I have recently run across two scenarios where Microsoft's SmartScreen service for Outlook mail has flagged single-opt-in subscription content as spam. It's annoying because one of those subscriptions is from Microsoft's Virtual Academy; which also has a glaring email autoresponder issue that I'll address in another post.
Imagine if you could: a giant inbox funnel with a mesh strainer on top of it called SmartScreen. The difference is that with Outlook.com (formerly live.com, hotmail.com, etc), it captures 110% of all incoming mail. Even the legit emails get caught in this spam trap.
What is SmartScreen? It's an Internet Explorer safety feature, really intended to be a phishing filter security feature. This is weird because I'm experiencing its affects using Chrome so I suppose Microsoft has separated its function from IE and made it app-centric instead.
What's the cure for businesses with legit email?
One possibility is to report the false positive to Symantec through this link. Another, is to contact Microsoft, but that like asking Google customer service to reset your free Gmail account password (which, if you signed up with verification service before you had mobile phone service, it just might be a problem for users trying to reset their password through automation tools. Just how many people have tied a landline w/o caller ID to Google's text verification password reset?).
Basically, you're nearly stuck.
But, what you should have been doing all along..
- Have an unsubscribe or preferences link
- Have your company name and postal address listed in the email's footer
- Double opt-in for promotional content, if your ESP has that capability
- Have legit unique content that's relevant to the receiver; even when they sign up for your services. Receipt nor open of an auto-generated welcome email does not constitute an acceptance of newsletter subscription; especially not in Canada
Scrub those databases and marketing lists. Enforcement of Canada's anti-spam law begins September 2011. Read about the basics here.
Law enforcement begins September 2011.
Unlike CAN-SPAM, which covers only email, Canada's Online Protection Legislation (COPL) covers commercial email (CEM), is defined as any commercial "message sent by any means of telecommunication, including a text, sound, voice or image message," and includes:
- Email
- SMS
- Instant Messages
- Social Media postings such as ‘tweets’ or 'status updates'
- Some voice communications
Commercial email requirements include:
- Express affirmative (opt in) consent
- No false or misleading headers, including sender and subject line
- Cannot alter transmission data
- Must provide a conspicuous unsubscribe mechanism
- Must include postal address of sender
- Cannot perform address harvesting to obtain email addresses or send to harvested addresses
- Liability for entities who knowingly allow spam to be sent on their behalf, even if the message was not directly initiated by those entities
Exemptions to the opt-in requirement exist under certain circumstances. Consent is deemed if there is an existing business relationship, an existing non-business relationship (such as sending to a family member), conspicuous posting of an electric address such as on a 'Contact Us' page (provided there is no statement near the address indicating that it should NOT be mailed), or where the recipient has provided the electronic address to the sender. In most cases, this implied consent is valid for two years, after which the sender must gain affirmative consent.
Key Differences between COPL and CAN-SPAM (source)
COPL: Addresses broad range of Internet issues (spam, spyware, pharming)
CAN-SPAM: Addresses spam only
COPL: Applies to all forms of electronic messaging (email, SMS, IM)
CAN-SPAM: Applies only to email
COPL: Primarily opt-in; permission based
CAN-SPAM: Opt-out; you can technically mail any person at least once
COPL: Private Right of Action (PRA) available to anyone (individuals, businesses)
CAN-SPAM: Private Right of Action (PRA) available only to ISPs
Liability:
Computer systems located in Canada used to send or access an electronic message fall under the COPL umbrella. This means that any CEM that leaves or enters Canada is subject to the regulation. COPL is primarily enforced by the Canadian Radio-television and Telecommunications Commission (CRTC), and imposes fines of up to $1 million per violation for individuals and $10 million per violation for businesses. Willful violations are the primary focus of enforcement.
Actionable Steps:
Scrub customer lists and remove any address where there is no affirmative opt-in to receive email and other commercial email.
Update privacy policies and form collection on websites (e.g., newsletter opt-in) to ensure proper consent.
Related:
Canadian Standards Association
PIPEDA or PIPED Act
COPL text
Here's a cheer for all the consumers out there. *Yay!* Finally, it seems that someone has been reading all the FTC complaints and companies will have to comply if they are to stay compliant with these new proposed operating rules with regard to how a customer unsubscribes from a list. I'm sure at least one of these scenarios has happened to you when you tried to subscribe from that bacn list.
The new rule provisions address four topics:
(1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender;
(2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements;
(3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and
(4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.
More details - http://www.ftc.gov/opa/2008/05/canspam.shtm
Today's web surfing takes me to investigate email authentication and its implementation costs. The hooplah that started this inquiry was from a press article about Goodmail partnering with AOL and Yahoo! to essentially get rid of the free whitelist system and replace it with a fee-based system for commercial senders. The concern for a publicly traded bank is whether or not its competitors will adopt such an authentication system to have their emails handled on a preferential basis by a consumer because it contains a "trust" tag.
What does email authentication do? Well, for starters it tries to manipulate how a commercial email is handled by an email service provider. The perception for the consumer is exactly like that of a 1st Class postage stamp versus a pre-sorted indicia, the latter of which almost entirely is for bulk postal mail, like pieces addressed to "Dear Head of the Household" or to "Current Resident." Here's Wikipedia's definition.
Goodmail is new to email authentication and has only been in existence since June 2003; not nearly enough time for it to have developed relationships. Goodmail's online documentation infers that by using their paid token system, it guarantees delivery of a commercial sender's email without blocking html, pictures, or embedded hyperlinks, to a consumer's email inbox. Click here to view their process.
There is a lot of unseen resources consumed by using or considering to use an email authentication service. Goodmail, for example, is a fee-driven company. The more fees, the more revenues. Let's just look at a few of the ones from Goodmail. There's a $399+ signup fee, an accreditation fee, token purchase fees which can rise by 25% if you ever show up on their watchlist as a probationary company, and per-email fees based on email volume.
I asked Goodmail to send me case studies of companies in the banking industry who are currently using their service and a list of references; the basics of consideration for any vendor offering. So far, no response yet.
Best practices are still the way to go, and the FTC has guidelines for business to comply with the CAN-SPAM Act of 2003.
