The financial pitfalls of unwittingly sending spam

Posted by Peter Labrow on 28 March 2009

What exactly is spam? Not your e-mailers, surely? If you’re sending e-mails to a list where people didn’t opt in, or the e-mails don’t include key information, you could be in for a hefty fine.

Although many companies know that ‘some kind’ of anti-spam legislation exists, not only are they often unclear about what it entails, but frequently think that it’s toothless. After all, it’s just e-mail, what’s the worst that can happen? Are the spam police driving up and down the streets with detector vans? How will anyone find out? And if they do, what’s going to happen? Some kind of slapped wrist from the Advertising Standards Authority?

The truth is that many countries now have effective legislation against spam – the USA most notably with its CAN-SPAM Act (actually called Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003) and the EU’s (admittedly weaker) Privacy and Electronic Communications Regulations Directive. These make it a criminal offence to send unsolicited mail (or even solicited mail that doesn’t include specific information, such as how to opt out of a list) – which can result in a fine.

Our view is that companies shouldn’t have to wait for legislation to tell them to do the right thing. There’s really nothing in the USA’s stricter CAN-SPAM Act that’s hard to implement or is unreasonable, therefore we tend to advise clients to adhere to that. In any event, e-mail is a global communications tool – and you may not have full control over where your e-mails go – so it’s worth taking the stricter view.

For most of the campaigns we run for our clients, we now use MailChimp, which is a fantastic service. Setting aside that it helps you make sure your designs will render well in most e-mail clients, one of things that I really like about MailChimp is how it pretty much forces companies to adhere not only to the law, but also best practice. For example, when you open a MailChimp account, one of their people will vet your list and website before you’re allowed to send a campaign, to make sure you’re not sending spam. It does cause a slight delay, but the people there are very responsive and it’s usually not more than a few hours. Also, their templates are set up to prompt you to add in information needed to comply with the CAN-SPAM Act, such as a way to unsubscribe from your mailing list.

Another reason I love MailChimp is that they provide lots of tools for e-mail marketing. I came across an interesting document a few weeks ago, which I thought was worth sharing – and MailChimp, being crewed by good-natured people, is fine with the information being distributed.

The full details are in this PDF, Spam Lawsuits, but it’s worth looking at a few of the cases.

In the USA, the CAN-SPAM Act has been used to great effect already, with some very well-known companies having to pay out not inconsiderable fines. These include:

• Kodak Imaging Network (formally Ofoto Inc) being fined $26,000 for failing to provide a way to opt out of the mailing list, and failing to provide a physical postal address.
• Ice.com were fined $6,500 for sending e-mails to people who had specifically requested not to receive them.
• Jumpstart Technologies were fined $900,000 (ouch!) for ‘using personal messages as a cover-up for commercial messages’ by using deceptive subject lines.
• Here’s an interesting one: YesMail did have an unsubscribe feature, but their own spam filters blocked the incoming unsubscribe requests, so they didn’t get the e-mails. This proved to be an inadequate defence and they were fined $50,717.

The list goes on, and it’s very much worth reading the full document.

The bottom line is that it doesn’t pay to avoid best practice. It only takes a little effort to put processes in place that will protect your business. But it’s not all about potential litigation. This is marketing! We want to be building relationships, not bombarding unwilling recipients. The CAN-SPAM Act requires a physical address to be on the e-mail and a means to unsubscribe, for example. I’d argue that you want these on not only to meet legislation but also to be a better company to deal with, a company with ethics – and from a practical perspective, one that keeps the list clean, so you’re not mailing people who don’t care about your products or services.

The key parts of the CAN-SPAM Act (which we also recommend UK clients adhere to) are:

• E-mails need a visible and operable unsubscribe mechanism.
• Opt-out requests are actioned within 10 days.
• Opt-out lists are only used for compliance purposes, not to market to.
• E-mails should have accurate ‘from lines’ – no misrepresentation of who the e-mail is from.
• Subject lines which are relevant to the body of the e-mail and are not deceptive.
• A legitimate physical address of the company sending the e-mail (the ‘advertiser’).
• Clear labelling if the content is adult – preferably in the subject line, so the mail does not need to be opened to see it.
• An e-mail can’t be sent through an open relay (misusing someone else’s mail server).
• A message cannot be sent to a ‘harvested’ e-mail address (that’s one pulled from the Internet or any other source without the e-mail owner’s consent).
• A message cannot contain a false header (the header is a hidden part of an e-mail which shows where it came from) – this is seen as a serious violation with criminal intent.

There are some exceptions – religious or political messages for instance, or national security messages – but in any event, it’s still worth complying with the act as far as possible.

Yes, this is USA legislation, but it’s all reasonable stuff, and a better set of guidelines for marketeers to work to than the current EU directive. If you’re going to do it, do it right, people.

I’ll tell you what. If you want to send e-mails to a list you bought and don’t want to have your company’s contact details on it, I don’t want you as a customer.

Comments

1 comment · add a comment · this blog is moderated

Labrow Marketing takes no responsibility for any comments below, as these do not necessarily represent our views.

On 30 March 2009, Peter Clements said:

On recent CRM projects I have been concerned about clients who wish to use e-mail IDs which have been gathered as part of the normal commercial process. So, for example, a confirmation e-mail is sent as part of the order process. Do these IDs count as 'opted in' clients? I tend to advise clients that the appropriate method is 'opt in' rather than 'opt out'. Interested in thoughts on this. Peter C.