He very kindly responded:

Dear Mickey,

First of all, I thought the writer was a little naive about allowing spammers or web site owners to send her email.

I didn’t like her attitude about “come on one and all.” I have found (by experience) that if I let someone in my email by not giving permission, I have a real problem about getting them to stop and a lot of the time having their friends to come in, as well.

After reading her article I tried to compare it to what I do when I visit a web site. If the web site has a feature on it to find out more about the product or company, I invite them to send the info either by email or a daily, weekly, or monthly newsletter. I haven’t had any problem with getting these companies to stop sending me their info if I ask them or by clicking the unsubscribe link located most of the time at the bottom of their email.

As much as I try to keep the uninvited out, I’m forever receiving mail from the unethical spammers, anyway. I have found out (by experience) that if you tell them to stay out, they change a letter or number slightly and resend the email. It is an on going battle to say the least, but I work as hard as I can to keep these bums out of my email.

Love ya,

Dad

There you have it, folks.  His concern is that if you start sending him mail without permission that he won’t be able to get you to stop sending him mail when he wants you to.  That sounds pretty sane and rational to me.  If someone starts emailing without permission, why would their recipients expect them to then stop emailing at any point?

And the bottom line here: My dad, at least, sees people who who email without permission as bums who should be kept out of his inbox.

So, yesterday I put out a list of the bottom 10 posts of 2009. I promised then that I’d put out a list of the top 10 posts today, and here they are (in reverse order — #1 is really #10).

1. IP relisted despite no more mail being sent. It seems like I blogged about Barracuda a lot. Truth be told, I probably had more problems out of Barracuda in 2009 than I did anyone else. This post was about them relisting an IP address even though they could not have had any fresh complaints since there had been no mail going out over it in more than 30 days.
2. When is transactional mail not transactional anymore? This post was over what changes the nature of a mailing. In this case, it was a date on a membership card. Mail sent before the expiration date is transactional, but mail sent after is commercial marketing.
3. Barry Speaks: We won’t shut-up and eat your spam. This is one of those anonymous blog posts by the well-known “Barry”. In it, Barry explains that ISP’s don’t really care about senders’pain so much as they care about senders sending mail that the ISP’s customers actually want to get.
4. Yahoo! running (some of) Verizon’s Email Services. Talk about old news making the news again. In the course of investigating a blocking issue for my employer, I discovered that the mail server for the Verizon customer we were mailing was flowing through Yahoo’s service. The rest, as they say, is history.
5. Breaking: SORBS bought by GFI (with confirmation!)After reading on another blog that the SORBS DNSBL had been bought by GFI, I reached out for confirmation….and got it.
6. SORBS Closure Imminent. This was a post about the announcement by Michelle Sullivan that the SORBS DNSBL was in danger of closing.
7. The hard truth about email. This post, which comes in forth on the top 10 list for page views comes in first for the number of comments (and we love comments!). It’s a reminder for senders that the ISPs’resources are limited and tend to get overloaded during the holiday season.
8. Use Private Domain Registration and Go to Jail?. This post was a commentary on USA v. Kilbride, (9th Cir., 2009), which featured a section which, if I read it correctly, indicates that use of Domain Privacy services by marketers may well violate the CAN-SPAM Act.
9. Barracuda & EmailReg.org: Pay-to-play or just joined at the hip? This post was just plain fun to do. There’s some sort of agreement between Barracuda Networks and the EmailReg.org people, but no one outside of those two groups knows what it is. But that duck sure is loud.
10. A CAN-SPAM Checklist. This post had about 100 more page views than the runner-up. It’s a list of things that marketers need to make sure they’re doing to stay on the right side of the law.

And there you have it until next year.

Happy New Year, everyone!

