By signing new legislation December 21, officials in Ireland have beefed up the laws against unsolicited emails, text messages and phone calls by adding hefty fines to convictions. Businesses found guilty of marketing without permission can be fined up to  €250,000 or 10% of their turnover. 

The original EU legislation concerning unsolicited commercial email, passed in Ireland in November of 2003, requires marketers in the EU to gain opt-in permission where no prior customer relationship exists. EU marketers must also make known the use of cookies and tracking devices on their sites and give people the right to reject them. EU laws put a high premium on privacy and advocate the right of an individual to receive, not necessarily the rights of marketers to send.  However, they tend to rely on industry technology advances for enforcement rather than traditional prosecution methods.  With an estimated 90% of unwanted mail coming from sources outside the EU, it’s historically been better to fight illegal mailers in the field. 

Many in Ireland believe the increase in fines pays lip service to companies whose servers are bogged down by bulk mail, but that it will do little to prevent botnets and mail coming in from outside the EU. However, it is arguably a considerable increase, as the first Irish conviction under the law brought fines of only €2,500 in 2005. If the changes in the overall ”socio-politico-judicial-economic spam climate” in the past five years globally are any indication of the future, I wouldn’t be surprised if formidable prosecution measures evolve and we start to see the courts on every level handing out more fines. I also won’t be surprised if, due to a certain blogger coining the term “socio-politico-judicial-economic spam climate,” the term becomes a part of the everyday jargon of marketers and lay-persons alike in ‘09.

There is a report out that states that 76.4% of all messages delivered in October were spam.
This report states that this number is up 6% from 2007.
This leads to believe that the spammers are getting an early jump on the holidays.
They also expect it to slightly increase through the holiday season.
Cybercriminals are getting an early start on dispatching lottery and holiday-based spam to lure recipients into parting with valuable personal information.
With tough economic times and the struggling job market, spammers are trying to attract individuals with one time great deals and their own version of spreading Holiday cheer.
Spammers are also using the deflating economy to get past anti-spam filters.  They figure that if they talk about the economy they can avoid some of these spam filters.
These opportunities open many doors to cybercriminals out there.  They use these times to benefit when people are looking for help to calm their concerns.

Reerun

Reputation Registry Goes Live@The DMA

The DMA will now require member companies to authenticate their email and according to the DMA it is very likely that most email servers in the future will block mail not authenticated.

So with that being said, Return Path announces a partnership with the DMA to assist companies in authenticating their email streams. DMA members can have access to the monitoring data, reports and alerts for their IP addresses and domains, providing critical reputation information that will help them comply with the authentication requirement.

More information along with the full article by By Matt Blumberg can be found at: Return Path

In light of emerging economic uncertainties for companies, Massachusets has extended the deadline for compliance with its new consumer privacy guidelines.  201 CMR 17.00 was originally set to go into effect January 1, 2009, but has been extended until May 1, 2009 to allow companies more time to get their consumer data protection plans in order.

The Massachusets Office of Consumer Affairs and Business Regulation has published a lengthy checklist for compliance which is available at  their website.  The main requirement of the new regulation is putting a written information security program (WISP) in place for all records containing personal information on residents of Massachusets, as well as monitoring third parties’ abilities to protect personal information.  Once a company implements a plan, the legislation states that an employee or employees must be dedicated to maintaining and supervising its implication.  It also requires ongoing employee training and procedures for maintaining employee compliance. 

The WISP must secure all records that contain personal information and put in place technical, administrative, and physical safeguards to protect ‘personal information’, which in the actual legislation is defined as:

“a Massachusets resident’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: Social Security number, driver’s license number or state issued identification card number; or financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided however, that “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully available to the general public.”

In a nutshell, the legislation requires companies to do the following:

-limit the amount of personal information gathered, limit the amount of time the info is retained, and limit the individuals who have access to personal information to such that is necessary to accomplish an intended purpose.

-determine the location of all records that contain personal information, whether it be on laptops, paper, or other storage devices and secure all areas/storage devices that contain these records.

-impose detailed, written restrictions on access to the records

-regular monitoring of the information security system including upgrading info safeguards to limit risks

-annual review of the scope of security measures or a review when business practices concerning security change

-documentation of actions taken in response to breaches of information security and, upon review, necessary security changes made concerning the breach.

In part two of this post, we will review computer system requirements.

Israel has recently passed a  new amendment regarding its laws on commercial email, which went into effect on December 1st. The legislation is opt-in based, meaning it requires permission for mailers to send, and it also applies to fax, SMS and phone message communication sent from advertisers to consumers. 

In this amendment, advertisers are defined under three categories:one whose name and address appear in the message as the contact info, one who is publishing to promote the advertised company’s goals, and one who publishes on behalf of a commercial sender. ”Commercial Material” is defined loosely as “messages distributed commercially to encourage acquisition of certain goods or services or spending money in any other way.”  So under this premise, charitable and political organizations as well as regular commercial advertisers are on the hook.  Also, mailers must gain permission from the consumer in order to mail.  Permission can be gained in writing, by email or by automated phone message.

The purpose of the new amendment according to the Israeli government is to close any loopholes there may be in commercial email laws in the country.  Israel’s law goes along with the industry best practice of opt-in and gives individuals the right to sue.  LashBack’s best advice if you do any business in Israel is to review your mailing practices and check in with an expert compliance lawyer. Also, you may want to run a confirmed opt-in campaign to make sure Israeli subscribers of your list are truly opt-in, to keep your liability at a minimum. The actual text of the law is available here: http://www.isoc.org.il/spam/, but be sure you can read Hebrew, or you’ll surely be fahklumpt! 

More resources and explanations on this law are available at DirectMag and Deliverability.com.

Beginning in January, Yahoo will join an impressive number of ESPs and email filtering services in using Return Path’s Sender Score Certified whitelisting program to give inbox preference to reputable mailers.  The Return Path whitelist is already utilized by many of the biggest names in email including Windows Live Hotmail, Time Warner, Spam Assasin, Iron Port and Cloudmark, affecting the deliverability to over 1.2 billion inboxes worldwide and growing.

Yahoo adopting Sender Score Certified has positive implications for legitimate email marketers who are already Sender Score Certified, as it will begin to improve their deliverability in Yahoo mail inboxes.  It also means caring about email reputation as a marketer has never been more important.  As more and more ESPs adopt strict, uniform standards for the mail that reaches their customer inboxes, getting a handle on your reputation as a sender could mean the difference between sink or swim. Mailers can apply to become Sender Score Certified at the Return Path site.

As I sit here looking at my inbox I wonder why I get Pamper’s, AARP, and Viagra based emails? I am a 37 year old single guy. Is there an email psychic out there that knows that I want these things? I don’t want any of these advertisements. What I do like to see are deals on computer products, health food items, and local events. I like to see messages that are directed toward my personal interests. Not some blind attempt to get my attention. It never works!

How did I get on these lists of annoying mailings? It was my own fault! I bought a phone through a website and hurryingly hit submit before I noticed a box checked allowing partners and affiliates to send me unsolicited email. Read the fine details. I have tried to unsubscribe without success. Now advertisements are sent to me blindly. This all being said, it seems that advertisers and publishers would want their mailings to reach their target audience. It would drive click through sales and increase deliverability. The current system is broken.

~MOE