Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations REGISTER >
No, CAN-SPAM is not a "miserable failure," as was widely misreported by news-deprived media outlets over the holidays. One example of why it isn't is a very powerful, this-means-you message the FTC sent marketers this week. You probably missed it, because what you read in your morning paper largely elided what you need to know.
So in the interest of being fair and balanced, let's take another look at the reality of spam, rather than the show.
The FTC shut down six businesses and froze the assets of five individuals this week. All were behind the sending of sexually explicit spam. The sleaze factor is what made the headlines. What should make all you marketers, affiliates, e-mailers, and business owners sit up and take notice is what was buried several paragraphs down. Of all the individuals named in the suit, only one actually sent any spam.
The others landed in legal hot water because they paid him to do it.
"It's not just people who push the button to send the spam who can be held liable," said Eileen Harrington, associate director of the FTC's Marketing Practices Division.
There's no question the e-mail messages violate CAN-SPAM six ways to Sunday: no adult content label; no advertisement label; no working unsubscribe mechanism; falsely claiming the advertised Web sites were free.
But this is the first time the businesses and individuals who profit from spam got busted. Which makes people like spam attorney Anne P. Mitchell, who helped draft that section of the legislation, jubilant. "It is huge. It gets to the roots of the issue: the people who are paying for [spam]. Eileen Harrington could not have been more clear. She very clearly said people have been hiding behind the people who are sending this out. She made no distinction between the spammer and people who pay this kind of spammer. It's getting whoever's profiting from the misdeed."
Who's profiting? Mostly, agree the experts I spoke with, it's rogue affiliate marketers. "This has to do with holding affiliates accountable," says Mitchell. "Not legitimate affiliates, but people who are running affiliate programs."
Les Seagraves, EarthLink's chief privacy officer, calls them "terrible, layered affiliate programs. To EarthLink, "these are the core of the problem."
Attorney Pete Wellborn, who spearheaded many high-profile ISP v. spammer cases, calls them "dirty affiliates" and rejoices each time their ranks are even slightly diminished.
So take heed, affiliates and people running affiliate programs. You're officially on notice. Behave.
But what about businesses that conduct e-mail marketing without affiliate programs? How should this affect how they handle their lists and select vendors? What if a rogue IT staffer or disgruntled employee hits the spam button? Will they get slapped with federal lawsuits, too?
"There's an element of intent and knowledge," says Mitchell. "It's not going to nip the people who really didn't know in the bud. You had to know that you're giving your e-mail to a spammer. It wouldn't be really hard for someone to do a bit of due diligence on Scott Richter. CAN-SPAM is not a 'gotcha' kind of law."
OptInRealBig's Richter (a.k.a., The Spam King) cropped up frequently in my talks as an example of who marketers should not hire in the wake of the FTC's latest action. "If you hire Scott Richter and he breaks the law, you're responsible," asserts Seagraves. "Businesses have been dealing with hiring others to do marketing for them a long time. There are standard ways to deal with that from a contractual or legal perspective."
Wellborn agrees a business that hires a possible or known spammer to handle its e-mail operations is asking for trouble. He also doesn't think it's the worst idea in the world for e-mail service providers (ESPs) or companies with in-house e-mail or list operations to take formal steps with IT staff or others who can access their databases and servers, such has having them sign a document essentially promising to behave.
Bigfoot Interactive's director of ISP and government relations, Jordan Cohen, agrees it's important to "vet people who can access certain data and have safeguards." And like most of the legitimate ESP community, Cohen embraces this most recent FTC action as good for e-mail -- and good for business.
"The number one takeaway is marketers are turning more and more to outsourced e-mail providers," says Cohen. "It's important for marketers on the brand-name side to look at e-mail [vendors] beyond the terms of how sophisticated their technology platform is. If you're really concerned about your brand, you should be working with a provider with a deep understanding of these legal and regulatory issues."
And that bit about CAN-SPAM being a "miserable failure"? Oh, please.
Every expert I speak with pooh-poohs the notion. In fact, they're unanimous: The 2004 act is a tool. As Wellborn says, "I don't think any reasonable person thought CAN-SPAM was going to eradicate spam in the first place. The more learned and reasonable Internet cognoscenti understood CAN-SPAM was one more bullet in the gun."
And for those of you naive enough to have entertained the notion spam would entirely abate once the law was enacted, consider for a moment laws on the books that proscribe other activities. Murder, for example. Or drugs. Even jaywalking.
Like the above transgressions, spam's not going away. But it is, slowly, coming under control.