Spamhaus has just released the newest block list to date. The Domain Block List (DBL) is Spamhaus’ newest feature, which allows spam filtering to be taken to a new level. The DBL is essentially constructed using the landing pages in the body of an email, which are based on domains and IP addresses. It is designed to work as a second stage of spam filtering, with the first filtering stage based on sender and source IP addressing information via Spamhaus’ Zen collection of block lists. Using these IP based block lists as the first stage prevents nearly 90% of spam from getting through to the mailbox. If the spam gets through the IP based filter, the spam needs to be further filtered, which is where block lists such as the DBL come into play.

The DBL is based on different domain criteria including the spam senders and sources, but it primarily uses the email landing pages, or the links that are contained within the body of the email message. This way, even if a spammer changes the source or sender IP address, the landing page or hyperlink is still associated with the same domain name or IP address. For years, spam filter software such as SpamAssasin has included URI and domain filters in its rule sets. Blocklists such as the SURBL and URIBL are currently being used with this software.  However, unlike these blocklists, the DBL was designed to work specifically along side the IP address based block lists.

Updating itself every 120 seconds, the DBL system detects and lists spam in real-time. Using an automated system and Spamhaus project team members around the world, the database is maintained 24/7. There is no public interaction involved and no public spam reports will be accepted or processed. Spamhaus uses spam traps and email flow monitoring as their primary method to obtain spam-linked domains. DBL can be used with SpamAssasin 3.3.1, open source spam filter software due to be released in the near future.

The DBL is designed to work in conjunction with IP based blacklists such as Spamhaus Zen. The Zen collection of blocklists is used to filter incoming mail based on IP addressing information, rejecting nearly 90% of traffic. The second stage is where DBL comes in. If mail is able to sneak through using Zen blocklists, more in depth filters are used, which check the message bodies including the domains and IP’s of websites advertised in them. This is done using software, such as SpamAssassin, that scans the message bodies for URI and URLS and testing these against URI blocklists like the DBL, SURBL, and the URIBL. The DBL alone can eradicate between 60 -90% of spam. Remaining spam, after both spam filtration stages, should be reduced to less than 0.5% total, with 0% false positives.

An article posted on Stuff.co.nz by Lois Cairns discusses how the New Zealand government is cracking down on business and individuals who tout the new unsolicited electronic mail laws. The article gave great insight into what the government is dealing with and ways they are changing their practices to better punish offenders. Included in the article were a few helpful hints to make the average consumer less vulnerable to inundated inboxes.

In New Zealand as of September 2007 it has been illegal to send commercial emails or texts without consent from the recipient. Yet the Department of Internal Affairs anti-spam unit has received over 2,000 complaints for unsolicited material in the last twelve months alone.

In the Unsolicited Electronic Messages Act, businesses that send out marketing material, either through email or SMS messaging must include an opt-out option. Though many companies have followed the new law the DIA is still receiving complaints. In the last twelve months alone 143 SMS message complaints and 1841 email complaints have been reported to the DIA.

In the past the DIA has dealt with these complaints through education and persuasion, but with so many recent blatant violations the DIA has turned to different measures. The DIA is hoping that with fines of $500,000 to companies and $200,000 to individuals who continue to send the unsolicited material the offenders will get the “message” and cease their illegal operations.

One way as a consumer to stop the unsolicited content is with pro-active steps to ensure your email address and phone information is not easily accessible. Here are a few tips to help counter act the problem and protect you:

• Only give your email to organizations you know and trust

• Do not put your email on any webpages

• Do not respond to unsolicited email

• Use a filter. Most web mail services and internet service providers already filter out much of the unsolicited mail.

• Be cautious when giving out your cell number or you could receive commercial SMS messages.

• Check terms and conditions before signing up for any contests. Check the privacy and consent policy before giving out personal information. Read the fine print.

