Answer: LashBack!

TRUSTe today announced the first independent certification program that reassures consumers that they won’t be subjected to spam when they submit their email address online. The program allows certified e-mail senders to display a verifiable seal confirming that their e-mail practices conform to strict privacy and fair practices. Spam, commonly acknowledged as consumers’ top online privacy-related concern, adversely affects companies by limiting the effectiveness of legitimate, requested e-mail communication and inhibiting consumers’ willingness to participate in e-commerce.

Through this program, TRUSTe affirms, with a seal stating “We Don’t Spam,” that the e-mail reputation and practices of the company have been thoroughly reviewed and have met strict standards that eliminate the threat of unwanted email from the seal holder. The seal is to be placed on the website where the seal holder collects e-mail addresses and related personal information. TRUSTe monitors sealholder email performance with a proprietary list seeding system and a consumer complaint mechanism to flag investigation. This program, by raising consumer trust in data collection practices, will help companies increase online customer registration rates. In a pre-release trial, one company found a seven-percent increase in registrations when using the seal.

“A survey last month found that two-thirds of Internet shoppers decided not to register with a website because the privacy policy was too complicated or unclear. This marks a difficult and worsening situation for businesses that rely on trusted digital communication,” said Fran Maier, executive director and president, TRUSTe. “Companies need a way to declare simply, clearly and believably ‘we don’t spam.’ Our seal lets them say that with confidence and consumers now can trust they won’t be receiving unwanted email from these companies.”

The seal program was created with technical and financial support from DoubleClick and Return Path. TRUSTe provides certification, monitoring and oversight for ReturnPath’s Bonded Sender Program.
“Solid permission-based policies and practices are critical to both email deliverability and email acquisition improvements,” said Matt Blumberg, president and CEO of Return Path. “To combat spam, companies need to differentiate themselves by having a stellar email reputation. With TRUSTe‘s position as the leading consumer privacy advocate, this ‘no spam’ accreditation program will help companies boost email acquisition rates by proving they are one of the good guys in email.”
"The TRUSTe Email Privacy Seal plainly demonstrates the integrity of our email policies. We increased registrations by more than 7% with the seal, and helped boost our overall email campaign metrics," said Ian Harrison, vice president of business development, AskMen.com. “The Email Privacy Seal helps consumers make a comfortable and informed choice to hear from us on an ongoing basis.”
“While we have always said that the spam problem could only be solved by a combination of legislation, industry self-regulation, technology and consumer education, until now consumer education has not been a focal point in the industry,” said Ken Takahashi, vice president of strategic partnerships for DoubleClick. “This seal brings consumer education front and center by bringing clarity and trust to the critical opt-in process.”

Participants in this seal program must meet the following requirements:

  • Prior consent standard for commercial email
     o At a minimum, pre-selected option for house files
     o Opt-in for 3rd party mailings
  • No 3rd party sharing without explicit permission
  • Clear and conspicuous notice describing use
  • Easy to use, responsive, persistent unsubscribe
  • Privacy statement fully disclosing email practices
  • Willingness to participate in dispute resolution and ongoing monitoring

If you’re interested in receiving more information on this program visit Return Path or TRUSTe.

Today I had the opportunity to participate in a call with the FTC to review the effectiveness of the CAN SPAM Act.  Per the ACT, the FTC must provide a report to Congress on the effectiveness of the ACT by the end of the year, as per Sections 10a and 10b of the Act.

I was definitely honored to be on the call and garnered quite a bit of insight from the other participants.  Below I have summarized some of the thoughts that I took away (with my opinions interjected, of course):

HIGH LEVEL SUMMARY
The CAN SPAM Act has not impacted spam, since there has been very little enforcement.  The FTC needs additional funding from Congress to support the ACT.  If additional funding cannot be provided then the right to private action under the ACT should be made available (outside of just ISPs).

ADDITIONAL TOPICS
What impact does or will technological advancement have on CAN SPAM effectiveness and enforcement?

1. RSS
   Many thought RSS technology would alter the future of email marketing and may reduce or eliminate email advertisements.  Personally, I disagree and feel there will always be email marketing.  Email marketing reaches consumers on a personal level and will always have advantages over a technology such as RSS.
2. Authentication
   There seemed to be mixed emotions on the impact authentication will have on CAN SPAM effectiveness and enforcement.  There was some disagreement about what the best standard was and what impact, if any, authentication would have.  Despite differing opinions, no one saw authentication as a stand alone solution.  I’d have to agree with this assessment.
3. Spam Filters
   It was largely agreed that consumers see spam as being less of a problem.  It was stipulated that the problem has not been reduced, but filters have just become more aggressive.  I tend to agree.   The more stuff you shove into the spam folder, even if it may not belong there, the less of a problem spam becomes.   This does nothing to help the reliability of email as a whole, of course.

What actions can be taken against spam originating for International organizations?
It was generally agreed that the biggest spam problem comes from the US and the FTC and Congress should do its job at home before even considering the problems originating from other countries.  I completely agree.

