This week, popular social network Facebook won an 873 million dollar settlement against Atlantis Blue Capital and owner Adam Guerbuez.

The suit, filed under the CAN-SPAM Act,  alleges that Guerbuez fraudulently gained access to various Facebook accounts and used them to market male enhancement pills, “legal Marijuana” and ringtones. Facebook claims losses due to harm to it’s reputation and resources spent fighting Guerbuez’s spamming efforts.

More info at links below:

Deborah Gage, San Francisco Chronicle
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/11/24/BUBO14B6J6.DTL

Matt Marshall, Venture Beat
http://venturebeat.com/2008/11/24/facebook-awarded-873-million-in-suit-against-spammer/

Jacqui Cheng, ars technica
http://arstechnica.com/news.ars/post/20081124-facebook-spammer-fined-almost-1-billion-under-can-spam.html

As cases of fraud and criminal activity are known to increase during the holiday season, online criminals will find more creative ways to leverage email. Vigilance becomes the key to protecting the integrity of your email marketing program, both locally and internationally.   While attending international email law enforcement conferences in Germany and Greece over the past few months, LashBack executives have gained insight into measures marketers can take globally to protect their reputation.

LashBack executives viewed presentations by key law enforcement officials and members of the anti-spam community, including one by Stuart Paton and Vincent Schonau from top messaging security firm Cloudmark titled Fundamental Principles and Outbound Spam Analysis Studies. To summarize, the presentation noted that webmail is currently the top outbound spam vector.  A small number of IPs are responsible for the majority of webmail spam, but webmail spammers use hundreds of user ID’s for spamming.  The primary threat is currently off-net IPs spamming through webmail of SMTP AUTH.  Because imposing IP based rate limits risks blocking legimitate users, Cloudmark recommends its managed outbound IP reputation service. To control spam sent through webmail, ESPs should limit the number of messages that an IP can send in a day and use volume thresholds to flag suspect sending patterns.

In addition to hearing Cloudmark’s presentation along with many others, we were fortunate enough to meet Hein Dries-Ziekenheiner, LL.M, CEO of VIGILO Consult, who has a thorough background in fighting fraud and criminal activities online.  As a former technical advisor to OPTA, the Netherlands’ enforcement agency, a trained lawyer and former lobbyist, he is an expert on the risks posed by the increase in illegal activity and the requirements this places on business strategy of email marketers.  VIGILO Consult provides consulting services in the area of ICT related public and regulatory affairs, compliance and strategic advice.

In the current uncertain economic situation, both VIGILO and LashBack feel it is important to stay ahead of the competition and online criminals by staying on top of reputation.  Monitoring reputation allows for safe expansion into new markets to diversify revenue.  VIGILO and LashBack are teaming up to provide LashBack clients with two special offers from VIGILO which provide anti-spam forensics to mitigate the effect of criminal activities on reputation.

The services VIGILO provides are an excellent extension to LashBack’s Brand Alert and Compliance services, as they allow clients to identify the appropriate response to any criminal activity impacting their business which requires extensive research to identify the source.  VIGILO can also work with law enforcement to assure the proper potential public penalties as well as assist with any private legal action a client may want to file. Whether you are thinking of expanding your business in the EU or have complex online criminal activity impacting your email marketing program, VIGILO can help you get started. Visit VIGILO’s special page for further information.

A new study by Return Path, titled Keeping the Subscriber Experience Positive After “Unsubscribe Me”  shed some light on how top companies are treating opt-outs.  The study highlighted the importance of the unsubscribe process in the lifecycle of the customer experience.  Ken Magill also interviewed Bonnie Malone of Return Path on the study, which can be read at the Direct Magazine site.

Shockingly, however, the study found that as many as 20% of major brands did not immediately respect unsubscribes.  When handling the opt-out process, these companies all sent more than one email after the unsubscribe, and many sent four or more messages.  While many marketers think that the relationship with a consumer ends with the opt-out, sending additional messages could have a seriously negative impact on overall brand image, and may cause customers to stay away for good.

In addition, new CAN-SPAM regulations surrounding unsubscribes specifically make it illegal to require a consumer to log in in order to opt-out.  While most companies provide a landing page confirming the opt out has taken place, some send a confirmation email. Sending an email to confirm an opt-out from emails is controversial and found by many consumers to be a little annoying, as they have just finished asking not to receive any more mail. 

