Spam Complaints
Content
How To Handle Spam Complaints
June 2004
INTRODUCTION e U.S. Congress passed the CAN-SPAM Act of 2003 for implementation on January 1, 2004 to address the issue of unsolicited commercial e-mail (UCE) or spam. Since the act’s implementation, organizations have updated their e-mail marketing strategies to comply with the regulations. Consumer concern and attention on the proliferation of spam, despite the government’s passage of the CAN-SPAM act, has led to both legitimate and illegitimate complaints lodged against commercial e-marketers. Organizations using e-mail marketing as a part of their overall communications plan can utilize a variety of tactics to effectively manage and reduce spam complaints. e purpose of this paper is to: • Educate organizations and marketers on the basics of the CAN-SPAM act by weeding through the jargon and presenting the basics requirements. Marketers should understand and be qualified to discuss their organization’s compliance with service providers and other members of their staff and leadership. Define spam complaints and summarize the consequences of receiving them. Provide solutions and tips for organizations to reduce spam complaints. •
mislead the recipient about the contents or subject of the message. It requires that the e-mail gives recipients an opt-out method that must be available for 30 days aer the commercial message is sent. Aer receiving an opt-out request, the marketer has 10 days to comply. It is illegal for the marketer to sell or transfer the e-mail addresses of people who choose not to receive messages, even in the form of a mailing list, unless they transfer the addresses so another entity can comply with the law. Commercial e-mail must be identified as an advertisement and include the sender’s valid, physical postal address.
•
• Penalties
• •
e FTC assesses fines for each violation of CAN-SPAM of up to $11,000. e Act also stipulates additional fines for commercial e-mailers that: • Harvest e-mail addresses from Web sites or Web services that have published a notice prohibiting the transfer of e-mail addresses for the purpose of sending email. “Harvesting” is defined as trolling Web sites to gather email addresses without permission. • Generate e-mail addresses using a “dictionary attack” – combining names, letters, or numbers into multiple permutations. Use of scripts or other automated ways to register for multiple e-mail or user accounts to send commercial e-mail. Relay of e-mails through a computer or network without permission – for example, by taking advantage of open relays or open proxies without authorization. An open relay is an SMTP email server that allows outsiders to relay email messages that are neither for nor from local users. is method is oen exploited by spammers and hackers. An open proxy is an Internet proxy server which is accessible by unauthorized users, specifically those from elsewhere on the internet.
CAN-SPAM ACT 2003 Provisions – Short and Simple e Federal Trade Commission (FTC) is the government regulatory body responsible for implementing the CAN-SPAM Act and managing complaints lodged against e-marketers. e main provisions of the CAN-SPAM Act, or Controlling the Assault of Non-Solicited Pornography and Marketing Act, are summarized below. • It bans false or misleading header information. e e-mail’s “from,” “to” and routing information must be accurate in the header. is includes the originating domain name and e-mail address. It prohibits deceptive subject lines. e subject line cannot
•
•
•
Additionally, the law allows the Department of Justice (DOJ) to seek criminal penalties, including imprisonment, for commercial e-mailers who do, or conspire to:
• •
Use another computer without authorization and send commercial e-mail from or through it. Use a computer to relay or retransmit multiple commercial e-mail messages to deceive or mislead recipients or an Internet access service about the origin of the message. Falsify header information in multiple e-mail messages and initiate the transmission of such messages. Register for multiple e-mail accounts or domain names using information that falsifies the identity of the actual registrant. Falsely represent themselves as owners of multiple Internet Protocol (IP) addresses that are used to send commercial e-mail messages.
• •
Register for a feedback loop. AOL’s feedback loop, for example, is set up as part of its whitelisting process. Provide complaint instructions in privacy and antispam policies. Oen, less tech-savvy recipients want to complain to the organization directly, but do not know how. A general best practice is to link to an online privacy policy from the e-mail’s footer.
• •
Proactive management of your complaints is essential to avoid blacklists and effectively communicate via e-mail. What are the steps marketers can take to avoid spam complaints? Brand Subject Lines If the recipient’s mail system offers a spam complaint button it is oen available when the message arrives in the inbox allowing a recipient to delete the message before it is read. Branding the subject line with the organization’s name or recognizable terms will increase the likelihood the recipient will open it and respond to the call to action in the message. Add Unsubscribe Information to the Header and Footer Consider adding unsubscribe information and instructions to both the header and footer of the e-mail message to avoid recipients using the “report spam” button (if available) as a means to unsubscribe/opt-out of a list. Request Recipients Whitelist Domain Name Include instructions for recipients to whitelist the organization’s domain name allowing it to pass through spam filters. Customization of Profile Allow the recipient to customize their profile and manage the messages they receive. Also inform the recipient how their e-mail address will be used and the volume of messages expected. Avoid Spam Triggers Create messages using content and formatting that does not trigger spam filters. Avoid bold fonts; large, red-colored fonts; poor quality images; use of all capitals in the subject line or body of email; use of words such as “free, trial, money, quote, sample, membership and access”; and excessive punctuation (!!!). Instead use relevant terms in the subject and body and include the date and/or issue number of newsletters or ezines. Spam Checkers Discuss the use of spam checkers with your ESP. Spam checkers test the message for spam triggers prior to distribution to the designated list. Relevance Ensure the message is relevant to the recipient to increase readership and response. is may include segmenting the distribution list and personalizing the content instead of sending a mass email.