Are children being protected from pornographic material?
One individual said they have never once seen porn labeled with the required sexually explicit tag. I personally had seen a couple cases, but very few.  Ironically, after the call I went through my spam folder and saw plenty of recent examples of its usage.  Perhaps a message was sent with the FTC’s recent crackdown on this issue?

OTHER DISCUSSION ITEMS
Harvesting
One participant claims that 90% of all spam is due to harvesting.  I do not have any evidence to support or reject this claim, but I wouldn’t be too surprised.

Unsubscribe
Naturally, I chimed in on this one and stated that taking someone else’s suppression list and sending to it must be illegal under the ACT.  I also indicated that there was too much ambiguity in what constitutes a clear opt-out mechanism.  Finally, I indicated disappointment in the level of prosecution here. 

At the end of the day, I am not sure how much of what was said will impact the future of CAN SPAM.  But it sure was nice to be a part of the process.

The anti-spam startup, BlueSecurity has just gone public with their plans to create a network that “punishes” spammers that fail to honor unsubscribe requests of their clients by initiating a distributed data stream of complaints that overwhelm the server of the site that supports the product advertised within the spam message. 

This bold and controversial approach has sparked some heated debate within the anti-spam community.  The AP quoted John Levine, a board member with the Coalition Against Unsolicited Commercial Email as saying “It’s the worst kind of vigilante approach” and “Deliberate attacks against people’s web sites are illegal”. 

In my opinion this approach might be worth a shot.  In fact, this plan is strikingly similar to one we envisioned and then quickly abandoned when we originally started LashBack (hence the name) several years ago.  We decided to focus on unsubscribe (good decision) to avoid legal concerns, but part of me has always wanted to see someone execute on this idea to see if it could really work. 

So good luck to you BlueSecurity!  I hope you’re able to make a difference.

Unfortunately, LashBack was not able to attend the Email Authentication Summit this July.  Fortunately, many of the sessions of the Summit were recorded and made public through webcast at http://www.emailauthentication.org.   I encourage you to check them out.

More than 500 people attended this event and there seemed to be true momentum around email authentication. 

Now that authentication is starting to take hold, reputation systems will become a critical component of email.  However, after listening to some great input from the gurus at Yahoo! and Microsoft, I can’t help be a little concerned about the future of reputation systems.

The problem with today’s system of filtering is simple – everyone is doing their own thing based on their own silos of information.  A particular sender is delivered by some ISPs or filter companies, but may not be delivered to others.  This creates nightmares for advertisers and senders, since it is an ongoing battle to ensure universal deliverability.  It is also a problem for consumers, since email is not predictably delivered. 

In an ideal reputation model, multiple measures of a sender’s reputation are fed into a central data pool and shared freely with the world of receivers.  Most people relate this to a credit bureau, which seems to be a fitting analogy.  In this model, all receivers look to this data pool and make decisions about whether a particular sender deserves deliverability.   The final delivery decision rests with the actual receiver and can be customized to the type of customers the receiver has.  But it is critical for reputation that the centralized data used for making the decision is relied upon in a fairly universal manner, since this creates a reliable experience for both sides of the email equation.

The good news is that there are organizations that are starting to create centralized reputation systems.  Organizations such as Return Path, Habeas, Goodmail and others are pulling together measures about senders and formulating a centralized picture of a sender’s reputation.

The concerning thing to me, especially after checking out the webcasts from the Email Authentication Summit, is the willingness of the big ISPs to play their part.  Yahoo!, AOL, Microsoft, Google, Earthlink and a handful of other ISPs make up approximately 50% of all email received in the US.  With so much disagreement between these major players on an authentication method, I can only wonder what hurdles reputation has coming.

I do not question that these ISPs will do their part in feeding some relevant data to the reputation companies coming online.  My concern is that these ISPs will hold back important measures of reputation.  And even worse, continue to rely heavily on their internal secret recipe for spam filtration.

If large ISPs continue to maintain and rely upon their own internal reputation silos, reputation as a whole will be undermined.  Sure, centralized reputation systems will come online and this will help create a more universal experience in deliverability.  But I suspect deliverability might still be a crap shoot, putting us right back where we started.

In early June 2005, LashBack in conjunction with our partner UnsubCentral, released press detailing some advertisers who had their suppression lists misused (http://www.wired.com/news/culture/0,1284,67709,00.html?tw=wn_tophead_5).  Orginally, we wanted the tone of this press to directly state that these organizations violated CAN SPAM, but had to take a lighter position due to threat of lawsuits.  In retrospect, I am glad we took a more relaxed position, since I am still not sure what CAN SPAM really says in this case (I am not sure the FTC really knows either).

A few of the advertisers we mentioned in the article have been really cooperative, and I believe are taking the correct steps to become better in unsubscribe compliance.  However, one advertiser in particular has left me scratching my head:  Impulse Marketing Group of Atlanta, GA.

Impulse Marketing Group (http://www.impulsemg.com) is an email advertiser.  I am guessing that the way they make money with email is they hire third-party senders to send out email on their behalf.   The email advertisements are generally the same – they tout some special credit card offer and drive you to a web site to sign up for the credit card.  The site collects your information, and more than likely Impulse Marketing Group is then paid by the credit card company for the lead. 

