unsubcentral service overview. privacy futures symposium june 2004
Post on 18-Dec-2015
214 views
TRANSCRIPT
The CAN-SPAM Act
Clear rules for email marketers– No deceptive or fraudulent tactics– Must include physical address– Must include opt-out link for Advertiser
Stops the frivolous law suits– Clearly assigns liability to the Advertiser– Clearly defines who can enforce this –
the FTC, Attorneys General, and the ISPs
One thing does change…
New requirements for Advertisers– Creating a centralized suppression list– Providing suppression lists to affiliates– Updating suppression list with new
opt-out requests
New Data Challenges– Integrating across sales channels– Maintaining data privacy & security
Not just bulk mail…
CAN-SPAM applies to all commercial messages, not just bulk ones– Viral marketing– Independent sales force– In-house newsletter– Auction notifications– Online communities – dating /
networking– Forward-to-Friend
Not so clear…
Newsletters– What is the primary purpose?– Does having an advertisement =
commercial?
Single Email / Multiple Advertisers– Show one unsubscribe link or multiple?– Does unsubscribing apply to each Advertiser?
Postal Address– Are PO Boxes and Mail Drops acceptable?– Can it be displayed as part of an image?
New Processes
Create the Initial List– Look for sources
across your organization
– Internal database– 3rd party vendors
Keeping it Up-to-Date
Create channels for…– Tech support– Customer service– Sales people– Website forms– 3rd party vendors
New Processes
Share with Partners, Affiliates, 3rd Parties– Internal access control– Control who accesses it– Make sure they use it– Audit trail for all access
Filter Outbound SMTP Mail– Channel through
common SMTP gateway– Gateway checks
against suppression list before sending each message
Collect new Optouts– Web-based, one-click
unsubscribe page– Track where each
optout comes from– Report on optouts by
advertiser– Detect optouts
received after 10 day deadline
– Integrate with list management options
Security
List Seeding1. Register a bunch of domains. 2. Make up unique email addresses. 3. Assign a few to each partner and
insert them into the suppression file.
4. If you ever receive a message at the seed address, you know exactly who is at fault.
MD5 Hashing1. Email addresses are encrypted
one-way into gobbly-gook.2. Once encrypted, they cannot be
decrypted.3. Still can be used to compare one
list against another.4. No chance of revealing email
addresses.
Server Based Suppression1. Maximum security solution2. Advertiser list maintained by 3rd
party3. Partner uploads list for cleaning4. 3rd party performs the suppression
and returns the “cleaned” list5. Entire operation can be MD5
hashed
Suppression Relay1. Ensure that all outbound mail is
compliant2. Stop suppressed emails at the
MTA3. Every outbound message is
checked against the suppression list.
Auditing
Signup Process1. Save all information you have2. MINIMUM – email, IP address,
datestamp, signup URL or action3. Referrer URL4. Other environmental information,
message trail, or website trail
Optout Process1. Save all information you have2. MINIMUM – email, IP address,
datestamp, optout URL or action3. Channel source – was this optout
from an in-house mailing or a partner? Which partner?
4. Other environmental information, message trail, or website trail
Sanity Checks1. Notice if a duplicate optout is
received >10 days after the first2. Notice if a partner accesses a
suppression list but then doesn’t generate any optouts
3. Notice if one partner or channel source creates too many optouts
Monitor Complaints1. Monitor your IP space with
SpamCop2. Make it easy for consumers to find
you
Be Cautious1. Given the option, take the safe
route2. If in doubt, suppress the address3. Make sure suppression is timely
Build vs. Buy
In-house solutions make sense for organizations– With a single house
list – With no marketing
partnerships or 3rd party relationships
– With strong IT and development resources
Outsourcing has many advantages– 3rd Party Bonded
Entity to act as broker between Advertisers and Affiliates
– Enhanced security and fraud detection
– Integration with Affiliate Networks and ESPs, API’s for customization
– Fast implementation
– No internal resources– Low Cost
Background
Standards Development– Email Service Provider Coalition
(ESPC) Technology Committee– IronPort Bonded Sender Program– Co-author Internet RFC 2369 (1998)
creating List-Unsubscribe header
Carnegie Mellon University– Computer Science– Information & Decision Systems– Don Jones Entrepreneurship Center
Enterprise Award with Distinction
Joshua Baer
SKYLIST, Inc.– One of first Email Service Providers– Advanced targeting, tracking, reporting– ISP Management & Deliverability – Partnered with IronPort Systems
Trilogy Software Incubator– Trilogy University Bootcamp– Founded IveBeenGood.com /
Uberworks, acquired by public company in mid-2000
UnsubCentral, Inc.– Launched in response to CAN-SPAM– Helps Advertisers manage their email suppression lists, sales force, and refer-a-friend viral
marketing– Custom TRUSTe Review Process Underway
Email industry veteran of almost 10 yearsActive in recent regulatory developmentCross-industry support, leading customer base