Even with good policies and procedures in place, the Yesmail case further points to the need for ongoing and frequent review of systems and procedures in order to ensure compliance and to provide early warning of problems.

Recent Security Articles
Automated Patching Helping Zero-Day Exploits

Our Phishing Filter is Better Than Yours!

How Insecure Do You Think You Are?

The Rise of Patch Vigilantism

FREE Tech Newsletters

Had @Once audited its e-mail reply processing systems, for example, it’s unclear whether it would have noticed the disappearing requests. But a careful review of the mail systems might have alerted an observant auditor that those messages were being processed through an anti-spam filtering system.

Most anti-spam experts will tell you that it’s an especially bad idea to filter administrative messages, such as spam complaints and unsubscribe requests, through anti-spam filters, even the best of which are prone to “false positives.” When there’s a possibility that such false positives could translate into thousands of dollars in FTC fines and compliance costs, weighing the pros and cons of spam filtering in that circumstance is a no-brainer.

In the end it seems that Yesmail wasn’t setting out to violate the CAN-SPAM Act. Indeed, they seem to have been the unwitting victim of screwed-up mail configuration. These circumstances are undoubtedly why the FTC’s fine was a fraction of what it could have been – they could have earned an $11,000 fine for each ignored email! – and why the FTC also reduced its “probationary” period of oversight from the standard 20 years to a mere five years.

Yet this case provides an excellent cautionary tale for any company with the awareness to heed its warning. Will your company be the next to stumble into the FTC’s crosshairs? The time to review your CAN-SPAM compliance strategies and audit processes is now!