Building Compliance into the Email Profit Center

1

• Building Compliance into the Email Profit Center
• Linda Goodman, Esq.
• The Goodman Law Firm
• James OBrien
• LashBack
• Sal Tripi
• Publishers Clearing House
• Dianna Koltz, CIPP
• Memolink CPA Storm

2
Compliance Legal Update, Process Overview Case
Studies

• Linda Goodman, Esq. Principal
• The Goodman Law Firm

3
Current Legal Climate

• 2008 Increase in State AG activity
• Q4 2008 more FTC activity than ever before
• 2009 Obama Administration
• Increase Consumer Protection
• Increase Regulatory Enforcement

4
Legal Process

• Compliance Process Recommendations
• Case Studies and Precedent

5
Email Compliance RealityImpacts Email
Reputation, Deliverability and Profit

• James OBrien
• Director of Marketing
• LashBack
• Global Email Compliance

6
Email Myths and Reality

• Myth Compliance Takes Too Much Time and Is Too
  Costly.
• Reality See The Ten Guidelines to CAN-SPAM
  Compliance Handout
• Myth Compliance Cost Center
• Mission Email Compliance Quality Control and
  Email Profit

7
Email Myths and Reality

• Myth CAN-SPAM to reduce volume of email
  consumers receive
• Reality 90 of all email is junk data, not
  legitimate commercial email
• Myth CAN-SPAM focuses on consumer legal action
• Reality CAN-SPAM is for legitimate ISPs and
  Govt regulators
• Reality Relevance trumps permission
• Myth CAN-SPAM is Ineffective
• Over 100 Prosecutions Administrative
  Settlements
• More Than Any Other Email Regulation
• Enforcement of a weak law is better than little
  or no enforcement of a strict law.

8
What is the 90 of all email is spam myth?

• Email needs a better definition of spam.
• The huge majority of spam is a torrent of junk
  data.
• Almost 50 comes from a source which should not
  send email.
• Another 34 is from unknown sources- both hard
  to measure because much is blocked.

9
What Email Do You Really Compete Against?

• Tons of Bad Email Gets Delivered.
• Very Little Email is Filtered
• Most Compliant Commercial Email Gets Delivered
• Legitimate Commercial Email Is a Smaller
  Percentage of Total Data Delivered Than Anyone
  Perceives- It is one basis for its high value and
  ROI.

10
CAN-SPAM Legislative Intent

• Right to Send vs. Right to Receive
• - With rights come responsibility
• - Email Must Self-Regulate (Learn How Today!)
• Consumer Opt-Out is All
• Transparency- Clear Ownership/Accurate Contact
  Information or Permission
• - Sending IPs, Domains, Physical Address
• Obligation to Monitor and Resolve Issues in a
  Timely Manner
• - Collaborative Compliance- shared liability
• - Collaborative Commerce- shared reputation
• No Deception- The reasonable consumer test
• Create an email marketplace by creating basic
  standards for email and rules for sending behavior

11
Advanced Compliance

• Collaborative Compliancy
• Collaborative Reputation Management
• Internal Policy and Best Practice Compliance
• Contract Enforcement
• New Rules of CAN-SPAM

12
Collaborative Compliance--The Obligation to
Monitor--The Opportunity to Enforce Quality
Control

• Federal Register
• Vol. 70, No. 91/ Thursday May 12 2005/ Proposed
  Rules. Page 25,431 (not a typo) Section (2)
  entitled "Sender Liability for Practices of
  Affiliates or Other Similar Entities"
• the FTC has specifically held sellers liable
  for the actions of third party representatives if
  those sellers have failed to adequately monitor
  the activities of such third parties and have
  neglected to take corrective action when those
  parties fail to comply with the law.

13

• Who is liable?
• US Advertiser (sender) - UK Publisher
• Commercial Email?
• Who profits?
• Is it your offer?
• Who clicks the send button?
• Follow the money.
• Email Compliance and Reputation is a
  Collaborative Exercise in the Email Eco-System.

