CAN SPAM compliance information in images

A fellow delivery specialist sent me a question this morning.

What is your opinion on putting CAN SPAM compliance information (postal address, unsubscribe link, etc) in an image?

The short answer is this is something spammers do and something that legitimate mailers should never want to do.
The longer answer needs to look at why spammers do this, why legitimate marketers may think about doing this and what affect this has on the end user perception of mail.
Spammers do this because it means that they can still be nominally legally compliant if someone looks at their email but their physical address can’t be tagged by content filters. Using images is simply a way for them to avoid filters while also avoiding legal liability for violating CAN SPAM. In fact, in some of the cases where a company was taken to court for violating CAN SPAM (no physical postal address, no unsubscribe link) the company argued that the information was in an image that the recipient didn’t keep as evidence.
Because spammers use images for CAN SPAM information has become a sign that the sender is a spammer. It is in the same category as hashbusters, or rotating from lines or whois records hiding behind privacy filters. Spammers do these things because it defeats spam filters and gets their unwanted mail into ISPs a little better than if they don’t do these things. However, any third party looking at that spam, be it a delivery consultant or an abuse desk worker will immediately decide the complaint is valid and the sender is most likely spamming.
Why might a legitimate company want to use images for CAN SPAM compliance? There are bad reasons, like not providing information that can be used for filtering. There are some less bad reasons, though. It may be that they want their entire email to be images, with no room for text. From a design perspective, I can understand this. Companies want their email to be like their print marketing, branded and consistent. Unfortunately, doing this makes the email look like spam.
Unfortunately, using images for CAN SPAM compliance information is what spammers do. Even if a company has the best intentions and isn’t trying to get away with anything, using an image where plain text will do makes that mail look like spam. It makes the sender look like they have something to hide and removes any benefit of the doubt that an abuse desk worker might give the sender.

Related Posts

Aiding and abetting violations of CAN SPAM

The US DOJ announced today the guilty plea of David Patton. Patton was charged with “aiding and abetting violations of the CAN SPAM act. Software written by Patton’s company provided the ability to modify email headers and use open proxies to disguise the source of the email.
The Ralsky convictions are, to the best of my knowledge, the first criminal prosecution for CAN SPAM violations and so far 9 of the 12 defendents charged have pled guilty.

Read More

TWSD: Lying and Hiding

Another installment in my ongoing series: That’s What Spammers Do. In today’s installment we take a look at a company deceiving recipients and hiding their real identity.
One of my disposable addresses has been getting heavily spammed from mylife.com. The subject lines are not just deceptive, they are provably lies. The mail is coming from random domains like urlprotect.com or choosefrequency.com or winnernotice.com advertising links at safetyurl.com or childsafeblogging.com or usakidprotect.com.
The spam all claims someone is “searching for…” at their website. The only thing is, the email address is associated with a fake name I gave while testing a website on behalf of a client. I know what website received the data and I know what other data was provided during the signup process. I also know that the privacy policy at the time said that my data would not be shared and that only the company I gave the information to would be sending me email.
Just more proof that privacy policies aren’t worth the paper they’re written on. But that’s not my real issue here.
The real issue is that I am receiving mail that is clearly deceptive. The subject lines of the emails up until yesterday were “(1) New Message – Someone Searching for You, Find Out…” Yesterday, I actually clicked through one of the messages to confirm that the emails were ending up at mylife.com. After that, the subject lines of the emails changed to “(1) New Person is Searching for You.”  I don’t know for sure that my click has caused the change in subject lines, but the timing seems a bit coincidental.
It’s not that someone, somewhere gave mylife.com bad data, or that someone typed a name into the mylife.com search engine and the mylife.com database showed that name and my email address were the same. Neither this name or this email address show up in a google search and I can say with certainty that this is a unique address and name combination given to a specific website. Therefore, the subject lines are clearly and demonstrably lies.
The spams are also coming from different domains and advertising links in different domains. The content is identical, the CAN SPAM addresses are identical. While the court may not rule this is deceptive under the rules of CAN SPAM, it certainly is an attempt to avoid domain level spam filters.
Who are mylife.com? Well, their website and the CAN SPAM address on their spam claims they are the company formerly known as reunion.com. I’ve talked about reunion.com here before. They have a history of harvesting addresses from users address books. They were sued for deceptive email practices under California law, but won the case just recently. They seem to think that the court case was permission to send deceptive email and have thus ramped up their deceptive practices.
If you are a legitimate email marketer, there are a couple take home messages here.
1) Spammers send mail with different domains, from different IP addresses, that contain identical content, landing pages and CAN SPAM addresses. Legitimate marketers should not rotate content and sends through different domains or different IP addresses. Pick your domain, pick your IP and stick with it.
1a) Spammers use randomly chosen domain names and cycle through domains frequently. Legitimate marketers must not use unrelated domains in marketing. Use a domain name that relates to your product, your industry or you.
2) Spammers send mail with deceptive subject lines. Legitimate marketers should make sure their subject lines are clear and truthful.
3) Spammers send mail in violation of the privacy policy under which information was collected. Legitimate marketers should be very careful to handle data in accordance with their privacy policies.
That’s what spammers do. Is that what you do?

Read More

Buying lists and other stupid marketing tricks

Back in November, I commented on Zoominfo and that they were selling senders very bad lists. At that time, Zoominfo did not have my current information. They have since rectified that problem and are now selling my information to people.
This morning, I received an email that said:

Read More