PSA | New Rules take effect today

Just a quick Public Service Announcement, the new rules announced by the FTC for CAN-SPAM changes take effect today.

To recap the changes here are a number of good resources to review can be found here:

• EmailKarma.net: CAN-SPAM Rule Clarification
• The Internet Patrol: New CAN-SPAM Rules Effective This Month Require Single Action Opt-Out, Designated Senders, and More
• Shop.org: CAN-Spam Rules - What They Mean to Retailers
• Internet Law - New Rule Provisions for the U.S. CAN-SPAM Act

An Act Concerning Unsolicated Comercial Electronic Messages | Bill S-235

The Senate of Canada is currently reviewing the Bill S-235, referred to as the Anti-Spam Act, presented to the senate by Senator Goldstein. This is somewhat similar to CAN-SPAM except for the fact that this is an OPT-IN email marketing law (PIPEDA also deals with opt-in for PII), and the US law is focused on opt-out.

The most important information about bill S-235 deals with how it would make the sending of Unsolicited commercial email (UCE) messages to Canadian subscribers illegal. Consent must be granted Prior to sending email communications to your subscribers.

Illegal activities under S-235:

• Sending UCE
  
• Address Harvesting
• Phishing
  
• Inaccurate subject lines

While the mandatory pieces of information that will be required are;

• Valid contact information
  
• and a functional unsubscribe facility

It is important to note that, S-235 also creates serious penalties for people caught spamming including; up to 5 years in prison and fines of up to $1.5 million for repeat offenders.

This bill also empowers ISPs to take the necessary actions to effectively block spam messages and allow Canadians to seek damages from spammers in court.

Monitor the status of this bill, LEGISinfo.

In a later post I'll discuss some of the exemptions and items I feel need to be reviewed by Senator Goldstein.

Canadian Anti-spam Law on the way

On May 7th, 2008 The Senate of Canada had the First reading of Bill S-235, to be known as the Anti-Spam Act. Once I have time to fully digest this I'll post my thoughts on this, but to get you started the bill deals with four key items of note:

• Form and content requirements for commercial electronic messages
• prohibits address harvesting
• dictionary attacks
• and phishing.

Here is a link to the bill (PFD) that you can ready yourself. Please share your thoughts on this.

Q&A | Protecting users from fraud

I got asked a great question by a co-worker today...

"What have you seen other organizations doing to protect their users from fraud or phishing in emails?"

It got me thinking of all the different things I see when dealing with different organizations.

1. Yahoo!'s security seal is a good example of a service that lets you can create an avatar type icon hat is displayed on their login pages
2. Credit card companies may send the last 5 digits of your card in every email message.
3. Your phone company might send you your postal code or the last 4 digits of your phone number in each message to validate the relationship and validity of the message
4. Your bank or financial institution may ask you to populate a number of security questions/answers that are then randomly presented during your login.
5. PayPal's random number security key

While not all of these are email related, they could easily be applied to protect your users from fraud as part of your security planning process to protect your members.

What are you doing to protect your members? Care to share with us leave a comment or email us at contact.

Following the rules

I get asked a lot about the different rules at each ISP, and how to find more information on these policies. Here is a short list of the most common domains I get asked about;

• AOL - http://postmaster.info.aol.com/
• Gmail - http://www.google.com/mail/help/bulk_mail.html
• Hotmail/MSN - http://postmaster.msn.com/
• OutBlaze - http://spamblock.outblaze.com/
• Yahoo - http://help.yahoo.com/l/us/yahoo/mail/postmaster/

These pages contain many helpful resources that will help you understand the policies, practices, common questions and tools available from each ISP.

Have others to list, or need to know about a specific ISP - let us know or leave a comment.

Q&A | Follow up to comment on Y!

As I was writing a reply to the comment made by DJ on yesterday's post I realized I had a whole posts worth of stuff to say so I moved the reply to here. DJ asked three key questions:

What are you thoughts on Yahoo! in general?

I love Y! I have been using the same account at @yahoo.com for personal email for the last 10 (maybe more) years and with the latest spam filtering changes my daily spam load inbound has dropped to a handful each day (I might even go as low as a dozen a week). It's great to see an ISP, the size of Y!, participate and interact with groups like the Email Standards Project to ensure that they are able to render the messages being sent into there users, if only others would participate and listen with this same interest.

Do you see this as a potential issue going forward? An anomaly?

Most ISPs go through times like these, where Technology is being updated/tweaked or all together replaced. Yahoo is a big company with a huge network, small mistakes or changes can have a much larger then expected effect on the general public with network like this.

Do you envision Yahoo! having deliverability issues on and off in the future?

Just like any feature role out there can be issues, I wouldn't harp on Y! to much about this one as they worked quickly to fix the issue. When dealing with (potentially) thousands of mail servers no matter how fast you work to fix something its going to take time. Time to investigate, time to find a solution and time to implement that solution.

Yahoo Delivery News

Recently there have been several discussions surrounding delivery issues with Yahoo's mail servers. Laura discusses these in three parts over at Word to the Wise; Part 1, 2 and 3.

The cause for these errors seems to have be some new and tighter spam filtering policies recently put in place for inbound mail messages. Like other ISPs Yahoo's systems are continually monitored and tweaked for performance. After receiving several notices from mailers Yahoo's team worked to diagnose and resolve this issue, returning delivery rates to normal - for most mailers. For those of your still having problems, you should contact Yahoo through their postmaster forms at http://postmaster.yahoo.com/

In other Yahoo news; the Email Standards Project has announced some changes in the Yahoo mail client which bring both of the Y! webmail clients into full compliance with their Acid Test. Original Test results.

Microsoft Phishing Filter Error

Return Path is reporting on the following error made by Microsofts anti-phishing filters:

On Monday some messages sent to Hotmail users were being routed to the junk folder with the Warning: this message may be a phishing scam. The reported error resides with the Microsoft phishing filter that had flagged a very common link in many HTML messages, specifically the link http://www.w3.org/1999/xhtml.

The Microsoft team has adjusted the phishing filters and assures senders that the issue has now been resolved and that no actions need to taken.

Share your experiences with us by sending an email to contact or leave a comment.

Symantec's 12 Days of Christmas Spam

Just in time for the holidays - some very common spam items put to song.



YouTube Link