Monthly Archive for May, 2008

Political Spam

Published
by
laura
21May
in Industry
.

At Adventures in Email Marketing, there is a post up this morning about political spam. It seems Anna discovered that providing her email address on her voter registration card not only results in political groups sending her email to that address, but also that political email does not have to follow the rules of CAN SPAM. The article ends with a few questions and makes some suggestions.

In general, why do politicians get such lax rules? Did the crafters of CAN-SPAM actually thing that candidates would (or could) ethically deal with this? The examples in my inbox show something different.

The flip answer is that the drafters of CAN SPAM are the political candidates and exempted themselves from the law because they did not want to have to follow it.

The less flip answer is that regulating political speech has less legal precedent than regulating commercial speech. Including non-commercial email in CAN SPAM would open the law up to a Constitutional challenge. By not including anything other than commercial speech, which the Supreme Court has ruled can be regulated by the government, there is much less chance that the law will be overturned as unconstitutional. In the 2005 final rule document, the FTC addresses the constitutionality of the law and provides references to case law supporting the role of government to regulate commercial speech (2005 Final rule, p 57 - 64 (link to PDF)).

There have been other reports of political spam this season. Ron Paul supporters used open proxies in China to send spam pushing their candidate. Campaigns of other major candidates have open signups on their web sites, allowing anyone to forge any email address into the form. Political advocacy groups have had similar problems in the past with not verifying subscriptions and therefore generating lots of complaints because the recipient never actually signed up for the mail.

I do have clients who send political mail. What I tell them is that the bar is set so low on CAN SPAM that there is no reason they should not comply with the law even though it does not apply to them. Allowing people to unsubscribe? Providing a physical postal address? Not forging headers? Meeting these conditions is trivial for any legitimate candidate and gives the recipients that warm fuzzy feeling that the candidate is acting in good faith.

2 Comments

Disposable or Temporary Addresses

Published
by
laura
20May
in Best Practices
.

Mark Brownlow has a really good post up today about disposable and temporary addresses and how they affect marketers trying to build an opt-in list.

I use tagged addresses for all my signups, and have for more than 10 years now. It lets me track who I gave an address to and if this mail is contrary to what I signed up for or the address has leaked, I can shut down mail to that address entirely.

Tagged addresses also have another function. One of our local brew pubs has a rewards program, spend money there, get points. As part of the signup process, they requested an email address. All the email I have received from them has been clearly branded, well designed, they are an example of how to use email right. That is until last week. Last week I received an email to the tagged address from some survey company. The survey company provided no branding, nothing.

Dear Passport Member

As a valued member of our passport program, your opinion is extremely important to us.  We are constantly looking to improve our menu offerings, passport privileges and manner in which we serve our most treasured guests.

Simply fill out the following survey and we will award you a bonus of 200 points within 2 weeks of completion.  Deadline to complete the survey is May 19th.

We look forward to hearing your thoughts about our program and how we can serve you even better in the future.

http://www.zoomerang.com/Survey/XXXXXX

My first thought was that our local brew pub somehow leaked my information out and I was getting some weird phishing or tracking spam. After a bit of examination and looking at the survey (again, not branded and with HTML looking like it was done in 1997) I did realize that this was probably a real survey commissioned by the brewpub and outsourced to someone else who executed it badly.

Recipients signing up to lists with tagged or disposable email address can be some of the most savvy customers. If marketing and emails are done well, this kind of customer can be a bonus. If marketing and emails are done poorly, the subscriber will leave.

1 Comment

Verifying email addresses

Published
by
laura
19May
in Best Practices
.

Over at CircleID Aviram Jenik posts about using email addresses as identification and how that can go horribly wrong if the website does no verification. In his case, the problem is a user who has made a purchase using Aviram’s gmail address and Aviram now has access to the other users personal information. As he explains it:

Most of this misguided email ranges from boring to funny, but today I got a purchase confirmation with the order number, amount and last 4 digits of the CC number. Since I “own” the email that is associated with this account, what prevents me from logging in to this guy’s account (have the e-commerce site send the password to “my” email due to my temporary amnesia) and redirecting the order to another zip code that happens to be my house?