1. 47 USC 230 Explained in English. This was mainly a link post. I wasn’t using Twitter back then or it might have just gone there, but 47 USC 230 is an important statute that has had application in everything from web hosting to spam filtering.
2. Barracuda’s Advertisement-pop-ups Category. This post might have been just a little bit whiny on my part. Barracuda sets websites into certain categories, and they put all websites dealing in advertising into the “Advertising-pop-ups” category. I still think it’s poorly named, and that their “this is industry standard” excuse is just a canard, but it’s their system.
3. You want me to pay to keep from being blacklisted? This post was about Emailreg.org, which still, even to this day, appears to be a shadow for Barracuda. It’s a whitelist mainly used by their appliance, and it’s hosted on their network. And you have to pay money to be included on it.
4. Lycos Europe Mail Shutdown Date. This one is pretty much what it looks like: an announcement about an impending domain demise as Lycos Europe shut down its mail operations.
5. Russians Selling Spam Lists. Here’s another one that would likely have been posted to Twitter had I been using it back when I posted it. Symantec posted some evidence that Russian spammers are selling email lists.
6. Can I use images to display my URIs?. This is a brief post on how using an image instead of text to display a link in your email may not be the world’s greatest idea.
7. Hypertouch Loses. Here’s a quick post on a small ISP losing a court case. My beef with this one was a quote by a defense attorney saying that a trial court level case set a precedent.
8. Could Spamford be going to jail?. Here was another post that maybe should have gone to Twitter instead of being a post on the site. Sanford “Spamford” Wallace was being threatened with some jail time for contempt of court for violating an injunction from his loss to Facebook.
9. Video in Email. Here’s a post I really wish more people had seen as it discusses a topic that I get asked about a lot: Can we embed videos into email. The answer, unsurprisingly, is that it’s not any more likely to succeed now as it was three years ago.
10. Reading Terms of Service. How often do you read the Privacy Policies of the sites you visit? How often do you think your customers/recipients do?

As reported on Spamsuite, the 9th Circuit opinion in USA v. Kilbride, (9th Cir., 2009) has been released. This is primarily an obscenity case against the defendants for sending pornographic spam email. But, it also includes a challenge to 18 U.S.C. § 1037 on vagueness grounds.

18 U.S.C. § 1037 is the part of the CAN-SPAM Act that deals with fraud and falsity in headers. And, from appearances, the Defendants were using false information in their registration. One of their arguments (and the Court’s response to it) appears as follows:

Defendants also argue that the definition of “material falsification” renders § 1037 unconstitutionally vague specifically as to whether it would criminalize private registration of a domain name. As testified to at trial, private registration is a service that allows registration of a domain name in a manner that conceals the actual registrant’s identity from the public absent a subpoena. We fail to perceive any vagueness on this point. Based on the plain meaning of the relevant terms discussed above, private registration for the purpose of concealing the actual registrant’s identity would constitute “material falsification.”

(from page 29 of the PDF)

So, what does this mean for the email marketer? Don’t use private registration services like Domains By Proxy or the various domain privacy services offered by several providers. As Laura points out, it’s one of the things that identifies you as a spammer. And given this pronouncement by the 9th Circuit, it’s probably also now a violation of your Email Service Provider’s rules of use or terms of service.

Not only does it identify you as a spammer, but if the FTC or the US Attorney’s Office starts reviewing your practices with an eye toward prosecuting you for CAN-SPAM violations then your attempt to hide behind the service then becomes a violation in and of itself.

Hat Tip: Thomas O’Toole

Related articles by Zemanta

• Court Rules That Using Domain Registration Privacy Services Represents ‘Material Falsification’ (techdirt.com)
• Use a Domain Privacy Service? There’s a Prison Sentence for That! (marketingpilgrim.com)

Are things about to get notably better for Internet end-users? This week, it appears to be the case; some noteworthy events took place in the past few days potentially providing several breathes of fresh air: Net neutrality concerns were addressed in Canada, the DMA is coming to its senses, and an important piece of anti-spam legislation is moving slowly forward.

CANADIAN ANTI-SPAM LEGISLATION
Bill C-27, the Electronic Commerce Protection Act has been wending its way through the legislative process in Canada. CAUCE has been an active participant in the process going back a decade and with our membership on the Federal Task Force on Spam back in 2004

On Wednesday, October 22, 2009 as part of process for the House of Parliament, the bill was given a clause-by-clause reading in the Standing Committee on Industry, Science and Technology.