In other cases, forcing the consumer to reply with a message with something like “unsubscribe me” in the subject line is both time-consuming and bothersome.  I have had to fill out one of these emails before and found it to be an unnecessary hoop to jump through as well as inconvenient.  To add, I still received messages from this online clothing merchant after they forced me to mail them an unsubscribe message- and.  Needless to say, I won’t be shopping on their site anymore.

Return Path recommends that companies make the unsubscribe process as simple and convenient for the consumer as possible, as well as consider it a part of their customer relationship, rather than just a technical transaction.  Give departing customers the best possible brand experience and pay attention to the quality of your unsubscribe process with the same fervor as welcome messaging.  The first step to improving the brand experience, is as always, reputation.  Monitoring for compliance provides the necessary foundation for making the unsubscribe process a positve part of your branding strategy.

Upcoming Webinar: UnsubCentral MD5 Hashed Suppression Lists: A practical guide to use and implementation, September 23rd, 2pm EDT

Email list security is uppermost on everybody’s minds these days. With that in mind I am passing on what I think is a valuable opportunity to everyone in our industry.

UnsubCentral is offering a webinar September 23rd at 2pm EDT titled, MD5 Hashed Suppression Lists: A practical guide to use and implementation. It’s designed to give you the most current information on the use of this industry standard security process. While you may have been reluctant to use MD5 hashing, UnsubCentral has a desktop application which makes it easy. I urge you to take advantage of this opportunity to find out how it works.

Please mark it on your calendar for September 23 and use the link below to sign up. I encourage you to attend and invite any others you feel will benefit from this hour long webinar.

Register here.

Getting by in the email marketing business in this day and age is already a difficult undertaking. Along with making sure mailing practices comply with the federal CAN-SPAM law, marketers must also contend with increasing regulatory attention from State Attorney Generals, who are ever vigilant in protecting consumers from their states and pessimistic of us to say- always on the hunt for new sources of revenue. Factor in deliverability issues, suppression list abuse, reputation issues, and untrustworthy third parties, and email marketers have their hands full. LashBack is here to help. As we grow to monitor compliance on over 32,000,000 sending IPs for close to 100 clients, we are seeing a dangerous trend on the rise: opt-in fraud.

To add to the laundry list above, LashBack has recently become aware of a party or parties that are stealing suppression list data and using that data to sign up on various lead generation websites in order to drive their own lead revenue. LashBack has been unable, thus far, to track down exactly who is responsible, but we are confident the party will soon be identified.

Stay tuned for Part 2 of this post…

Opt-in? Big deal. Consumers are becoming more and more impervious to the mail that actually gets into the inbox. Thus, the need for quality and relevance in commercial email messages persists. To illustrate, if an opted-in consumer keeps getting pounded with similar, unrelenting offers day after day, there is a fair chance they will ignore them. An even better chance exists that they will report the messages as spam or move them to the junk folder. The long and arduous journey to the inbox will be rendered meaningless by the marketer losing focus on the will of the consumer.

The 2008 MarketingSherpa/Q Interactive Email Marketing Benchmark Guide confirms that the definition of “spam” is growing in the minds of consumers. While the main reason consumers classify messages as spam is not opting in, nearly half of study participants report “uninteresting” opt-in messages as spam as well.

According to eMarketer.com, inbox overcrowding, improved filtering, and a perceived increase in the amount of mail messages received have caused consumers to question the relevance of opt-in messages. It may be easy to find a way past the filters once or twice, but providing genuine value to the consumer is the only way to garauntee deliverability in the long run.

To combat a growing pc spam problem, law-makers in Japan have amended their anti-spam laws for the first time since their 2005 amendment. The new laws will take effect in December of 2008 when the Japanese government issues an implementing order with supplemental regulations. Several changes have been made; chief among them is a switch from an opt-out to an opt-in structure for commercial emails.

The 2008 law pertains to for-profit senders of commercial email, and leaves those sending from outside Japan subject to their own national regulations. Several commercial mailers that had previously not been subject to the 2005 anti-spam law are no longer exempt in 2008. Fines for violators have increased substantially, and consumers must affirmatively consent to receiving mail before it is sent. Also, no grace period is given to senders for opting out consumers. In addition, senders must keep extensive, accurate records of consumers giving consent and providing email addresses.

