Alex Schultz, a good friend and ex-colleague of mine posted the following message on his blog:

I am confused. I thought goodmail was meant to fix spam or help it and yet here I have two goodmail certified mails from a company who I did'n’t subscribe to and have no idea who they are.

These are the first two goodmail certified mails I have ever seen.

Here’s a screenshot of his inbox:

Interesting….

Joe Manna listed 50 unique characteristics of spammers on his blog recently. Read it to determine if you’re on the dark side (or not). My personal favorites are marked in bold :-)

1. You begin your emails with, “Dear Friend,” “Dear Customer.”
2. You bought, purchased, rented or “joint ventured” your list with others.
3. You refer to your customers and prospects collectively as a “list.”
4. You live your marketing career one batch email at a time.
5. Your email consists of a size 38 Impact font.
6. Your emails have nothing to do with recipient’s interests.
7. You have an email marketing campaign send daily email to your prospects.
8. When times get tough, you just hit your lists harder.
9. You don’t bother checking your “From” address for human replies.
10. You only see Digg and StumbleUpon as sources of thousands of hits.
11. Your email is sent to yourself, blind-carbon copying recipients.
12. Your email lacks the necessary unsubscribe link.
13. You padded your unsubscribe link with more than four lines to bury the link below the fold.
14. Your email contains more CAPS  than a Pepsi bottling plant.
15. Your subject lines begin with “Re:” or “Fwd:” even though you didn’t reply or forward.
16. You predicate your call to action with “If you’re interested…” or “If you’d like…”
17. Your email makes assumptions that your readers want to buy more when they just bought something.
18. The graphics in your e-mail are the email.
19. You worry about how many opt-outs and bounces you might earn, rather than the value you provide your subscribers.
20. Your email recipients have no idea who you are or why the received your message.
21. You can honestly say you live your life one spam complaint at a time.
22. You changed email service providers four times in the past two years.
23. You know your ESPs abuse desk personnel on a first name basis.
24. Your ESP’s abuse desk personnel know you on a first name basis.
25. When asked about spam, you instantly deny it, citing CAN-SPAM Act technicalities.
26. Your email contact database is older than your shoes.
27. Your contact database is segmented into “blast,”  “email” and “do not email.”
28. You sent an email and suddenly wonder why you landed on the blacklist of several ISPs.
29. You insist it’s the fault of the ESP that your deliverability is in the dump.
30. You recently purchased a list of leads and telepathically know they want your email.
31. Your opt-in Web Form lacks any sort of expectation of email.
32. You send several thousand pieces of email on a daily basis, yet don’t consider yourself an Internet marketer.
33. You send several hundred pieces of email and feel exempt from anti-spam laws.
34. You just exported your Outlook address book and imported that into your email provider.
35. Your small business had 1500 customers for the previous year, yet you sent mail to 40,000 “prospects.”
36. You’re in search of an email list cleaner, email blaster or mass mailer.
37. You’ve got the latest information diet pills, mortgage offers, debt consolidation and are the expert in making money quick with no obligation.
38. People opt into your marketing  expecting a free iPod and they get bombarded with offers.
39. When you go to trade shows, you collect email addresses, not network with industry peers.
40. To you, search engine optimization means more traffic, not better results for visitors.
41. Your email marketing consists of sending offers to your entire list of contacts.
42. In an effort to get your email delivered, you include the text of “F.r.e.e” or “no.ris.k” in your messages.
43. You blame your recipients for reporting your message as spam to their ISP.
44. It’s a good day for you when the spam complaints are below 3%.
45. You’re a member of an organization and believe you can “blast” your message to all members.
46. You decide the value of your email marketing, not your recipients.
47. You have an abnormally large database for the actual interest in your products.
48. You seem to have invented a new form of opt-in, known as a “soft opt in.”
49. You aren’t sure if your contacts are opted in or what they opted in for.
50. Your lead generation model consists of a fishbowl at conferences.

Lee LeFever over at Common Craft created a video that explains the concept of phishing. Please share this with your friends, family, customers and anyone else you can think of!

Hat tip: EmailKarma

Because I am looking for information on opt-in and privacy laws in Sweden, I posted a question on LinkedIn Answers. L-Soft's Outi Tuomaala pointed me to one of their webpages that contains a table that gives a basic overview of email requirements in the United States and Europe. Of course you should always check national legislation in each country/state for more detailed information.

Recently the FTC has approved four new rules under the CAN-SPAM Act of 2003. You can find the press release here.

In this article, Mark Merckler, General Counsel for UniqueLeads explains what it all means in layman's terms:

1. Contrary to what many believed they would do, the FTC did not shorten the time frame for honoring opt-outs. For the foreseeable future it will remain at ten (10) days.

