May 12 2008

Drawing the Line: Where We Come out

Drawing the Line:  Where We Come out

In the first post in this series, I laid out a dilemma we’ve had internally at Return Path in recent months: whether and how we accept clients who are in “grey” businesses like alcohol, pornography, and neutriceuticals, and whether that applies uniformly across all of our products (software vs. consulting vs. whitelist). In the second post, I reposted a summary of all the comments we received from readers. Now comes the fun part — the so what.

We had a good series of conversations internally on this issue that included some very spirited debate. Here’s where we come out.

First, we drew a distinction between three types of potentially “troublesome” clients: those whose businesses are illegal, or who advertise or sell illegal products; those whose businesses are involved in litigation around email, data, privacy, or security; and those whose businesses are in the grey area, or what we called in our discussions “morally hazardous.” In the end, we decided that for us, there’s no difference by type of product in terms of how we handle the situation. But each class of client has its own issues as well as enforcement mechanisms.

Let’s start with the easy one. Clients who break the law or whose businesses encourage others to do so have no place in our company. The challenge here is more on the edge cases — what about companies whose products or advertising are sometimes illegal (by geography or by age of target audience)? I will come back to that topic.

Next, we move on to those companies who are involved in email-related litigation. We added this category to our thinking because we view ourselves as advocates for end users, the champions of good, high quality email. Ultimately, the decision about whether or not to take on a client who is involved in email-related litigation is subjective. One example of a client we would take on is a very reputable company that has a single instance of a CAN-SPAM violation or investigation by the FTC. But there are other companies who are in much deeper. I will somewhat impolitely refer to them as “pissing in the pool.” As advocates for good email and as stewards of the email ecosystem, we can’t in good conscience allow some of these people to be clients, even of our software, if they have the potential to use the software for evil and not for good. Of course, once the litigation is finished we can re-assess, assuming the company was found to not have violated any laws.

Finally, the tough category, the “morally hazardous.” There certainly is something that resonates with us around one user’s comment that, to paraphrase, if you’re not comfortable telling everyone around the dinner table that you work for Client X, you shouldn’t work for Client X (or, Client XXX, as it were). But at the end of the day, legislating morality is impossible to get right for everyone, at every time. We think it’s not our business what kind of legal business our clients are in. In fact, we go so far as to say that as advocates for end users, our criteria around which clients to accept should be as objective as possible — that is to say, much more around their email reputation (how much do users like the content) than about some arbitrary judgment about what’s right and what’s wrong. We feel like as long as we maintain our policy of allowing employees to opt-out from working with clients or seeing clients’ content that makes them uncomfortable, we’re in as good shape here as we’re going to be.

Of course, that’s not to say we won’t, on a case-by-case basis, turn down a client because of their business. We aren’t a public utility. We have the right to walk away from a client for any reason (or, not to put too fine a point on it, no reason at all). But as a matter of policy we’ve decided to focus on email practices as a basis for who we work with and leave questions of morality of certain types of business aside.

As a final note, we clarified our policies for vetting and enforcing these standards. These do differ a bit by product. For our by-application whitelist, Sender Score Certified, we will continue to ask questions around the types of products and content that prospective clients include or link to in their emails. We will perform extra pre-client research on clients that check a number of boxes on the application that indicate they might be in a grey area or are involved in litigation. We will ask clients to self-certify their goodness. We will perform spot audits of these clients to make sure they stay in compliance with the things that are impossible to automatically monitor, even those tricky ones which are “sometimes legal.” And we will not be shy about terminating those who aren’t.

For our software and professional services, we have a “client vetting” document that asks some of those same questions, and against which we will research and audit as appropriate. For clients of our professional services, we require that sales/client services fill out this document 100% of the time for our standards and compliance team to review. For software clients, we leave it up to sales/client services management to flag the cases where there might be an issue and to run only those clients through the same vetting process.

I think that about wraps this topic up, at least for now. We do our best on this stuff, but it’s tricky, and I have no doubt that however we handle these situations, we will upset someone. I appreciate everyone’s input on this, and I welcome more by commenting below.