Location-based technologies include GPS for mobile devices and new technology in the browsing interface that tracks location using a range of technology including nearby wireless access points and IP address information. A web browser’s geolocation information is associated with HTML 5, the in-draft collection of advancements over current HTML which is being developed by a group called WHATWG. Location-based technologies can be used to target users in terms of location and advertisements through web browsers and applications.

According to the Communications Act of 1934 (yes 1934), the cell phone carriers cannot use the location-based information. However, cell phone companies do not necessarily see location-based information since the information is constrained to the web browser or application on the mobile device. Many applications using location-based technology that benefit the user are being developed and implemented, including social tools such as foursquare. However, the location information associated with these applications could be abused and used for advertisements. According to Guardian, Apple is prohibiting mobile application developers from implementing ads via location information. How closely this is regulated is another story.

According to Clickz, the congressional hearing on February 24th touched on many points, including the main argument that location-based technologies need to be regulated and will be booming this year. During the congressional hearing, it was mentioned by representatives of firms providing location-based data services that ads using the location data for targeting result in higher click-through rates and more revenue. This may be true, but user privacy needs to be taken into consideration. Witnesses at the congressional hearing agreed that location-based mobile data needs to be controlled by privacy legislation.

Essentially, there were no concrete plans for enforcing privacy rules regarding location-based data during the congressional hearing. One solution touched on is providing consumers with a “notice and consent” method. This solution will provide consumers with a clear non-deceptive method of selecting that they will want to give geolocation information. There is no dedicated government body at this time to oversee the compliance of future privacy legislation. However, there has been indications in previous congressional hearings that the FTC could play a crucial role in enforcement.

As the FTC continues its discussions on behavioral marketing and how it relates to privacy, new information regarding flash cookies has been brought to light. In previous discussions, the possibility of requiring consumers to opt-in to allowing marketers to place cookies on their machines has been the topic at hand. It’s fairly well-known that regardless of the ability to opt-in or not, cookies are deletable, all modern browsers have the ability to ‘clear out’ any cookies, cache, or history from your machine.

As usual, technology is one step ahead and marketers have begun to use Flash cookies to target behavior. Flash applications store their information in a separate place than typical web cookies, and asking your browser to ‘delete cookies’ may not get the job done.

Eric Goldman, director of the High Tech Law Institute at Santa Clara University, pointed out that companies’ use of Flash illustrates a longstanding pattern in which technology evolves faster than consumers’ knowledge. The result, he says is a “gap created between what technology can do and what consumers want.” -mediapost

Whenever a site asks me to read their privacy policy before entering my info, my immediate reaction is to just skip it, dismiss it as a waste of time. I also get the feeling that they don’t really want me to read it anyway. I know I am not alone in my thinking as Dennis Dayman, contributing to Deliverability.com, addresses this issue among others in his recent blog, “What Marketers Might Expect in 2010”. So why would I do this? Why would I give out my information without understanding who has the right to see and use it? A number of reasons:

1. Privacy policies are never written for consumers to understand. You almost have to be a lawyer to decipher all the phraseology and then apply it to yourself.

2. They are long. I feel like I have better things to do. I just want to get to the part where I’m looking at what I’d wanted in the first place.

3. They tend to be disorganized. It takes my valuable time to scan through and find the specific part of the policy I’m looking for.

4. They aren’t always current. Some privacy policies aren’t updated along with the new changes. This is misleading and dishonest. This causes consumers to immediately lose trust in the company.

5. Along with not always being updated, when they ARE updated, I am usually made aware of the changes after they have been made. Am I really expected to agree to something that I’ve never even seen? It shouldn’t be assumed that I’ll agree with the changes. Nothing should be assumed concerning consumers.

6. If I have a question about something I don’t understand, it can be difficult to find contact info directing me to the right person who can give me the answers.

7. It’s usually little more than a small link to click on, or fine print at the bottom of the page. I shouldn’t have to look for it. It should be displayed proudly so as to win my confidence in the company.