14
Three Types of CAN-SPAM Compliance
15
Compliance Benefits

• Decrease Liability
• Public and private
• Identify fraud and brand abuse
• Compliance process weighs heavily under legal
  scrutiny
• Reduce legal costs when problems arise
• Protect Reputation
• Deciding factor for inbox delivery
• Deciding factor in who works with you
• Increase brand equity
• Increase Deliverability
• Compliant email is first hurdle for delivery
• Identify failures or human error quickly
• Actionable feedback data improves future
  campaigns
• Increase Profit
• Repel Spambulance Chasers with Confidence
• When email gets delivered it impacts not only
  gross revenue but profit per campaign

16
Beyond Compliance 101

• Enforce Internal Corporate Guidelines and Best
  Practices
• Guidance Many online marketers implement custom
  controls which go beyond
• CAN-SPAM requirements to enforce their own
  corporate policies, procedures and Contracts with
  third parties.
• Custom Best Practices
• Use of Specific, Pre-Approved Subject Lines
• Monitor for Vertical Compliance Specific Rules
  finance, education, health
• Quality Control Link Functionalty/Accuracy,
  Positive/Negative Traffic
• Frequency and Volume Caps for Sending-
  ListMonitor
• Email Brand Usage Monitoring- BrandAlert
• Enforcement of Exclusivity- LM/BA/AL

17
Compliance Impacts Reputation

• Consumers and receivers Report Key Metrics to
  Centralized Data System

• Data Linked to Sending IP
• and Domain

• Marketers Use FeedBack
• to Improve Sending
• Practices

Marketers Consume FeedBack
ISPs and Receivers Consume Reputation Data for
Delivery Decisions
18
Compliance Best Practices

• Closely Tied to Email Performance Best Practices
• Unsubscribe Most Impacts Reputation and
  Certification (UnsubScore/Sender Score)
• Sending/Data Compliance Problems Will Get You
  Blocked or Filtered
• Content Issues Decrease Response Most and
  Increase Legal Problems

19
Email ComplianceThe PCH Way

• Sal Tripi
• Director of Operations and Compliance

20
Traditional View
Obstacle Sales Prevention Growth Inhibitor
21
Using Compliance to

• Increase Sales
• Grow/Foster Profitable Business Relationships
• Protect Brand
• Improve Campaign Level Metrics Increased
  Conversions

22
The PCH Brand

• Brand Protection is Crucial For Future Success
• Leveraging The PCH Brand With Valued Advertisers
  And Partner

23
The PCH Brand

• Yes!We really do give away all that money

• Over 50 Years
• PCH is Sweepstakes
• One of Americas most well-known brands.
• TRUSTED

• No!You do not have to order to win.

24
Why Have a Compliance Policy?

• It effects email delivery
• It effects us as well as business partners
• Legal implications of not having one

25

• Acquisition Efforts

• Opt in Practices
• Segmentation
• Targeting
• Bounce Management
• Delivery Monitoring
• ISP Relations
• Frequency

• Advertisers

26
A Comprehensive Compliance Program

• Your Sending Reputation
• Acquisition Methods and Partners
• Advertisers

27
It all starts with Infrastructure

• Authentication
• Lets the ISPs know who the sender of the
  mail is.
• Domain Keys or DKIM Yahoo
• SPF AOL
• Sender ID MSN/Hotmail
• Its easy to have all 3

28
Sender Reputation

• 77 of Delivery Issues result from Sender
  Reputation issues

29
Impacts on Sender Reputation

• Complaint Rate
• How often people hit the Report Spam button as a
  percentage of total mailed.
• Volume
• How much mail is being sent.
• Address Hygiene
• Invalid or non-existent accounts

30
Impacts on Sender Reputation

• Spam Trap Hits
• Spam Traps are either old abandoned email
  addresses used by ISPs and Blocklists to trap
  spammers.
• Blocklists
• Blocklists are 3rd party providers of data that
  ISPs used to evaluate the legitimacy of senders.
  

31

• Before you can manage your reputation you must
  first know your reputation.

32
Tools
33
(No Transcript)
34
Delivery Monitoring

• Two types of Monitoring
• ESPs provided delivery stats
• Delivery based on absence of bounce message
• Key Metric but not the full story
• No indication of Inbox/Bulk
• Seed Program
• Inbox/Bulk and Missing
• To truly understand delivery mailers should
  evaluate both

35
Campaign Level Monitoring
36
Spam Filter Review
37
Rendering Impacts Complaints
38
Acquisition Partners

• How are you growing your lists?
• 3rd Party emails
• Banners
• List Rental

39
Am I Really Responsible for 3rd Partys

• Advertisers an be viewed as the sender of the
  email
• Sender is responsible for Can Spam compliance
• Penalties for violation up to 250 per address.

