: What is venue analytics & why is it important?

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don’t work with recruiters

How 1and1 failed me

1and1 fail

I manage this blog myself. Not just the content, but also the technology it runs on. The systems & servers are from a hosting company called 1and1.com. And recently I had some serious problems.

Join 31,000 others and follow Sean Hull on twitter @hullsean.

The publishing platform wordpress, as a few versions out of date. Because of that some vulnerabilities surfaced.

1. Malware from Odessa

While my eyes were on content, some russian hackers managed to scan my server & due to the older version of wordpress, found a way to install some malware onto the box. This would be invisible to most users, but was nevertheless dangerous. As a domain name with a fifteen year life, it has some credibility among the algorithms & search engines. There’s some trust there.

Google identified the malware, and emailed me about it. That was the first I was alerted in mid-August. That was a few days before I left for vacation, but given the severity of it, I jumped on the problem right away.

Also: Why I say Always be publishing

2. Heading off a lockout

I ordered up a new server from 1and1.com to rebuild. I then set to work moving over content, and completely reinstalled the latest version of wordpress.

Since it was within the old theme that the malware files had been hidden, I eliminated that whole directory & all files, and configured the blog with the newest wordpress theme.

Around that time I got some communication from 1and1. As it turns out they had been notified by google as well. Makes sense.

Given the shortage of time, and my imminent vacation, I quickly called 1and1. As always their support team was there & easy to reach. This felt reassuring. I explained the issue, how it occurred and all the details of how the server & publishing system had been rebuillt from the ground up.

This was August 24th timeframe. As I had received emails about a potential lockout, I was reassured by the support specialist that the problem had been resolved to their satisfaction.

Read: Do managers underestimate operational cost?

3. Vacation implosion

I happily left for vacation knowing that all my hard work had been well spent.

Meantime around August 25th, 1and1.com sent me further emails asking me for “additional details”. Apparently the “I’m going on vacation” note had not made it to their security division. Another day goes by and since they received no email from me the server was locked!

Being locked, means it is completely unreachable. Totally offline. No bueno! That’s certainly frustrating, but websites do go down. What happened next was worse.

Since I use Mailchimp to host my newsletter, I write that well in advance each month. Just like clockwork the emails go out to my 1100 subscribers on September 1st. Many of those are opened & hundreds click on the link. And there they are faced with a blank screen & browser. Nothing. Zilch! Offline!

Also: Why I use Airbnb chat even when texting is easier

4. The aftermath

As I return to connectivity, I begin sifting through my emails. I receive quite a few from friends in colleagues explaining that they couldn’t view my newsletter. I immediately remember my conversation with 1and1, their assurances that the server won’t be locked out, and that all is well. I’m thinking “I bet that server got locked out anyway”. Damn it, I’m angry.

Taking a deep breath, I call up 1and1 and get on the line with a support tech. Being careful not to show my frustration, I explain the situation again. I also explain how my server was down for two weeks and how it was offline during a key moment when my newsletter goes out.

The tech is able to reach out to the security department & explain things again. Without any additional changes to my server or technical configuration they are then able to unlock the server. Sad proof of a beurocratic mixup if there ever was one.

Also: Is Amazon too big to fail?

5. Reflections on complexity

For me this example illustrates the complexity in modern systems. As the internet gets more & more complex, some argue that we are building a sort of house of cards. So many moving parts, so many vendors, so many layers of software & so many pieces to patch & update.

As things get more complex, their are more cracks for the hackers to exploit. And patching those up becomes ever more daunting.

Related: Are we fast approaching cloud-mageddon?

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don’t work with recruiters

Always be publishing

giraffe zebras

Join 28,000 others and follow Sean Hull on twitter @hullsean.

As an advisor to New York area startups & an long time entrepreneur, I’ve found writing & publishing to be extremely valuable use of time.

I follow the motto “Always be publishing” here’s why.

1. Form your voice

According to Fred Wilson, blogging has been one of the seminal decisions contributing to his success.


“It’s like Venus Fly Paper. When I write about topics that are relevant, suddenly anybody with a startup solution in that field will approach us. This works brilliantly.”

Also: 5 Things I learned from Fred Wilson & Mark Suster

2. Get in the conversation

The world online moves quickly and it can move in surprising directions. Hype, hysteria & buzz can direct the conversation as much as facts.

Getting into the conversation allows you to weigh in. This builds your credibility. As it puts you in the line of fire, you stand up & get heard.

Related: Is blogging crucial to career building?

3. Be in the line of fire

In sales there’s a saying, “always be closing”. It means always be in front of your customers, always be on point, always be getting deals done. That’s embodying your role as a salesman.

For builders, consultants, advisors, speakers & entrepreneurs, writing puts you directly in the line of fire. You express your opinions online loud & clear. Sometimes you will find critics picking apart your ideas. Sometimes they may correct you.

This process will help you hone your ideas. Strengthen some & modify & adjust others. All of it is good.

Read: Is building traffic & pagerank possible through active blogging?

4. Share your knowledge

As an advisor, entrepeneur or professional services consultant you sell your knowledge & expertise. Why not share a bit of that with the world at large.

This is one part good samaritan, and one part testimonial of your skill & style.

Also: Is Ryan Holiday about the internet & the death of journalism?

5. Learn by doing

Back in 2001 I wrote a book called Oracle + Open Source.

Along the way, writing chapter after chapter of material, there were times when I had to brush up on material. Or write & rewrite sections. Some of it wasn’t explained well, and other material I didn’t know as well as I needed to.

