This section covers issues involving regulations. Even though they aren’t always fun to follow and keep track of, they are important to the success of your email marketing campaigns.
How the History of Email and Spam Affects Your Campaigns Today
Some will roll their eyes in contempt of studying the history of email marketing. Do so at the peril of your campaigns and your company’s bank balance. If that seems dramatic, you might look at some of the regulations that are now in place to curtail historical practices. When your outbound emails get caught in filters or end up in spam folders, knowing your history will help you to understand why. Knowing why will help you stay in the spirit of new laws and regulations. Also, knowing the bad practices will help you to avoid the appearance of evil in your email marketing processes.
The term spam in its earliest days referred to unwanted posts in newsgroups but later grew to be almost entirely associated with unsolicited emails. When you are aware of how spammers work, you can avoid the appearance of evil in your own campaigns.
How Spammers and Bad Actors Work and How to Avoid Looking Like Them
Let’s start with just a few examples of how spammers have shaped the practice, whether we like it or not.
- Email harvesting: This is a method of building email lists by deploying crawlers or bots that scan public or private content to extract email addresses.
- Spoofing through open relays: Essentially sending email under a sender domain or address that is unauthorized, falsified, or doesn’t belong to the sender.
- Subject content disagreement: Sending an email with a misleading subject line to lure recipients into opening/reading the email.
- Burning a domain to test a list: A spammer will buy or use a temporary sending domain to send an email to a large list just to see which ones bounce, or who clicks, thus verifying the list without damage to the primary domain.
- Using a single image for content: A spammer will send a message with the content in a single image to circumvent filters for certain text words. Filters are now catching these, but you need to know that it was a spam technique.
A reputable marketer doesn’t want to be associated with any of these, but some bad actors can spoil the reputation of the entire industry, and when the masses complain, elected officials listen and do their best to appease their constituents. Committee‐built regulations often come with misapplied rules, but once established as law, we must protect our practice, company, clients, and reputation by staying in compliance with all parts of the regulations that apply.
Government Rules and Regulations
As a result of complaints from the masses, elected officials and industry associations have made efforts to enact regulations to control the abuse of email as a marketing channel. The resulting rules range from reasonable to ridiculous, from vague to concise, and they sometimes conflict with each other and even themselves. Nonetheless, marketers must know the rules and regulations for each region where their emails may be received and comply with those regulations to protect their company, campaigns, and brand reputation.
The teeth are sharp when a government chooses to enforce these regulations. Marketers outside the United States should note that for large offenses, U.S. courts have shown a willingness to bring foreign defendants within their jurisdiction.
In the 2008 case of Facebook, Inc. v. Guerbuez, U.S.‐based Facebook successfully sued Montreal‐based spammer Adam Guerbuez in a California court for contravening the provisions of CAN‐SPAM and then successfully sought to enforce the $873 million judgment it was awarded in the United States in a Canadian court (in the province of Quebec). In her September 28, 2010, ruling, Quebec Judge Lucie Fournier ordered Guerbuez to pay $100 U.S. in damages and $100 U.S. in punitive damages for each of the 4,366,386 spam messages he sent to Facebook users in 2008. That’s $873 million in fines at $200 per message, but violators of U.S. CAN‐SPAM regulations can face up to $16,000 per message that is in violation. So for reputable marketers, the chances are currently low that a simple mistake in your campaign would result in a court order of that magnitude. Currently, the resources are in place to prosecute only the most egregious offenses. But why put your company or clients at risk at all? Know the regulations and comply with them. It’s responsible marketing at minimum. Here are some overviews of the more prominent regulations.
United States The United States has the CAN‐SPAM Act. This is called the Controlling the Assault of Non‐Solicited Pornography and Marketing Act of 2003. The CAN‐SPAM act covers commercial email messages where the primary purpose is advertising or promotion of a commercial product or service. It’s not going to cover an email between you and your relatives or private emails. If you’re trying to influence someone to engage for future business, your email falls into the category of commercial email.
Senders who violate the CAN‐SPAM Act can face fines up to $16,000 per message that is in violation, and there have been prosecutions of guilty verdicts since the act went into place. So, marketers need to know the key areas for CAN‐SPAM compliance.
Opt‐In, Opt‐Out Oddly enough, at the time of this writing, the CAN‐SPAM Act doesn’t require an opt‐in. And it doesn’t prohibit the sending of direct marketing email messages without permission until the recipient explicitly requests that they stop, usually via an opt‐out. While it may not be a good practice to send unsolicited email, it is not specifically prohibited by the CAN‐SPAM Act until somebody says “Stop,” and the opt‐out needs to be a service or an easy event for the recipient to opt‐out of commercial email in the United States.
Unsubscribe or Opt‐Out More explicitly, each email message must include opt‐out instructions, and subscribers can’t be required to pay to unsubscribe or to provide information other than their email address and opt‐out preferences. Also, they can’t be required to take any steps other than sending a reply email message or a visit to a single web page to opt out of receiving future email from a sender. In short, marketers must make it easy. You will only anger your recipients if you require a password to unsubscribe (that’s one of my pet peeves). The sender must honor the opt‐out request within 10 days.
