CAN-SPAM Compliance

Require a login to opt-out?

Wednesday, November 18, 2009 by Al Iverson

If you're wondering if it's OK to require that recipients must log into your website before they can unsubscribe from your emails, the answer to that is no-- it's prohibited under US Federal law.

The FTC explicitly clarified this in the May 2008 CAN-SPAM Rule Update. It's on page 104, near the bottom.

Here's what it says:

Section 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out. Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient's electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to: (a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or (b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).

What does that mean? Read carefully: Senders are not allowed to require recipients to "provide any information other than the recipient's electronic mail address and opt-out preferences." That means you can't require them to login to your website before continuing on to a preference center or other page. The only thing a recipient has to give you is their email address, and the opt-out preference. (i.e. do you want to opt-out from all messages, or would you like to opt-out only from certain specific lists.) The law prohibits any requirement that the recipient "take any other steps except sending a reply electronic mail message or visiting a single Internet Web page" when unsubscribing -- meaning it's not OK for it to take five clicks for somebody to unsubscribe. Interact with one page means the unsubscribe link takes them to a web page, where they are either unsubscribed automatically, or push some button on that web page to complete the unsubscribe process. (That would be interacting with that single web page.)

For more information on CAN-SPAM, visit our CAN-SPAM Information Center at http://canspam.etdeliverability.com/

Lashback Working with Yahoo

Tuesday, November 17, 2009 by Al Iverson

Lashback reported today (via Twitter) that they're working with Yahoo nowadays to help Yahoo determine the "unsubscribe reputation" of senders. What does this mean? According to Yahoo's help pages: "We work with LashBack to identify certain senders that honor unsubscribe requests. When a user reports "Spam" on an email from a sender that has a good unsubscribe reputation (as per LashBack's UnsubSafe score), LashBack facilitates an unsubscribe request so the user is removed from the sender's mailing list."

What does this mean for you, dear senders? I think it's another suggestion to keep your nose clean. I think this means that if you send mail to people after they have unsubscribed, you're going to end up with yet another data point identifying you as a bad guy, and it's going to further interfere with your ability to deliver email, at Yahoo, and elsewhere.

What is Lashback? Lashback calls themselves "The Email Compliance Authority." They do a few different things. They offer an email plugin for end users to download and install, and the plugin helps them compile unsubscribe compliance information, the goal of which is to help people unsubscribe from emails more easily, and denote when senders do not respect the fact that a recipient has unsubscribed. They also denote when suppression lists have been abused, are receiving mail that they shouldn't be. The goal is to denote when senders or advertisers are out of compliance with CAN-SPAM.

We actually contract with Lashback to help us monitor client compliance with unsubscribes (and help us monitor for the unlikely event that our own unsubscribe handling processes were to fail). Some of what they look at is specific to third-party ad networks and ExactTarget is not a third-party ad network, and declines to serve mail for third-party ad networks, so not every single bit of data they collect is going to be useful to somebody like us. But, overall, they provide really useful data that has helped us take action against numerous clients engaged in bad acts.

So, it doesn't surprise me to see Yahoo referencing Lashback data, since I find it valuable myself.

Verizon "Wireless" and Not Wireless

Wednesday, November 11, 2009 by Al Iverson

A quick update to something I posted back in July: Verizon.com is no longer listed as a wireless domain. We've removed it from our list detective filter, as we're no longer legally mandated to filter it out as a wireless domain.

Keep in mind, we're forced to go by what's actually on the list-- we can't just make exceptions or reject listings because we don't think they're right. And trust us, in some cases, we do notice entries that we don't think are correct. We'll continue to nudge ISPs and domain owners whenever we see anything like that, and work with affected clients to do the same.

Be sure to check out our FCC Wireless Domains website for more information, and don't hesitate to contact the deliverability team if you have any questions.

Real Email Threat #3: Lax Permission

Tuesday, November 3, 2009 by Morgan Stewart

The issue of permission presents one of the greatest threats to the future of email marketing. According to data shared by Julie Katz at Connections ’09, consumers want greater control over email. They want control over SPAM, they want to be able to unsubscribe from email more easily, and they want greater control over the frequency of commercial email coming to their inboxes.

In both 2008 and 2009 we asked consumers to indicate how acceptable it was for them to be contacted via email for “Promotional messages (i.e., sale, special offers) from companies whom you regularly conduct business, but have not specifically asked for ongoing information.” As we outlined in the 2009 Channel Preference Study, consumers’ attitude toward non-permission communications from known companies is souring quickly. In 2009, 50% of consumers considered these messages with unacceptable, nearly doubled from 26% in 2008. The belief that marketers can send email to their customers based on a ‘prior existing relationship’—the premise for email appends—is dead. Customers don’t want the practice to continue.

