UA-25768871-1

Vendor Rebuf

I receive a lot of inbound messages from inside sales teams across the security (and other) industries. I used to just delete all of them, and sometimes make fun of them (without naming!) when particularly egregious practices happened (like four or five followups).

But that’s a dehumanizing practice. Lead generation is already a hard and thankless discipline, and a friend suggested sending a polite “no” was a better approach. So I put together a template response, stored it as a signature block, and have used it for quick responses. I present it to you here, and put it into the public domain - you may freely repurpose this text.


Good day!

I’m going to decline what I’m sure was a lovely invitation. I recognize you have a job to do — namely, get a qualified first appointment — but I am not a lead for you, and my answer is no. If I ignored your email, you might reasonably wonder whether I didn't get it, or whether I was considering it. This might reasonably lead to a follow up. Let me be clear: I received your email and thank you, but I am not interested. Please don't follow-up.

There are thousands of security companies (and many thousands when all of the VARs are included), and almost all of them would like some time on my calendar. If I accepted even a 15 minute appointment from each of them once a year, I wouldn’t have any time left to do my regular job, which is helping Akamai make wiser risk choices.

But in an effort to give you a response, I’ve drafted this form note that I can quickly send to minimize my cost of you getting to a “no.” I’m sure you’ve got many questions, most of them aimed at converting my “no” to a “yes” (hint, not going to happen), so I’ve included a brief FAQ:

Q: Can I keep you on my mailing list?
A: Please remove me, unless you have documented evidence that I willfully opted into it. Odds are, you either got this list from a conference, or paid for it from Hoovers or equivalent. If you have a way to mark me as “don’t contact,” please do so.

Q: Can I send you a gift?
A: Please don’t. Either it’s not really small, in which case you run afoul of both my personal ethics & our corporate ethics policy, or it’s truly small, in which case it’s unlikely to be valuable, and it’ll just be disposed of, increasing the adverse environmental impact of our industry. Relatedly, offering me a gift if only I take a meeting is actually insulting. You’re basically trying to bribe me to take the meeting.

Q: But I see you’re a Patriots fan / oenophile / runner, and I’ve got this meaningful gift!
A: I have season tickets to the Patriots, my own wine cellar, and I don’t run as often as I’d like to. I’m happy to talk about those things, and you can find me on Twitter as @csoandy doing so - and occasionally talking security, as well.

Q: Can you refer me to someone else at Akamai?
A: No. As a standard practice, all of the information security professionals at Akamai never do blind references. If we make an introduction, we get permission first from the target, and therefore we’re investing our time and reputation. So cold intros are almost never going to get that.

Q: How do you decide who to talk to?
A: Sometimes because I’m interested in a specific technology. Sometimes because a peer highly recommends a company. Sometimes because there’s a specific hazard I’m trying to determine how best to mitigate.

Q: How do I be on your radar for when you might be interested?
A: Be awesome as a company. I recognize that’s your overall marketing team’s job, but you’re a part of that. Did you send me a boilerplate blurb like, “We’re the market-leading provider of enterprise security services that enable businesses to serve their customers without fear of compromise”? That’s boilerplate that almost any security company could claim (hey, Akamai could use that, although it’s an overly strong claim, so we wouldn't!). In fact, that’s one of my litmus tests - if your boilerplate could describe my company, then I’m just going to stop. Use a brief technical explanation, like, “Akamai provides both security-enhanced CDN services, like DDoS mitigation, bot management, web application firewalls, and client reputation; and enterprise services like DNS-based malware filtering and simple-to-provision application VPNs to safely connect your third-parties into your network.” With a note like that, at least I can have your name in my mental map of solution providers.

Q: Great, can I call back next quarter?
A: No. In fact, be aware that I never suggest a lead developer call/email back at a set time, so if you start with, “Andy, I’m following back up as you suggested…” note that I’ll stop reading there.

Q: But I’m not a security company! Can’t you take time?
A: Then even less so. I’m almost certainly not even an appropriate target, which means you’re sending cold intros to people who aren’t appropriate targets.