2. The FTC limited acceptable opt-out procedures to simple, one step operations, requiring no more than the user supply his or her email address and preference.

3. The FTC modified the definition of “sender” to make it easier to determine which party is responsible for complying with the Act’s opt-out provisions.

4. The FTC specifically allowed the use of a USPS PO Box, or private mailbox service as meeting the “valid physical address” requirement. (Thank goodness the legal folks won’t have to negotiate this point anymore.)

5. The definition of “person” was expanded to clarify that the Act’s provisions apply to companies as well as individuals.

These are the most important points affecting our industry. However, the Commission’s Statement of Basis and Purpose will be published in the Federal Register in the next several weeks. It will provide a lot more guidance on what the FTC was thinking when it promulgated these new rules.

Source: dmconfidential.com

A while back I asked the following question on the Email Marketer's Club's forum:

If we all agree that CAN-SPAM legislation is just the bare minimum that email marketers should adhere to in the US, doesn't that mean it's time the email industry lobbies for stricter legislation? In my view stricter US spam legislation (at least require prior consent before you can include someone to your mailinglist) will benefit the industry as a whole. What's your opinion on this?

Judging by the responses, you can say that this certainly is a topic that many of us feel passionate about. Here's what people said:

• "Yes, legislation for the right reasons, that can actually improve email as communication channel, I agree with. Legislation to punish only the people who can be found and sued is a waste of everybody's time."
• "I do think that ISP's need to be more accountable for delivery/non-delivery of messages. I would love to see legislation that says if you provide a spam complaint button, you must deliver the complaints to the sender (just like a bounce message). I would like to see legislation against black holing of messages (aka Hotmail). I would also like to see ISP's held responsible for their own networks being abused and pumping out most of the bot-net spam that occurs."
• "I believe CAN SPAM either needs to evolve or be superceded by stricter anti-spam legislation. However, I'm not holding my breath for that to happen anytime soon, seeing as it took at least eight years for CAN SPAM to be generated and pass."
• "The biggest disservice Can-Spam did was legitimize the concept of opt-out. If I had a dollar for every forum post or email from marketers assuming Can-Spam compliance was a carte blanche to send what was effectively spam, I'd be writing this from a laptop on a very expensive cruise. Which is why I would love to see the US switch to opt-in. Almost everywhere else has permission as part of their anti-spam legislation, and I don't see email marketing in those countries suffering as a result. After all, permission is a basic best practice."
• "The problem with legislation is that those who make these rules/laws often do not know the industry as we do and this makes the outcome unpredictable. Not to mention possible other political objectives than just making the world a bit better."

It seems that most people are against making legislation stricter, because they fear that only legitimate marketers will be punished. However, I continue to believe that the industry should lobby for an opt-in legislation in the US rather than the current opt-out legislation. The need to have permission before you can legally send marketing emails to consumers is instrumental in creating a positive perception of email marketing and will help safeguard email as an effective marketing channel in the longer term. And yes, I know that having permission is only the first step (of course your emails have to be relevant etc), but it's a very important first step.

Read all the answers to my question here (login required) and feel free to share your opinion as well! If you are not a member of the Email  Marketer's Club yet, you can request an invitation to join.

Over at the Email Marketer's Club recently a member posted a question which resulted in 38 heated replies. The question was, is it OK to send a one-off email to people who have bought something from you but who have not opted in to receive email?

The person who asked the question said that out of 700,000 customers, only 200,000 had checked the box which said 'I am happy to receive marketing emails from you' (or words to that effect). So that meant they were sitting on half a million email addresses and it 'seemed a waste' not to market to them. He was thinking of sending them an email (just the one!), perhaps offering a free gift by way of appeasement. It was just too tempting. Surely worth a try?

There then followed a great deal of debate and opinion, ranging roughly from 'if you do so you will be a spammer' to 'you COULD try it, but it may reflect badly on you if people complain.'

The rules about what is and isn't permissible in email marketing, in the UK at least, are not black and white. The Information Commissioner's website has guidelines on the subject.

Nevertheless, in the above case there were no grey areas. Those 500,000 people had the chance to check the box and give their permission, and they did not. That means they don't want to get emails from this company, even 'one-offs'.

Rather than risk losing the trust and loyalty of customers, not to mention your company's reputation, why not focus on those 200,000 people who have actually given their permission? They are the real goldmine, after all. Use your loyal customer base to up-sell, cross-sell and refer their friends.