“…the more data that you need to perform your job of catering your marketing plan to them (the consumers), the more you will have to tell them about how you are going to safeguard and effectively use their information”. Privacy policies are a chance to explain, in no uncertain terms, how consumers’ information will be kept private, and what will be done with this information once received. Trust, loyalty, relevance…these are the words that should be associated with privacy policies.

Privacy policies should be incentives. They are opportunities.

Previously, LashBack highlighted a recent Colorado legislation decision to remove language taxing affiliates. Many other states have considered implementing similar taxes on marketers with state budget deficits looming. The Performance Marketing Association has excellent resources on current legislative processes and participating in grassroots campaigns to stop legislation in specific states. Here’s the status of each state as we know it:

Alabama

Advertising tax legislation has been recommended to the state legislature by Alabama’s Department of Revenue.

California

Last year, the governor issued a press release threatening to veto the budget if the affiliate tax bill was included. However, the bill has been proposed again in 2010, this time with a more positive economic result estimated.

Colorado

Language constituting a state tax on affiliate marketers has been removed from Colorado’s HB1193 Bill, a huge victory for affiliate marketing.

Connecticut

An advertising tax bill was proposed in 2009, but it never came up for debate because it was moved to the foot of the legislative calendar. The bill is not a completely dead issue however, and may come up again in this year’s calendar.

Hawaii

Advertising tax legislation died in committee in 2009 after Hawaii’s governor issued a press release expressing that she would veto the bill.

Illinois

Bill SB3353, which amends the Use Tax Act, the Service Use Tax Act, the Service Occupation Tax Act, and the Retailers’ Occupation Tax Act was introduced in February and has been referred to committee. The legislative calendar in Illinois is year-round.

Maryland

An affiliate tax bill being considered died in committee before it went up for a vote. However, a new bill may be proposed in 2010.

Minnesota

Tax nexus legislation was being written in 2009, but died in committee.

Nevada

The Nevada governor is holding a special session to discuss a large budget deficit and expanding the tax base in the state, but a specific bill has yet to be introduced.

Oklahoma

A bill has been introduced, but has yet to gain serious political support.

Tennessee

Legislation was proposed, but never moved forward.

Virginia

The Senate Finance committee has passed bill SB660 and it will be up for debate in the Senate Tuesday, February 16.

Vermont

A bill has been introduced, but with little political support.

Thus far, state affiliate taxes have successfully passed in New York, Rhode Island and North Carolina with several more states expected to explore similar taxation.

In a post New York “Amazon tax” universe, several states have proposed analogous bills subjecting online marketers to state sales tax. This week, it appears affiliate marketers have emerged unscathed by proposed legislation in Colorado. Previously dubbed the “Amazon tax” in 2008, because of its court challenged effect on Amazon affiliates in New York state, this change in the rules makes an affiliate presence in a particular state sufficient for taxation.

Monday, online marketers in Colorado let out a sigh of relief when a last minute amendment to the state’s HB1193 bill removed language affecting affiliate marketers and changed the focus of the bill solely to the collection of use tax. Campaigning by trade associations and businesses alike helped to protect affiliate marketing jobs in the Centennial State. Prior to the amendment, longtime LashBack client Adperio was featured on Denver’s KDVR News defending the online ad industry’s livelihood. View clip.

Quite a bit of industry buzz has been generated concerning the bill, especially on Twitter trending topic #advertisingtax. Upon hearing news of the bill’s amendment, we sought Adperio Founder and CEO David Asseoff’s perspective, and he had this to say:

“The original version of HB1193 would have devastated Colorado’s affiliate marketing industry, as similar bills have done in other states. I am thrilled that Adperio, working with others in the affiliate marketing industry, implemented a grassroots approach to fighting the bill – from face-to-face meetings with lawmakers to social media outreach – which led to the bill being rewritten and references to affiliates being removed.“

At press time, the newly amended bill, sans affiliate language, was still awaiting approval in the Colorado State Senate. In the meantime, I’ll be publishing a guide for all states mulling over similar bills. A wealth of resources can currently be found on the Performance Marketing Association site.

