FTC Takes Heat on 3-Day E-mail Removal Rule, Spam Chief Says
The FTC is “diligently” wrapping up work on its 2005 CAN-SPAM rulemaking, Spam Coordinator Sana Chriss said Fri. at the Direct Mktg. Assn. e-mail policy conference. “We want to get it right,” she said of how long it’s taking. The rulemaking aimed to nail down “certain definitions and substantive provisions” of CAN-SPAM left to agency discretion. At the conference, e-mail chiefs also tangled with an audience member who complained that opt-in e-mail recipients have too much power in accusing Internet marketers of being spammers.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The 3-day window in which e-mail senders can remove an address, at the e-mail recipient’s opt-out request, generally is too brief for most of the 151 commenters heard from, Chriss said. They tell the agency that marketers have “complex business arrangements” with affiliates and partners that may make it laborious to handle a simple opt-out request. Under FTC protocol Chriss said she can’t forecast “any potential outcome of the rulemaking” or even a likely drop date.
The agency is shifting focus to malware-delivering spam even as it continues to file claims against ordinary marketers that cross the consumer-permission line, Chriss said. The July FTC spam event takes up malice as the emerging dominant use of spam. The conference shouldn’t be considered a forum for pitching products but for proposing “action steps,” Chriss said.
The concepts of opt-in and opt-out may be outdated, AOL Postmaster Charles Stiles said: If consumers “don’t want the message, they don’t want the message,” and marketers can’t assume that by handing over a credit-card number a consumer is accepting e-mail blasts. SenderID, DKIM and other e-mail authentication schemes are seeing more use but aren’t effective without wide embrace, Stiles said: “What we need is adoption.” Authenticated senders who find themselves blocked from users’ inboxes probably need to “tweak” something to improve delivery rate, perhaps scrapping spam- style delivery tricks, he said: “If you play games, you're going to be identified as a spammer.”
Most spam comes through botnets -- millions of computers, each sending a few hundred e-mails, said Craig Spiezle, Microsoft dir.-online safety. Pixel variations in image spam challenge mail filters, he said. The profitability can be seen from competing botnets’ attacking each others’ compromised machines with viruses, he said. Spammers once used insecure mail and Web servers but now can “restart their reputations” constantly under e-mail authentication schemes by using botnets, which are “untestable” as sources of spam to block, said Yahoo Anti- Spam Mgr. Miles Libbey.
Since 2003 Microsoft has taken 500 legal actions against spammers; it’s near the “tipping point” on e-mail authentication, Spiezle said. SenderID is in use on nearly 10 million domains; spam identification has risen 8%; and false positives have fallen 85%, he said. Libbey said Yahoo blocks about 14 million phishing messages daily.
An attendee asked what consumers’ responsibilities are for their opt-in choices and noted that her publisher landed on an e-mail authentication blacklist because some users called it a spammer. “Often-times they don’t know where they opted in,” Stiles said, citing affiliates’ lists. On a given e-mail subscription 20 million consumers might opt in, not knowing they gave consent; “we don’t want to spend that time and energy” pursuing bogus complaints against e-mail senders, he said. Senders should notify e-mail providers when they learn their messages have been tagged as spam but also reevaluate the opt-in process to fix inadequate notices and better explain how and why they send subscribers e-mail, Stiles said.
Microsoft was among the first providers to automatically add the “unsubscribe” address in the e-mail body to the e- mail header, to make unsubscribing easier, Spiezle said. If anything, recipients have “user fatigue” and under-report spam, he said. The beleaguered audience member said the e- mail recipients’ ISP had a similar “call-this-e-mail-spam button” but wouldn’t tell the publisher who was complaining that its messages were spam. Users shouldn’t be able to get away with baseless attacks on senders’ reputations, she said.