Nevertheless, the industry continues to allow embarrassing practices like email appending and list rental. Not surprisingly, the only people that fully endorse these practices are those that profit directly from them. The rest of us squirm and manage to squeak out the words, “It can work, if you do it right.” However, few believe that it ever will be done right on a consistent basis. After all, we've been writing about this for quite a while.

There are three interrelated reasons for this. First, as I mentioned in my first post in this series, email is too easy and too cheap. It’s simply easier to do email appends and list rental incorrectly, using an opt-out model that has no regard for permission. The numbers are more impressive--and let's face it, big lists still sound better than little ones. Second, pricing models are still based on match rates and list sizes. These models favor sending to the masses, which in turn favor the opt-out model. Third, since there are still enough suckers out there who will pay to do it incorrectly, email append and list rental vendors have no incentive to change their revenue model. Given that opt-in revenue models are likely to be less lucrative, it won't change until the issue is forced.

But it may already be too late for email append and list rental companies.

While the industry has failed to police itself, two entities with the ability to make real changes have lined up with consumers. First, ISPs continue to serve the best interests of their customers by increasingly relying on reputation systems that include engagement measures such as opens and clicks to determine if messages should be routed to the spam folder (see What’s in store at the ISPs 2009-2010 from Pivotal Veracity). Second, Canadian Parliament continues to push forward Canadian Electronic Commerce Protection Bill C-27 which mandates an opt-in standard.

Comparatively, US CAN-SPAM laws are notoriously weak, making the joke that US CAN-SPAM laws say, “yes, you can spam consumers so long as they can opt-out.” Unfortunately, Unfortunately, many companies use this law to condone their continued distribution of non-permission email. In short, the US Law falls short of meeting customer expectations—again more than half of consumers believe non-permission email is unacceptable, even when it's from a known company. This doesn’t support an opt-out standard. I interpret this as, “there is no excuse for sending email without the express consent of consumers. Period.”

Interestingly, in the same comparison of opt-in promotions from 2008 to 2009, there was no change. Consumers believe permission-based email is highly acceptable. In fact, given the choice, 75% of US consumers (see the 2009 Channel Preferences Study) and 74% of UK consumers (see Strategy Meets Customer Expectations) prefer to receive permission based promotional messages through email.

It’s simply that we need to draw a hard and fast line. Opt-in permission should be the only standard by which we live. Not supporting efforts to eliminate questionable practices in our industry reflects poorly on the industry as a whole. After all, as Matt Blumberg, CEO of ReturnPath, recently wrote, “What's good for consumers is great for direct marketers. Marketing is not what it used to be, the lines between good and bad actors have been blurred, and the consumer is now in charge.” Amen!

It's time we completely honor consumers' preference for an opt-in standard. We can no longer afford to lend any support, even passively through silence, those who don't.

Live Blog: Financial Services Solution Showcase

Wednesday, October 14, 2009 by Amanda Cross

We've got quite a change of pace in the ol' developer track conference room. Chris Murray of ExactTarget is the emcee for the Financial Services Solution Showcase.

He starts by introducing the first segment:

Beyond Deliverability: Consumer Choice & Control
Authentication, Privacy, and Policy
by Craig Spiezle
https://otalliance.org

The Online Trust Alliance is concerned with security in online activity, especially financial services. Spoofed email, phishing, and online exploits are a major challenge for financial organizations that operate online.

Craig said that government regulations are likely to come about in the next few weeks as a result of the identity theft incidents that we've heard of recently. Craig said that the United States is actually behind other parts of the world in consumer production.

Craig discussed extended validation certificates. In order to get one of these certificates, the business must prove that it's registered with a local tax authority. While this can't verify that the business has good business practices, but it does require that the business be a real business. When a business has this certificate, it turns the address bar in your browser green when you visit their site. If the address bar isn't green, you know that it's a spoofed site.

He continued to talk about the business value of authentication. Not only does this help protect your business from being spoofed, but also improves your deliverability.

Of the top 100 financial institutions in North America, only 43% have protections in place for consumers.

Craig talked about the problem with unsubscribe: an unsubscribe link in the footer of the email is required by CAN-SPAM, but consumers are warned not to click links in emails they don't want for fear that they'll alert spammers that they're a real person. An unsubscribe header allow ISPs to render an unsubscribe link in their client so that people can unsubscribe without clicking the "report as spam" link and degrading your reputation. About this time, someone from ExactTarget piped up to mention that ExactTarget email already does this automatically.

Addressing Email Security Concerns
Matt Burton - GMAC/Ally Bank

Matt talked about Ally bank and the fact that its customers were receiving more spoof emails that were pretending to be from Ally as they were receiving from the real bank.

