Not sure how to go about this today without embarrassing a company, but I feel the need to make a point today about unsubscribing, list management, and Can-Spam.
In the past few days, Kodak or kodakgallery.com started to send emails to one of my own personal spamtrap@ addressees that is not used for anything, but harvesting of email address off my personal website. This means obviously that I wouldn't use it to sign up for accounts, newsletters, etc using that email address. I just have it sitting out their on the Internet waiting to be scraped up by some spammer.
So, Kodak sends me this email which basically says they have sent emails in the past or I have had some sort of interaction with this in the past and that I have an account with them which I do NOT nor do I see any other emails from them in my spamtrap database. This is the online version of that email
Now, what is upsetting is not the fact that they probably bought some list from a spammer or someone used that address to sign-up somewhere on their site and they didn't bother to confirm it really was me, but the fact that when I unsubscribed or ATTEMPTED to it didn't follow Can-Spam rules.
As some of you should already know, the final Can-Spam rules ensures that senders provide an easy, straightforward way for recipients to unsubscribe from unwanted email communications. Must only require unsubscribers to enter their email address and associated opt-out preferences – cannot ask unsubscribers to log in to access their accounts first.
Guess what Kodak did?
At the bottom of their email there isn't anything there really to let me know how to remove this address of their list without hassle. No links to a preference site to see my supposed account or no way to one click unsubscribe myself. All that was there was some attorney's fine print about shipping charges, a way for me to update my email address to new one by logging into some non-existant account i don't have, help section which provides me no help, and a link to their privacy policy.
Per Can-Spam folks, the FTC.gov’s web site states:
“(1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender”
What does that mean?
- A link or Reply-To unsubscribe process must exist in every email sent and these unsubscribe processes must remain functional for at least 30 days following an email campaign
- The Reply-To send-an-email opt-out request must remove the address within 10 business days.
- If choosing a link to unsubscribe, the link must either immediately unsubscribe the user on click or, alternatively, lead only to a single page that contains a simple one-page one-click unsubscribe form. Remember this one as I will bring it up again.
- The unsubscribe form must consist of a simplified one-step form
Examples of unsubscribe forms that are not CAN-SPAM 2008 compliant:
- Clicking a link in an email that leads to a form that asks the recipient to verify their address, then emails instructions on how to ‘change’ or ‘update’ your subscription.
- Asking for a login or password before proceeding to remove the user.
- Advertising for your products or services on the unsubscribe form
- Using any kind of multiple step or multiple page process to complete the unsubscription
When I finally did some searching, I found in their privacy policy a way to create a choice for myself and remove this email address from it. They sent me an email to the address stating that it would take two (2) weeks to remove me from their lists it says. Two weeks? What about now?
So what are my issues overall here?
- Understand your email address and database relations if you buy a list or ensure your message isn't speaking out of turn like this one which states I have an account with them. I don't have an account with them.
- They attempted to treat this message like a transactional one which doesn't require an opt-out per Can-Spam, but should have had one since I have no relationship with them or at best made it easier to make a choice. Ensure that in ALL classes of email like transactional or marketing that you have AN easy way to unsubscribe the target. Don't make them go through your privacy policy to find a way to make their choices be known. To me this is a marketing email as this point. Needs to be FULLY Can-Spam compliant.
- Remove the person immediately vs. the two (2) weeks they are promising me. In Can-Spam, you have ten (10) business days to remove the person. If recall correctly, two (2) weeks is fourteen (14) days? So since this is a marketing email to me, then they would be non Can-Spam compliant?
- Suppress such email accounts that have spamtrap in them. Talk to FreshAddress or your ESP to ensure they remove such blatant addresses from your database. We do here at Eloqua, but we also call you out on it
- Don't make the person have to put in an email address that will send them another email to be suppressed.
Like I said, my intent is not to embarrass them here, but to make all realize that many of you still don't have a good grasp on the rules, regulations, and also in many cases an understanding of what your relationship is with an email target.
-Dennis
Eloqua
Eloqua
Don't Just Send, Deliver!
Last 5 posts by Dennis Dayman
- European Data Protection "Upgrades" - January 30th, 2012
- Return Path acquires OtherInbox - January 10th, 2012
- How NOT to react to spam complaints - January 9th, 2012
- Care2 breach is something to care about - January 3rd, 2012
- The passing of a great mind and great friend - November 17th, 2011
Dennis,
We've found that even simplifying this process of unsubscribing even faster makes lists even cleaner.
Our system literally has an option for a 1-click unsubscribe from the unsubscribe link on the email.
If you press it (the unsub link in the email) , you are removed, you then get redirected to a " You have been unsubscribed " page. No redirecting to a page that asks " Do you really want to unsubscribe? " – get rid of them, once and for all.
The nice bennie to this process if engaged, it will remove
bot-email accounts. Bot email account usually click on all your links in an email, then report on the landing pages of those links. With this feature enabled, you remove all those bots.
Also, have you used DataGenie to scrub your list(s) before? Well, check out ImpressionWise.com They do a great job too, about 1/2 the cost of data genie.
The 10 days bit is "more than 10 business days" (see 15 USC 7704(a)(4)(A)(i)). Since that doesn't include recognized holidays or weekends it can be up to, say, 15 days in the case of a 3 day weekend.
sorry, I must have missed business in one section of the post. I had it in another section. just typing to fast.
Dennis,
What frequently occurs is that angry people with access to spamtrap addresses plant them in peoples lists.
Even though these are supposed to be secret and should only trap people who are harvesting, they are surprisingly easy to find, especially when someone publicly announces they have spamtraps in their site.
Tim
Tim,
Agree, but what's more interesting is that the site this spamtrap@ came from is NOT something that is publicly touted nor does it have any real information on it. It is just a place holder for a domain that delivers email for me.
Dennis,
I don't see anything in CAN-SPAM that requires that "these unsubscribe processes must remain functional for at least 60 days following an email campaign."
There is a 30 day requirement. And there is a 60 day provision in the proposed Canadian ECPA (but not in CAN-SPAM).
Also, do you happen to have the section that prohibits advertising on an unsubscribe form?
I would always recommend keeping unsub mechanisms working for as long as possible and not advertising on the unsub form, but also want to make sure that it is clearly understood what is and is not a violation of CAN-SPAM.
sorry Kris, your right. I have got my laws mixed up. I have been heads down in c-27 (ECPA) this week. fixed
It appears like most Internet Marketers cannot live without spam, this is why I have a different email for product try outs, subscriptions etc.
I have a question around one click unsub and providing an unsub button on the landing page.
Currently we use a one click unsub process i.e. user clicks on unsub link in the email and they are immediately removed from the db. The link redirects the user to a landing page which reads: "Sorry to hear you have unsubscribed, blah blah". Point is that the user is unsubscribed immediately – no room for error.
The alternative is that when a user clicks on the unsubscirbe link in the email, they are redirected to a landing page which contains a textfield (which has their email address dynamically inserted from the email) and next to the textfield is an "unsubscribe" button which user must click in order to be removed. Once user clicks on the unsubscribe button they are unsubscribed from the DB.
I don't know why email marketers are being forced to treat users as though they are dumb but IMHO I don't really understand why the second is such a bad choice. I often come across these processes and feel as though they are a legitimate way of removing myself from DB's as long as, of course, i am actually removed!
Could someone fill me in on their feelings related to the two scenarios.
Thanks,
so to be honest, I don't have issue with the latter you discuss here and would recommend it.