I have recently been going through a very similar situation. It appears that someone in the UK signed up at an address harvesting website with my email address. This Mr. Laura Corbishley gave win4now.co.uk full authority to sell my email address to all and sundry, and they have. Emailinform got my address first and has been sending me email “because [I] opted in at win4now.co.uk. In the process of trying to track down this spam, I did “recover” my password at win4now.co.uk and took over the account.

I am suspicious of the signup at win4now.co.uk for a couple reasons.

  1. “Mr.” Laura. Sure, it is possible someone missed a pulldown window. Possible but unlikely.
  2. The postal address is Solihull, Warwickshire. But, according to Royal Mail Solihull is no longer in Warwickshire for purposes of mail delivery. The correct address is West Midlands. Another possible error, but how many people do not know their snail mail address.
  3. I have never received any mail from win4now.co.uk. I have only received mail from emailinform.

I know this is fairly common, people sign up bad addresses at website, either maliciously or accidentally. Even more frustrating is the inability to contact a real human at win4now.

I checked out their privacy policy. At the very top of their privacy policy it says:

This Privacy Policy Statement explains the data processing practices of win4now.co.uk. If you have any requests concerning your personal information or any queries with regard to these practices please contact our Privacy Officer by e-mail at privacy@win4now.co.uk) and sent mail to privacy@win4now.co.uk.

Fair enough. I sent email to their Privacy Officer. In the email I explained that one of their users had fraudulently used my email address to signup and I was now receiving spam. I requested that they remove my email address and notify everyone that they had sold my address to that there was no permission with that address and to remove it from their list as well.

Win4now sent me an email back that had the following at the very top:

IMPORTANT NOTE: Please do not respond to this email, it is auto-generated and replies are not monitored.

They provided a short FAQ and no indication that there is any human actually reading the privacy mail. Having an unmonitored privacy address is bad, but the auto-ignore goes out of its way to ignore privacy questions. The text of the message answers some questions, none of which seem to address their privacy policy.

  • Q: I have a problem using my Win4now password
  • Q: I do not want to receive any more new competition emails
  • Q: I would like to update my details
  • Q: I would like to unsubscribe from Win4Now
  • Q: I am having problems viewing the website
  • Q: I would like to know if I am a competition winner

None of those questions relate to privacy. At the bottom of the email there is another address I can send mail to, but at this point it is clear to me that win4now is exhibiting all the signs of spammers and scammers. They are avoiding email to privacy@, they do no form of confirmation not even a welcome message giving me the chance to inform them this registration is fraudulent, they are selling my address around but there is no way for me to stop them from doing that. I have gone in and changed the preferences on that account, but given win4now’s sloppy system I do not actually believe that will have an effect.

Thanks to some helpful folks over at a large ISP, I have been contacted by people at emailinform. They have unsubscribed me from their list. They are also looking into the address purchase. I am expecting they will return with some IP address “confirming” that I signed up at win4now and that therefore their mail is not spam.

Let me be clear, an IP address is not consent. It may help jog a memory, or remind a user they did sign up. In this case, however, I can categorically say this was not me as I always use tagged addresses to sign up for mail. Furthermore, I am not a UK resident and am not eligible for any benefits of the signup at win4now or the products being marketed by emailinform.

Both of these situations speak to the importance of any group collecting email addresses, for any reason, to incorporate some sort of confirmation into the signup process. While my preference is for positive confirmation (click here if this is you), even the bare minimum of negative confirmation (click here if this is not you) would have made win4now look slightly legitimate. As it is, they do not seem any different from any other spammers collecting email addresses and selling them to all and sundry.

My specific situation also speaks to the importance of being contactable by people. Do not make it hard for your recipients to contact a person inside your organization. These are your customers there is no reason to avoid them. The dodging and weaving looks suspiciously like you are a spammer.

5 Comments

Recent comments

Published
by
laura
16May
in Industry
.

On my followup EEC post Tamara comments

The eec made a really bad and ugly mistake but you can take my word for it that they have learned from it and that it will not happen again. I am not going to blog about this because I really do believe in the value of the EEC and what it brings to the industry. It’s okay to call out a mistake, but do you really need to destroy an organization that is so worthwile?

Just to be clear I had not heard of the EEC before this and when the story broke I blew it off as no big deal, some organization did something stupid and spammed. It was only after I did a little research that I realized this was THE organization that was supposed to be leading the pack in email marketing. They are

[...] a global professional organization that strives to enhance the image of email marketing and communications, while celebrating and actively advocating its critical importance in business, and its ROI value.

