Fraud, terms of service and email marketing

gavelHere at the Atkins house we’re still both recovering from the M3AAWG plague. I don’t know what it was that we shared during the conference, but it’s knocked many folks over. I don’t have a lot to blog about this afternoon so I was looking through some of my old blog posts to get at least some content up before I give up for the weekend.
I found an old post about permission (Permission: It May Not Be What You Think It Is). The post discusses where a woman sued Toyota over emails from an online marketing campaign. I’d totally forgotten about that blog post, so I started looking at what happened with the case.
In the original case Toyota created a social media campaign where people could opt their friends in to be the target of a prank.

In the prank, a friend would sign you up on the Toyota Matrix website to participate and provide Toyota with a slew of your personal and private information including your email (sound fun so far?). iMediaConnection

After your “friend” signed you up, you’d receive an email offering a free personality test. Part of the personality test involved agreeing to terms and conditions that, according to the Appeals Court, said:

The first paragraph of the terms and conditions states, “You have been invited by someone who has indicated that he/she knows you to participate in Your Other You. Your Other You is a website provided by [Toyota] that offers you . . . an interactive experience.” The second paragraph further states, “If you review and agree to the Terms and Conditions detailed below . . . you may participate in a 5 day digital experience through Your Other You. . . . You may receive email messages, phone calls and/or text messages during the 5-day experience.” A subsequent paragraph also states, “You understand that by agreeing to these Terms, you are agreeing to receive emails, phone calls and text messages from Toyota during the 5-day experience of Your Other You.” CA Court of Appeals

Toyota was sued for $10 million dollars by a woman who received the emails. The suit alleges intentional infliction of emotional distress, deceptive trade practices and negligent misrepresentation. The campaign was thorough, Toyota went so far as to create MySpace pages for the fugitive and send the plaintiff a bill for damages at a hotel.
Toyota argued to the court that the case go to arbitration as defined in the terms of service that the plaintiff agreed to. This went up to the California court of appeals, who ruled that the case did not have to
In 2011, the California court of appeals ruled the suit could go forward(pdf link) in the courts as the terms of service were void because they were drafted in such a way as to hide the true nature of the agreement from anyone clicking through.

[Plaintiff] contends that the arbitration provision in the terms and conditions is unenforceable because, assuming that she did agree to the terms and conditions by clicking the appropriate box, the entire agreement is void because of fraud in the inception or execution. We agree. […] The point that defendants fail to address, however, is that it would have availed [the plaintiff] nothing to read and reread the terms and conditions, which were drafted in such a way as not to apprise her of what defendants intended to do to her.

I’ve not been able to find any current disposition of the case, but I think the appeal ruling is interesting. One thing I hear from a lot of folks is how users opted in to have their address sold. But whenever I’ve had the chance to look at terms and conditions, there isn’t anything that says “We will sell your address.” Instead, I may find “we may share information with affiliated companies.” I don’t think it quite rises to the level of deception in Toyota’s terms. However, there is case law in California that says fraud in online terms can invalidate the whole agreement.

Related Posts

Some content is just bad; but it doesn't have to be

There are a few segments in the marketing industry that seem to acquire senders with bad mailing practices. Nutraceuticals, male performance enhancing drugs, short term or payday loans and gambling have a lot of senders that treat permission as optional. The content and the industry themselves have garnered a bad reputation.
This makes these industries extremely difficult for mailers who actually have permission to send that content to their recipients. Working with this kind of sender, sometimes it seems impossible to get mail delivered to the inbox, no matter what the level of permission. Even when it’s double confirmed opt-in with a cherry on top, all the care in the world with permission isn’t enough to get inbox delivery.
This doesn’t have to be the case. Look at the porn industry. Early on in the email marketing arena there was a lot of unsolicited image porn. A Lot. So much that complaints by recipients drove many ISPs to disable image loading by default. The legitimate porn companies, though, decided unsolicited image porn was bad for the industry as a whole. Porn marketers and mailers adopted fairly strong permission and email address verification standards.
It was important for the porn marketers that they be able to prove that the person they were mailing actually requested the email. The porn marketers took permission seriously and very few companies actually send photographic porn spam these days. Even the “Russian girls” spam doesn’t have not safe for work images any longer.
Because of their focus on permission, in some cases revolving around age of consent in various jurisdictions, the porn industry as a whole is not looked at as “a bunch of spammers.” Porn content isn’t treated as harshly as “your[sic] pre-approved for a wire transfer” or “best quality drugs shipped overnight.”
Just having offensive content isn’t going to get you blocked. But having content that is shared by many other companies who don’t care about permission, will cause delivery headache after delivery headache. This is true even when you are the One Clean Sender in the bunch.
 

Read More

Email verification – what are we verifying

One of the ongoing discussions in the email space is the one about address verification. Multiple companies have sprung up to do “real time” email address verification. They ensure that addresses collected at the point of sale are valid.
But what does valid mean? In most of these contexts, valid means that the addresses don’t bounce and aren’t spam traps. And that is one part of validating email addresses.
That isn’t the only part, though. In my opinion, an even more important thing to validate is that the email address belongs to the person giving it to you. The Consumerist has had an ongoing series of articles discussing people getting mis-directed email from various companies.
Today the culprit is AT&T, who are sending a lot of personal information to an email address of someone totally unconnected to that account. There are a lot of big problems with this, and it’s not just in the realm of email delivery.
The biggest problem, as I see it, is that AT&T is exposing personally identifiable information (PII) to third parties. What’s even worse, though, is that AT&T has no process in place for the recipient to correct the issue. Even when notified of the problem, support can’t do anything to fix the problem.

Read More

Facebook scams move to LinkedIn

There’s a fairly common Facebook scam where someone clones an account, then sends out friend requests to friends of that person. This actually happened to a friend over the holiday break. The only problem was that most of the folks who got friend requests were actually security people. Security people who thought it was very, very funny to play along with said scammer.
The scam account didn’t last long, partly because FB security is pretty good and partly because a few of the folks the scammer invited were FB employees. I’m sure, though, that for a brief moment the scammer thought he’d found the motherlode of scam victims.
Today I got a similar scam on LinkedIn. A very bare account with little in the way of information about who this was.
LI_Scam_Profile
I don’t like connecting with these kinds of profile. But, the name does sound vaguely familiar. So I do a little Googling. And I find another LinkedIn profile for the same person, but this profile has a lot more info: A picture, a statement, 500+ connections, all the things one expects from a real person on LinkedIn.
So yes, Facebook scams have rolled over to LinkedIn. Be careful out there, folks. Pay attention to who you’re friending on all social media, not just FB or LinkedIn. Discretion is the better part of valor and all.

Read More