Page 2 - How To Handle Spam Complaints
•
*e source for summaries of provisions and penalties from the Federal Trade Commission Web site. To access the full CAN-SPAM Act and updates to it visit http://www.c.gov/spam/. Spam Complaints: What are they? How do you deal with them? When a recipient officially accuses a commercial e-mailer of sending unsolicited e-mail it is considered a “spam complaint.” Complaints can be lodged through the FTC (via a secure online form available at https://rn.c.gov/pls/dod/wsolcq$.startup?Z_ ORG_CODE=PU01) or through an online complaint service such as SpamCop (www.spamcop.net). e major Internet Service Providers (ISPs) also provide a report button that allows the recipient to lodge a complaint when they receive a message. In reality, e-marketers will receive spam complaints regardless of the tactics they use to prevent them. e acceptable industry standard is one complaint per 1,000 thousand messages. If the complaintto-message-sent ratio passes that threshold future messages may be blocked and the e-mailer can be blacklisted. e first step in managing spam complaints is to have access to any complaints lodged against the organization. Periodic reviews of spam complaints allow marketers to monitor a campaign and take steps, as necessary, if levels of complaints increase or delivery rates fall due to spam filters. E-mail Service Providers (ESPs) are able to provide this data, however organizations should be aware of simple steps to ensure access to complaints. • Make sure the “abuse@” and “postmaster@” addresses are valid and can receive e-mail. Get access to those addresses and review the incoming mail. ese addresses are recommended Internet standards set by the Internet Engineering Task Force (IETF) for complaint reporting. Register the above addresses with abuse.net, a clearinghouse for registered abuse addresses used by many network administrators and tools to route complaints to the proper destination.
•
Verifying Opt-In Status Using an opt-in list is an essential element of e-marketing. Unfortunately, it does not mean recipients may not lodge complaints. If a complaint occurs from a recipient that has opted-in to receive messages, send an apology message but show the means and date of their initial opt-in status. Based on the opt-in information verify if they want to continue subscribing to the list. 10 Point Checklist for Complying with CAN-SPAM (Source: Jennings, Jeanne S. “Complying with the CAN-SPAM Act – A 10-Point Checklist for Marketers” Jennings Report, Jan, 8th, 2004) 1. 2. 3. 4. Don’t use fraudulent transmission data such as open relays or false headers. Do not employ misleading “from lines” or “subject” lines. Add valid U.S. postal address to all emails. (PO boxes are not allowed.) If you cannot prove or document “affirmative consent” for all email addresses on your list, include clear notice in all commercial emails stating that the email is an advertisement or solicitation. Include a clear, conspicuous working unsubscribe mechanism in every email. (Audit regularly) Keep the unsubscribe mechanism “live” for at least 30 days aer the date of the mailing. Process all unsubscribe requests within 10 days, including requests through nontypical channels (i.e. requests sent to a general Customer Service email address or requests received via postal mail.) Offer a “global unsubscribe” option, along with a preferences form allowing subscribers to manage subscriptions to various programs/lists. Maintain a master suppression list. Do not harvest email addresses or use automated means to randomly generate them.
Reviewing any complaints lodged as well as the delivery data from e-marketing campaigns is the first step to addressing potential problems before they get to the level of action from the FTC or DOJ. It is also essential to ensure the recipient perceives marketing messages as “legitimate.” is paper presented a variety of tips to reduce the likelihood of recipients lodging a complaint that should be discussed thoroughly with the organization’s ESP. Understanding these tips as well as the regulations governing e-marketing will lead to successful campaigns that effectively use the organization’s resources.
5. 6.
7.
8. 9.
10. Identify sexually explicit material in the subject line and when email is “initially viewed.” CONCLUSION Although the FTC implemented the CAN-SPAM Act more than two years ago, its requirements must remain on the forefront of an organization’s e-marketing strategy to avoid excessive spam complaints. If ignored, excessive complaints can lead to failed message delivery and ultimately, the organization may find itself on a black list.
312 Main Street, Suite 200 Gaithersburg, MD 20878 301-990-9857 Phone 301-990-9856 FAX http://www.goldlasso.com
© Copyright Gold Lasso, LLC All rights reserved.
