Has CAN-SPAM been effective?

I think there is some evidence indicating that CAN-SPAM is bringing down spammers. These cases, however, haven’t been as publicized as much as they need to be, giving spammers the feeling that they are untouchable. I agree with Trevor Hughes of the Email Service Providers Coalition – until the evening news shows these virtual thugs being carted away in handcuffs, no tangible deterrent is in place for spammers.

CAN-SPAM has primarily been an academic, often heady, debate that occurs in the conference rooms or chief counsel’s office of legitimate businesses. However, that debate has been good for the medium by triggering more control over the way email, privacy, permission and opt-outs are managed by businesses. Prior to CAN-SPAM, these key discussions did not take place. Although this is a positive outcome, most of the burden for CAN-SPAM is placed on legitimate businesses, leaving spammers untouched. Again, enforcement and funding for state attorneys general to track down spammers are key to turning the tide.

The FTC’s recent notice of proposed rulemaking does a good job of clarifying the law.  It identifies how the law treats emails with multiple advertisers and makes some strides for consumers by mandating that unsubscribe functions cannot exceed one page or require a log-in. However, their proposal to move the number of days for unsubscribe compliance from ten to three days again creates hurdles for legitimate businesses, but won’t deter spammers. Although the technology certainly exists to unsubscribe an address quickly, this can be difficult to implement in a large or distributed organization. A legitimate business certainly isn’t using the additional seven days to spam the unwilling recipient. Spammers, however, will ignore the rules altogether. 

The silver lining in all of this is pre-emption – provided that it will continue to work to keep poorly-written state laws off the books. The FTC does understand the problem as evidenced by their comments last year on the Do Not Email registry. This bodes well for balanced rulemaking in the future.

see you soon!

Chip

Will DKIM become Industry Standard?

Yahoo and Cisco are proposing DomainKeys as THE industry standard. How do I think that will affect marketers?

An encrypted authentication standard has a number of benefits for both senders and receivers – largely due to the level of confidence encryption provides to the receiving community. Encryption-based authentication, such as DKIM, provides the most protection available against domain spoofing by spammers.

DKIM has a good chance of becoming an industry standard, because it is being released as open-source code, but also because of the size of the community that supports it, including Yahoo, GMail, and likely Earthlink. Plus, the DKIM protocol was just submitted to the Internet Engineering Task Force (IETF) who had commented publicly last fall that they had a preference for an encryption-based solution. With IETF support, many fence-sitters on the receiving side are likely to move forward. The IETF meets at the end of July in Paris.

With that said, the technology inherent to DKIM also has its challenges. It requires new software (and hardware in most cases) for both senders and receivers, and causes performance reductions in send speeds and receiving speeds. So even though it is a “better” long-term solution (that Microsoft has hinted they will also eventually embrace), it will still be some time before a majority of the sending and receiving community are supporting DKIM.

ExactTarget will continue to support all authentication techologies, as we believe it is for the good of the medium. Our clients are rapidly becoming SPF and Sender ID compliant, and many are likely to take advantage of our DKIM offering this fall.

'till next time,

Chip