Identity The CAN‐SPAM Act covers identity rules as well. It prohibits falsifying information in the email header: your from, to, reply‐to, and routing information, including the originating domain, the email address, have to be accurate and identify the person or business who initiated the message.
More Bad Practices Also prohibited are open relay abuses using multiple sending email addresses, address harvesting, dictionary attacks, and a number of other ways of sending spam where fraud is involved. I can’t imagine any OMCP or OMCA using any of those, but what you do need to know is that the email subject line cannot mislead the recipient about the content or the subject matter of the message.
Subject Line Must Correlate Now this was largely enacted to stop porn purveyors from misleading recipients into looking at an innocent email that contained offensive images. But it applies to marketers across the board. So let’s make an example. You could not use an email subject line that says, “Your child’s insurance policy,” and then try to sell vacation timeshares in the body of the message. Those two are clearly unrelated and should not be combined because it misleads a recipient into opening an email under false pretenses.
Identification Including a valid physical postal address in a commercial email is required in the United States under the CAN‐SPAM regulations. It is acceptable to use a post office box address. Typically the physical addresses appear in the footer or at the end of the email so they don’t distract from the primary message. If the address is in there and is readable, you’re likely in compliance as far as including a physical postal address.
The United States also requires identification that the message is an advertisement or solicitation. Now, even the U.S. government admits that there are no set guidelines for this. So, for now, OMCP is monitoring this. It’s not part of the exam or the standard until a generally accepted practice evolves.
Liability Also note that the business behind the email is liable for a lack of compliance by U.S. standards. So, even if there’s an agency or a third‐party sending out on behalf of the business behind the message, it does not absolve responsibility. In fact, both the company whose product or services are promoted in the email as well as the company that actually sent the message can be held legally responsible for violations under CAN‐SPAM. That is important for you to know in order to protect your company and clients, and it is on the OMCP and OMCA exams.
Canada, the European Union, and Other Regional Regulations Now, let’s look at Canada, the European Union, and other countries’ regulations.
Canada has the CASL, the Canadian Anti‐Spam Legislation. And some of Europe has the EU opt‐in directive. The two differ from each other as to coverage on nonprofit, political, and charity messages, but both are largely inclusive of the U.S. regulations and then, and this is important, are much, much stricter than the U.S. regulations in obtaining explicit prior consent before sending commercial email to recipients.
The CASL and the EU opt‐in directives prohibit sending any commercial email messages unless the recipients have given express prior consent. So where the U.S. CAN‐SPAM is lax and you can send unsolicited email, when you’re targeting areas covered by the EU opt‐in directive, or addresses in Canada, you cannot.
Now, transactional email content must stick to the product or services that are part of the transaction, and the recipient must, again, give explicit permission to receive other types of email. So, for example, if a recipient bought your company’s pretzel making machine, you can continue to send transactional emails about the pretzel making machine. But if you really want to send them something that sells a system to make spun cotton candy, well, then you would have to receive explicit permission to start sending them promotional emails about a different product.
When sending to addresses in Europe, senders need to state their company details on every electronic business communication sent from the organization, and it should include the full name of the company in its legal form, the place of registration of the company, the registration number, the address of the registered office, the VAT number, and a valid return address. So, again, the regulations are a little bit more strict when sending to those regions, and something marketers should know. Now, the commonalities and the safest route is to get explicit agreement from your audience to receive promotional or informational email. One of the safest routes to do this is what is called the double opt‐in.
Double Opt‐In: The Safest Route A double opt‐in typically consists of a second action on the part of email recipients confirming that they want to continue receiving the emails that promote your products or services.
So the sequence looks like this: Jeff fills out a form on your website to get a whitepaper. Jeff gets the whitepaper, but also gets an email that requests his confirmation that he wants to receive a monthly newsletter from your company. So to confirm, Jeff clicks a link in the confirmation email and his consent is recorded in your email systems. Jeff has supplied explicit confirmation.
Double opt‐in, as we’ve just described here, aligns with the current email regulations that we are seeing in the United States, Canada, and the EU opt‐in directives. The rules can change any time. The EU directive does not cover all European countries so, again, responsible marketers need to watch for changes in the regulations in countries where they are going to send email.
Other Regulations That Overlap with and Affect Email Marketing
Other regulations will certainly affect how you may collect, store, protect, delete, and use data in your marketing efforts. Consider and track India’s Personal Data Protection (PDP), China’s Consumer Rights Protection Law (CRPL), and the Measures for the Administration of Internet Email Services that govern email marketing in China. Individual states in the United States are enforcing regulations, such as the California Consumer Privacy Act (CCPA) as well as Virginia’s HB 2307 Consumer Data Protection Act. These are representative of the laws being adopted around the country. If your emails could land in an inbox in these regions, you must know and comply with each of these regulations. At the time of writing, some countries don’t yet have comprehensive regulations in place, but most are headed in that direction. The tough truth is that it is your responsibility to stay up‐to‐date on the regulations and consumer privacy laws for the areas where you’re sending your emails. A marketing email professional will stay up to date by scanning for current laws and regulations for each target region. Your ESP can be a great place to start.
Leave a Reply