Are the New Gmail Inbox Ads Subject to CAN SPAM?

The new tabbed Gmail interface and the new ads that come with it has ruffled the feathers of many marketers and senders for a variety of reasons. In the course of the discussion of those reasons arises an interesting question:  are the new ads subject to CAN SPAM requirements?

Possibly: they are presented in the inbox in a manner that very much resembles all of the other e-mail messages you’d expect to find there. Recipients can interact with the ads using the same Gmail interface metaphors as any other e-mail message received in Gmail. Viewers can even forward, “Star” and dismiss the new ads.

Possibly not: they are not actually e-mail messages – they’re web-based advertisements formatted and presented in such a way as to closely resemble actual e-mail messages, but are otherwise very much like the ones Gmail users are accustomed to seeing to the right and above the inbox. There’s even some evidence to suggest that the new ads employ the same engine as the ordinary Gmail display ads to select and present those that Google deems a viewer is most likely to click. Continue reading

Holiday Fail, Indeed.

You might have thought that a large, e-commerce-centric company like Pro Commerce, Inc. – owners of well-know brands like ProFlowers and Red Envelope – would know better than to send e-mail with deceptive subject lines, a clear and blatant violation of the CAN SPAM Act.

You’d have thought wrong.

I received the solicitation below with the subject line, “Flower Delivery Notice Failure.” I immediately assumed the message was a phish, possibly sent with data obtained in one of the recent ESP breaches. After all, I do have a Pro Flowers account, but I haven’t purchased from them in a few months.

But the message is signed with a valid DKIM signature and is authenticated with SPF, and both point at network assets under Pro Commerce’s control. They are not using an ESP; the mail came from their own servers, hosted in Cogent IP space.

Maybe they should consider using an ESP. They obviously could use a little help. I realize that businesses of every size are under enormous pressure to make their Q4 revenue numbers, but this is not the way to do it.

Image

Street Legal E-mail

In this third set of questions following our recent deliverability webinar, we’ll try to clarify some confusion about the current legal state of affairs where bulk commercial e-mail is concerned. We’re also about to see some big changes go into effect in Canada that may have some impact on your e-mail strategy. We received this question from a webinar participant after the live session (if you haven’t caught it yet, you can still see the recorded version):

My e-mail is CAN SPAM compliant, but it still gets bounced or filtered. It’s not spam if it complies with the law, right?

First, let’s be clear: CAN SPAM does not actually make spam illegal, a common misconception among businesses that are new to e-mail marketing. Here’s a quick, simplified checklist of what the law actually requires of bulk commercial e-mail soliciations:

Don’t lie about the content or the source of the mail: If you’re sending an advertisement for a product or service, it has to be obvious that your mail is a solicitation. For example, senders can’t send mail purporting to contain photos from an uncle’s birthday party, when it really contains a sales flyer.

Provide clear instructions for opting out: Online opt-outs must use a single web page to accomplish the unsubscribe request. Forcing recipients to log into an account before they can opt-out is a no-no. Any opt-out mechanism (like an unsubscribe link) must remain functioning for at least 30 days, and opt-out requests must be honored within 10 business days.

Tell recipients where you are: Senders have to include a valid physical postal address in the body of the e-mail. Your business location or headquarters should appear here. A registered post office box is fine, too, as are any of the mailbox rental firms that are established under Postal Service regulations.

Perhaps what’s most notable about this short list of requirements is what’s missing: a prohibition from sending spam (howsoever one chooses to define the term). So, even if your mail is fully CAN SPAM compliant, that doesn’t necessarily mean to the ISPs or to recipients that your mail must not be spam. In fact, ISPs see millions of unsolicited bulk e-mail messages (a common definition of spam) every day that fulfills each requirement imposed by CAN SPAM, and they devote enormous resources to filter it.

So, CAN SPAM requirements actually represent the bare minimum for e-mail marketing standards, not the guarantee of delivery to the inbox that most newcomers assume it should be. To answer the question directly, then: mail that is CAN SPAM compliant can still be filtered or bounced by ISPs. In fact, CAN SPAM includes separate language that holds ISPs harmless when they filter mail.

What about the new Canadian spam law? Do senders in the U.S. have to abide by the law if they send to recipients in Canada?

Canada recently passed the world’s most stringent anti-spam law late last year, covering a broad range of electronic messaging, and it is expected to take effect in September of 2011. The Canadian law does what CAN SPAM never did: it requires senders of e-mail within or into Canada to have or to obtain explicit permission from their intended recipients. For most ISPs and recipient domains, it is a lack of permission that turns ordinary commercial e-mail into spam.

