In their latest “Notice of Proposed Rulemaking” (NPR) the FTC contemplates CAN-SPAM’s current 10-business-day unsubscribe policy and, based on comments from emarketers and the anti-spam community alike, recommends we move it to three (3).
Is three business days enough time? It’s hard to say. But let’s look at the issue from three different vantage points: that of the technologist, the anti-spammer, and the Fortune 500 marketer.
The technologist says: “Yes, of course three days is enough! The bulk of unsubscribe requests we, and the lion’s share of marketers receive, come via the web nearly instantaneously. Certainly it isn’t inconvenient or difficult to make this happen. It is basic web technology, that, when linked to a customer database, can immediately change the ‘status’ of a subscriber such that they won’t ever receive email again.”
The anti-spammer says: “10-days is a ridiculously long time to allow a spammer to continue to spam you. This continued abuse is unnecessary, and can easily be avoided with technology that legitimate companies will use.”
The legitimate email marketer from a Fortune 500 company most likely is empathetic to this view – in part. However, they are well aware of the complexities of their organization that may work against their ability to comply with the shortened opt-out timeframe. The answer on whether or not three days is enough will largely depend on the company, the complexity of its operations, the number of employees, the quantity of email addresses under management, its use of 3rd parties for marketing, and the number of physical offices or locations from which they do business.
Take, for example, the multinational corporation with operations in 3 states, 15 countries, and 5 different consumer and business product lines all marketed via email under the brand of the parent company. Under CAN-SPAM, such an organization is the “sender” of an email when they initiate an email AND their products or services are advertised in the message. The revised rules would require them to manage opt-outs across their enterprise in just 3 days. Compliance will require not only state-of-the-art technology, but also a coordinated communication effort to manage compliance between divisions. For example, when a national email campaign is sent by one division, the email address of customers that choose to opt-out from the email must be populated to the database, then linked with a company-wide database, potentially with millions of records.
This is possible with current technology, but what if the computer and communications infrastructure isn’t up to speed at a company? What if it takes more than a few days to propagate this data due to typical processing speeds? What if the Paris division is on a different system? Different database? What about opt-outs taken via the phone? Via the mail? Via an inperson meeting? CAN-SPAM doesn’t have a volume minimum for compliance. Just one email sent to a person who had unsubscribed 4 days ago would be a federal violation.
Will most companies be able to comply with most requests in the time period? Yes. Does technology exist for managing unsubscribes across a complex organization? Yes to that too – in fact ExactTarget’s Enterprise product satisfies this need.
The better question may be: “isn’t the current 10-day standard good enough?” Isn’t it more important to ensure companies are complying in the first place? Wasn’t CAN-SPAM targeting spammers anyway, not legitimate businesses? Spammers aren’t going to pay attention to unsubscribes anyway. Legitimate marketers will. Also, a legitimate marketer isn’t going to see an unsubscribe and say “Oh oh, just 10 days left to spam that guy. Let’s crank up the spam machine!” Such a notion is ludicrous, yet that is what the proposed rule change is based upon. Who does the change hurt? Unfortunately it hurts legitimate, if complex, enterprises rather than the spammers it aims to penalize.