Presentation on theme: "Email: Opportunities and Pitfalls Al Iverson, Director of Deliverability."— Presentation transcript:
Email: Opportunities and Pitfalls Al Iverson, Director of Deliverability
AL IVERSON Director of Deliverability for Email Service Provider ExactTarget email@example.com Active blogger since 2000 See www.spamresource.comwww.spamresource.com My career focus has been on anti- spam, email marketing, and network security Who am I?
Who is ExactTarget? What do I do for ExactTarget? What we tell clients CDA, CAN-SPAM, ECPA Stebbins v. Wal-Mart Omega v. Mummagraphics TCPA, SMS, etc. Recommended Reading Agenda
I’m not a lawyer. My expertise is related to helping clients send email marketing and transactional messages. I’m not a financial services compliance expert. Email use under Sarbanes-Oxley or Gramm-Leach- Bliley (etc.) isn’t my realm What I can talk about is: Best Practices, CAN- SPAM, CDA, etc. You want to learn more about privacy law? Consider Annual PLI Event: http://goo.gl/HS7HAhttp://goo.gl/HS7HA Disclaimer
WHAT DOES EXACTTARGET DO?
WHAT DO I DO FOR EXACTTARGET? Policy compliance leader @ ExactTarget. Staff of 13. Six are policy compliance focused. In this context, policy compliance means sending permission-only email (not spam) and sending only legally compliant mail. We terminate an average of one client every 30-60 days. We temporarily suspend 12+ accounts/month (re-enabled after compliance).
WHAT WE TELL CLIENTS Email is a great tool for transactional messaging and remarketing It is tricky to do prospecting properly via email Buying lists is legal but lethal The Yahoos, Hotmails, and Gmails of the world will happily block your mail even if it is legally compliant Your ability to get email delivered is dependent upon your email practices Me?
COMMUNICATIONS DECENCY ACT (1996) This is a very significant (probably the most influential) law which affects the internet! (says my internet friend Venkat Balasubramani) Original intent was to allow blocking of obscene / abusive / pornographic content, but much of it was gutted based on various court challenges. Section 230 is the important bit. No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. Section 230 is controversial because several courts have interpreted it as providing complete immunity for ISPs with regard to the torts committed by their users over their systems. And that is basically what it is: Yahoo user defames you, you have no case against Yahoo. http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act
CAN-SPAM (2003) The US spam law that doesn’t actually outlaw spam (yay) Requires that spam must be labeled as an advertisement (labeling not required if you have affirmative consent) Requires easy unsubscribe option, postal address of sender Prohibits deceptive headers (subject, from, etc.) Indemnifies ISPs in their best efforts to block spam Allows ISPs to set higher standards than “legal” Yahoo blocks many millions of CAN-SPAM-compliant messages daily This is the law that allows ISPs to require opt-in permission of email marketers.
CAN-SPAM: SERVICE PROVIDER INDEMNIFICATION It’s nearly impossible for a wronged party to convince a judge that an ISP is legally at fault for blocking or filtering Both CAN-SPAM & CDA provide immunity CDA’s Good Samaritan provision covers this CAN-SPAM Section 8(C) says “Nothing in this Act shall be construed to have any effect on the lawfulness or unlawfulness, under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle, or store certain types of electronic mail messages.” Spammers & bad guys challenge both regularly, to no avail.
CAN-SPAM: TRANSACTIONAL MESSAGES Consent not required, unsub link not required Definition of transactional message: Primary purpose rule to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient to provide notification concerning a subscription, membership, account, loan or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled, or to deliver goods or services, including product updates or upgrades, which the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender
BEWARE: PII IN TRANASCTIONAL MESSAGES Should you be putting personally identifiable information (PII) into email messages? My opinion: NO Instead: Email notice telling consumer to login to website Include only minimal personal information in messages Email is not a secure mechanism Consumers often typo addresses ISPs often repurpose typo or retired addresses into special “spamtrap addresses” to feed directly into filters This data can be widely disseminated ISPs notice and raise concerns over transactional messages appearing to contain PII What can happen? See http://goo.gl/541Gihttp://goo.gl/541Gi
ECPA – ELECTRONIC COMMUNICATION PRIVACY ACT Rarely seems to be raised in the marketing realm, except in ineffective claims brought by spammers against ISPs who are blocking them (search Google for “Holomaxx”) Interception/tampering case, see Mortensen v. Bresnan Comm (2010) http://goo.gl/zTngO http://goo.gl/zTngO Wikipedia is a good place to start for an overview of the law: http://en.wikipedia.org/wiki/ECPA http://en.wikipedia.org/wiki/ECPA What about California Invasion of Privacy Act (CIPA) for “wiretapping my email” claims? It feels like a long shot. http://goo.gl/ou76rhttp://goo.gl/ou76r
STEBBINS V. WAL-MART (2011) Notice to companies: My name is David Anthony Stebbins, and I live in Harrison, AR. I am sending a link to this webpage to various companies to put you on notice. If you contact me in any way, shape, or form, you hereby acknowledge that you have read, understand, and agree to be legally bound by the terms below. HAHA, YOU EMAILED ME BACK, YOU HAVE ENTERED INTO A CONTRACT ON MY TERMS. Court disagreed. I deal with this a lot with spam complaints. “By sending me this email you agree to my terms to pay me $500 per email etc.” Um, no, doesn’t work that way. Court affirms. http://blog.ericgoldman.org/archives/2011/04/acknowledging_r.htm
OMEGA V. MUMMAGRAPHICS (2006) The beginning of the end for anti-spam plaintiffs. The plaintiff handled this so poorly, there are lasting negative effects impacting people who actually want to try to stop spam. The court found US federal law (CAN-SPAM) pre-empts Oklahoma's anti-spam law. False headers were immaterial because the emails were “chock full” of sender-identifying information. “Trespass to chattels” requires real damages to be actionable – tragedy of the commons is a popular anti-spam “armchair lawyer” tactic – and now we know, it doesn’t work. This 4th Circuit holding makes the very narrow and ineffective CAN SPAM law even more narrow and ineffective. http://blog.ericgoldman.org/archives/2006/11/fourth_circuit_1.htm
TCPA: Telephone Consumer Protection Act of 1991 -Multiple, recent suits filed over text messages allegedly sent confirming a party’s opt-out request -Allege that these messages constitute unauthorized use of “automated telephone dialing systems” under 47 U.S.C. § 227(b)(1)(A)(iii) (even though ATDS in fact not used) -Lawyer-driven cases (opt in, opt out and lawsuit all in less than a month) -Ibey v. Taco Bell Corp., Case No. 12-CV-0583-H (S.D. Cal. June 18, 2012) -TCPA does not impose liability for a single confirmatory text message -Insufficient allegation of use of an ATDS -See also Joffe v. Acacia Mortgage Corp (2008)
RECOMMENDED READING Eric Goldman's Technology & Marketing Law Blog - http://blog.ericgoldman.org/ http://blog.ericgoldman.org/ Venkat Balasubramani's Law Blog Covering Electronic Communication - http://spamnotes.com/http://spamnotes.com/ Bloomberg E-Commerce and Tech Law Blog: http://www.bna.com/ecommerce-tech-law-blog/ http://www.bna.com/ecommerce-tech-law-blog/ Top 50 Internet & Digital Law Blogs - http://www.criminaljusticeusa.com/blog/2008/top-50-internet- digital-law-blogs/ http://www.criminaljusticeusa.com/blog/2008/top-50-internet- digital-law-blogs/ DMCA http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act CDA Section 230 - http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act
AL IVERSON Director of Deliverability firstname.lastname@example.org http://twitter.com/aliverson Questions?