In theory, the Canadian law is enforceable in the U.S., though it wouldn’t be cheap or easy. Canadian plaintiffs would have to obtain a judgement in Canada, then find a court with jurisdiction in the U.S. that’s willing to enforce it. This requires a great deal of time and expense, so enforcement is likely to be rare. But if you’re already CAN SPAM compliant, and have implemented other best common sender practices, you’re likely already in compliance with the Canadian law (once it takes effect). Check my earlier blog post for a more complete analysis of the Canadian law.

That wraps up our brief look at spam laws in the U.S. and Canada. In our next installment of the deliverability webinar questions series, we’ll look at various types of content filtering, and what senders can do test their content for optimal deliverability.

Canada Passes the Ten Million Dollar Spam Law

Earlier this fall, I penned a summary of what senders and deliverability professionals need to know about Canada’s proposed electronic messaging abuse law, FISA or C-28. Comes word this morning that the bill has been adopted into law, largely without amendment.

Canada is the last G-8 country to pass anti-spam legislation, but they’ve passed the most stringent national law to date. Find out now how these new requirements will impact your e-mail program.

The Ten Million Dollar Spam Law

Our neighbors to the north may be the last of the G8 countries to adopt an anti-spam law, but when it’s enacted later this year (as most analysts agree it will), Canada’s new law will be among the very strictest, creating penalties of up to 10-million Canadian dollars (or just under 9.87-million U.S. dollars) for businesses who send spam into or within Canada.

Bill C-28, dubbed the “Fighting Internet and Wireless Spam” Act (or “FISA”, for short) imposes new requirements on senders of just about every type of electronic messaging, including mandates that stretch well-past the minimal requirements for e-mail under the U.S. CAN SPAM Act of 2003.

Under CAN SPAM, senders are required to abide by a series of labelling requirements, provide a working unsubscribe mechanism, and honor unsubscribe requests within ten business days. CAN SPAM, however, has never required that senders obtain prior consent from recipients. FISA requires either explicit permission, or implicit permission in the form of an existing business relationship or a conspicuous publication of the recipient e-mail address. If the publication of the address is accompanied by an instruction not to send unsolicited e-mail, it doesn’t count as implicit permission. FISA creates a two-year window from the date an address was collected with implicit permission to try and convert it to explicit permission. If after two years explicit permission is not obtained, the sender must suppress the address. Both CAN SPAM and FISA explicitly preclude sending to addresses that have been automatically “harvested” from web sites.

CAN SPAM grants enforcement powers to the FTC, and gives ISPs the right to bring action against infringing senders themselves. FISA, in contrast, provides no criminal penalties, but allows both ISPs and individual recipients of spam to pursue civil action against senders.

The requirements seem to create significant new hurdles for senders, but authors of the Canadian law insist that the legislation is aimed squarely at only the worst of the worst offenders. FISA includes a “due diligence defense”, in which senders should not be held liable for violations if they can show they were making reasonable efforts to abide by the law when the offense was committed. Honest mistakes won’t count against senders.

Should U.S. senders be worried about the new Canadian law? Obviously, the law doesn’t apply if you’re not sending to recipients in Canada, but senders may not always know where (geopolitically speaking) the owner of a particular address receives their mail. However, if you’re already abiding by CAN SPAM and best common practices, you’re likely already in compliance.

The short answer is that (in theory at least) FISA is enforceable in the US, though the process is neither simple nor cheap. It takes about as much time and and money to obtain a judgement in Canada as it does in the U.S., so enforcement action is likely to be as rare, and therefore reserved only for the most egregious of offenders. Canadian plaintiffs would also have to find a U.S. court willing to enforce the judgement, which is by no means a given. However, there is an open pledge between the U.S. and Canadian governments to support law enforcement efforts across borders. Earlier this month, a Canadian court was willing to enforce a judgement obtained by Facebook in a California court against a Canadian spammer who racked up $873-million in fines for CAN SPAM violations. It will be instructive to see whether U.S. courts will be willing to reciprocate once FISA is enacted.

Within the e-mail community, the new law is regarded as further evidence of a trend in which legal requirements and best practices appear to be converging, albeit at a glacial pace. The take-away for senders, then, should sound familiar: adhere to CAN SPAM and best sender practices. Send to those who have granted permission, and try to engage with and obtain permission from any segments for whom you do not have it.