Ally Bank, like many places, would love for there to be a "silver bullet" that would solve the problem, but in fact the best way to protect consumers is with a combination of proactive monitoring, excellent deliverability of your legit content, and customer education.

Governance, while unpopular, is critical. If your company has multiple business units, ALL of them have to have successful security.

Some financial institutions do not include links in their emails, instead telling consumers to go to the website. This is problematic because it requires more copy and results in fewer site hits. Also, this doesn't prevent phishing emails from including links in their emails.

Security tools, such as ISP Phish Blocking and Certified Mail, are available to help prevent risk and increase confidence in your message respectively.

Education of consumers can be tricky. Sending emails that tells customers how to tell whether your email is real might make it look like you're a spoofer trying to set them up to trust fraudulent email in the future. Better to just remain consistent in your sending so that consumers become accustomed to your style and learn to identify spoofs on their own.

To wrap up, Matt recommended proactive risk diminuation rather than waiting for a problem happens and only responding then.

Technology Solution
e-statements at Nationwide
Brian Jaffe - Nationwide Insurance

Nationwide was facing a "statement challenge"--sending statements to customers on email. The address this issue, they created an elegant solution.

Governance - As part of this process, they codified their program for sending emails.
Preference management - allow customers to specify their preferences. Brian recommends double opt in.
Billing format - recreate view of paper statement
Send mode - bulk or single send. You probably batch up your bills, but some might do individual sends.
Data preparation - attributes or data extensions? what is the unique subscriber key? You need to understand your extremes (what happens if you have an extremely large amount of data?) and your data-display issues.
Deliverability - decisions about IP and Domain. Learn from your deliverability team!
Feedback - decisions about bounce management, reply management. If people unsubscribe and then try to sign up, you could have technical problems sending emails. Make sure you understand how your unsubscribes are managed. And be ready to monitor replies, even if you tell people not to reply to a message.
Inserting marketing messages into transactional emails - CAN-SPAM does allow you include marketing messages into your transactional emails under certain circumstances.

Paperless statements can create issues. For example, what if customers call in saying that they never received their statement. Customer service needs to be able to access tracking to see whether the subscriber ever opened the email and have other strategies to deal with these complaints. Customer service needs to be able to resend statements.

Nationwide includes quite a bit of personal information in their emails so that subscribers know that the email must be legit, since a phishing scam wouldn't have access to so much personal information. Watch out for links to log-in pages, since phishing emails like to send very similar emails that direct to their own "login page."

Having a protocol to deal with bounces is wise. In their case, if a subscriber soft-bounces, they put the subscriber back into the paper stream for one cycle and try paperless again for the next cycle. If they run into a hard-bounce, they put the subscriber back into the paper stream indefinitely until the subscriber re-enrolls themselves in the paperless process.

Nationwide's solution is based on the ExactTarget SOAP API. Their OMS (outbound messaging service) is a middleware layer of abstraction that actually sits behind their firewall. Between the OMS and ExactTarget much communication occurs to get the statements out to subscribers.

The content of the eStatement itself uses AMPscript to build the bill by parsing concatenated attributes and dynamically displaying content in appropriate data tables.

Michael Murdza (ExactTarget) took us through the technical aspect of the eStatement data flow. A sophisticated decision tree weave through the Nationwide database and ExactTarget application, using XML, AMPscript, and API calls.

And then the presentation wrapped up, and everyone started getting ready for the evening entertainment. I've really enjoyed live blogging the technology track for everyone today, and I hope you've enjoyed reading as much as I've enjoyed writing it. See you between the lines :)

Live Blog: Automation Event Triggered Sends Using SOAP API

Wednesday, October 14, 2009 by Amanda Cross

The developer track continues with Automation Event Triggered Sends Using SOAP API.

Between sessions, the intrepid staff of the Westin brought in several more chairs, effectively ensuring that no one will be sitting on the floor this time. There wouldn't be room, even if they wanted to.

Ana Ng plays over the PA system while we wait for the session to start, and with a minute to go it switches to Particle Man as the room fills up. You can tell that we're gearing up for the They Might be Giants concert tonight, after the Second City performance. Indeed, I'm already wearing my wristband :)

Automation Event Triggered Sends Using SOAP API
ExactTarget Product Specialist Manager and general super brain, Dale McCrory beings the presentation by asking how many people in the crowd have used triggered sends before. This feature is one of the most powerfully compelling and commonly implemented functionalities available in the SOAP API. Triggered emails are perfect for things like password reminders, order confirmations, and welcome emails. You can also use them together with Web Collect forms, Reply Mail Management, and other parts of the ExactTarget system that automatically send response emails to subscribers.

He continues by talking about send classifications: marketing and transactional, and the differences between then. Basically, marketing messages are subject to CAN-SPAM regulation, while transactional messages are not, since they're might actually be required to be sent to subscribers, such as receipts.

