Spam Bust: The Lessons of Yesmail
Is your company violating spam laws like Yesmail did? Even an unwitting violation can result in a fine.
According to the FTCs complaint, Yesmails recently acquired business unit, called @Once, failed to abide by the CAN-SPAM Acts requirements for processing unsubscribe requests in a timely fashion.
What was the reason @Once failed to honor the opt-out requests? In a deliciously ironic twist, it turns out the companys own spam filters blocked the requests!
|Recent Security Articles|
Automated Patching Helping Zero-Day Exploits
Our Phishing Filter is Better Than Yours!
How Insecure Do You Think You Are?
The Rise of Patch Vigilantism
Hard to Get Caught
The fact that the FTC caught anybody violating the CAN-SPAM Act is a minor miracle.
When CAN-SPAM was enacted in 2004, it was touted by its congressional supporters as relief for the millions of consumers inundated by unwanted email.
But as I noted in an op-ed piece at the time, theres a reason why the law wasnt called the Cant Spam Act: the laws requirements served as little more than a roadmap for how spammers could keep sending millions of emails while avoiding legal liability.
Among the various dos and donts for spammers who wanted the veneer of legality: Do put your companys contact information in the body of the advertisement. Dont use a bogus return address. Do give recipients a mechanism for opting out of future messages. Dont take longer than ten days to process those opt-out requests.
So in a world where even a billion copies of the most annoying Viagra spam can be made legal by simply adhering to those simple requirements, its hard to believe that @Once screwed it up. And its even harder to believe that the FTC was there to catch it!
Yet according to the FTCs complaint, when FTC investigators hit reply and asked to be removed from @Onces mailing lists, the spam filtering software identified the incoming requests as spam, preventing them from being delivered to the automated removal process.
A source close to the situation told one newspaper that it took between three and four months before @Once realized that some of the reply emails were going astray and not being processed. By the time the problem was discovered, however, the FTC was already poised to spring into action two years later!
Yesmail, which acquired @Once in 2005, was ordered to pay a relatively paltry civil fine of $50,717. However, the FTC will closely scrutinize the company for the next five years, resulting in attorney fees and other costs that will probably exceed that amount many times over.
Lessons of Yesmails Pain
As more and more companies begin exploring more aggressive e-mail marketing campaigns and an increasing number of companies begin bringing their email marketing activities in-house there are good lessons to take from the Yesmail case.
First and foremost, any company who wishes to do their own e-mail marketing needs to be fully conversant in the requirements of the CAN-SPAM Act. As I have noted, the requirements arent particularly onerous. Yet as the Yesmail case makes clear, its also not too difficult to run afoul of them.
Having a corporate privacy officer in place to oversee the creation and implementation of sound compliance policies is one vital way to make sure that your company is on top of these issues. Most major corporations, and certainly most reputable Internet marketing companies, have privacy officers already on the job. But for an increasing number of companies who are trying to bring more of their marketing activities in-house, the need for a privacy officer may not be fully appreciated.
Next page: Even with policies in place...