Your system; your rules

In the late 90s I was reasonably active in the anti-spam community and in trying to protect mailboxes. There were a couple catchphrases that developed as a bit of shorthand for discussions. One of them was “my server, my rules.” The underlying idea was that someone owned the different systems on the internet, and as owners of those systems they had the right to make usage rules for them. These rules can be about what system users can do (AUPs and terms of service) or what about what other people can do (web surfers or email senders).
I think this is still a decent guiding principle in “my network, my rules”. I do believe that network owners can choose what traffic and behavior they will allow on their network. But these days it’s a little different than it was when my dialup was actually a PPP shell account and seeing a URL on a television ad was a major surprise.
But ISPs are not what they once were. They are publicly owned, global companies with billion dollar market caps. The internet isn’t just the playground of college students and researchers, just about anyone in the US can get online – even if they don’t own a computer there is public internet access in many areas. Some of us have access to the internet in our pockets.
They still own the systems. They still make the rules. But the rules have to balance different constituencies including users and stockholders. Budgets are bigger, but there’s still a limited amount of money to go around. Decisions have to be made. These decisions translate into what traffic the ISP allows on the network. Those decisions are implemented by the employees. Sometimes they screw up. Sometimes they overstep. Sometimes they do the wrong thing. Implementation is hard and one of the things I really push with my clients. Make sure processes do what you think they do.
A long way of dancing around the idea that individual people can make policy decisions we disagree with on their networks, and third parties have no say in them. But those policy decisions need to be made in accordance with internal policies and processes. People can’t just randomly block things without consequences if they violate policies or block things that shouldn’t be blocked.
Ironically, today one of the major telcos managed to accidentally splash their 8xx number database. 8xx numbers are out all over the country while they search for backups to restore the database. This is business critical for thousands of companies, and is probably costing companies money right and left. Accidents can result in bigger problems than malice.
 

Related Posts

Still Spamming…

StillSpammingThis morning I woke up to news that Sanford Wallace pled guilty to spamming. Again.
Sanford was one of the very early spammers (savetrees.com). He moved to email from junk faxing when Congress made junk faxing illegal in 2005. He sued AOL when AOL blocked his mail. He lost and the courts maintained that blocking spam was not a violation of the sender’s rights. Sanford then moved on to using open relays to avoid blocks. He was eventually disconnected from his backbone provider (AGIS) for abuse. Sanford sued AGIS for breach of contract and was reconnected for a brief period of time.
After his disconnection from AGIS, Sanford and a few of the other folks proposed a backbone provider that allowed bulk email marketing. That never really went anywhere.
Reading these old articles is a major blast in the past. The legal case between AGIS and Cyberpromotions was the event that led to my involvement in email marketing and spam. I even spent a Saturday afternoon in the late 90s with about a dozen people on a con call with Sanford and Walt talking about his backbone idea. My position was pretty simple: it wasn’t going to work, but as long as there was consent it was his network and he could do what he wanted.
I kinda lost track, just because he moved onto other ways of advertising and I got deeper and deeper into deliverability consulting. He did show up on my radar a few years ago when Facebook sued him for breaking into user accounts and using those accounts to spam. He lost a $711 million dollar judgement to Facebook, but given he didn’t have the resources the judge in that case recommended criminal charges.
Criminal charges were filed a few years later. Yesterday, Sanford pled guilty to fraud and criminal contempt as well as violating a court order to stay off Facebook’s network.
He now faces $250,000 in fines and up to 16 years in jail. Given his history, I expect he’ll figure out some way to still send spam even if he’s locked up.
Sanford is one of the reasons so many folks have such a low opinion of anyone who describes their business as “legitimate email marketing.” Sanford used the same phrase back in the late 90s. Of course no one, with the possible exception of him, actually believed that. But when someone like that adopts the moniker “legitimate email marketer” it’s hard to take them seriously when someone like Sanford has been using that since the late 90s.
61765300

Read More

Don't like opt-outs? Target your program better.

I get a LOT of spam here. Most of it is marked and trivial to get rid of. Some of it is what I would call semi-legitimate. It’s a real product, but I never asked to receive any information from this company and am not actually part of their demographic. For one time things I just hit delete and move on. Life is too short to complain or opt out of every spam I get. (Tried that, got more mail)
But sometimes if the same sender keeps bothering me, I will send back an email asking them to cease contact. I recently had an occasion where someone sent an initial email trying to sell me bulk SMS, online video and other services. I ignored it because we’re not in the market for any of these services. A week later I get a followup asking why I hadn’t provided feedback to them and if there was a better person to talk to at the company. I looked for a way to opt-out of this message stream, but there wasn’t one. I send a reply telling them we were not interested in speaking to them and to please cease all communication. (“You didn’t receive feedback because I have no interest in talking to you. Please cease all future contact.” Admittedly that was terse, but it was polite.)
My request to cease communication was not well received, nor was it honored. Mind you, they first contacted me trying to sell me services that are totally off what we offer. When I asked them not to contact me, they turned it around that we’d lost business.

Read More

CRTC fines Compu-Finder $1.1 million for CASL violations

The Canadian Radio-television and Telecommunications Commission (CRTC) is the principle agency tasked with enforcing Canada’s anti-spam law. Today they issued a Notice of Violation to Compu-Finder  including a $1.1 million dollar fine for 4 violations of CASL. The violations include sending unsolicited email and having a non-working unsubscribe link. According to the CRTC, complaints about Compu-Finder accounted for 26% of all complaints submitted about this industry sector.
This is the first major fine announced under CASL.
One of the first things that jumped out at me about this is the action was taken against B2B mail. There are a lot of senders out there who think nothing of sending unsolicited emails to business addresses. In my experience, many B2B senders think permission is much less important for them than B2C senders. I think that this enforcement action demonstrates that, at least to the CRTC, permission is required for B2B mail.
The other thing that jumped out is that given the extent of the complaints (26%) the financial penalties were only slightly more than 10% of the $10M maximum penalty. It seems the CRTC is not blindly applying the maximum penalty, but is instead actually applying some discretion to the fines.
I’ve looked for the actual notice of violation, but haven’t been able to find a copy. If I find it, I will share.
 
 
 
 

Read More