Dale puts some code up on the screen to show the anatomy of a triggered send call. He talks about how the template, content, and all the look-and-feel stuff about the email are created within the application and are controllable by marketers. The API then references the triggered send definition using the external key and doesn't have to bother with actually creating the content of the email using the API.

Next, Dale moved in to the difference between synchronous and asynchronous API. A synchronous API call goes to the server, which responds. If the server is unavailable, there's no response, and it's on the ExactTarget customer's shoulders to retry. Asynchronous calls, on the other hand, are queued up, so even if they can't be processed right away, they will get processed when the server is available. He recommends that people starting new triggered send initiatives use asynchronous API, unless development is so constrained that synchronous is all there's time for.

High priority API calls can be processed immediately, even if one of the servers is unavailable, by using our multiple data centers. There are limitations on emails that can be sent this way (they can't contain info from data extensions...stuff like that) and it incurs an additional cost per send.

Dale ran a little short of time, but he'll be presenting again later in the day.

Intuit's Notifications Service Engine: A practical approach to facilitating customer notifications
Next Intuit's Gary Rittinger directed everyone to http://connect.intuit.com to check out the implementation that he'll be talking about.

His purpose is to provide Intuit's infrastructure and offerings the ability to send, monitor, and manage the notifications they send to customers in a consistent and reliable way. To do this, Gary uses triggered sends to send welcome emails, order confirmation, shipping conversation, and other transactional messages.

Intuit finds that it's difficult to get consistent programming from across its organization, so it uses "application adapters" to normalize the input. They're using ExactTarget accounts to let each product manager get in and see the status of email sends.

As a result of implementing ExactTarget, Intuit enjoys:

Better transparency into notifications deliverability.
Reduced cost and increased efficiency of customer notifications.
Improved enterprise SOA adoption through standard web service technologies.
Fewer of redundant apps that served the same purpose.
Improve governance and compliance.

Gary recounted the ease and smoothness of putting this process in place. He commented that they've recently been moved from the Indy data center to the Las Vegas data center--one of the first customer to be live sending out of that data center--and the move took only 90 seconds. He also said that rolling out the process took only a couple weeks.

During the Q&A, Bryan Wade (the emcee) is talking up the documentation wiki and the API content that's available on it. This is a topic near and dear to my heart <3

Canadian anti-spam bill far from a done deal

Thursday, October 8, 2009 by Al Iverson

Michael Geist, Internet Law Columnist for the Toronto Star says that the current Canadian anti-spam legislation under consideration in Parliment is under attack. On bill C-27 – the Electronic Commerce Protection Act, he reports: "Although support for anti-spam legislation would seemingly be uncontroversial, various business groups have mounted a spirited attack against the bill, claiming requirements to obtain user consent before sending commercial email will create new barriers to doing business online."

Read the whole story here. (H/T: Box of Meat)

Sending SMS Messages? Make Sure You are in Compliance with New SMS Regulations.

Friday, October 2, 2009 by Phil Schott

If you're an ExactTarget client using SMS to enable targeted 1 to 1 communications you should have received an email on October 1, 2009, informing you of a change to industry regulations.

Here's what the email stated:

Beginning October 1, 2009, industry regulations state that the phrase "Standard Message charges apply" is no longer acceptable as standard messaging in SMS communications. For all digital advertising formats and message flows, one of the following phrases must be used in its place:

Message and Data Rates May Apply
Msg&Data Rates May Apply
Msg&data rates may apply
Msg&data rates may aply

View the ExactTarget SMS Regulation resource page for more information and helpful links to ensure that your Text Messaging campaign and communication programs are compliant.

If you have any questions about this change, please contact Deliverability Services at deliverability@exacttarget.com.

Recurring Comcast Delivery Problems Don't Have to be a Problem

Tuesday, September 15, 2009 by Phil Schott

One of the most frequent questions that we in Deliverability Services get asked is how to keep Comcast blocking from recurring.

Comcast aggressively blocks mail they deem their users don't want--even more so than other receivers. Right or wrong, they have filtering in place that they believe is effective and offers their users maximum protection from spam and unwanted mail. Ultimately, their obligation is to meet the needs of their users and not necessarily to meet the needs of senders.

The two biggest reasons Comcast blocks mail is because a sender's mail earns too many complaints or because a sender is sending to too many invalid Comcast addresses.

Senders are understandably upset when their mail gets blocked at Comcast, but by and large blocks are avoidable and are the result of less-than-great sending practices.

To avoid blocking by Comcast, or any receiver, ensure that you're sending mail to subscribers who have explicitly opted-in, are expecting to receive your mail, and will find the mail relevant.

