Modernizing Authentication — What It Takes to Transform Secure Access
The act, which became federal law on January 1 of this year, is far from complete. The FTC must recommend to Congress how numerous aspects of the law should be shaped going forward. It wants to do so with your help.
The FTC staff attorneys who are overseeing this initiative discussed the public comment procedure at length with me over a recent lunch. Michael Goodman, the point man on the FTC taskforce, stresses two points.
First, he wants well-considered commentary. He doesn't want to hear why an aspect of the law is bad (or good) for you or your business. He wants proposals that consider the effects on everyone along the up- and downstream flow of e-mail sending and receiving.
Second, the FTC really does want to hear from you -- now. Goodman's most recent project was heading the taskforce that oversaw the Do-Not-Call legislation, which all but put telemarketers out of business. He's still amazed how few telemarketers took advantage of the opportunity to shape legislation. Let that be a lesson to all you e-mail marketers.
FTC information regarding specifically what input is sought and how to submit it is here. Don't be intimidated, by the way. Most feedback can be submitted via an online survey. You needn't write a legal treatise!
We want to know what you think, as always. Only just this once, don't tell only us what you think. Please share your thoughts with the FTC, too. Following are a few of the suggestions I plan to submit, along with links to the relevant sections of the federal register notice.
Transactional or relationship messages are exempt from the act's provisions. Should the definition of such messages be modified?
Yes. Add "affirmative consent" (i.e. opt-in) newsletters to this category. It keeps with the spirit of the law ("CAN-SPAM" is, after all, an acronym for controlling the assault of non-solicited pornography and marketing act) and rewards good behavior. It also exempts opt-in newsletters from one of CAN-SPAM's stickiest wickets: Does an advertiser in an ad-supported newsletter count as a "sender," and is a newsletter in violation of the law if a subscriber opts out of mailings from a specific advertiser but not the newsletter itself?
Are 10 business days sufficient to honor an opt-out request?
The commission may designate additional "aggravated violations" of the act.
My suggested additions:
- Text and/or graphics in a subject line or message body with no purpose other than to facilitate delivery in a deceitful or duplicitous manner. Examples include white-on-white (i.e., invisible) text and gobbledygook copy intended to bypass Bayesian filters.
- Online opt-out requests that trigger or result in browsers being hijacked by explosions of pop-up windows and other forms of excessive and intrusive unsolicited advertising.
- The subscribing or furnishing of third-party e-mail addresses to commercial mailers without that party's knowledge or consent. If that process is automated, it should be considered an aggravated violation.
Should commercial e-mail senders induce recipients to forward to a friend (and potentially no longer be considered the sender)?
Forward-to-a-friend campaigns should be acceptable, providing there is no material inducement or incentive to do so. Increasing the original recipient's chances of winning a prize or assigning a bounty to the number of messages forwarded encourages indiscriminate forwarding and a subsequent increase in the volume of unwanted e-mail.
Can several entities be considered senders, and is the e-mail in violation if the recipient has opted out of messages from an advertiser or sponsor in the message?
If the recipient opted in to receive e-mail from the primary sender, subsequent advertisers or sponsors should be accorded non-sender status. This includes newsletter advertisers, conference sponsors, and retailers advertising multiple products (e.g., an Amazon.com mailing promoting three brands of TVs).
If the message is not opt-in, more complex, multiple-sender regulations should apply. This would encourage marketers to send desired, targeted mailings, to responsibly segment their lists and to work with reputable e-mail vendors. The end effect could be a reduction in unsolicited e-mail volume.
Should a Do-Not-E-Mail registry be established?
FTC Chairman Timothy Muris is dead on in his assessment a do-not-e-mail registry is an ill-conceived idea. The challenge is to educate a public overwhelmingly in favor of the idea that what works stunningly well for telemarketing cannot translate to this channel. Comments on this one issue are due March 31, earlier than the April 12 deadline for all other commentary.
Should commercial e-mail be labeled?
Again, opt-in ("affirmative consent," in legal-speak) should set the benchmark. If only unsolicited messages are subject to labeling requirements (adding abbreviations such as "ADV" or "ADULT" to subject lines), senders would again be forced to segment their lists. Meanwhile, consumers and ISPs could much more easily filter unsolicited messages. In theory, everyone wins. Except spammers.
In the effort to protect consumers and minors from receiving and viewing pornographic e-mail, compliance is the wild card. What else is new? But if unsolicited messages were prohibited from containing adult content and images, were labeled "adult" in the subject line, and required click-through with an explicit "18 and over" notice to view the content, a legal guideline would at least be in place.
What should the criteria be for determining if the primary purpose of a message is commercial?
The commission presents a number of scenarios that blur the lines between purely commercial intent and other messaging, including ad-supported newsletters and a commercial organization that promotes its involvement in a charity.
Since CAN-SPAM was enacted, commercial e-mail in non-commercial clothing has abounded. Messages from bogus institutes (click to buy snake oil) or joke-of-the-day newsletters (click and they'll try to sell you a mortgage) are proliferating. Meanwhile, my credit card statement -- which I need and my provider is legally obligated to deliver -- could be considered commercial if there's an ad or promotion at the bottom of the message. Well, they stuff paper bills with garbage, too.
I may sound like a broken record here, but let affirmative consent prevail. If the sender is a commercial entity and the recipient didn't request the message, then the primary purpose of the message is commercial, unless it can be defined as a transactional or relationship message.
Offer other considerations for rulemaking.
Issue record-keeping requirements, please. Commercial and bulk e-mailers should be required to maintain records of date, time, IP address, and e-mail address of every opt-in and -out to their lists. These are simple and inexpensive to maintain. Even the smallest business can keep e-mail files that contain extended header information. Such records would protect mailers if legal, consumer, or ISP challenges arise regarding the legitimacy of their e-mail practices.
That's all space allows. My comments on the Act are based on my own experience and expertise in marketing and publishing; a conviction that opt-in should be at the root of all interactive marketing; and good behavior should be both encouraged and rewarded.
Now, it's your move.
Want more e-mail marketing information? ClickZ E-Mail Reference is an archive of all our e-mail columns, organized by topic.