Impulse Marketing Group has demonstrated two clear issues with unsubscribe.  First, Impulse Marketing Group continues to have suppression list abuse.  What does this mean?  It means that if you submit your email address to Impulse Marketing Group’s suppression page, that email address is shared with 3rd party senders (as required by CAN SPAM) and one of those senders takes the liberty of adding your email address to their send list, and you end of with even more spam.

Second, Impulse Marketing Group does not appear to be honoring unsubscribe requests, although they seem to have a plausible explanation for this.  You see, Impulse claims that for every different credit card offer it sends out, it has set up a different business unit.  Thus, the Super Visa Platinum offer is run through a different business unit as the Super Visa Gold Platinum Silver card.  And, according to CAN SPAM, an organization does not have to honor unsubscribe requests across business units.  We have documented hundreds of cases where a consumer unsubscribes from the Super Visa Platinum offer but after ten business days receives an offer from Impulse on the Super Visa Gold Platinum Silver card.  Again, according to Impulse, no law has been broken.   

Honestly, I cannot say with certainty whether Impulse has violated the CAN SPAM Act, although I would be interested to hear your thoughts.  But I think two things can be drawn from this behavior.  First, it is clear that any gray areas in CAN SPAM are going to continue to be abused.  If there is no clear definition of a business unit and accountability is not brought to suppression list abuse, then businesses will continue to surf around the law without any repercussions. 

Additionally, LashBack has an ongoing list of advertisers and senders with poor unsubscribe reputations.  Impulse has recently earned its way onto this list, with brand new suppression list abuse.  If anything can be said about Impulse, it is that if you are an advertiser or sender working with them, be cautious. 

Eric Castelli
CTO, LashBack LLC

Most people poke fun at the CAN SPAM Act, sighting that it is actually a license to spam.  As an organization, LashBack supports CAN SPAM and the opt-out principle.  In fact, I strongly believe that the opt-out principles of CAN SPAM were the best basis for the law, protecting both consumers and free speech.  Unlike most people, I do not look at CAN SPAM as a license to spam. 

However, it has recently come to my attention that CAN SPAM is a license to spam in another way.  Let me explain: If I receive an email from an advertiser and I don’t want email from that advertiser, CAN SPAM says I need to notify that advertiser of this request, and they have 10 business days to remove me.  I follow the opt-out requirements and what CAN SPAM dictates, and the advertiser places my email address on their suppression list.  And, as required by law, the advertiser provides a copy of their suppression list, including my email address, to all the people that send on their behalf. 

What if one of the people who gets a copy of that suppression list decides that it would make a great mailing list and decides to mail to it?  My unsubscribe request has now turned into a whole new stream of spam. 

If you don’t think this happens, it does.  A lot.   And what do you think CAN SPAM says about this?  According to very reliable sources, this practice is not illegal under CAN SPAM.

Seems a little ironic - CAN SPAM dictates that the obligation rests with the consumer to unsubscribe but then does nothing to protect the consumer’s request to unsubscribe.  Thus, unsubscribe itself becomes a license to spam.

LashBack has chimed in on this issue by providing specific recommendations around this issue in the FTC’s recent NPR.  Let’s hope the FTC takes the proper steps to shore this up. 

Eric Castelli

CTO, LashBack LLC

http://www.lashback.com

Believe it or not, it’s true, political organizations aren’t required to comply with the CAN-SPAM Act.  Although all emails LashBack tracks from political organizations do contain unsubscribe mechanisms, those organizations don’t have too and often don’t honor unsubscribe requests.  The reason I’m writing about this today is because LashBack has been monitoring a pattern of ‘failure to honor’ for unsubscribe requests from the GOP for some time now. Last week I reached out to them and provided free examples that they could use to see the issue and hopefully correct it. After we week without any response, I decided to turn up the heat a bit and attempt to evoke a response from someone within their organization.

Today a representative from the Republican National Committee was nice enough to remind me that section 3-2A states the term “commercial electronic mail message” means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of commercial product or service (including content on the Internet website operated for a commercial purpose).”  He was then nice enough to remind me that the Republican National Committee is not a commercial entity.

The good news here is that although the GOP doesn’t need to comply with the CAN-SPAM Act that they intend to do so and they are “taking corrective action to fix the problem”. So we’ll see!  Hopefully consumers will benefit from my efforts here and we’ll see the GOP step up and start utilizing those unsubscribe links they’re nice enough to provide us the bottom of their email marketing campaigns.

If you’re interested click here to see examples of the GOP failure to honor issues. I’ll be sure to update everyone on how their performance looks moving forward. 

In the past LashBack has used its blog to post updates on corporate milestones and major events in our development. That’s all well and good, but it’s not a complete picture of who we are and what we face in this industry. Truth is we’re a really small company fighting each and every day to make a difference and affect some change from much larger organizations. So in addition to all the success stories, we’re going to share the disappointments, and challenges we face as LashBack continues its journey.

Evidence will be made available to you, so you can decide who’s right or wrong.  It’s likely we’ll end up ruffling some feathers and making some big organizations upset, but the truth will be told.  Your feedback is always welcome.

Enjoy!