If your sends keep getting blocked, it's time to review your sending practices. Is your opt-in clear and explicit? Do subscribers understand what you'll be sending to them and how often you're going to send? Are you meeting those content and frequency expectations or are you sending more frequently than you said you would or different content than you said you would? If a subscriber opted-in for your mail six months ago, are they still going to find the mail relevant and look forward to receiving it or has your mail now become just another of dozens they receive daily?

If you answered "no" to any of the questions above, it's time to change your practices to meet your subscribers needs and expectations. That may include less frequent sending, changing your opt-in, making your content more relevant and more of a one-to-one communication, or simply asking your subscribers if they still want to hear from you, which is known as re-engagement.

ExactTarget is excellent at helping clients get wanted and expected mail delivered and helping to maximize delivery and return on investment. However, if you're not meeting your subscribers' needs and expectations or continuing to send to addresses that are no longer valid you're going to continue to experience delivery issues at Comcast and possibly other receivers.

For more email deliverability tips and Best Practices, check out our free whitepaper, "Email Marketing CAN-SPAM Compliance."

New Maine Privacy Law May Impact Email Marketers

Tuesday, September 1, 2009 by Chip House

The Maine legislature just recently enacted a privacy law called “the Act to Prevent Predatory Marketing Practices against Minors.” While the goal is certainly worthwhile, the law is so packed with potential pitfalls for legitimate marketers that an 8/30/09 Media Post article reported “A coalition of media organizations and Web companies including AOL, Yahoo and eBay challenged the measure in court on Wednesday.”

Despite the uproar, the law will go into effect on September 12th, 2009. Here is the complete bill: Marketing and Data Collection Practices.

Though the law doesn’t specifically identify email marketing, it does cover the collection and use of all personal information (also called PII) for minors under 18 without parental consent. An email address is PII by most accounts. The legislations also prohibits marketing based on this personal information. The act reads: “… A person may not use any health-related information or personal information regarding a minor for the purpose of marketing a product or service to that minor or promoting any course of action for the minor relating to a product.”

An article in the Portland Press Herald reported, “The law makes it illegal for anyone (or a Web site) to collect health or other personal information from anyone under 18 for marketing purposes without getting parental consent. The penalty for companies that break the law is up to $20,000.” Looking at the act I noticed that the second violation mandates the $20K fine, "No less than $20,000 for a 2nd or subsequent violation."

It is possible that federal laws such as COPPA could preempt this new law if it comes to that. However, in the meantime email marketers should work with their own legal counsel to determine how to take action to protect their company from running afoul of the law. Complying will be burdensome for most. It could mean excluding teens from promotions, and prevent them from accessing your online sign-up forms. Also, since the law allows for private right of action, even individuals who feel they’ve been wronged under the law can file a civil complaint.

The silver lining here is the Maine State Attorney General has also mentioned her concern. Media Post reports, “'The Attorney General's position is that she's not enforcing the law,' Maine Deputy Attorney General Paul Stern said Friday.”

Summer Reflections from an Intern at an Email Marketing Company

Thursday, August 27, 2009 by Kyle Schroeder

So, I thought I knew about email before this summer.

I had signed up for newsletters and fan clubs. I got the coupons from online retails and bookstores. I even thought that I sent a decent amount of email in a given day. But, I had a lot to learn.

I remember the day that I had first heard about ExactTarget at a career fair. I talked with the employees at the booth for ten minutes or so and thought it was a really interesting company. I went home and began sharing with my friends about this “email company” ExactTarget:

Friends: “So what do they do?”
Me: “They send email.”
Friends: “Spam?”
Me: “No, I don’t think so. Its email you sign up for.”
Friends: “Oh, spam.”

After spending 14 weeks working for ExactTarget, I know and can explain why we actually are driven by the opposite of spam—and fight hard against companies that want to send spam.

ExactTarget is actually focused on sending relevant, permission-based email messages to consumers in a one to one marketing model that reaches specific customers that have chosen to opt-in to the particular email message.

There are two types of email messages sent out: transactional and triggered. There is also a CAN-SPAM Act of 2003 that has set out to regulate what email needs to look like.

I now realize what a powerful email marketing software platform ExactTarget is and how it can truly help raise the ROI for a company’s marketing dollar.

Kyle Schroeder
Slingshot Summer Intern

Annoying Consumers with Too Many Emails

Thursday, July 16, 2009 by Morgan Stewart

When one interviewee was asked if he had ever signed up to receive email newsletters he responded, “Yes, and I usually regret it.” Asked to clarify he went on, “I sign up for things thinking that I will get one or two emails every now and then, and then you start to be their best friend. I hate it! Don’t over communicate because that’s when I get angry.”