Essentially, there are four ways in which a consumer can opt in:

• Individuals who have notified the Sender in advance that they request or agree to receive commercial email;
• Individuals who have provided the Sender with their own email addresses;
• Individuals who have a preexisting business relationship with the Sender; and
• Individuals (limited to those engaged in for-profit activities) or groups that publicly announce their own email addresses.

Along with requiring opt-ins and records of opt-in permission, the new law also includes a large section prohibiting sending to computer-generated addresses, sending blank emails to check for active addresses, and falsifying information. The labeling requirements for messages include providing a name, title and email address for sending opt-out requests.

Their are several issues that will be clarified when the government passes the law in December, including a possible fine of ¥1,000,000 for violators and additional possible fines for senders whose agents violate the law. They are expected to clarify some gray areas in the order and add additional regulations. Senders should concentrate on finding ways to categorize consumers into which opt-in they fall under, gathering records of opt-ins, and putting opt-in mechanisms on their websites.

Visit the following article by Isaac Raskin Young and Charles A.Karwowski-Hoppel for more info:

URL: http://www.mofo.com/news/updates/bulletins/14219.html

Ken Magill recently wrote a smart piece urging anti-spam activists to admit once and for all that the CAN-SPAM Act is working. Activists like to dismiss the act as an ineffectual joke, due to the increase in spam since the legislation was passed. However, the anti-spam crowd ingores the fact that the CAN-SPAM act has been successfully put to use at least 100 times to date.

The proof that CAN-SPAM works lies in the many fines and indictments bestowed upon CAN-SPAM violators. Robert Solloway was sentenced to a four year prison term for spamming. Adam Vitale was sentenced to 30 months behind bars and $187,000 in restitution after pleading guilty to spamming AOL. Spear Systems just settled with the FTC for $29,000 for spamming consumers with false dieting info. The FTC has forced hefty settlements on spammers, time and time again, as a result of the CAN-SPAM Act.

The CAN-SPAM Act works so well, in fact, that predatory CAN-SPAM plaintiffs have emerged to force settlements on legitimate advertisers and networks. Email marketers striving for compliance settle out of fear and necessity because they might not have legal counsel enough to successfully defend against CAN-SPAM.

The CAN-SPAM Act is obviously working, so it is crucial for marketers to cover all their legal bases and make compliance a priority from the start. This includes having proper counsel in place and having the visibility to enforce contracts with affiliates and third parties. Complying with CAN-SPAM not only ensures freedom from legal hassle and resulting financial hardship, it is the underpinning for a trusted reputation and ultimately, increased deliverabilty.

Robert Solloway was sentenced to four years in prison, 200 hours of community service, and three years probation after pleading guilty to charges of fraud, spamming and tax evasion brought in 2007. The decision is important for future cases, since no standard guidelines for spamming sentences exist.

Recently, criminal spammers have received sentences ranging from 21 months to nine years behind bars, so prosecutors were pushing for a harsher sentence for Solloway of seven to nine years. Back in 1999, Solloway was apologetic when slapped on the wrist for spamming activities in California, but bragged about not having to pay civil penalties and moved to another state to promptly continue spamming. One might say of his prision sentence, “He had it coming.” Hopefully, this and other spam sentences will send a strong message to online criminals.

Click here to read the full PC World article by Nancy Gohring.

Thursday, in MySpace’s latest spam-related legal victory, Scott Richter was ordered by a court appointed arbitrator to pay the social networking site $6 million in court costs and damages. The judgment came after Scott Richter and his company, Media Breakaway, were sued for sending messages to MySpace users from phished MySpace accounts promoting a website called Consumerpromotionscenter.com. In a statement, the Richter’s agreed to not appeal the amount and were, “happy to have the matter behind them.” Richter’s former company, OptinRealBig.com, was ordered to pay Microsoft $7 million to settle similar charges in 2005.

According to the court arbitrator, Phillip Boesch, the messages were sent from phished Myspace accounts at a time when the site only had two staff members dedicated to security issues. Recently, MySpace was awarded a much larger anti-spam judgment of $230 million in its case against Sanford Wallace and Walter Rines. MySpace has since added a staff of forty to deal specifically with securtiy, and is continuing in its efforts to rid its site of spamming and phishing.

For More info on this case, read Robert McMillan’s article here.