Anti-Spam Laws
Large companies (un?)knowingly hire spammers
This morning, CSO and MacKeeper published joint articles on a massive data leak from a marketing company. (Update: 2019: both articles are gone, a cached version of the CSOnline link is at https://hackerfall.com/story/the-fall-of-an-empire-spammers-expose-their-entire) This company, River City Media (RCM), failed to put a password on their online backups sometime. This leaked all of the company’s data out to the Internet at large. MacKeeper Security Researcher, Chris Vickery discovered the breach back in December and shared the information with Spamhaus and CSO online.
The group has spent months going through the data from this spammer. As of this morning, the existence of the breach and an overview of the extent of their operation were revealed by CSO and MacKeeper. Additionally, Spamhaus listed the network on the Register of Known Spamming Operations (ROKSO).
There are a couple interesting pieces of this story relevant to legitimate marketers.
The biggest issue is the number of brands who are paying spammers to send mail from them. The CSO article lists just some of the brands that were buying mail services from RCM:
One way to deal with B2B spam
We’ve been talking a lot about B2B spam recently. I’ve posted repeatedly, Steve wrote a post about it yesterday. It’s in the forefront of our minds because we’re dealing with just so much of it. Multiple emails a day asking for “just 10 minutes of your time.” Of course, the 10 minutes isn’t really just 10 minutes. Sure, the call might be 10 minutes, but there’s overhead to that call that will probably eat 20 – 30 minutes of time. That’s at best.
Because they’re using providers who don’t notice or don’t care about the spam, there’s little to be done. No one is going to stop them from mailing me. They are required to comply with the law, but 99% of the mail doesn’t. Which gave me an idea.
I’ve started replying to every incident of “just 10 minutes of your time” with a pleasant email thanking them for their interest in our CAN SPAM verification program. I point out that I have noticed at least one violation and we’re happy to consult with them on how to fix it for a fee.
Wait? You mean they’re not interrupting my time simply to receive a sales pitch? Well. Gee. I’m just replying to them.
It seems petty, but we’re less than 2 weeks into 2017 and I already have over a dozen of these “one time” emails. If history tells me anything, these same people will follow up in a week, and then 2 weeks, and then a month. Meanwhile, new people are going to be sending me a request for 10 minutes of my time, and their followups and in a month I’ll be getting a dozen emails a week. In two months I’ll be getting 2 dozen. In 3 months it will be 4 dozen.
And, yeah, most of these messages do violate CAN SPAM. Most of them by not including an unsubscribe links, which makes getting the mail to stop a challenge. There’s no way to unsubscribe, so it’s either answer it or just keep getting contacted. I wrote last year about the woman who continued to email me for months. She even announced she was going to call 911 because clearly I was injured and unable to answer her mail. Multiple times she promised to stop mailing me, but never did.
I do feel bad for many of these senders. They’ve been sold on a prospecting tool by vendors who fail to provide them with a minimal level of guidance. Even just mentioning that there are laws regulating email, and they should comply with them would be better than nothing.
In many ways I find this kind of spam more annoying than the viagra or the malware that ends up in my mailbox. Those can be selected and deleted pretty easily. These, however, have subject lines that look just like my legitimate business mail. I have to read them and figure stuff out. It’s a total PITA.
EDIT: And it’s not even effective according to some experts.
Let's talk CAN SPAM
Earlier this week I posted about the increased amount of B2B spam I’m receiving. One message is not a huge deal and I just delete and move on. But many folks are using marketing automation to send a series of emails. These emails often violate CAN SPAM in one way or another.
This has been the law for 13 years now, I find it difficult to believe marketers are still unaware of what it says. But, for the sake of argument, let’s talk about CAN SPAM.
This message cannot be considered spam
Every once in a while I get spam, usually from a foreign country, that contains the (in)famous Murkowski statement.
Read MoreCanada announces CASL regulation start date
This morning Industry Canada published its final regulations regarding the implementation of the Canadian Anti-Spam Law. Email related provisions of the law will take effect June 1, 2014.
What does this mean? It means that anyone sending mail from Canada or anyone sending mail that is accessed in Canada is required to have explicit opt-in consent for sending that mail, with a few exceptions. These exceptions include commercial electronic messages that are:
What's up with CASL?
Al has a guest post from Kevin Huxham of CakeMail talking about how a majority of people surveyed don’t know anything about the Canadian Anti-Spam Legislation.
I have to admit, I’ve not talked about CASL very much here as I’ve been waiting for the implementation and rulemaking. Unfortunately, the implementation date has been pushed back again and again and it doesn’t look like the law will be in effect until 2013.
CASL takes an incredibly narrow look at permission. It prohibits any commercial mail sent without the recipient’s consent to email addresses, social networking accounts and phones (SMS). Not only that, it also prohibits adddress harvesting and installation of computer programs without consent of the owner of the computer.
This law affects all email sent to a Canadian citizens and does allow for private right of action.
I know that a lot of companies that market in Canada have been working out permission issues before the law takes effect. They are also looking at how to comply with the permission requirements for addresses collected after the law goes into effect.
One of the challenges of this law is going to be identifying what addresses are covered. In some cases senders will have physical addresses, but they’re not going to have physical addresses for all addresses. And that may mean that CASL will actually impact more that just Canadian residents.