And, yet, they send mail that was perceived by many of their recipients as spam. While I have not seen copies of the mail, two posters commented that the mail did not comply with CAN SPAM. One of those said there was no opt-out link. Putting aside any of the permission or relevancy questions, if this is true then it takes it from a bad idea to illegal activity. How does this organization maintain any credibility as a leader in the email marketing space?

As for the negative comments, I fully expect that if Word to the Wise pulled something like this, there would be a lot of negativity and people holding us accountable for our actions. I do not see with the EEC should expect anything different from their base.

There was a funny comment from EEC Member pointing out that the EEC had brought us standardization of the spelling of email.

On my Email non-viable for acquisition post, Josh disagreed. He says

I think saying that “email is not viable for customer acquisition” might be too broad of a statement. I wouldn’t have any problem with “Purchasing lists is not viable for customer acquisition.”

I think his point is well taken. There are places where you buy a mailing, or buy an advertisement and that does drive acquisition as well as sales. I am still wary of using email for acquisition as most of the companies who come to me with that business model mean purchasing lists or co-reg when they say acquisition.

There have been a number of comments about Postini. Jay Levitt had a couple of comments that sum up the frustration that many of us have had with Postini.

I too tried to get a human at Postini. I took three different back-channel routes to get there. They all landed at the same person - apparently the one guy who sends out “we’re not responsible no matter what” form letters to anyone who writes to Postini. He told me, and I can’t make this up:

Postini was scoring my e-mails as “spammy” because Postini had previously scored my e-mails as spammy.

Dennis also commented about Postini:

I was told that if you take a document originally typed on an application such as MS Word and then copy and paste this into the marketing e-mail it gives it funky html code that for some reason gives your e-mail a lower score in Postini.

Cutting and pasting from MS Word has a myriad of problems, not just Postini delivery. One thing I emphasize with my clients is that their email structure must be clean and standards compliant. So many spammers out there are using badly formatted HTML mails, that the ISPs are looking at the technical structure of your email and using that as part of their filtering decisions. This confirmation from Postini only reinforces that.

Have a good weekend, everyone!

0 Comments

Botnets

Published
by
laura
15May
in Industry
.

Terry Zink has been posting articles about botnets as traced by Hotmail. I do not often talk about botnets as they are outside my area of expertise. They are not something I deal with, as no one who uses botnets is welcome as a client here.

My clients and I, however, do have to deal with the fallout from botnets.  Because of botnets, receiver ISPs are extremely suspicious of mail from any IP address that they have not seen mail from previously. Mail from new IPs is, more often than not, a newly infected Windows machine. This results in mail from new IPs not starting with a reputation of zero but starting with a negative reputation.

Botnets are another example of spammers making it more difficult for mailers with permission to use email.

1 Comment

$234M default judgment against spammers

Published
by
laura
14May
in Legal
.

MySpace has won a 234 million dollar judgment against Walt Rines and Sanford Wallace.

“MySpace has zero tolerance for those who attempt to act illegally on our site,” [MySpace Chief Privacy officer] Nigam said in a statement. “We remain committed to punishing those who violate the law and try to harm our members.”

These are two of the spammers responsible for me learning to read headers and report spam. Both of them have previous judgments against them. Wallace sued AOL to force AOL to accept his mail. Eventually the judge ruled against Cyber Promotions and Wallace.

The Court declares that Cyber Promotions, Inc. does not have a right under the First Amendment to the United States Constitution or under the Constitutions of Pennsylvania and Virginia to send unsolicited e-mail advertisements over the Internet to members of American Online, Inc. and, as a result, American Online, Inc. may block any attempts by Cyber Promotions, Inc. to do so.

This case was one of the first to declare that ISPs could block mail and is still cited in spam related cases. (Text of Ruling, AOL page on Cyber Promotions Case)

Walt Rines was less involved in lawsuits with ISPs, but after the demise of Cyber Promotions and his trade group (IEMMC), moved on to infecting PCs with spamware. The FTC put an end to that.

MySpace has now put an end to their account stealing and spamming through social networking sites.

I wonder what way they will discover to dump unwanted advertising on people next?