Today I intersperse howtos with writing on consulting, or industry trends. Inevitably a howto like Wrestling with bears or how I tamed Tungsten Replicator involves a lot of hands-on learning.

All of this is driven by blogging & publishing.

Also: Is the difference between dev & ops a four-letter word?

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don’t work with recruiters

If you’re building a startup tech blog you need to ask yourself this question

Editor & writer in friendly dialog

Join 28,000 others and follow Sean Hull on twitter @hullsean.

I work at a lot of startups, and these days more and more are building tech blogs. With titles like labs or engineering at acme inc, these can be great ways to build your brand, and bring in strong talent.

So how do we make them succeed? It turns out many of the techniques that work for other blogs apply here, and regular attention can yield big gains.

1. Am I using snappy headlines?

Like it or not we live in a news world dominated by sites like Upworthy, Business Insider, Gawker & Huffpo. Ryan Holiday gained fame using a gonzo style as director of marketing at American Apparel. Ryan argues that old-style yellow journalism is back with a vengence.

Click bait asside, you *do* still need to write headlines that will click. What works often is for your title to be a little sound bite, encapsulating the gist of your post, but leaving enough hook that people need to click. Don’t be afraid to push the envelope a bit.

Also: Which tech do startups use most?

2. Line up those share buttons & feedburner

Of course you want to make the posts easy as hell to share. Cross posting on twitter, linkedin, facebook and whereever else your audience hangs out is a must. Use tools like hootsuite & buffer to line up a pipeline of content, and try different titles to see which are working.

You’ll also want to enable feedburner. Some folks will add your blog to feedly. Subscriber counts there can be a good indication of how it is growing in popularity too.

Related: Do today’s startups assemble software at their own risk?

3. Watch & listen to google analytics

You’re going to keep an eye on traffic by installing a beacon into your page header. There are lots of solutions, GA being the obvious one because it’s free. But how to use it?

Ask yourself questions. Who are my readers? Where are they coming from? How long do they spend on average? Do some pages spur readers to read more? Is there copy that works better for readers? Are my readers converting?

It’ll take time if you’re new to the tool, but start with questions like those.

Read: Is automation killing old-school operations?

4. Optimize your SEO a little bit

Although you don’t want to go overboard here, you do want to pay some attention. Using keyword rich titles, and < h2 > tags, along with wordpress SEO plugins that support other meta html tags means you’ll be speaking the language search engines understand. Add tags & categories that are relevant to your content.

Don’t overdo it though. Stick to a handful of tags per post. If you add zillions with lots of word order combinations & so forth, this kind of stuff may tip of the search engines in ways that work against you.

Check out: How to hire a developer that doesn’t suck

5. Search for untapped keywords

When I first started getting serious about blogging, I had an intern helping me with SEO. She did some searching with the moz keyword research tools and found some gems. These are searches that internet users are doing, but for which there still is not great content for.

For example if results showed “cool tech startups in gowanus brooklyn” had no strong results, then writing an article that covered this topic would be a winner right away.

These are big opportunities, because it means if you write directly for that search, you’ll rank highly for all those readers, and quickly grow traffic.

Read also: 5 things toxic to scalability

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don’t work with recruiters

How to increase newsletter signup conversions with nifty iphone trick

If you’re like me & spending a lot of time on twitter, I hope you’re also seeing the traffic growth I’m seeing. I’m sharing a stream of posts using hootsuite, then actively engaging with journalists, VCs, startups & technology experts.

That’s all great, and I’m finding more and more it’s a good use of my time.

Recently I started using a cool iphone feature to let followers know about my newsletter. It’s called a shortcut.

Have you ever mistyped a word on iOS? It then offers up the correct spelling. Through this same mechanism, there is an awesome way to quickly type anything. Use a two or three character shortcut to type a paragraph.

Take a look, here’s what I mean.

1. Click through to Settings->General->Keyboard

Open your iphone settings, and navigate through General, and then Keyboard.

keyboard tab

Also: Why you should track your time on social media

2. Find the Shortcuts tab

Navigate until you find shortcuts. It should look like this:

shortcuts tab

Read: Do managers underestimate operational costs?

3. Create a shortcut

Add a new shortcut with the plus button.

create shortcut

Phrase: “u may also like my newsletter http://iheavy.com/signup-scalable-startups-newsletter”

Shortcut: mytest

edit shortcut

Related: When I had to take the fall

4. Use your new shortcut on twitter

Responding to a new follower, or in a dialog with a journalist? In a response somewhere along the way, type “dyo”. Just like a typo correction, you’ll see iOS offer you a completion, the full text you want to use. Click (space) to accept it.

use shortcut

Check this: Why a killer title make or break your content efforts

5. Post it periodically using trending hashtags

Open twitter & click timelines->discover

Click View more trending…

Scroll through for related topics. For me anything technology, startup, scalability, devops, venture, founder, database related, I’ll use that word, hashtag of phrase.

(BONUS) Create four or five shortcut variations

Nobody wants to see the same thing repeated over and over. So create a few variations. Mix it up a bit.

I’m seeing huge conversion rate on these. I haven’t measured yet (not sure how), but anecdotally I’d say in the 30-50% range. In other words if I mentioned my newsletter to 10 people during the day on twitter, I get about 3-5 new signups. This compared to one newsletter signup per day, passively through my blog.

By directly imploring people to signup, you bring it front and center to their already busy & distracted attention. It works!

Read: Is scaling automatic in the cloud?

Get more. Grab our exclusive monthly Scalable Startups. We share tips and special content. Our latest Why I don’t work with recruiters