Industry Updates

Is Canada’s eleventh-hour CASL PRA halt good for senders?

canada-2026425_640You’ve probably already heard the news.Maybe it was in your Twitter feed, or on LinkedIn, or even gossip around the water cooler this morning: CASL’s Private Right of Action is (temporarily) dead.

The announcement triggered a collective sigh of relief from marketers in North America and beyond, even eliciting a happy dance or two.

But what does this announcement actually mean? Matt Vernhout of EmailKarma details the next steps, which include a parliamentary review of the CASL provisions and a pronouncement of the new effective date.

It’s possible the legislation could remain unchanged and simply take effect at a later date, but that seems unlikely given the concerns raised by the industry in response to the pending provisions. Per Return Path, some of the key concerns included:

  1. potentially bankrupting small and medium-sized businesses (due to the legal costs of defending a class action)
  2. inordinate court time and court resources being devoted to frivolous claims
  3. litigation counsel receiving a disproportionate share of damage awards (or settlements), and
  4. negative impact to consumers where businesses (both foreign and domestic) avoid electronic communication, delay the introduction of software technologies, and pass along the cost of PRAsettlements or rulings in the pricing of consumer goods

For the past 3 years, we’ve been hearing opponents of CASL voice many of these concerns, and it appears their cries have finally made it to the ears of the Canadian government. Unfortunately it’s still too early to tell if this is a full-on reprieve or merely a temporary stay of execution.

With the deadline looming so closely, it’s likely most senders have already double- or triple-checked their compliance processes. If you fall into that camp, stay the course. Even without the PRA, the CRTC can and has levied hefty fines against CASL violators, so making sure your processes are airtight can only help minimize your risk.

Based on my interactions with senders, there are many who haven’t completed their compliance efforts. If you’re one of those who was still scrambling to beat the deadline, don’t lose that head of steam. The delay of the PRA provides a bit of breathing room, but if you’re not 100% sure you’re compliant the risk of complaints and fines isn’t going away anytime soon.

– BG

 

Industry Updates

Terra Freemail joins Orange, Wannadoo, and Freeserve email in closing up shop

The past month has seen some major happenings in the world of Freemail providers: UK provider EE finalized their closure of Orange email services – which included long-time freemail domains Wanadoo.co.uk and Freeserve.co.uk – and Terra.co.br announced the end of their freemail service. (A full listing of affected domains is at the end of the post.)

Orange had been heralding the May 31 closure date for a few months, recommending their users switch to Gmail, while Terra has given July 1 as the end date for their services. Terra.es had previously announced their email migration to terra.com starting in April of this year.

For senders in the US, these domain closures are likely to have varying impacts. Typically you’re unlikely to have a large number of Orange addresses on file, especially since these addresses are typically older and many users have migrated away from them to more advanced services. Terra addresses tend to be slightly more common in the US, particularly terra.com.mx. If you have these addresses in your database, you probably also know that delivery issues at Terra tend to be difficult to resolve – so maybe there is a bit of a silver lining in the closures yet.

In any case, you should take the opportunity to check your database for addresses at these domains. If you have any of the Orange addresses, suppress them immediately as they are officially shut down. If you have other contact data for those recipients, feel free to use it to get updated information. If you have recipients at the Terra domains, you still have 3 weeks to reach out via email to get updated details. If you haven’t gotten the info by July 1, you’ll need to suppress those recipients as well.

The full list of Orange domains affected:
  • Orange.net
  • Orangehome.co.uk
  • Wanadoo.co.uk
  • Freeserve.co.uk
  • Fsbusiness.co.uk
  • Fslife.co.uk
  • Fsmail.net
  • Fsworld.co.uk
  • Fsnet.co.uk
The Terra domains being shuttered are:
  • terra.com
  • terra.com.ar
  • mi.terra.cl
  • terra.com.co
  • terra.com.mx
  • terra.com.pe
  • terra.com.ve
  • terra.com.ec

As always, please feel free to reach out with any questions or comments, or email me with any more detailed requests.

– BG

Industry Updates

Protected Sky blacklist a fraud?

Had trouble with your IPs being listed on the Protected Sky blacklist (bad.psky.me)? You’re not alone. Since the blacklist came onto the scene in 2015, many senders have bemoaned the lack of delisting process and high rate of false positives, as well as the inability to contact anyone working for the list provider.

Recently, Spamhaus issued a statement revealing that this list was fraudulently republishing IP listings from the Spamhaus blacklists by siphoning the data from a user of the Spamhaus data feeds. The affected user has since added security measures to prevent this data from being passed to Protected Sky.

Personally, I’m not sure I’ve ever seen mail rejected solely due to a Protected Sky listing, but after this announcement it’s a pretty safe bet that anyone left using the list likely won’t be doing so for long.

Thanks to Laura at Word to the Wise for the heads up on Spamhaus’ statement. 

– BG

Industry Updates

Verizon email is gone, but when?

verizonThere’s been a lot of industry buzz recently around Verizon’s announcement they are in the process of shutting down their email business. Most in the email industry knew this was coming, but with no solid details the ‘when’ remained a bit fuzzy. Even now, the official FAQs don’t provide a concrete timetable for the shutdown, and it seems likely it will happen in phases.

According to MediaPost, Verizon account holders have been receiving email notifications informing them of a 30-day deadline to take action. These actions include choosing to keep their verizon.net address (serviced by AOL going forward) or migrating to another service provider altogether. If no action is taken during that 30 days, the customer loses access to the account and all associated services.