1 Comment

Followup to EEC spamming

Published
by
laura
13May
in Industry
.

Ken has a followup to his article last week about the EEC spamming.

Multiple e-mails obtained by this newsletter clearly show VIV was prospecting the EEC member list from its servers in violation of the EEC’s own privacy policy. [...] Moreover, one reader sent this newsletter two separate free issues of two different editions of VIV that were spammed into his inbox on two different days. So Mullen’s claim that the effort only involved one issue of the magazine is nonsense.

So let’s recap: That’s at least two issues of the magazine—one of which was sent three times—and at least one standalone prospecting e-mail spammed into the inboxes of the members of an organization ostensibly dedicated to setting standards in the e-mail marketing industry.

I have to admit, I am not hugely surprised that the EEC is behaving this way. The DMA has long been the organization pushing for no limits on spamming. In 2003 I was sitting on a panel with Bob Wientzen at the FTC spam summit where he stated that direct marketers did not want to spam people, they just wanted the opportunity to take a single bite out of the apple. With millions of small businesses in the US, it does not take long before that apple is gone. In my experience the DMA has never been on the side of restraint or control in marketing. They seem to be all about sending more and more advertising at consumers, with the consumers unable to control  either their own personal information or the amount of junk they have to get rid of.

If this seems contrary to my post on the EEC mailing from last week, it is. I was giving the EEC the benefit of the doubt. Taking their statements at face value and giving them the opportunity to use their experience as an example of how not to do things. This week there is even more evidence contradicting their statements and explanations.

I was not the only person to give the EEC the benefit of the doubt. Ken takes a little bit of issue with that.

Does everybody get this now? Because judging by various blog entries last week, it seemed some people were simply chalking up to a learning experience the fact that the EEC handed over its members’ e-mail addresses to a private company—for whom the EEC’s co-chair, Mullen, just happens to be the vice president of marketing—to spam them multiple times with an irrelevant and inappropriate acquisition campaign.
Folks, this is not a teachable moment. Everybody in this industry knows not to pull the nonsense Zinio pulled in cahoots with the EEC—everyone, that is, except apparently the one organization claiming to be dedicated to pointing out sh*t everyone else should and shouldn’t do.

He is right. The EEC is supposed to be a leader in the industry and they should not be pulling these boneheaded moves. They should know the pitfalls and be held to higher standards than the rest of the industry.

8 Comments

Email non-viable for acquisition

Published
by
laura
13May
in Best Practices
.

Chris Marriott over at iMediaConnection talks about all the reasons email is a non-starter as a replacement for direct mail. This is something I have been telling clients for a while now. Chris mentions a number of reasons for why email is not an acquisition tool.

Today, banks can flood your mailbox with all the credit card offers they want, but they can’t flood your email box with the same offers. First, it’s not as easy to get your email address as it is your postal address. Second, even if a business has your email address, you can opt-out of that first prospecting email and be free forever from further offers. For these very important reasons, there is no direct linear progression from mail to email in the marketing world. Email is the most cost-effective retention, cross-sell and loyalty tactic in the universe, but it is not a viable acquisition tool in the way that direct mail is (though some would argue both are equally bad due to the sheer amount of wasted impressions).

The big reason he missed is complaints. It is difficult, if not impossible, to complain about direct mail. Even the opt-outs listed on the circulars do not work. For email, though, complaints are trivial. The ISPs have set up and manage a way for recipients to tell a sender they do not want any mail from that sender. Those complaints feed a scoring engine that allows the ISP to block mail that the recipients mark as spam. This feedback process makes it extremely difficult to use purchased email lists to acquire new customers.

Hat tip: BeRelevant

2 Comments

FTC Rulemaking on CAN SPAM

Published
by
laura
12May
in Legal
.

The FTC announced today they will be publishing clarifications to CAN SPAM in the near future. According to the FTC

The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements; (3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

Once the rules are published, I will be sure to link to them and comment on them here. From the FTC press release, it seems that the rules are reasonably sane and any current mailer following best practices will already be in compliance.

Hat tip: MailChimp

2 Comments

Postini bug

Published
by
laura
09May
in Asides
.

Ben over at MailChimp has an article talking about a recent experience with Postini and an actual bug that causes Postini to interact badly with another spamfilter and block non-spam.

1 Comment