One Catapulter summarized the feedback she heard from consumers this way, “Consumers don’t want to be inundated with information. They want ‘to-the-point,’ relevant communication that isn’t annoyingly frequent.”

But how often is too often? When does the frequency of a program start to drive people away?

There are two ways I have seen used to measure this. First, measure engagement.. Looking at the percentage of emails consumers open—and the corresponding percentage of emails consumers click—can provide insight into the saturation level of your subscribers. If consumers continue to click through on emails, marketers using this method assume the subscriber is still satisfied. Generally, this is a safe assumption. However, there are downsides. It takes a good deal of effort to implement and stick with this type of segmentation. The marketer is supposed to pull back on frequency to segments where subscribers start to engage less often. This becomes difficult to do when others in the organization challenge the logic of limiting some mailings to a small segment of “highly engaged” subscribers.

The second method of limiting frequency is simply to ask. Video of the street interviews will serve as a supplement to a consumer survey fielded last month. In that survey, we found 64% of people said they were more likely to provide their contact information to companies that asked them about frequency. This is in essence a contract with the subscriber, which can generally be used to defend against the “why not send one more email?” question.

Either way, “how much email is too much?” is entirely in the mind of the recipient. What is too much for one subscriber is not enough for another.

Marketers wanting to take subscribers from the first-date (see Permission Makes All The Difference) to a relationship need to determine their frequency strategy. Moving to fast risks ending the relationship prematurely, while moving to slow allows the door to stay open for other suitors.

This post is part of a series on Consumer Perceptions of Marketing.

Previous post in series: Consumers Don’t Know What CAN-SPAM Is

Next post in series: When Marketing Becomes a Service

Consumers Don’t Know What CAN-SPAM Is

Wednesday, July 15, 2009 by Morgan Stewart

Email marketing’s PR challenges begin and end with spam. As our Catapult team hit the streets to talk with consumers, they heard nearly a hundred consumers express—each in their own way—that spam isn’t limited to penny stocks, Nigerian bank scams, and Viagra. “When referring to email marketing most people think of spam,” surmised Kristeen Hudson based on the interviews she conducted.

Spam is ‘junk mail’. It’s any communication where companies initiate contact and miss the mark. Even when permission is granted, sending relevant email can be a challenge. When unsolicited email is sent, it becomes nearly impossible to deliver something that the consumer interprets as relevant.

According to another new ExactTarget employee, Caitilin Landrigan, “When asked about spam, many people replied that they simply deleted the spam, because clicking the unsubscribe link would only confirm their address was active and increase spam quantities.” This perception continues despite the efforts of responsible marketers to comply with CAN-SPAM. But, could this legislation actually be part of the problem?

Very few of the consumers we interviewed knew that the US government had passed a law to combat spam. They had never heard the term CAN-SPAM. The question, “What is the CAN-SPAM act?” drew blank stares and wild guesses. Of the people interviewed, the only woman that was familiar with CAN-SPAM subsequently shared that her husband is a network administrator. Even if some consumers know what CAN-SPAM is, but by in large, they don’t know and they don’t care.

The disconnect lies in this simple reality, while still too many email marketers hide behind CAN-SPAM compliance—sending unsolicited email with the promise of honoring unsubscribes, the recipients aren’t aware of the rules marketers are playing by. Furthermore, the legal requirement to honor unsubscribes has been rendered impotent because consumers still think it will exacerbate their personal spam problem. That is why ISPs must hold emailers to a higher standard.

Fortunately, consumers do not consider all commercial email spam. In fact, most interviewees gloated about a couple of their personal favorites. The programs consumers consider relationship-worthy follow rules of online engagement that consumers do understand: Permission, respect, and relevance! Honor these and CAN-SPAM becomes a non-issue for email marketers.

This post is part of a series on Consumer Perceptions of Marketing.

Previous post in series: Permission Makes All The Difference

Next post in series: Annoying Consumers with Too Many Emails

Permission Makes All The Difference

Tuesday, July 14, 2009 by Morgan Stewart

Email marketing still has a big perception problem with consumers. As Kristeen Hudson, one of the Catapult team members who conducted interviews with consumers on the street shared, “Email marking and spam is one in the same to the general public and neither is looked upon very highly.” However, that does not mean that email is not appreciated. Kristeen continued, “When we asked people ‘What company does the best job of communicating with you?’ most people cited the companies that send them emails they wanted—not companies that had good TV commercials, print ads, or billboards. People really liked it when they received relevant emails with coupons or that talked about upcoming sales. These emails make them feel empowered and special.”

