Mar 182008

A Flurry of CAN-SPAM Activity – Is It Meaningful?

A Flurry of CAN-SPAM Activity – But Is It Meaningful?

Our four-year old oft maligned anti-spam legislation in this country, the CAN-SPAM act, has seen an uptick of activity this past week. 

Melinda Krueger sums up the sentiments of many in the anti-spam community in her Email Insider column today when she says,

There is no provision in the act against sending unsolicited email as long as you comply with the rest of the act. The motivation of the act was more to make voters feel politicians were doing something about this annoying problem.

In the last two days, however, we got news of ValueClick’s $2.9 million settlement with the FTC over a CAN-SPAM violation (the largest ever), as well as notorious hardcore spammer Robert Soloway pleading guilty on a variety of charges for Really Bad Things, probably including spamming (I’ve read differing reports of his plea, some of which include the CAN-SPAM violation, and some of which don’t).

I’ve never felt that CAN-SPAM did all that much to stop sneaky practices.  It has loopholes so large you can drive a semi through it.  People joke that the law means, “yes, you CAN spam.”  Yet, the law does seem to be doing at least a little of what it was intended to do, which is give the federal government the teeth to go after the bad guys. 

Soloway undoubtedly is a bad guy.  ValueClick may or may not be a bad guy, depending on who you talk to.  But, weak as the law may be, public fines and convictions for violations of CAN-SPAM will ultimately start to impact both the black hats and the grey hats.  Let’s just hope the feds keep up their enforcement work!

Filed under: Email


May 152007

Why Exactly Does Anyone Use WebEx?

Why Exactly Does Anyone Use WebEx?

We had a terrible experience with WebEx a couple years back, which I blogged about here.  Since then, we’ve happily been using Ready Talk with nary a problem.

WebEx’s sales reps spam me all the time, and no matter how many times I try to get off their list, I keep getting the spam.  It’s embarrassing that an e-company is in flagrant violation of CAN-SPAM, the most permissive anti-spam law around.

But I’ve been on two or three WebEx calls lately where, sometime in the middle of the call, an automated voice comes on and says “thank you, your conference call is now over,” and closes down the call.  Sometimes, dialing back in works, sometimes it doesn’t.  Once a couple weeks ago, when dialing-in didn’t work, I just emailed everyone on the call, and we switched to my Ready Talk number.

I’m not sure how much due diligence Cisco did on them before acquiring them for a gazillion dollars recently, but the mix of poor technology, overly aggressive sales reps in violation of the law, and awful customer service sounds like a nightmare to me.

Filed under: Email

Tags: , , ,

Jul 282005

Beyond CAN-SPAM: The Nightmare Continues

Beyond CAN-SPAM:  The Nightmare Continues

Turn back the clock to the end of 2003.  A bunch of states had recently passed their own anti-spam bills, and California had just passed the then-notorious SB186.  Commercial emailers were freaking out because compliance with a patchwork of state laws for email is nearly impossible given the nature of email and given the differences between the laws.  The reult of the freakout was an expedited, and decent, though far from perfect, federal law called CAN-SPAM which, among other things, preempted most of the individual state laws under the interstate commerce clause.  Most of us noted that the federal government had never worked so swiftly in recent memory.

Now it’s mid-2005, and a new cycle of state email legislation craziness is underway, this time with Michigan and Utah in the lead.  Once again, the legislation is well-intentioned but incredibly impractical.  I haven’t heard an appropriate amount of kicking and screaming about this yet, so let me give it a shot.

The laws themselves are billed as “Child Protection Acts.”  They ban email advertising (and also other electronic forms of advertising, like IM, phone, fax) to minors for things like guns, liquor, gambling, porn, tobacco, and — one of the kickers — “anything else deemed to be harmful to minors or unlawful for minors to purchase.”  The bans are in place even if the child has requested the advertising.  The proposed solution is an email address registry of chidren’s email addresses which would act as a suppression list for mailers, is run by a third party, and costs a $7 CPM per suppression run, per state, based on the size of the input file, not the size of the matches.

