Policies exist for a reason. For instance, most email service providers have a policy forbidding the use of non-opt-in lists. Those policies exist because of statements like this one:
Microsoft prohibits the use of the service in any manner associated with the transmission, distribution, or delivery of any unsolicited bulk or unsolicited commercial e-mail (“spam”). You may not use the service to send spam. You also may not deliver spam or cause spam to be delivered to any Microsoft service, Web site, or customer.1
While some companies cannot vet incoming lists, most companies are greatly dependent upon incoming reports from third parties. Most of those reports these days come via feedback loop reports. That means that many of the reports used to tell “good” customers from “bad” customers come from the mailbox provider due to input given from recipients. The other significant input of this data comes from direct complaints sent by those same recipients.
Ultimately, this means that the data used by policy enforcement agents at email service providers to find customers violating their policies are also being used by the mailbox providers themselves to make reputation decisions.
The result is that policy enforcement is purely therapeutic. That is to say, that damage has been done, and the job of policy enforcement is to limit the amount of damage done, prevent that damage from intensifying, and attempt to begin repairs to whatever damage has occurred.
That damage will usually take one of two forms:
- Customer-oriented. This means that most of the reputational damage is limited to the customer’s reputation. The use of dedicated IP space and the growing use of domain-based reputation have greatly helped mailbox providers pin the blame for poor practices directly upon the mailers responsible for sending the mail that users complain about.
- Provider-oriented. By the time that provider-oriented reputational damage has occurred, it is usually the case that a mailbox provider has noticed many unmitigated instances of customer-oriented reputational damage. As it becomes more and more apparent that the provider itself is either unwilling to police its customers or is perhaps actively assisting them in doing things that cause end-user complaints, it becomes more and more likely that the provider will become understood to be the problem and that punitive measures against the provider become seen as the best option.
In a well-run company, policy enforcement’s job is to protect the company from falling victim to the second of those two options. They do this by carefully working with customers who violate published policies to either bring them into compliance or remove them from the equation.
And either result is therapeutic.
Footnotes
- Microsoft Support, Microsoft Anti-Spam Policy, Microsoft Support, https://support.microsoft.com/en-us/topic/microsoft-anti-spam-policy-e4506f97-694f-49bc-8231-cac4369afcb8 (last visited Feb 3, 2020). ↩︎
About the Author
Mickey Chandler is a Consultant & Attorney with over 28 years of experience in Email Deliverability & Privacy Law. He has a strong background in email authentication infrastructure (SPF, DKIM, DMARC), ISP and mailbox provider relations, anti-spam policy and compliance, CAN-SPAM and state anti-spam law gained through overseeing the Abuse & Compliance team at Salesforce Marketing Cloud, originating the ISP relations role at Informz (now part of Higher Logic), and working in the fight against spam since 1997. He holds a B.A. in Government, a B.S. in Computer Information Systems, and a J.D. from the University of Houston Law Center. He is a certified CIPP/US professional and a certified CIPM professional.