There has been very intense lobbying by opponents to the bill, many of whom are, to my mind, ill-informed about current industry best practices.

For example, a committee member made a suggestion that unsubscribing recipients could take as long as 30 days, based on the rationale that ‘senders take vacations’. Happily, the committee stuck to the original proposal, 10 business days, which is coherent with America’s CAN-SPAM Act, and entirely reasonable.

Another issue, the so-called “grandfather clause” was also discussed at some length.

In essence, this clause allows for a period, starting with the adoption of the law, wherein senders who have an active business relationship with a recipient can send mail to a recipient. The original proposal was 18 months, a very long time in anybody’s book, except one special interest group, who lobbied for a six-year time frame. Happily, that was ignored, but the period was extended to two years.

Other key clauses such as private right of action, something CAUCE pushed for were accepted.

Committee adjourned until Monday, October 26, when the clause-by-clause review will continue, and should the bill pass, it will move back to the house for a third and final vote. After which, it faces the same process (three rounds of votes and referral to committee) in the Senate. Sources say the government is focused on having C-27 become law before the end of the year, and there is still plenty of time for things to go right, or go wrong.

Powerful lobbyists representing special interest groups continue their attempts to water down or kill the bill entirely.

On the other hand, industry leaders such as Return Path. Eloqua, Thin Data Inc., and Exact Target as well as many others have publicly voiced their support for C-27.

CAUCE has put up a petition at http://ipetitions.com/petition/SupportC27

We encourage you to sign it, and if you are Canadian, please pick up the telephone, and call your member of parliament and voice your support directly! Their contact information can be found here.

MARKETER ASSOCIATION REVAMP
Matt Blumberg, CEO of Return Path (and in the interests of full disclosure, my employer) was elected earlier this week as part of the Reform Block to the board of the Direct Marketing Association.

Blumberg was blunt about his agenda:

The DMA could be stronger in fighting for consumers’interests.

“Why? Because what’s good for consumers is great for direct marketers. Marketing is not what it used to be, the lines between good and bad actors have been blurred, and the consumer is now in charge. … The DMA’s best practices and guidelines take too long to produce and usually end up too watered down to be meaningful”

Read the rest of the Blumberg manifesto.

All in all some tangible, encouraging signs are beginning to be seen on the stark Internet landscape, let’s hope that they are actual oases, and not mirages.

CANADIAN NET NEUTRALITY
In Canada, net neutrality advocates and consumers had something to celebrate, when the Canadian Radio-Television Commission issued their report yesterday.

Prof. Michael Geist (a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law) had this to say:

Though (the report) does not go as far as some advocates might hope, it unquestionably advances the ball forward on several important fronts. When considering the decision, it is important to remember that 12 months ago, there was virtually no ISP disclosure of traffic management practices and even an unwillingness to acknowledge that there was an issue. Today’s CRTC decision signifies that traffic management is not a free-for-all and the days of ISPs arguing that they can do whatever they please on their networks is over.

All in all some tangible encouraging signs are beginning to be seen on the stark Internet landscape, let’s hope that they are actual oases, and not mirages. It’s been a pretty good week!

Neil Schwartzman is the Executive Director of CAUCE North America – The Coalition Against Unsolicited Commercial Email, and the Director of Standards & Security for Return Path’s Certification Services.

Kevin, a 40-year-old from Sacramento, Calif., likes to keep a tidy inbox. He’s very deliberate about removing himself from mailing lists and anything else that might clog up his e-mail. So recently, when he received a marketing pitch from his credit card company, Capital One, he quickly asked to be removed from its list. The response he got surprised him.

“We bring these offers to customers as part of our customer agreement and therefore do not provide a means to prevent this valuable information from reaching them,” the firm responded.

In other words: “No.”

Source: The Red Tape Chronicles – MSNBC.com

Capital One’s email was an offer to transfer balances to their card at a teaser rate of zero percent for 12 months. And the email claims that it’s transactional:

“This e-mail was sent to (you) and contains information directly related to your account with us,” it says.