Source: Eggbox Marketing's eTips Newsletter

Derek Harding wrote a great article on ClicZ today which he concludes by saying: "Absent a law requiring consent, we need a united front on consent. That means our trade groups must make it clear that opt-out is spam and spam is bad for e-mail, bad for our customers, and bad for us. They must state without equivocation or prevarication that consent is a requirement and act to ensure their members adhere to such requirements. Without these actions, we'll be in just as bad shape in 2010 as we are now."

He's saying this because "there's been a great deal of discussion lately about why, after 10 years, e-mail marketing is still struggling with the basics of deliverability and consent." And he his continues by saying that "much of the trouble we see today is of our own making. We messed up, big time."

Why? Because "back in 2003, when the federal government sought to enact anti-spam legislation, a variety of industry groups pushed for, or acquiesced to those who pushed for, weak legislation that didn't actually outlaw spam. They argued that any marketer should be permitted to send one e-mail to anyone they wished and pushed for companies being permitted to send e-mail to anyone with whom they had a prior business relationship.

The end result was the CAN-SPAM Act of 2003, nicknamed by some anti-spam activists as the "You CAN-SPAM Act" because it legitimized spam and overrode more restrictive laws in a number of states. If I had a penny for every time a marketer used the excuse "but the lawyers say it's OK" to try to send spam, my trousers would drop. Problem is, the law doesn't clearly and unambiguously require companies to obtain verifiable consent before sending e-mail to individuals."

Read the full article here.

J.F. Sullivan wrote an interesting post on the eec blog today about the resurgence in CAN-SPAM interest in the news recently.

He wants to remind everyone that CAN-SPAM compliance is the most negligible form of email marketing compliance that you can actually do. If you are building a program and infrastructure to effect CAN-SPAM compliance as your only goal, then by all indications you will essentially appear to be a spammer. You may ask yourself why that is, and while there are many reasons, it basically comes down to permission. CAN-SPAM doesn’t require permission from the end user while the industry at large does.

He compares it to going out on a first date. You know you need to perform a set of personal hygiene acts. CAN-SPAM compliance is akin to just brushing your teeth and throwing cold water on your face. If you hope to get a second date or even a phone call, you need to put your best foot forward. The latest threads and a bit of cologne might be in order. Aiming for the bare minimum shouldn’t be your goal and that is what CAN-SPAM is -- the bare minimum. Read the full post here.

1. Ignoring "unsubscribe" requests.
This may sound like a no-brainer, but if you don't stay on top of your "unsubscribe" requests, you might get an unwanted surprise from a frustrated user who gets your newsletter once too often -- getting dropped into the spam bucket of his or her email service.

2. List "repurposing."
Recycling customer email lists may be handy to the marketing department, but it could hurt your business in the end. And sharing addresses with your sister company counts, too. Symantec's Fubini says he's seen cases where a company builds up a mailing list for one product and decides to just apply that mailing list to a new, unrelated product, which can cause problems. You have to ask whether the customer really wants to hear about this second product, he says.

3. Providing unclear privacy checkbox instructions, and ignoring users' responses.
If a box is pre-checked to opt in, that may appear suspicious and unprofessional. And if the opt-out instructions are confusing or unclear, you could turn users off -- and potentially get into hot water.

Today I received a phishing email disguised as an eBay promotion. If it hadn't arrived in a mailbox that I never used to sign up for eBay (that was clue #1), I would definitely have fallen for their trap.

Even though I have been reading about this type of spam/phishing emails in the last couple of weeks, I was shocked to see how good these guys are in conceiving people!

Basically they sent an email announcing a price promotion on eBay.com (that was clue #2: I'm not registered on the .com site so eBay.com is not allowed to send me any emails):

I've seen phishing emails before, but the scary thing about this one is that these spammers were mimicking an actual eBay email in which an actual price promotion was announced.

Read more about this phenomenon here.

Spammers have grown more sophisticated, just like permission email marketers, and have incorporated many new tricks into their dark bag of tricks. Spam has also taken on new appearances and ambitions. 

In this article, Simms Jenkins analyzes a week's worth of spam to see what spammers are up to, and compare their tactics to best practices.

Read more here: Dissecting a Week's Worth of Spam (iMedia Connection)

A study carried out by data and marketing company CDMS has revealed that 31% of UK companies are not complying with the EU Directive on Privacy and Electronic Communications, more than two years after it became UK law in December 2003.

The European legislation which governs emails with private individuals, demands that companies only send unsolicited sales messages via email to non-customers if they have actively opted-in to receiving them.

