CAN SPAM compliance information in images

A fellow delivery specialist sent me a question this morning.

What is your opinion on putting CAN SPAM compliance information (postal address, unsubscribe link, etc) in an image?

The short answer is this is something spammers do and something that legitimate mailers should never want to do.
The longer answer needs to look at why spammers do this, why legitimate marketers may think about doing this and what affect this has on the end user perception of mail.
Spammers do this because it means that they can still be nominally legally compliant if someone looks at their email but their physical address can’t be tagged by content filters. Using images is simply a way for them to avoid filters while also avoiding legal liability for violating CAN SPAM. In fact, in some of the cases where a company was taken to court for violating CAN SPAM (no physical postal address, no unsubscribe link) the company argued that the information was in an image that the recipient didn’t keep as evidence.
Because spammers use images for CAN SPAM information has become a sign that the sender is a spammer. It is in the same category as hashbusters, or rotating from lines or whois records hiding behind privacy filters. Spammers do these things because it defeats spam filters and gets their unwanted mail into ISPs a little better than if they don’t do these things. However, any third party looking at that spam, be it a delivery consultant or an abuse desk worker will immediately decide the complaint is valid and the sender is most likely spamming.
Why might a legitimate company want to use images for CAN SPAM compliance? There are bad reasons, like not providing information that can be used for filtering. There are some less bad reasons, though. It may be that they want their entire email to be images, with no room for text. From a design perspective, I can understand this. Companies want their email to be like their print marketing, branded and consistent. Unfortunately, doing this makes the email look like spam.
Unfortunately, using images for CAN SPAM compliance information is what spammers do. Even if a company has the best intentions and isn’t trying to get away with anything, using an image where plain text will do makes that mail look like spam. It makes the sender look like they have something to hide and removes any benefit of the doubt that an abuse desk worker might give the sender.

Related Posts

TWSD: Lying and Hiding

Another installment in my ongoing series: That’s What Spammers Do. In today’s installment we take a look at a company deceiving recipients and hiding their real identity.
One of my disposable addresses has been getting heavily spammed from mylife.com. The subject lines are not just deceptive, they are provably lies. The mail is coming from random domains like urlprotect.com or choosefrequency.com or winnernotice.com advertising links at safetyurl.com or childsafeblogging.com or usakidprotect.com.
The spam all claims someone is “searching for…” at their website. The only thing is, the email address is associated with a fake name I gave while testing a website on behalf of a client. I know what website received the data and I know what other data was provided during the signup process. I also know that the privacy policy at the time said that my data would not be shared and that only the company I gave the information to would be sending me email.
Just more proof that privacy policies aren’t worth the paper they’re written on. But that’s not my real issue here.
The real issue is that I am receiving mail that is clearly deceptive. The subject lines of the emails up until yesterday were “(1) New Message – Someone Searching for You, Find Out…” Yesterday, I actually clicked through one of the messages to confirm that the emails were ending up at mylife.com. After that, the subject lines of the emails changed to “(1) New Person is Searching for You.”  I don’t know for sure that my click has caused the change in subject lines, but the timing seems a bit coincidental.
It’s not that someone, somewhere gave mylife.com bad data, or that someone typed a name into the mylife.com search engine and the mylife.com database showed that name and my email address were the same. Neither this name or this email address show up in a google search and I can say with certainty that this is a unique address and name combination given to a specific website. Therefore, the subject lines are clearly and demonstrably lies.
The spams are also coming from different domains and advertising links in different domains. The content is identical, the CAN SPAM addresses are identical. While the court may not rule this is deceptive under the rules of CAN SPAM, it certainly is an attempt to avoid domain level spam filters.
Who are mylife.com? Well, their website and the CAN SPAM address on their spam claims they are the company formerly known as reunion.com. I’ve talked about reunion.com here before. They have a history of harvesting addresses from users address books. They were sued for deceptive email practices under California law, but won the case just recently. They seem to think that the court case was permission to send deceptive email and have thus ramped up their deceptive practices.
If you are a legitimate email marketer, there are a couple take home messages here.
1) Spammers send mail with different domains, from different IP addresses, that contain identical content, landing pages and CAN SPAM addresses. Legitimate marketers should not rotate content and sends through different domains or different IP addresses. Pick your domain, pick your IP and stick with it.
1a) Spammers use randomly chosen domain names and cycle through domains frequently. Legitimate marketers must not use unrelated domains in marketing. Use a domain name that relates to your product, your industry or you.
2) Spammers send mail with deceptive subject lines. Legitimate marketers should make sure their subject lines are clear and truthful.
3) Spammers send mail in violation of the privacy policy under which information was collected. Legitimate marketers should be very careful to handle data in accordance with their privacy policies.
That’s what spammers do. Is that what you do?

Read More

Supreme Court declines to hear anti-spam case

Yesterday the Supreme Court declined to hear an appeal for Virginia v. Jaynes. This means that the Virginia state supreme court ruling overturning the Virginia anti-spam law currently stands.
Jeremy Jaynes was a well known spammer who went under the name Gavin Stubberfield. He was pretty famous in anti-spammer circles for sending horse porn spam. In 2003 he was arrested under the Virginia state anti-spam statute. He was initially convicted but the conviction was overturned on appeal.
Ethan Ackerman has blogged about this case, including a recap today.
Venkat Balasubramani has also blogged about this case.
Mickey Chandler has the docs.
John Levine weighed in.
News Articles: CNN, Washington Post, CNET

Read More

Guilty of violating CAN SPAM

Al Ralsky has long been known as “the king of spam.” He has a long history of spamming, suing ISPs who block his mail and refusing to provide him with connectivity. He was profiled in the Detroit Free Press based on his spamming activity more than 5 years ago. He also has a history of convictions for fraud and other related crimes.
Yesterday, he and some of his family and business partners pled guilty to another raft of charges including fraud, money laundering and CAN SPAM violations. This may be the first time someone has pled guilty to violating CAN SPAM. Press reports indicate there is jail time in his future.
Detroit Free Press article
Washinton Post article
DirectMag article
This is the type of mailer that all mailers compete with. Everyone had to deal with spam from Al Ralsky: recipients, senders and ISPs. Thanks to the justice department, FBI and everyone involved for their hard work.

Read More