Affiliates: what is a company's responsibility


Many of my clients come to me when they end up with delivery problems due to the actions of affiliates. These can either be listings in some of the URL blocklists (either public or private) or escalations of IP based listings. In many of the cases I have dealt with affiliates, the affiliates have sloppy mailing practices or are out and out spammers.
Recently the FTC settled with Cyberheat over their liability for the behaviour of their affiliates. In this settlement Cyberheat is required to monitor their affiliates as follows:

  • Contractually requiring the affiliate to identify any subaffiliates it intends to us
  • Providing each affiliate a copy of the Order
  • Obtaining from each affiliate an express agreement to comply with the Order and the CAN SPAM Act
  • Contractually requiring each affiliate that intends to use email marketing to provide Cyberheat, at least 7 days before the campaign, the email address from which the email will be sent, the subject line, the proposed dates the email will be sent, the email addresses to which the email will be sent, and a certification regarding how the addresses were obtained
  • At least 3 days prior to an email campaign being conducted, Cyberheat must review the campaign for compliance with the CAN SPAN Act and provide written acknowledge that it has reviewed the campaign and that it complies with the CAN SPAM Act, and
  • Requiring each consumers that signs up for Cyberheat service to identify the manner through which they heard of the service. If they heard of the service via email, Cyberheat must monitor the affiliate that sent the email for continued compliance with the CAN SPAM Act.

These conditions are very similar to the conditions I helped some clients establish when they ended up on the SBL due to the behaviour of their affiliates. We did set contractual limits on what the affiliates could do, and require they comply with an AUP. We also set out a vetting process to verify that the affiliate would not send spam. Questions all affiliates had to answer included:

  1. Company name, address, domain, opt-in policies
  2. Main website
  3. Outgoing mail IP(s)
  4. Domains used in email
  5. Where do they get their email addresses?

Each candidate must pass the at a minimum checks:

  • Check the opt-in policies as listed on the website.
  • Check mail IPs on spamhaus and other blacklists
  • Check rDNS on IPs
    • Is their reverse DNS set up
    • Is it reasonable
    • what is rDNS of nearby space
  • Check whois record
    • How new is the record
    • Is there valid contact information in the record?

Additionally, a unique address will be signed up at every affiliate.

One of the difficulties my client and I discovered while vetting affiliates is that many affiliate programs hide their mailing IPs and will refuse to reveal any information about where the mail comes from. This makes it difficult, if not impossible, to determine if they are associated with any reports of spam.
I have yet to find the silver bullet for determining the cleanliness of an affiliate program. I think it is clear, though, that the FTC expects companies to know who their affiliate mailers are and to not patronize affiliates who are sending spam.
Hat tip: Venkat

About the author

1 comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By laura

Recent Posts


Follow Us