So, consumers think email marketing is spam, but coupons and special offers make them feel special? What gives? Caitilin Landrigan, another interviewer, shared this insight, “Several interviewees expressed that they did not like to be ‘marketed to’ and that they ignored advertisements in their email inboxes and social network accounts. However, most of the interviewees told us that they appreciated emails they had opted into from stores where they shopped frequently. One man even told us that he had a ‘relationship’ with such stores, that he was the one who initiated contact, and that this made all the difference.”

When marketers initiate contact with consumers, it is spam. When consumers initiate contact with a company, they are indicating that there is the potential for a relationship. Even so, permission does not constitute a relationship. Extending the relationship analogy, getting a consumer to sign up for your program is like getting someone to say yes to a first date. If the relationship is to continue, there is still work to do.

This post is part of a series on Consumer Perceptions of Marketing.

Previous post in series: Consumer Perceptions of Marketing

Next post in series: Consumers Don’t Know What CAN-SPAM Is

Consumer Perceptions of Marketing

Monday, July 13, 2009 by Morgan Stewart

Two weeks ago, members of the Catapult Rotational Program traveled throughout the Midwest to conduct customer interviews about their perceptions of marketing—from email marketing, to sms marketing, to social media and direct mail.

They did incredible—nearly 100 interviews in 2 days! While the goal was to have them capture video footage, there was another, perhaps more important byproduct—these new ExactTarget employees got a personal introduction to the core tenants of SubscribersRule!

Fresh off the road, we asked Catapult team members to share their thoughts about what they heard from consumers. Check out observations on the following topics based on the experiences Teresa Becker, Caitilin Landrigan, and Kristeen Hudson.

•   Part 1: Permission Makes All The Difference
•   Part 2: Consumers Still Don’t Know What CAN-SPAM Is
•   Part 3: Annoying Consumers with Too Many Emails
•   Part 4: When Marketing Becomes a Service

Verizon "Wireless"?

Thursday, July 2, 2009 by Al Iverson

Here's a topic that comes up quite a bit: What constitutes a wireless domain?

As instructed by the FTC and per CAN-SPAM, the US federal anti-spam law, the FCC publishes a list of wireless domains. Your ability to send commercial mail to those domains is restricted; the legal requirements reference digital signatures; require a higher standard of affirmative consent (compared to CAN-SPAM). The intent is that "wireless domains", meaning devices like pagers and cell phones, should be spared certain types of messaging sans explicit consent.

This whole thing strikes me as odd. If the US standard were simply explicit consent across the board, there wouldn't have to be any weird exceptions or tighter rules only for certain email domains. But, I digress.

Ask yourself the following: What if a domain ends up on the FCC wireless list when it's not really a wireless domain? Is there anything to be done about that? Not really, unfortunately. The domain owners (typically telcos and ISPs) submit their domains to the FCC for inclusion in this list. Whether or not something qualifies for inclusion is something for the ISP and the FCC to work out; an ESP, or an ESP's client, doesn't really have any standing to make a judgment call that a domain is not validly found on the FCC wireless list.

A lot of people ask us about Verizon. "I thought Verizon was filtered," they ask, "but I see that I was able to send mail to somebody at a Verizon domain." Why? Because there are three different, common Verizon domains:

Verizon.net. This is the Verizon consumer ISP. If you have home internet service from Verizon, you probably have a Verizon.net email address. This domain is NOT filtered. It is NOT on the FCC wireless domains list, and as long as you are following normal permission best practices, it's okay for you to send mail to your subscribers at this domain.
Verizonwireless.com. This domain has "wireless" right in the name, but it isn't in the FCC wireless domains list. It used to be listed, but it was removed very recently, within the last couple weeks of June. As this domain has been removed from the FCC wireless domains list, we've removed it from our List Detective filter. How is this domain not a wireless domain? Don't ask me, nobody's ever explained it to me, and it doesn't make sense. But, I don't go by what the domain name is; I have to go by what is in the list or not in the list. (Coincidentally, I used to have a Verizon Wireless USB modem up until a couple of years ago. Back then I called Verizon and asked them if that means I have a verizonwireless.com email address. They told me no, Verizon Wireless users do not receive a mailbox at this domain. So perhaps this domain is corporate mailboxes for the wireless division of Verizon.)
Verizon.com. this domain IS in the FCC wireless list, meaning that sending to this domain is restricted. I think this might actually be Verizon's corporate email domain, and I don't understand why it's on the FCC wireless domains list. Perhaps Verizon will see this note and offer up some details. (I emailed them about this a while back, but received no reply.) But, as I say above, I have to go by what's actually on the list, not what my common sense tells me.

Clear as mud, right? Be sure to check out our FCC Wireless Domains website for more information, and doesn't hesitate to contact the deliverability team if you have any questions.

Profiles in Email Laws: India

Tuesday, June 30, 2009 by Al Iverson

Over on the Lashback Blog, Cari Birkner summarizes the closest thing to an anti-spam or email privacy related law found in India.

