Enforcement
First major GDPR fine
Only now I realize there should have been a pool around GDPR enforcement. We could have placed bets on the first company fined, the first country to fine, over/under on the fine amount, month and year of action. But, it’s too late, all bets are closed, we have our first action.
Read MoreRecipients need to be able to unsubscribe
The The Canadian Radio-television and Telecommunications Commission (CRTC) announced today that Plentyoffish Media paid a $48,000 fine for CASL violations. According to the CRTC news release, Plentyoffish Media was failing to allow consumers to unsubscribe from mail in compliance with CASL.
CASL requires that any commercial electronic email message contain an easy and free unsubscribe mechanism. Plentyoffish sent mail to its members without an unsubscribe mechanism. According to their webpage (HT: Sanket) there were some messages that users were unable to opt-out of without closing their account.
Amazon announces SES email service
Last month Amazon announced a cloud based email service: Amazon SES. Amazon SES is an API based email service priced at a very low rate.
The SES product rounds out Amazon’s cloud hosting offerings. The Amazon cloud hosting service is great for webhosting but pretty bad for mail. A lot of ISPs refused to accept email from Amazon cloud IPs. But now cloud hosted customers, and others, can use the SES system to send mail.
It remains to be seen how the SES program works. They are using shared IPs for all customers. This means shared IP based reputation. As one of the major targets is transactional mail, something that normally has a very high engagement factor, it’s likely there will be a lot of good reputation on the SES IPs.
On the flip side, Amazon has set a very low price point and is allowing anyone to use their API. This is going to make it very attractive to some bad actors. These are the same folks who are attempting to compromise ESPs and sneak their mail through enforcement.
A lot of the delivery through the Amazon SES IPs is going to rely on enforcement. They seem to be putting a lot of stock in their content filtering being able to stop spam from getting through. That may or may not be enough; a lot of spammers are actually really good at avoiding content filters.
The good news is that Amazon seems to have considered a lot of these issues. They are providing a SPF record for the SES IPs, and have a way to accept DKIM signed email. They also have an experienced delivery person working there which will work in their favor.
It will be interesting to see if this works. I believe the success or failure will lie with Amazon. I know, I know, normally I say that a sender is responsible for their own reputation. But in a shared environment, it is the overall reputation of the senders that is the key to delivery. Amazon can drive that overall reputation by what customers they allow to send mail through the system. It will be interesting to see what happens in 6 – 12 months when they’ve had some time to build up a customer base.
How many people to enforce policy?
I’ve been head down working on a doc for a client and started wondering what the average size of an enforcement team is. This client told me during one of our calls they wanted to be as clean and well respected as another ESP, but was shocked when I told them how large an enforcement and delivery team that ESP maintained.
I know other clients of mine have 6 – 8 people for a very large customer base, and all of them take their job very seriously.
That got me to thinking: what is the average size of a policy and enforcement desk? Does it scale with userbase? Does it scale with the amount of mail you send? Is there a minimum size?
So tell me: how many people are on your policy and enforcement team?