Let me start running down the problems here:

1. The laws won’t work comprehensively, as people have to proactively register their addresses with state registries.

2. The laws won’t do squat to prevent international or fraudulent advertisers from hitting children with their ads.

3. People with multi-purpose “family” email addresses will have to make a black-and-white decision about being on the registry.

4. Compliance will be a nightmare.  Since emailers usually don’t have a state tied to an email address, they will have to suppress their entire file against each state’s registry.

5. Charging based on the size of the input file as opposed to the number of matches is ridiculous.  It punishes mailers with large files and is completely divorced from the “value” of the service.

6. The costs are outrageous when you add them up.  A $7 CPM seems low, but multiply it by 12 months (and some people think compliance means more than monthly suppression runs) and now multiply it by at least 2 states — with another 10 or so considering similar legislation, and all of a sudden, a mailer could be paying as much as $1 per name ON THEIR FILE per year.

7. The laws are too vague and potentially too broad.  A law that prevents advertising of anything else deemed to be harmful to minors or unlawful for minors to purchase has some weird and possibly unintended definition consequences.  One example:  apparently, in Michigan, it is illegal to sell cars to minors (odd for a state that includes Detroit and licenses drivers at age 16) — so automobile advertising is a “banned category.”  Another example:  Amazon sells DVDs that are Rated R — does that mean linking to Amazon is now problematic?

8. Anyone can sue — not just state AGs, so look out for a zillion nuisance lawsuits like the old Utah “no popup” law of 2003.

9. The laws may be unconstitutional for any number of reasons, and they may also be in conflict with CAN-SPAM’s supersede clause.

The kicker?  The laws are billed as “Child Protection Laws” — so who the heck is going to stick out their neck and sue the states to force the legality issue?  I’m all for protecting our children…and for eliminating spam for that matter, but I’m sick of governments passing laws with this level of unintended consequences.  Someone ought to make a law about that!

Filed under: Email


Jun 152005

Counter Cliche: Who’s The Dog in this Scenario?

Counter Cliche:  Who’s The Dog in this Scenario?

Fred’s VC cliche of the week is a good one — “If you lie down with dogs, you’ll come up with fleas.” His point is a good and simple one, that VCs shouldn’t take people risks in deals and shouldn’t try to back management teams they have serious concerns about (ethical or otherwise) in the hopes of trying to change the team or change management.

The obvious counter cliche is that entrepreneurs run that same risk in accepting capital from less-than-savory venture investors.  An ethically-challenged investor can wreak havoc on a young company, potentially tying the company up with peripheral legal problems or even damaging the company’s attempts at raising future rounds of capital.  So, VCs can be the dog in the scenario as well.

But I think there’s a broader counter cliche here, which is that one’s reputation in business is always tied, to some extent, to the company one keeps.  This applies to investors, and also to clients, vendors, and partners.  The appearance of a connection to an unsavory character, even if it’s just an appearance, and even if “unsavory” is in the grey area instead of black-and-white, is almost as problematic as a real connection.

Our business at Return Path is a good illustration of this principle, as is the case with many companies in email marketing, since email marketing has some very visible bad guys (spammers), good guys (think eBay and Expedia), and lots of companies that operate in shades of grey in between.  One of our lines of business, Delivery Assurance Solutions (email deliverability), is particularly critical in terms of us having a great reputation in the industry, since we work on behalf of email marketers to get their mail accepted (not blocked/filtered) at major ISPs.  No matter how you cut it, this business invariably involves making some judgment calls from time to time on who’s a “good guy” vs. a “bad guy” in the email marketing world.

We try to be as clear as possible with our prospects and clients about what kinds of behavior we wil or will not accept from clients, since our reputation in this business is everything to us.  We won’t, for example, help a client with ISP relations or monitoring tools if they don’t sign reps and warrantees in our contract about their email practices that go well beyond CAN-SPAM in terms of compliance with industry best practices.  We can’t accept clients into the Bonded Sender whitelist program unless they jump through all kinds of hoops with our third-party watchdog partner, TRUSTe.  And as painful as it is from a revenue perspective, we do fire clients periodically who we discover to be either not in compliance with their reps and warrantees to us, or who we discover to have a particularly poor reputation in the industry.  All of these things are designed to make sure we stay flea-free.