Page 3 - How To Handle Spam Complaints
June 2004
INTRODUCTION e U.S. Congress passed the CAN-SPAM Act of 2003 for implementation on January 1, 2004 to address the issue of unsolicited commercial e-mail (UCE) or spam. Since the act’s implementation, organizations have updated their e-mail marketing strategies to comply with the regulations. Consumer concern and attention on the proliferation of spam, despite the government’s passage of the CAN-SPAM act, has led to both legitimate and illegitimate complaints lodged against commercial e-marketers. Organizations using e-mail marketing as a part of their overall communications plan can utilize a variety of tactics to effectively manage and reduce spam complaints. e purpose of this paper is to: • Educate organizations and marketers on the basics of the CAN-SPAM act by weeding through the jargon and presenting the basics requirements. Marketers should understand and be qualified to discuss their organization’s compliance with service providers and other members of their staff and leadership. Define spam complaints and summarize the consequences of receiving them. Provide solutions and tips for organizations to reduce spam complaints. •
mislead the recipient about the contents or subject of the message. It requires that the e-mail gives recipients an opt-out method that must be available for 30 days aer the commercial message is sent. Aer receiving an opt-out request, the marketer has 10 days to comply. It is illegal for the marketer to sell or transfer the e-mail addresses of people who choose not to receive messages, even in the form of a mailing list, unless they transfer the addresses so another entity can comply with the law. Commercial e-mail must be identified as an advertisement and include the sender’s valid, physical postal address.
•
• Penalties
• •
e FTC assesses fines for each violation of CAN-SPAM of up to $11,000. e Act also stipulates additional fines for commercial e-mailers that: • Harvest e-mail addresses from Web sites or Web services that have published a notice prohibiting the transfer of e-mail addresses for the purpose of sending email. “Harvesting” is defined as trolling Web sites to gather email addresses without permission. • Generate e-mail addresses using a “dictionary attack” – combining names, letters, or numbers into multiple permutations. Use of scripts or other automated ways to register for multiple e-mail or user accounts to send commercial e-mail. Relay of e-mails through a computer or network without permission – for example, by taking advantage of open relays or open proxies without authorization. An open relay is an SMTP email server that allows outsiders to relay email messages that are neither for nor from local users. is method is oen exploited by spammers and hackers. An open proxy is an Internet proxy server which is accessible by unauthorized users, specifically those from elsewhere on the internet.
CAN-SPAM ACT 2003 Provisions – Short and Simple e Federal Trade Commission (FTC) is the government regulatory body responsible for implementing the CAN-SPAM Act and managing complaints lodged against e-marketers. e main provisions of the CAN-SPAM Act, or Controlling the Assault of Non-Solicited Pornography and Marketing Act, are summarized below. • It bans false or misleading header information. e e-mail’s “from,” “to” and routing information must be accurate in the header. is includes the originating domain name and e-mail address. It prohibits deceptive subject lines. e subject line cannot
•
•
•
Additionally, the law allows the Department of Justice (DOJ) to seek criminal penalties, including imprisonment, for commercial e-mailers who do, or conspire to:
• •
Use another computer without authorization and send commercial e-mail from or through it. Use a computer to relay or retransmit multiple commercial e-mail messages to deceive or mislead recipients or an Internet access service about the origin of the message. Falsify header information in multiple e-mail messages and initiate the transmission of such messages. Register for multiple e-mail accounts or domain names using information that falsifies the identity of the actual registrant. Falsely represent themselves as owners of multiple Internet Protocol (IP) addresses that are used to send commercial e-mail messages.
• •
Register for a feedback loop. AOL’s feedback loop, for example, is set up as part of its whitelisting process. Provide complaint instructions in privacy and antispam policies. Oen, less tech-savvy recipients want to complain to the organization directly, but do not know how. A general best practice is to link to an online privacy policy from the e-mail’s footer.
• •
Proactive management of your complaints is essential to avoid blacklists and effectively communicate via e-mail. What are the steps marketers can take to avoid spam complaints? Brand Subject Lines If the recipient’s mail system offers a spam complaint button it is oen available when the message arrives in the inbox allowing a recipient to delete the message before it is read. Branding the subject line with the organization’s name or recognizable terms will increase the likelihood the recipient will open it and respond to the call to action in the message. Add Unsubscribe Information to the Header and Footer Consider adding unsubscribe information and instructions to both the header and footer of the e-mail message to avoid recipients using the “report spam” button (if available) as a means to unsubscribe/opt-out of a list. Request Recipients Whitelist Domain Name Include instructions for recipients to whitelist the organization’s domain name allowing it to pass through spam filters. Customization of Profile Allow the recipient to customize their profile and manage the messages they receive. Also inform the recipient how their e-mail address will be used and the volume of messages expected. Avoid Spam Triggers Create messages using content and formatting that does not trigger spam filters. Avoid bold fonts; large, red-colored fonts; poor quality images; use of all capitals in the subject line or body of email; use of words such as “free, trial, money, quote, sample, membership and access”; and excessive punctuation (!!!). Instead use relevant terms in the subject and body and include the date and/or issue number of newsletters or ezines. Spam Checkers Discuss the use of spam checkers with your ESP. Spam checkers test the message for spam triggers prior to distribution to the designated list. Relevance Ensure the message is relevant to the recipient to increase readership and response. is may include segmenting the distribution list and personalizing the content instead of sending a mass email.
