Registration is not permission

“But we only mail people who registered at our website! How can they say we’re spamming?”
In those cases where website registration includes notice that the recipient will be added to a list, and / or the recipient receives an email informing them of the type of email they have agreed to receive there is some permission involved. Without any notice, however, there is no permission. Senders must tell the recipient they should expect to receive mail at the time of registration (or shortly thereafter) otherwise there is not even any pretense of opt-in associated with that registration.
Take, for example, a photographers website. The photographer took photos at a friend’s wedding and put them up on a website for the friend and guests to see. Guests were able to purchase photos directly from the site, if they so desired. In order to control access, the photographer required users to register on the site, including an email address.
None of this is bad. It’s all standard and reasonably good practice.
Unfortunately, the photographer seems to have fallen into the fallacy that everyone who registers at a website wants to receive mail from the website as this morning I received mail from “Kate and Al’s Photos <pictage@pictage.example.com>.” It includes this disclaimer on the bottom:

This email was sent by Pictage, Inc. to laura-tagged@mydomain.example.com, a registered user on www.pictage.com or an affiliated partner. If you’d rather not receive future email from Pictage, please click here.

No. No. No. Bad Sender. No Cookie.
I registered because I wanted so see specific photos on your website. Not because I want to receive email from you. I read your privacy policy (http://www.pictage.com/static/about/termsofservice.html) and there was nothing on there about sending mail. You didn’t mail me a welcome message. You didn’t tell me I’d be receiving advertising from you. You simply added me to a mailing list and then, 3 months later, sent me an email. And you didn’t just spam me, but you spammed a bunch of Al’s closest friends (many of whom are also delivery and anti-spam folks and at least one of whom is a spamhaus volunteer).
This is a very bad way to run a mail campaign. There was no information about email in the privacy policy. There wasn’t an opportunity to opt-out at registration. There was no welcome message alerting me to the chance that I’d receive mail from you in the future.
Registration is not an opt-in request and does not confer permission for the sender to add the receiver to a mailing list.
EDIT: Al’s reaction to his name being used in mail he did not authorize

Related Posts

Email as a PR problem

Email is a great way to connect to and engage with people. It is also a medium where the sender doesn’t get to control the message as well as they might in other media. This means that sometimes email campaigns go wrong in a way that drives a national news story about how you are a spammer.
In the stress and flurry of dealing with public accusations of spamming many companies overlook the fact that the underlying issue is they are sending mail that the recipients don’t want or don’t expect. If there is a public uproar about your mail as spam, then there is a good chance something in  your email strategy isn’t working.
Even in the recent White House as spammers strategy, there is a strong chance that they are actually using reasonable and industry standard methods to collect email addresses. However, in their case, they are a large target for people to forge email addresses in forms. “Bob doesn’t like the president, but I’ll sign him up for this list so he can learn how things really are.” or “Joe doesn’t like the democrats so I’ll sign him up for their mailings just to piss him off.”

When you are confronted with an email campaign that upsets a large number of people there are a number of steps you should take.
Step 1: Gather information
This includes information internally about what actually happened with the campaign and information from the people who are complaining.
Externally: Get copies of the emails with full headers. If you’re working with people who do not want to reveal any details of the mail they received then you may not be able to fully investigate it, but if they do you will have everything you need right there. Figure out where their address came from (you do have good audit trails for all your email addresses, right?).
Internally: Talk to everyone who worked on that particular campaign. This includes the geek down in the IT department who manages the database. Figure out if anything internally went wrong and mail was sent to people it wasn’t intended for. I know of at least 2 cases where a SQL query was incorrectly set up and the unsubscribe list was mailed by accident.
Step 2: Identify the underlying problem
Look at all the available information and identify what happened. Was there a bad source of email addresses? Did someone submit addresses of spamtraps to a webform? Was there a technical problem? Again, talk to your people internally. In many companies I have noticed a tendency to try and troubleshoot problems like this at very high levels (VP or C-level executives) without involving the employees who probably know exactly what happened. This sometimes leads to mis-identifying the problem. If you can’t identify it, you can’t fix it.
Step 3: Identify the solution
Once you know what the problem was, you can work out a solution. Sometimes these are fairly simple, sometimes not so much. On the simple end you may have to implement some data hygiene. On the more complex end, you may need to change how data is handled completely.
Step 4: Inform the relevant parties of the solution
Make a statement about the problem, that you’ve identified it and that you’ve taken steps to fix it. How you do this is a little outside my area of expertise, although I have participated in crafting the message, rely on your PR folks on how to communicate this. In the Internet space, honesty is prized over spin, so do remember that.
Every company is going to have the occasional problem. In the email space, that tends to result in the company being labeled a spammer. Instead of being defensive about the label, use the accusation to drive internal change to stop your mail from being labeled spam by the recipients.

Read More

Links for 9/2/09

People are still talking about the White House spamming. At Al Iverson’s Spam Resource there are two posts, one from Jaren Angerbauer titled Guest Post: Email and the White House and another from Al himself titled White House Spam, Signup Forgery, and GovDelivery. Both are insightful discussions of the spam that the White House has been sending. Over at ReturnPath, Stephanie Miller talks about how the publicity surrounding the spam is great PR for permission.
Stefan Pollard has an article at ClickZ looking at how an apology email in response to a recipient visible email mistake can actually make the fallout worse.
Web Ink Now documents one recipient’s experience with a bad, but all too common, subscription practice.
==
Don’t forget to participate in the DKIM implementation survey. For ESPs. For ISPs. Check back next week for results.

Read More

Marketing to businesses

“If you do stupid things, you’re going to get blocked,” says Jigsaw CEO Jim Fowler in an interview with Ken Magill earlier this week.
Jigsaw is a company that rewards members to input their valuable business contacts. Once the addresses are input into Jigsaw, they are sold to anyone who wants them. Jigsaw gets the money, the people providing information get… something, the people who provided business cards to Jigsaw members get spammed and the people who downloaded the lists get to deal with a delivery mess. Sounds like a lose for everyone but Jigsaw.
Except that now Jigsaw is listed on the SBL for spam support services. Well, that’s going to cause some business challenges, particularly given how many companies use the SBL as part of their filtering scheme.
It’s hard to think of a situation where I would appreciate someone I gave a business card to providing my information to a site that then turns around and lets anyone download it to send email to. I know, I know, there are a million companies out there I’ve never heard of that have The Product that will Solve All my Problems. But, really, I don’t want them in my work mailbox. The address I give out on my business cards is, for, y’know, people to contact me about what I’m selling or to contact me about things they’ve already purchased from me. That address is not for people to market to. I have other addresses for vendors, and even potential vendors, to contact me.
Jigsaw clearly facilitates spam to businesses by collecting email addresses and then selling them on. This is a drain on small businesses who now have inboxes full of valuable offers to wade through. Perhaps their stint on the SBL will make them reconsider their spam support services.
HT: Al

Read More