Cari says, "The closest legislation relating to email in India is the newly amended Information Technology Act of 2000. It was previously ammended in 2006, and Indian lawmakers amended the IT Act again in December of 2008. [...] The law addresses the following, summarized by Justice Rajesh Tandon of the Indian Cyber-Regulations Appellate Tribunal:
Tampering computer source documents
Hacking with Computer system
Loss/damage to computer resource/utility
Hacking
Obscene publication/transmission in electronic form.
Failure of compliance/orders of Certifying Authority.
Failure to assist in decrypting the information intercepted by Govt. Agency.
Un-authorized access/attempt to access to protected computer system.
Obtaining license or Digital Signature Certificate by misrepresentation/suppression of fact.
Publishing false Digital Signature Certificate.
Fraud Digital Signature Certificate.
Breach of confidentiality/privacy."

Read all about it here.

International Legal Compliance: Don’t Spam

Monday, June 29, 2009 by Al Iverson

I'm not a lawyer, and this isn't legal advice.

I get a lot of questions about spam laws both domestic and international. I study various email, privacy, and spam-related laws out there, so I tend to be the one that people ask first when they have a question. All fine and good, I'm happy to share what I've read. But I'm not a substitute for the real thing; ultimately, anyone with legal questions needs to consult with an attorney qualified in the area of concern.

A lot of my advice boils down to "don't spam," and that's for a reason. If your processes are truly opt-in, you're not spamming, and you're not likely to run afoul of any relevant email permission-related regulations. "Don't spam" works well as an answer to almost any spam law-related question.

Here's a few examples:

What does CAN-SPAM mean to me?
It means you shouldn't spam. Spam may be legal, but it also allows ISPs to block it, and all competent ISPs block as much spam as they possibly can. Your mail is not likely to deliver well if it's spam.

What does the new Canadian spam law mean to me?
It's hard to say exactly, because the current version under consideration has not passed yet, and may not be the final version. But, whatever comes, "don't spam" is likely to be the right advice. If you send mail only to recipients who ask for it, I would be surprised if you were not in compliance with the new Canadian law.

How will the new Dutch B2B email restrictions affect me?
As long as you don't spam, they won't affect you negatively. My understanding of the new requirements is that they close a loophole that allowed treating B2B addresses different than B2C addresses. It was already against the law to send unsolicited commercial messages to B2C addresses. Now, any mailings to B2B addresses must also be sent only to recipients who have opted-in.

Keep in mind that no such distinction between B2B and B2C ever existed in ExactTarget's policies. Whether you are mailing consumers or businesses, your recipient lists may only be comprised of email addresses where the owner of that address has specifically told you that they wish to receive email from you.

More on CAN-SPAM and Whitepapers

Friday, June 26, 2009 by Al Iverson

Yesterday I touched on the topic of CAN-SPAM and recommended reviewing one of our whitepapers, the one all about reputation.

We also do have a whitepaper on CAN-SPAM compliance, what you need to do to make sure you're covered, and also, why it has onlythe most modest relationship to your ability to get mail delivered successfully.

CAN-SPAM is mostly old news by now, but the FTC did provided updated guidance on bits of the legislation back in May 2008. Those updates are indeed covered in the whitepaper.

CAN-SPAM and Bad Advice

Thursday, June 25, 2009 by Al Iverson

Be careful where you get your legal advice from. As Spamtacular reports, the Attorney General for the state of South Carolina isn't quite up to speed on CAN-SPAM, inaccurately reporting that it enables private right of action. Oops.

Some of the worst legal theories I've heard on the topic of CAN-SPAM are those spouted by the permission challenged. "What I'm doing is OK! This is perfectly legal! ISPs have to accept this mail!" This adds up to a whole big old ball of incorrectness. Sure, it's legal (repeat after me: SPAM IS LEGAL IN THE US). But it's very, very stupid, and ISPs block it whenever they can (repeat after me: IT'S PERFECTLY LEGAL FOR ISPS TO BLOCK YOUR PERFECTLY LEGAL SPAM).

Stop telling people that you are CAN-SPAM compliant. Instead, ask yourself:

How do people end up on my email list? Am I asking for permission, or just assuming?
Do I provide significant disclosure and notice at the time of signup, what mail they'll be getting and when?
What's my plan for subscriber lifecycle management? At what point am I going to drop people off the list when they're not responding?

If people are blocking your mail, even if it's CAN-SPAM compliant, that's where to start. Where do you go from here? Ask your ExactTarget contact for a copy of our Reputation Equation whitepaper, which goes into detail about what things govern your online reputation (and by extension, your ability to get mail delivered).

The ExactTarget Blog

Follow Us On...

Recent Entries

Authors

Categories