Companies across industry sectors were tested to see whether they consistently offered non-customers the opportunity to opt-in to further marketing emails when their details were recorded as the result of a promotion or enquiry. These promotions appeared either on the company's own web site, through a partner company's website, in a third party e-newsletter, or as part of an advertising or direct mail campaign.

Janine Popick reports on her blog that the UK has updated  the Companies Act 1985 to the Companies Act 2006 and has some additional requirements for email and websites.

All companies that send email from the UK need to put their registered address in the footer (instead of just a valid company address) along with their company registration number and place of registration.

Read more here and here.

Spamlinks.net is a pretty comprehensive anti-spam portal that contains everything you didn't want to have to know about spam. It's all there...

A new series of proposed laws could make life much harder on US email marketers, if they are passed.

Several bills are simmering at the state level that could force email marketers to switch to an opt-in model, rather than the current opt-out one, according to Jim Conway, vice-president of government relations for the Direct Marketing Association, speaking at MediaPost's Email Insider Summit on Tuesday, MediaPost reports. Conway added that if these bills are successful, they could easily be the model for other states, and even the U.S. Congress.

Also, the FTC now is taking a closer look at privacy policies. At the Tech-Ade conference last month in Washington, D.C., commissioners indicated that they were concerned by a perceived lack of transparency in privacy policies, Alan Chapell, president of Chapell Associates, said. Chapell added that marketers may need to come up with new, more stringent policies to avoid government regulation.

"Now the commissioners are saying the traditional privacy policies are insufficient. Again, we're risking government regulation. So maybe we need to go above and beyond the traditional privacy policies."

Source: MarketingVOX.com

Yesmail’s settlement with the Federal Trade Commission last week sent tremors throughout the industry as other e-mailers scrambled to figure out how the company became ensnared in the FTC’s spam-fighting apparatus and how they could avoid a similar scenario.

Yesmail agreed to pay $50,717 to settle charges that its recently acquired @Once unit violated the Can-Spam Act.

The alleged violations happened in 2004. Yesmail acquired @Once in 2005.

Though the size of the settlement was relatively small, the FTC’s press release and complaint were worded such that it was difficult to tell what happened and whether or not others are in danger of coming into the FTC’s crosshairs under similar circumstances.

According to the FTC, @Once’s spam-filtering software blocked some “reply to” unsubscribe requests from recipients as spam, resulting in @Once failing to honor those opt-out requests and sending thousands of e-mails to recipients more than 10 days after the requests, a violation of the Can-Spam Act.

The announcement raised eyebrows in the industry because it looked as if @Once was the victim of a technical glitch. The Can-Spam Act contains a provision protecting senders whose opt-out mechanism “is unexpectedly and temporarily unable to receive messages or process requests due to a technical problem beyond the control of the sender if the problem is corrected within a reasonable period of time.”

Read more here.

In this article eROI's Dylan Boyd summarizes the 7 steps to CAN-SPAM compliance:

1. Include an Unsubscribe Link That Works
2. Don’t Share Customer Addresses
3. Confirm the Subscription
4. Offer an Unsubscribe Link
5: Avoid “Negative Opt-In”
6. Identify Yourself Clearly In Every Message
7. Follow Through

Read the article here.

There's an interesting discussion going on on the MarketingProfs discussion boards after one user posted the following message:

"It seems to be the opinion of many participants in this forum that unsolicited email is not something which "reputable companies" will do. Many have suggested that marketers create content-based web sites and build an opt-in list - and many consultants who participate in this forum can help companies do just that.

Yet many who visit the forum seem to want to send unsolicted emails. Unsolicited emails are legal under certain conditions in the US. Small companies may not have the marketing budget or the time to create and maintain elaborate sites to become "thought leaders".

I'm not interested in hearing your rant about SPAM. What I am interested to know is: where do you personally draw the line, between "acceptable" unsolicted email, and "unacceptable" unsolicited email?

For example, I subscribe to eFax, and can receive FAXes for free - but as a subscriber to the service (which I highly recommend) I occasionally get an unsolicted email, which I'm happy to glance at and delete. I know that the sender must pay eFax to send the message, and I consider the companies reputable and proper for sending these.

Also, if I have my email address posted on a web site, and someone reads my web page, feels we have a reason to communicate, and sends me a short text-only email with a link to their site, I typically appreciate their efforts.

Where do you draw the line - as a sender, and as a receiver of unsolicited email?"

Read the reaction of MarketingProfs' members here.

As he promised us, Mark Brownlow added some more summaries of local anti-spam laws:

• Anti-spam laws in the UK
• Anti-spam laws and the EU
• Anti-spam laws in Australia
• Anti-spam laws in Canada
• Anti-spam laws in New-Zealand

Thanks for the summaries, Mark!