Once account access is terminated, the email account is subject to Verizon’s typical account deletion timeline of 180 days of inactivity. The FAQs don’t specify, however, if the 6-month countdown starts from the most recent login or from the end of the 30-day window when access is terminated.

Verizon spokesman Raymond McConville estimates that, of its 4.5 million total accounts, 2.3 million have been active within the past 30 days – though that’s no guarantee they’ll take action on the shutdown notice.

What does that mean for senders? Sometime within the next 6 months you’re likely to see a large portion of your verizon.net subscriber addresses disappear as over 2 million Verizon email accounts are deleted. Most senders don’t have a huge component of verizon.net addresses, but it’s certainly a good idea to check now so you’re not taken by surprise by an abnormal bounce rate.

– BG

Industry Updates, Laws and Regulations

CRTC levies first CASL fine against an individual

Last week the CRTC, the Canadian regulatory body tasked with CASL enforcement, issued notice of yet another notice of action for violations of the Anti-Spam Law. The Commission imposed a penalty of $15,000 against William Rapanos, alleging that messages sent by Mr. Rapanos in mid-2014 were in violation of multiple provisions of CASL.

This decision is noteworthy because it represents the first time a CASL penalty has been levied against an individual. All previous actions to this point have been issued against companies or corporate entities: names like Compu-Finder, Porter Airlines, PlentyofFish, and Kellogg Canada are among those hit with prior penalties.

The CRTC decision indicates that messages from Mr. Rapanos were sent without the recipient’s consent, did not clearly indicate the sender of the message, made it difficult or impossible to contact the sender, and (in at least one case) included no unsubscribe method.

Another interesting tidbit is that the Spam Reporting Centre received a total of 58 complaints about Rapanos’ messages. These complaints were mostly unique, with 50 different recipients lodging complaints to the SRC.

In discussions about CASL, I’ve heard quite a few people theorize that the CRTC is only looking for large-scale violations and penalties against smaller senders or individuals are unlikely. William Rapanos may have thought the same thing. Or he may have thought the effort and cost involved in CASL compliance weren’t worth it. Then 50 people complained, and now he’s on the hook for $15,000.

I think this decision – and the resulting penalty – proves to Mr. Rapanos and to all of us that compliance is definitely worth it.

Have questions about CASL compliance? Disagree that compliance is paramount for every sender? Leave a comment or email me to keep the discussion going!

Delivery Essentials, Industry Updates

Deliverability and open rates

In this week’s Only Influencers newsletter, Gretchen Scheiman of L5 Direct provides 5 steps for marketers to follow to improve open rates. If you haven’t already, I’d recommend checking it out for some sound advice on how to drive higher open rates. (Go ahead, read it. I’ll wait.)

There are a lot of things I like in this article – primarily, I appreciate calling out poor content and lack of targeting as major factors in open rates. I’ve seen so many marketers make an immediate assumption that any dip in open rates is attributable to delivery problems – and they’re often wrong. Poor inbox delivery is likely to negatively impact open rates, without a doubt. But if you’re not sending the right content to the right people at the right time, they’re less likely to open no matter where the message ends up.

With that said, there is one fundamental disagreement I felt compelled to point out. In discussing list acquisition, the article calls out best practices for using purchased lists. While purchased lists may still be fairly prevalent, especially among B2B senders, avoiding these lists should be the number 1 suggestion to remedy poor open rates. Mailing to purchased lists has been shown time and time again to generate poor ROI and low open rates. It increases your chances of spam complaints and traps, and is actually illegal in Canada.

If you are seeing low open rates, the first thing on the chopping block should be any purchased lists. Once that’s done, you will be able to focus on better content, targeting, and re-engagement of your valuable internal database.

– BG

 

Industry Updates, Privacy & Security

500 million Yahoo users compromised in “worst hack in history”

tumblr_inline_nww8j3j32c1tnywua_1280On Thursday, Yahoo issued a statement confirming that at least 500 million users’ account data had been compromised in late 2014, supposedly by a “state sponsored actor,” or an individual hired by some governmental body to carry out the hack.

According to the statement, the data “may have included names, email addresses, telephone numbers, dates of birth, hashed passwords …and, in some cases, encrypted or unencrypted security questions and answers.” Yahoo indicates no financial data was breached.

Users who had or used Yahoo services, including Mail, Flickr, Fantasy Sports, and others, during that timeframe are being advised to change their passwords for Yahoo and any other services that may use the same login credentials, as well as changing security questions for other services.

Lots of questions surround this breach, with one of the most notable being why Yahoo waited so long to announce the hack. Many speculate information was concealed to prevent souring the sale of Yahoo to Verizon. CNN reports that Verizon learned of the hack for the first time this week.

As email senders and recipients, most of us care much less about Yahoo and Verizon’s financials than about potential fallout from the breach including identify theft, spam email, and even blackmail. Even if credit card data wasn’t stolen, the hackers now have personal information about millions of Yahoo users, including answers to some of the questions most commonly used to verify their identity.

Yahoo’s wait to announce the hack could mean the greatest damage has already been done: hackers often act quickly with stolen data, selling or sharing it quickly to outrun detection attempts. However, if the breach truly was initiated by a foreign government, the motivation may not be so clear.

Yahoo has said they are cooperating with Federal authorities to investigate, and it’s a safe bet we’ll hear more details as the investigation continues.

– BG