One area that’s particularly tricky for us is what to do with a “bad guy” who comes to us asking for help to become a “good guy.”  While it’s hard to be completely objective about this type of situation, we have an emerging policy around it.  We WILL work with clients who the world perceives as a “bad guy,” but only on a consulting basis to teach them email best practices and how to become a “good guy” (one of my Board members, Scott Weiss from IronPort Systems, calls this Return Path’s 12-step program).  If those clients take our advice and make meaningful and measurable changes to their email programs, we will continue to work with them and will slowly allow them to use our other services over time.  If those clients resist our advice or are too slow to change their ways, we will stop working with them immediately.

I guess the point of the counter cliche is that sometimes it’s hard to tell, as Sally told Harry in the movie, who is supposed to be the dog in a particular scenario.

Feb 012005

Doing its Part

Doing its Part

Fred had a good posting on spam today, riffing on a New York Times article that  is very “doom and gloom” on spam and how it’s taking over the world.  I’ll buy the Times’ argument that there’s an increasing amount of spam out there these days, but as with Fred, I still maintain, as I did in this earlier posting, that we’re out of crisis mode and are on the path to resolution as improved filtering technology and false-positive identification services trickle down to broader usage.

What I think is interesting, though is the amount of criticism that the CAN-SPAM legislation is getting, including in this article from the Times.  It’s not a perfect law — what law, exactly, is perfect? — but it’s starting to do its part.  People in the industry joke that CAN-SPAM means “you can spam,” meaning that the law makes it easier for people to spam legally.

But the reality is that you can’t regulate something until you’ve legalized it, and CAN-SPAM is a good first step in the process.  In the Times article is yet another example of how the legislation is starting to work — Microsoft’s latest law suit (one of many filed by Microsoft and others in the past 12 months) against a known spammer.

No one ever said solving the spam problem was going to be easy.  And no one ever thought there would be any silver bullet — certainly not a legislative one!  But I argue that CAN-SPAM is doing its part through the enforcement mechanism if nothing else.  And while I certainly hope the next step in the legislation around spam IS NOT a do-not email list, I do hope that there is a successor piece of legislation after another 6-12 months of observing the spam situation and the impact, strengths, and weaknesses of CAN-SPAM.

In the meantime, let’s use the tools at our disposal and keep suing spammers…as well as working on industry-based solutions to spam that bring the problem further under control, from filters to authentication to reputation to accreditation.

Filed under: Email

Tags: , ,

Sep 152004

Spam: Crisis, or Approaching Denoument?

Spam: Crisis, or Approaching Denoument?

A few interesting comments on this front today. Fred says the crisis is over, everyone should just calm down. Pamela says spam filtering technology is getting really good now. And I had lunch with Saul Hansell from The New York Times today, who thinks that authentication will make a monumental difference.

[For those of you who read OnlyOnce and aren’t super technical, authentication is the newest trend that ISPs are starting to employ to snuff out spammers. In a nutshell, it’s a technology like Caller ID that lets an ISP verify who’s sending the mail so they can shut it down if the mailer is clearly a bad guy (or someone who blocks Caller ID).]

I’m not sure as Fred says the crisis is over — but I think it’s on the way to being minimized. And Pamela’s right — filters like Cloudmark are pretty darn effective. Things like that just need to be rolled out to broader audiences. And Pamela’s also right that mailers will have to work on managing their identity and reputation in order to cope with new technologies like authentication and beyond. That’s a posting for another day.

But before we declare victory, let’s remember two things:

– First, these things take a LONG time to trickle down to a broad enough audience to say “problem solved.” I mean YEARS.

– Second, the bad guys aren’t going to give up without a fight. This is war! They’ll be back and they’ll find us. They’ll get better at avoiding filters, and they’ll infiltrate things like authentication and exploit loopholes in CAN-SPAM and other legislation. Remember, spam’s economics still work.

So I’m happy to say Spam isn’t still in Crisis Mode, but it’s not resolved either — how about Approaching Denoument?