December 11, 1999 — Sometimes an idea sticks in my mind, and I find that it represents a common theme between a series of unrelated events. Recently, for me, one such theme is “trust but verify.”

One year ago, I bought a new web server and colocated it at a special facility where I was promised a high level of service and internet connectivity.  The company had a great reputation, and I contacted several references and got excellent feedback.  I trusted them, and I relied on the colocation service provider’s detailed reporting to detect and report outages.

Some months ago, I learned that my colocation service provider was not delivering the level of service that I had been promised. The vendor’s online reports showed no “down time” and no outages, yet I was getting email from people who could not access the site, and occasionally I was unable to access the site.  Since I trusted the vendor, I subscribed to several free remote monitoring services that promised to check my server periodically and report outages.

To my dismay, all of these outside tools began reporting system outages which my service provider did not detect. This led me to track performance even more closely, and I discovered that my service provider’s own tools were designed to ignore certain types of outages.  When I tried to report the problem, I learned that the service provider’s front-line technical staff was simply not competent; every call had to be referred to a second- or third-tier technician (after 10 to 15 minutes of delay).  Finally, it became clear that the vendor was overwhelmed, and could not deliver the level of service promised and contracted for.

To make matters worse, the vendor claimed that my outside monitoring tools were inaccurate, until the weight of evidence was impossible to dispute.  Then the company delayed for weeks, claiming that an “investigation” was under way, and then claimed that a letter had been mailed to me explaining the results of the “investigation.”  After several weeks of delay, the company admitted that the letter was never sent, and agreed that I could terminate my contract early and move my equipment to another vendor’s facility.

Trust is Overrated: I then called a number of “Chief Technical Officers” at various internet companies, and learned that this was a common problem throughout the industry.  According to the CTOs I spoke with, none of the high-cost providers delivered the level of service or support that was promised and contracted for, nor would these service providers acknowledge outages or problems unless given incontrovertible proof (in the form of third-party monitoring and diagnostic tools). No vendors were excluded from these negative reports: every vendor in the space, including companies like Above.net, Exodus, Level Three, and Verio, all received scathing customer comments based on very bitter experiences.

Put simply, everybody makes mistakes — and nobody ever wants to admit their mistakes unless they’re caught red-handed.  (The vendor I had these bitter experiences with was Above.net, but based on my conversations with a dozen CTOs, it would be unfair to single out any one company.  These practices are pervasive within the industry.)

Hence my motto, “trust but verify” — do business with companies you feel you can trust, but take steps to verify the actual delivery of services as promised.

The free and low-cost remote monitoring services I used were just the simplest tools available.  Products like Foglight Software’s Real-Time Application Performance System (RAPS) (recently acquired by Quest Software) are essential for larger internet enterprises to monitor their entire web-based systems, to identify bottlenecks and failures that affect performance.  These tools help us in our quest to verify that software tools and third-party service providers are delivering on their promises.  Other companies, like Service Metrics, promise to monitor the “customer experience,” rather than internal activity, and to tell you how that experience compares for your competitors’ sites.

Direct Email Requires “Trust But Verify”to Work: I’m dismayed to report that at least one publicly-traded company has ignored the motto “trust but verify” in the world of email-marketing.  The advertising network 24/7 Media is now operating a “direct email” division called 24/7 Mail, and claims to provide access to “opt-in” email lists.  Unfortunately, the company has ignored many years of bitter internet experience. It has signed on “partners” who furnish 24/7 Mail with email lists that the “partners” claim are “opt-in” lists.  Then 24/7 Mail sends emails to the names on those lists.

24/7 Media has decided to “trust” without verifying, and they have engaged in “stealth mailing” tactics (using email return addresses and “remove” instructions that do not work).  The company’s name (24/7 Media or 24/7 Mail) does not appear in the mailings, nor are any of the domains used for mailing registered to the company directly.

When I tracked down the source of these spam emails, the company claimed innocence, saying simply that they did not know that the lists were not actually “opt in” and that they did not realize that the “remove” instructions did not work.

“Opt-in” email means just that: no consumer should ever be added to the list unless they actively request to be included.  And since forgeries and harassment are common, no legitimate “opt-in email” list firm will ever add a name without sending a confirmation email and awaiting an affirmative reply from the address being added.  The spammers at 24/7 Media don’t do any of these things: they don’t verify, in a business where trust is violated more often than not.

Rather than respond to my complaints, the company demanded that all my future communications be with the firm’s attorney.  The firm has refused to admit any wrongdoing, nor apologize for its error (they are sorry only that I am upset), and they continue to “trust” without verifying that the people they buy lists from are trustworthy.

Investment Deception: After I recently sold my adbility.com web site, I began researching mutual funds to invest some of the sale proceeds.  After scouring written publications and wide range of online resources, I concluded that I would be wise to invest in a mutual fund called the “Strong Dow 30 Value Fund,” which featured an extremely low “expense ratio” of only 0.10%.  The low fee seemed appropriate for a mutual fund that invests only in the 30 stocks in the Dow Jones Industrial Average, and I trusted the resources I was reading (including Schwab and Morningstar) but since no other mutual fund had such a low expense ratio, I decided to look further — to verify.

I went to considerable effort to locate and download the annual and semi-annual fund reports from the Strong Funds site.  I was relieved to find in the 1998 annual report that the actual fee charged was 0.10%.  But I became concerned when I learned that this was an “adjustment” down from actual expenses of 2.0%.  I was disappointed to see that in the June 1999 semi-annual report, the expense ratio actually charged had risen from 0.10% to 1.60%.  A quarterly report on the web site claimed an expense ratio of 1.16% but did not identify the period used to compute this cost.

Finally, I called Strong Funds and found that a “fee waiver” had been in effect through 1998, and that during all future years the fund would be charged a 0.8% management fee plus additional expenses of 0.2% to 1.2%.  I found this high fee level grossly unacceptable, and I was outraged that theStrong Funds firm had been so deceptive in reporting its fees.  (I sent a complaint to the Securities and Exchange Commission.)

Trust, but verify.

— Mark J. Welch

Comments are closed