40
(No Transcript)
41
Typical Acquisition Efforts
Email
Banners
42
(No Transcript)
43
What Could Go Wrong

• ?

44
Common issues

• Emails Sent to suspect lists
• Scripts inject suspect addresses on unsuspecting
  sites
• Aggressive tactics
• Over mailing

45
Monitoring is CRITICAL

• Know who is marketing your brand
• Know their reputation
• Know their mailing practices
• Know their other clients
• Know how they are marketing your brand

46
What Should I Monitor?

• Partner Sending Reputation
• Block Lists
• Unsub Score
• Compliance Issues
• Key Words/Phrases Related to Brand
• Suppression List Management

47
Email Partners

• Who are they sending to?
• How do they obtain their names?
• Their mailing practices
• Frequency
• List Hygiene
• Block Lists
• Who are their business Partners
• As an Advertiser you are Responsible!!

48
Audit

• IPs and Sending Domain
• Review Sending Behavior
• Opt in Practices
• Blocklists
• Suppression List Abuse

49
Monitor On-Going Activity

• Review of All Campaigns
• Validate Unsub Process
• Validate that Partners are using only approved
  creative's, IPs, Domains
• Validate that Partners are not sending to
  harvested email addresses or Suppression lists
• Verify that Partners are Marketing your offer in
  a manner that protects your brand!!

50
Suppression List Abuse

• What is it?
• A Suppression List is a list of suppressed email
  addresses used by email senders to comply with
  the CAN SPAM ACT of 2004. CAN-SPAM requires that
  senders of commercial emails provide a
  functioning opt-out mechanism by which email
  recipients can unsubscribe their email address
  from future email messages. The unsubscribed
  email addresses are placed into a "suppression
  list" which is used to "suppress" future email
  messages to that email address.

51
Suppression List Abuse

• Suppression list abuse occurs when a third party
  takes a suppression list and emails messages to
  the email addresses in the list. The original
  sender of the email messages who provided the
  opt-out mechanism may be liable for suppression
  list abuse.

52
Suppression List Protection

• MD5 Hash

53
MD5 Hash Encryption

• MD5 is a one way only encryption method.
• Widely Used.
• Reliable
• Easy
• In-house Solution or Outsource

54
Brand Monitoring
55
Third Party Audit
56
Ongoing Monitoring
57
Commitment to Compliance

• Executive Level
• Business Partners
• Investment in Resources
• Investment in Tools

58
Is it all worth it?

• Whats the ROI?

59
Benefits

• Improved Delivery
• Higher Conversions
• Attract Higher Caliber of Partners
• Able to establish long lasting profitable
  relationships
• Provide Quality Leads
• Standout from Competition
• Protect your Brand

60
(No Transcript)
61
(No Transcript)
62
Engage the Sales Force

• Allow Potential Advertisers to Audit the Process
• Provide Sender Information Openly
• Provide Links to Reputation Services
• Allow Potential Advertisers to Audit the Process

63
Additional Info

• www.lashback.com
• Compliance Monitoring, Brand Monitoring
• www.unsubcentral.com
• Suppression List Management, Protection,
  MD5Hash
• www.aotalliance.org
• Authentication and security
• www.returnpath.com
• Reputation Monitoring Tools, SenderScore,
  Delivery Monitoring Tools

64
The Best Practice Approach

• Dianna Koltz, CIPP
• Director of Best Practices
• Memolink, Inc

65
Agenda

• Company Overview
• Best Practices Division
• The Best Practice Approach
• Components of The Approach

66
Company Overview

• History
• Leadership
• Products

67
Company Overview
Professional Experience

• Meredith Corporation
• Memolink, Inc.
• Certified Information Privacy Professional
• DMNews Top 30 Under 30

68
Agenda

• Company Overview
• Best Practices Division
• The Best Practice Approach
• Components of The Approach

69
Best Practices Division

• What we do
• Set standards
• Execute the approach
• Why we do it
• Industry realities

70
Best Practices Division
The Divisions mission is dedicated to an
unwavering integrity and resolve as a
cutting-edge leader in online intelligence and
marketing.
71
Agenda

• Company Overview
• Best Practices Division
• The Best Practice Approach
• Components of The Approach

72
The Best Practice Approach

• How we execute
• Establishes clear expectations
• Enables us to manage risk
• Influencing factors
• Will you take the challenge?

