Israel has a new anti-spam law that takes affect today, December 1^st, 2008. Ultimately, it seems to boil down to: Opt-in is king. Companies who don’t already live up to the opt-in standard (with appropriate tracking of opt-in permission) seem to be rushing to reconfirm their email lists. ExactTarget’s contract requirements already require opt-in, so that’s a great start. But, if you send mail into Israel and/or have a presence there, I’d strongly recommend contacting an attorney for guidance. My (very limited) Hebrew skills make decoding the Israel Internet Association’s anti-spam website a bit difficult, but it does suggest to me that getting permission in writing is a requirement, as is labeling the message as an advertisement.

There’s definitely some confusion out there regarding what’s allowed and what’s not allowed under the law, and it’s unclear to me what ability there would be to take action against senders located outside of Israel, but it’s not the kind of thing that I recommend you find out for yourself. Our recommendation is always to comply with the legal requirements of every jurisdiction you’re knowingly serving mail to.

“We want to build our list FAST! We want to put a notice on our high-traffic website that says, the first 1000 people to give us the email addresses of ten of their friends will each receive a $15 coupon code to use on our online store. Is this legal?”

Sure, it’s legal. But that’s the wrong question. Marketing success takes quite a bit more than just making sure what you want to do is legal. The right question would be something like: Is it wise? What kind of problems are you going to have as a result?

From a deliverability perspective, viral marketing campaigns + incentives = disaster.

Why?

The perception of spam is a big problem here. The “friends” are going to get this mail, not recognize that they signed up for it, and they’ll report it as spam. In a normal “forward to a friend” scenario, the volume is low enough, and the friend has enough control of the message, to minimize the associated risk. When you open it up broader, by way of asking for X email addresses, or by offering an incentive, you’re going to end up with a lot more addresses – bad addresses. Even if you don’t assume that people will try to game the system by giving you garbage addresses, the volume increase is the kind of thing that’ll hurt you, as there’ll be a greater number of spam complaints as a result.

Also – as I’ve blogged about before – any viral marketing program that utilizes incentives must comply with CAN-SPAM. That means that you have to make sure you do not send email to any “friend” who may already have unsubscribed emails from you. If you fail to scrub the submitted addresses against your internal unsubscribe records means you are failing to comply with the law. And the affirmative consent standard applies here. Meaning, if you don’t have affirmative consent from the person you’re emailing (and you won’t), then you have to label those messages as an advertisement. That’s bad news. That means you are pretty much labeling your mail as spam, and inviting ISPs to block it.

Forward-to-a-friend isn’t inherently bad, but it is risky from both the perspectives of legal compliance and deliverability success. Our recommendation is that you never offer any sort of incentive for viral marketing or similar programs, and that you never, ever have a webform that allows people to submit multiple email addresses. 

“Our terms of use specifically require that all members abide by all local, state and federal laws, including CAN-SPAM and we make sure to educate our customers accordingly,” says an email I received today.

That’s a red flag. When you brag to me about CAN-SPAM compliance, it tells me that you need something to brag about other than permission, other than clear and direct consent.

Sure, there’s spam out there that is far from legally compliant. But there’s such a thing as legally compliant spam, and it’s just as unwanted. What governs your ability to get your mail delivered? Permission, not just legal compliance. And legal compliance isn’t a substitute for permission.

Bragging about legal compliance is a bit like bragging about how fabulously shiny your subject line is. It makes for great marketing filler, but it means absolutely nothing.

If you’re bragging about CAN-SPAM compliance, it tells me that you either don’t understand how email reputation works, or you’re attempting to deceive, because you know you don’t have a solid level of permission involved.

I’m not sure which is worse, but either way, it means something doesn’t smell right. And in this case, the rest of the email message did nothing to allay my concerns. There was absolutely nothing about permission. No mention of clear consent. Just a lot of talk about legal compliance, and how anybody can opt-out, and we suppress X million addresses, and how they’re leaders on the lead generation and prospecting front.

Really? Leaders? Without permission? I don’t think so.

On May 12, 2008, when the Federal Trade Commission (FTC) approved four new rule provisions under the US Federal anti-spam law, CAN-SPAM, they also included some very important clarifying information in the related Statement of Basis and Purpose (SBP), which was published shortly thereafter in the Federal Register. The most important bit of that clarifying information relates to forward-to-a-friend messaging and how that messaging is covered under CAN-SPAM.

In a scenario in which someone either receives a commercial e-mail message and forwards the e-mail to another person, or uses a Web-based mechanism to forward a link to or copy of a Web page to another person, the FTC explains that, generally speaking, if the sender offers something of value in exchange for forwarding a commercial message, then that company must comply with CAN-SPAM.

Meaning, if you offer an incentive to people to forward your message to a friend, you have to ensure that they do not forward your message to somebody on your unsubscribe list, else you are liable for a CAN-SPAM violation.

Let’s break it down even further. Imagine this scenario:

• You have a Forward-to-a-friend, invite-a-friend, or any type of viral marketing mechanism where a recipient has the ability to submit an email address, and you then send that person an email.
• You offer an incentive to people to submit their friends’ email addresses.
• You then send an email message to those friends.
• If any of those friends were on your unsubscribe list, if they had previously opted-out from your messages, then you’ve just broken the law.

Not good!

Our recommendation is that you don’t offer an incentive to subscribers to forward your email unless you have ability to honor existing and future opt-out requests. This isn’t typical, standard functionality. If it’s something you plan to do via ExactTarget, make sure you talk to your account manager and the deliverability services team, to better understand the legal liabilities and technical requirements relating to any sort of forward-to-a-friend process.

In closing, here’s one additional thing to keep in mind: If that message you send purports to be from the friend, the friend must have control of content. In the past, the FTC levied record fines against a company who sent messages as the friend, but didn’t give the friend control over the content. This is the kind of thing where they’re likely to actively prosecute bad actors. As always, make sure you don’t implement this in a way that makes you look like a bad actor.

1. You should make certain that you regularly download the list of wireless domains maintained by the FCC and wash addresses in those domains from your general lists.
2. You should segment your wireless domain addresses into their own list.
3. You should make certain that you implement double opt-in for addresses on the wireless segment, even if you don’t use double opt-in in general.