Laws and Regulations

Listen to M³AAWG: Don’t buy that list!

April 10, 2019April 10, 2019 by Brad, posted in Best Practices, Industry Updates, Laws and Regulations

If you’ve worked in the email industry for more than about a week, you have probably heard sending to purchased lists is bad. If you use an ESP, they’ve almost certainly told you it’s not recommended and (in most cases) not allowed. So why do folks keep purchasing lists, and keep trying to send to those purchased lists?

Image result for take my money — Not so fast….

Part of the problem is the differentiation between the B2C and B2B markets. Most of the major consumer (B2C) email providers have made great strides in mail filtering, implementing complex algorithms and machine learning designed to identify potentially unwanted or unsolicited email and stop it in its tracks. Consumers, who use mail primarily to communicate with people or brands they know, appreciate this and have come to expect it. They also offer feedback loops, which allow recipients to lodge spam complaints which the mailbox provider (usually) forwards to the sender in the hopes they will remove the complainer from the list.

Business email (B2B) tends to be a bit different. While many corporate domains have their email hosted by a major player like Microsoft or Google, the filtering is unique and corporate email suites allow more customization by the mailbox owner or their IT team. Corporate domains also rarely have feedback loop capabilities – if the recipient complains, the sender receives no indication of this. As a result B2B marketers are often more likely to purchase a list, using the justification that the lists don’t generate spam complaints (see the FBL comment above) and that the lists are often targeted to specific business functions or roles. And while it’s true that neither US CAN-SPAM nor Canada’s CASL explicitly outlaw sending to purchased lists, it’s still a bad practice.

Need more proof? How about a position statement from the Messaging, Mobile, and Malware Anti-Abuse Working Group (you might know them as M³AAWG)? M³AAWG is the industry group tasked with identifying and working to eliminate abusive practices in the messaging space and is made up of a lot of folks you’ve heard of. The 3 major US mailbox providers are all active members, along with most notable international providers, ESPs, blacklist operators, and spam filter vendors.

Last month the organization released a position paper identifying the purchase of lists in any context as an “abusive practice” that generates high volumes of unwanted email and drains corporate resources. They also discuss the potential legal ramifications of purchasing lists along with the poor data quality often associated with these lists. If you or someone else in your organization is considering purchasing a list, this statement will help shed some light on why it’s a bad idea.

-BG

CRTC releases full decision on CompuFinder CASL appeal

October 20, 2017October 20, 2017 by Brad, posted in Industry Updates, Laws and Regulations

canada-649858_1280

Yesterday, the Canadian Radio-television and Telecommunications Commission (CRTC) publish ed their official decision on CompuFinder’s appeal of CASL penalties levied against them. You may recall CompuFinder was subject to the first CASL enforcement action in March 2015 and hit with a hefty $1.1 million fine for their violations. In the appeal, CompuFinder argued that the emails in question were not in violation of CASL in addition to challenging the constitutionality of the law.

In the original notice of violation, the CRTC presented CompuFinder with 3 specific email campaigns that were deemed to be sent without the recipients’ consent, and in at least one instance the message did not contain a working unsubscribe link. CompuFinder argued unsuccessfully that because someone at the receiving domain had purchased a training or resource from them in the past, they had established a business relationship with any recipient at the same organizational domain. Not surprisingly, the CRTC shot down this argument, lending credibility to the assertion that consent follows the individual and not the organization. However, while CompuFinder’s violations were deemed valid, the penalties for those violations was lowered from $1.1 million to $200,000.

In a separate document, the CRTC also rebutted CompuFinder’s constitutionality challenges, finding the Commission does hold jurisdiction to enforce these regulations and that the regulations themselves were within the authority of the Canadian Parliament to enact.

Like CompuFinder, many senders are hanging a lot of their CASL compliance efforts (or lack thereof) on the “existing relationship” clause of the law. As evidenced in this case, there is a very high standard of proof for that relationship and the scope is narrow. CompuFinder produced many invoices for purchases and historical records of their email campaigns to these recipients, but they weren’t able to provide what CASL requires – proof of consent. And while the fine was ultimately lowered, this decision should provide you with at least 200,000 reasons to make sure your consent and documentation are in order.

– BG

CRTC levies first CASL fine against an individual

March 13, 2017March 15, 2017 by Brad, posted in Industry Updates, Laws and Regulations

Last week the CRTC, the Canadian regulatory body tasked with CASL enforcement, issued notice of yet another notice of action for violations of the Anti-Spam Law. The Commission imposed a penalty of $15,000 against William Rapanos, alleging that messages sent by Mr. Rapanos in mid-2014 were in violation of multiple provisions of CASL.

This decision is noteworthy because it represents the first time a CASL penalty has been levied against an individual. All previous actions to this point have been issued against companies or corporate entities: names like Compu-Finder, Porter Airlines, PlentyofFish, and Kellogg Canada are among those hit with prior penalties.

The CRTC decision indicates that messages from Mr. Rapanos were sent without the recipient’s consent, did not clearly indicate the sender of the message, made it difficult or impossible to contact the sender, and (in at least one case) included no unsubscribe method.

Another interesting tidbit is that the Spam Reporting Centre received a total of 58 complaints about Rapanos’ messages. These complaints were mostly unique, with 50 different recipients lodging complaints to the SRC.

In discussions about CASL, I’ve heard quite a few people theorize that the CRTC is only looking for large-scale violations and penalties against smaller senders or individuals are unlikely. William Rapanos may have thought the same thing. Or he may have thought the effort and cost involved in CASL compliance weren’t worth it. Then 50 people complained, and now he’s on the hook for $15,000.

I think this decision – and the resulting penalty – proves to Mr. Rapanos and to all of us that compliance is definitely worth it.

Have questions about CASL compliance? Disagree that compliance is paramount for every sender? Leave a comment or email me to keep the discussion going!