73
Agenda

• Company Overview
• Best Practices Division
• The Best Practice Approach
• Components of The Approach

74
Components of the Approach
1. Best practice standards 2. Partner vetting
3. Business process separation 4. Dedicated
staff5. Privacy program6. Data access program
7. Education and outreach
75
Best Practice Standards
What are Best Practices?
76
Best Practice Standards
Development of BPs

• Identify areas of need
• Conduct internal interviews
• Research Read, read, read
• Analyze risk and reward
• Prioritize

77
Best Practice Standards
The need for BPs

• Memomail
• Reactive ?
• Cause Spam traps
• Affect Blacklisted

78
Best Practice Standards
Implementation of BPs

• Sought external help
• Transparent dialogue
• Made Improvements
• Result SBL Removal

79
Components of the Approach
1. Best practice standards 2. Partner vetting
3. Business process separation 4. Dedicated
staff5. Privacy program6. Data access program
7. Education and outreach
80
Partner Vetting
What is vetting?
81
Partner Vetting

• i. How long have you been in business?
• Here today, gone tomorrow?
• Reputation is built on what?
• How long is the track record?

82
Partner Vetting

• ii. Has your company received venture or
  institutional money?
• Insight into priorities.
• Conflict of interests?

83
Partner Vetting

• iii. How long has your current leadership
• been in place?
• Turnover in key positions
• Individual track records

84
Partner Vetting

• iv. Have you ever been the subject of a lawsuit
  or investigation relating to your advertising,
  marketing, privacy or data security practices?
• Changes?

85
Partner Vetting

• v. Do you have a formal due diligence procedure
  to vet your vendors and affiliates?
• (Inquire about the details of the process.)

86
Partner Vetting

• vi. Who is responsible for setting compliance
  policy at your organization?
• Is the role conflicted?

87
Partner Vetting

• vii. Who will be my daily operational contact for
  fraud- or compliance-related issues?
• Is someone available?

88
Partner Vetting

• viii. What are your companys best practice
  standards above and beyond what the federal law
  requires?
• Sales pitch
• Reality pitch

89
Partner Vetting

• Who executes the program?
• What happens after acceptance?

90
Components of the Approach
1. Best practice standards 2. Partner vetting
3. Business process separation 4. Dedicated
staff5. Privacy program6. Data access program
7. Education and outreach
91
Business Process Separation

• Why separate?
• How do I gather support?

92
Components of the Approach
1. Best practice standards 2. Partner vetting
3. Business process separation 4. Dedicated
staff5. Privacy program6. Data access program
7. Education and outreach
93
Dedicated Staff

• Why hire dedicated staff?
• Who are the best candidates?

94
Components of the Approach
1. Best practice standards 2. Partner vetting
3. Business process separation 4. Dedicated
staff5. Privacy program6. Data access program
7. Education and outreach
95
Privacy Program

• Protect consumers
• Protect clients
• Protect employees

96
Components of the Approach
1. Best practice standards 2. Partner vetting
3. Business process separation 4. Dedicated
staff5. Privacy program6. Data access program
7. Education and outreach
97
Data Access Program

• Conduct an internal audit
• Evaluate the findings
• Remove the context for abuse

98
Components of the Approach
1. Best practice standards 2. Partner vetting
3. Business process separation 4. Dedicated
staff5. Privacy program6. Data access program
7. Education and outreach
99
Education and Outreach

• Internal training
• Long-term focus
• Industry collaboration

100
Conclusion

• Culture Shift
• Best Practices Compliance
• Invesment
• Return

101
Questions? Dianna Koltz, CIPPDirector of Best
Practices Memolink, Inc dkoltz_at_memolinkcorp.com 30
3-327-2114