Page 2 - How To Handle Spam Complaints
•
*e source for summaries of provisions and penalties from the Federal Trade Commission Web site. To access the full CAN-SPAM Act and updates to it visit http://www.c.gov/spam/. Spam Complaints: What are they? How do you deal with them? When a recipient officially accuses a commercial e-mailer of sending unsolicited e-mail it is considered a “spam complaint.” Complaints can be lodged through the FTC (via a secure online form available at https://rn.c.gov/pls/dod/wsolcq$.startup?Z_ ORG_CODE=PU01) or through an online complaint service such as SpamCop (www.spamcop.net). e major Internet Service Providers (ISPs) also provide a report button that allows the recipient to lodge a complaint when they receive a message. In reality, e-marketers will receive spam complaints regardless of the tactics they use to prevent them. e acceptable industry standard is one complaint per 1,000 thousand messages. If the complaintto-message-sent ratio passes that threshold future messages may be blocked and the e-mailer can be blacklisted. e first step in managing spam complaints is to have access to any complaints lodged against the organization. Periodic reviews of spam complaints allow marketers to monitor a campaign and take steps, as necessary, if levels of complaints increase or delivery rates fall due to spam filters. E-mail Service Providers (ESPs) are able to provide this data, however organizations should be aware of simple steps to ensure access to complaints. • Make sure the “abuse@” and “postmaster@” addresses are valid and can receive e-mail. Get access to those addresses and review the incoming mail. ese addresses are recommended Internet standards set by the Internet Engineering Task Force (IETF) for complaint reporting. Register the above addresses with abuse.net, a clearinghouse for registered abuse addresses used by many network administrators and tools to route complaints to the proper destination.
•
Verifying Opt-In Status Using an opt-in list is an essential element of e-marketing. Unfortunately, it does not mean recipients may not lodge complaints. If a complaint occurs from a recipient that has opted-in to receive messages, send an apology message but show the means and date of their initial opt-in status. Based on the opt-in information verify if they want to continue subscribing to the list. 10 Point Checklist for Complying with CAN-SPAM (Source: Jennings, Jeanne S. “Complying with the CAN-SPAM Act – A 10-Point Checklist for Marketers” Jennings Report, Jan, 8th, 2004) 1. 2. 3. 4. Don’t use fraudulent transmission data such as open relays or false headers. Do not employ misleading “from lines” or “subject” lines. Add valid U.S. postal address to all emails. (PO boxes are not allowed.) If you cannot prove or document “affirmative consent” for all email addresses on your list, include clear notice in all commercial emails stating that the email is an advertisement or solicitation. Include a clear, conspicuous working unsubscribe mechanism in every email. (Audit regularly) Keep the unsubscribe mechanism “live” for at least 30 days aer the date of the mailing. Process all unsubscribe requests within 10 days, including requests through nontypical channels (i.e. requests sent to a general Customer Service email address or requests received via postal mail.) Offer a “global unsubscribe” option, along with a preferences form allowing subscribers to manage subscriptions to various programs/lists. Maintain a master suppression list. Do not harvest email addresses or use automated means to randomly generate them.
Reviewing any complaints lodged as well as the delivery data from e-marketing campaigns is the first step to addressing potential problems before they get to the level of action from the FTC or DOJ. It is also essential to ensure the recipient perceives marketing messages as “legitimate.” is paper presented a variety of tips to reduce the likelihood of recipients lodging a complaint that should be discussed thoroughly with the organization’s ESP. Understanding these tips as well as the regulations governing e-marketing will lead to successful campaigns that effectively use the organization’s resources.
5. 6.
7.
8. 9.
10. Identify sexually explicit material in the subject line and when email is “initially viewed.” CONCLUSION Although the FTC implemented the CAN-SPAM Act more than two years ago, its requirements must remain on the forefront of an organization’s e-marketing strategy to avoid excessive spam complaints. If ignored, excessive complaints can lead to failed message delivery and ultimately, the organization may find itself on a black list.
312 Main Street, Suite 200 Gaithersburg, MD 20878 301-990-9857 Phone 301-990-9856 FAX http://www.goldlasso.com
© Copyright Gold Lasso, LLC All rights reserved.
Page 3 - How To Handle Spam Complaints