And, if that wasn’t clear enough, their spokesperson said:

“Customers can opt out of marketing e-mails … but cannot opt out of account management communications, such as statement notifications, rewards information,” and similar notices, said Capital One spokeswoman Pam Girardo. “This is stated in the privacy notice sent to all customers annually.”

This is bad karma. You see, Capital One wants to send email that will be received and seen (and then hopefully acted upon). But, by going this route, they are going to generate complaints. And what do complaints generate? Filters and blocks.

What would be interesting to me would be to find out if Capital One segregates its mailings of account notifications and other purely transactional email to dedicated IP addresses and has its marketing mailings go out over other IPs.

Since they appear to feel that these mailings are transactional instead of marketing, then we should find that they are sending these balance transfer offers out over their transactional IPs and not their marketing IPs. That SHOULD translate into increased blocks and bounces for things like account statements and privacy policy notices.

Why? Because Capital One is too bull-headed to let people opt-out of certain classes of email. Or, to put it more succinctly: They refuse to follow industry best-practices.

No unsolicited messages may be sent to a recipient on a mobile domain for any reason, period. Here’s the general rule from the FCC’s Order mandated by CAN-SPAM:

“The CAN-SPAM Act directs the Commission to issue regulations to protect consumers from ‘unwanted mobile service commercial messages.’Thus, we adopt a general prohibition on sending commercial messages to any address referencing an Internet domain name associated with wireless subscriber messaging services” FCC Order).

This has, in one recent FCC decision, been expanded to include customers of the mobile phone company itself, so it’s pretty clear that the FCC is intent on enforcing this in all instances.

The one exception to this is if the recipient has given “affirmative consent”. On this point the FCC says:

“44. We note here that in the event any complaint is filed, the burden of proof rests squarely on the sender, whether authorization has been obtained in written or in oral form. We do so to avoid the likelihood that any businesses will try to fabricate authorization. Given the potential costs and inconvenience to subscribers to receive such MSCMs, it is important that such messages be sent only to those wireless devices belonging to receptive subscribers. We strongly suggest that senders take steps promptly to document that they received such authorization. Recognizing the potential for fraud by both a person signing up someone else to receive MSCMs and by businesses fabricating authorization, we recommend that the business confirm the electronic mail address with a confirmatory notice sent to the recipient requesting a reply” (FCC Order at page 18, emphasis added).

If you really want to send commercial email to wireless domains, then you must make certain that you have firm, documented, verifiable, and informed consent before sending any form of message.

So, what should best practices be?

1. You should make certain that you regularly download the list of wireless domains maintained by the FCC and wash addresses in those domains from your general lists.
2. You should segment your wireless domain addresses into their own list.
3. You should make certain that you implement double opt-in for addresses on the wireless segment, even if you don’t use double opt-in in general.

Then it’s more of a matter of following all of the other best practices for sending commercial email in general.

Breaking away from the traditional Q&A format today, I’d like to offer a small piece of advice to Earthlink customers:
Earthlink’s spamBlocker is the tool of the devil if it’s not configured properly.

A central element to the agreement is a provision giving affected customers a one-year subscription to spam-blocking software. The Trend Micro Internet Security Pro retails for about $70. TD Ameritrade said it struck a deal with Trend Micro to service the settlement agreement for about $6 million, the parties told Walker in court briefs on Friday. A solution for those using Apple computers was added to the deal.

In all, lawyers in the case said Ameritrade is likely to spend $10 million on the deal. With attorney’s fees, the deal is expected to run the Nebraska company $12 million, or about $2 for every affected customer covered by the lawsuit.

There’s no evidence that anyone’s identity was actually stolen in the data theft at the root of the suit. So, it’s probably not a terrible deal.

And then it gets interesting:

In an unusual twist, lead plaintiff Matthew Elvey, an IT computer consultant who signed the agreement, now says it’s not good for customers and that he was “threatened” by his lawyers into signing it.

Sounds like this suit could become “fun.”

Infoworld Wants My Data

It seems a bit strange to me, but upon visiting Infoworld’s website I’m confronted by this browser security popup telling me Infoworld would like to be able to “read private data from any site or window”.

What makes them think they need this information?