Let’s face it, the cost of compliance can be expensive. However, there are ways to keep it under control. An article found in Bizmanuals addresses this issue as well as the overall cost of compliance. Essentially, the cost of compliance is determined by the number of procedures written. This includes the cost of improvement, determined by the improvement projects chosen, and the cost of review, which remains relatively fixed year to year. The cost of the entire compliance program, both presently and in the future,  is determined by the cost of scale.

Not only does the design and development phase of a compliance procedure cost money, but the implementation and review phases cost money as well. This includes training, auditing, management review, document control, regular updates, and usage. Writing more procedures costs more money, but it also reduces the risk of compliance issues. The important issue to keep in mind is the balance between the number of procedures written and the conformance to compliance. Financially, writing as few procedures as possible while still  keeping compliance is ideal.

In general, the more procedures written, the more conformance to compliance. However, this is not true in all cases. Companies tend to leave out implementation steps, which increases the companies risk for compliance issues. Usually, this is done on purpose to decrease the cost of implementation. In effect, this causes problems, namely customer complaints, material weaknesses, and quality defects. Therefore, companies should not skip any steps in the implementation phase.

According to the article, the key to controlling compliance costs is starting with a clear, compact scope. This means focusing on the most important issues first. The size or scale of the operation is directly proportional to the amount of risk management, internal controls, and processes to be understood, documented, and controlled. Also, map out core processes with a big systems perspective process map, determined by the certification sought after. Another way to reduce the cost of compliance is to address the areas with the greatest risk of defects first.  Sometimes the process procedures are overtaken by other events within the company, and focus is lost. To avoid this, only write procedures that you know can be implemented fully.

Keeping the cost of compliance in mind, LashBack offers compliance solutions that can allow your company to ultimately conserve on resources. LashBack clients are able to avoid writing costly procedures as well as reduce the time and personnel spent auditing for compliance. For clients concerned with over all compliance, LashBack analysts audit your email messages in accordance with your rule set and the nine requirements of CAN-SPAM. For clients who maintain email lists, LashBack is able to automate seeding through the use of ListMonitor, a product that allows you to segment email offer intelligence by publisher id. The service uses alerts to show you the content and volume of email being sent to each list that your company owns. Ultimately, products and services consumed by companies in the interactive space are designed to either save money or save time. LashBack services are designed to lessen your compliance risks by doing both.

In a recent article from Email Insider, Chad White makes some excellent points regarding often overlooked components to successful email programs. To sum it up, he points out that even if your campaign is profitable, it may not be reaching it’s full potential. He argues that many details are overlooked if the email campaign is simply making money. Things like analyzing metrics (open rates, click rates, unsub rates, complaints, etc), triggered messages that aren’t transactional (birthday, holiday) can help you avoid forgetting about an email once you’ve hit the send button.

It’s true, complacency can lead to cash, but being proactive can lead to even more. Having a good campaign is more than just ‘getting it done’, taking precautions (monitoring can-spam compliance, brand reputation and more) and learning from past campaigns can lead to an even more profitable email experience.

The eec has reported via Twitter that if you register for The Email Evolution Conference using code, “BEST”, you can save $200 off the regular pricing for the conference.
LashBack will be presenting a half day workshop to kick off the conference February 1st entitled, “Stay Compliant and Protect Your Reputation.”  James O’Brien will host the workshop, as four great legal minds weigh in on the state of domestic and international email compliance:

LashBack presents:

Susan Lyon:
Social Messaging Compliance

Frank Ioppolo:
Compliance as an Ad Network

Ivo Ivanov:
EU Email Compliance

Kavon Adli:
US Email Compliance

Join the LashBack team in Miami Beach and learn from many of the foremost experts in email marketing. Other sessions at the three day conference include: Integrating Social Media and Email,  and a full day workshop with ClickZ entitled What’s Working Now in Email. Click here for details.