UnsubCentral

Service Overview

Privacy Futures SymposiumJune 2004

The CAN-SPAM Act

It doesn’t change much for legitimate marketers.

The CAN-SPAM Act

Clear rules for email marketers– No deceptive or fraudulent tactics– Must include physical address– Must include opt-out link for Advertiser

Stops the frivolous law suits– Clearly assigns liability to the Advertiser– Clearly defines who can enforce this –

the FTC, Attorneys General, and the ISPs

One thing does change…

New requirements for Advertisers– Creating a centralized suppression list– Providing suppression lists to affiliates– Updating suppression list with new

opt-out requests

New Data Challenges– Integrating across sales channels– Maintaining data privacy & security

Not just bulk mail…

CAN-SPAM applies to all commercial messages, not just bulk ones– Viral marketing– Independent sales force– In-house newsletter– Auction notifications– Online communities – dating /

networking– Forward-to-Friend

Not so clear…

Newsletters– What is the primary purpose?– Does having an advertisement =

commercial?

Single Email / Multiple Advertisers– Show one unsubscribe link or multiple?– Does unsubscribing apply to each Advertiser?

Postal Address– Are PO Boxes and Mail Drops acceptable?– Can it be displayed as part of an image?

Multi-Channel Integration

New Processes

Create the Initial List– Look for sources

across your organization

– Internal database– 3rd party vendors

Keeping it Up-to-Date

Create channels for…– Tech support– Customer service– Sales people– Website forms– 3rd party vendors

New Processes

Share with Partners, Affiliates, 3rd Parties– Internal access control– Control who accesses it– Make sure they use it– Audit trail for all access

Filter Outbound SMTP Mail– Channel through

common SMTP gateway– Gateway checks

against suppression list before sending each message

Collect new Optouts– Web-based, one-click

unsubscribe page– Track where each

optout comes from– Report on optouts by

advertiser– Detect optouts

received after 10 day deadline

– Integrate with list management options

Security

List Seeding1. Register a bunch of domains. 2. Make up unique email addresses. 3. Assign a few to each partner and

insert them into the suppression file.

4. If you ever receive a message at the seed address, you know exactly who is at fault.

MD5 Hashing1. Email addresses are encrypted

one-way into gobbly-gook.2. Once encrypted, they cannot be

decrypted.3. Still can be used to compare one

list against another.4. No chance of revealing email

addresses.

Server Based Suppression1. Maximum security solution2. Advertiser list maintained by 3rd

party3. Partner uploads list for cleaning4. 3rd party performs the suppression

and returns the “cleaned” list5. Entire operation can be MD5

hashed

Suppression Relay1. Ensure that all outbound mail is

compliant2. Stop suppressed emails at the

MTA3. Every outbound message is

checked against the suppression list.

Auditing

Signup Process1. Save all information you have2. MINIMUM – email, IP address,

datestamp, signup URL or action3. Referrer URL4. Other environmental information,

message trail, or website trail

Optout Process1. Save all information you have2. MINIMUM – email, IP address,

datestamp, optout URL or action3. Channel source – was this optout

from an in-house mailing or a partner? Which partner?

4. Other environmental information, message trail, or website trail

Sanity Checks1. Notice if a duplicate optout is

received >10 days after the first2. Notice if a partner accesses a

suppression list but then doesn’t generate any optouts

3. Notice if one partner or channel source creates too many optouts

Monitor Complaints1. Monitor your IP space with

SpamCop2. Make it easy for consumers to find

you

Be Cautious1. Given the option, take the safe

route2. If in doubt, suppress the address3. Make sure suppression is timely

Build vs. Buy

In-house solutions make sense for organizations– With a single house

list – With no marketing

partnerships or 3rd party relationships

– With strong IT and development resources

Outsourcing has many advantages– 3rd Party Bonded

Entity to act as broker between Advertisers and Affiliates

– Enhanced security and fraud detection

– Integration with Affiliate Networks and ESPs, API’s for customization

– Fast implementation

– No internal resources– Low Cost

?QuestionsQuestions

Background

Standards Development– Email Service Provider Coalition

(ESPC) Technology Committee– IronPort Bonded Sender Program– Co-author Internet RFC 2369 (1998)

creating List-Unsubscribe header

Carnegie Mellon University– Computer Science– Information & Decision Systems– Don Jones Entrepreneurship Center

Enterprise Award with Distinction

Joshua Baer

SKYLIST, Inc.– One of first Email Service Providers– Advanced targeting, tracking, reporting– ISP Management & Deliverability – Partnered with IronPort Systems

Trilogy Software Incubator– Trilogy University Bootcamp– Founded IveBeenGood.com /

Uberworks, acquired by public company in mid-2000

UnsubCentral, Inc.– Launched in response to CAN-SPAM– Helps Advertisers manage their email suppression lists, sales force, and refer-a-friend viral

marketing– Custom TRUSTe Review Process Underway

Email industry veteran of almost 10 yearsActive in recent regulatory developmentCross-industry support, leading customer base