I need your help. I work for an organization that sends an email newsletter once a week. Someone in my office came up with the bright idea that we should auto-subscribe every person in our offline database and let them "opt-out" if they don't want to get it. While this email is not necessarily of a commercial nature, I personally still consider this unsolicited email to be spam. Can you provide me with a white paper or talking points on why this is a terrible idea so that I can make this case to my bosses?

A:

A good place to start is the Senders BCP (Best Current Practices) published by the Messaging Anti-Abuse Working Group. If anyone asks why they should do what MAAWG says, it's because its members include every large Internet provider in the country and several of the largest Anti-spam organizations in the world. This document gives easy to follow advice that will help your organization stay off blacklists and out of the ISP filters. We also recommend a review of the document "Stopping Spam: Creating a Stronger, Safer Internet", written by a joint government-industry task force in Canada. [pdf].

Another good place to look is these email related blogs that discuss Best Practices and the latest hapening in the industry:

• CAUCE
• Word to the Wise
• EmailKarma.net
• Email Marketing Water Cooler
• No Man is an iland

We are an advocacy group not a spam reporting service or the internet police. For help reporting please talk to your internet service provider or use the current tools provided to you by your web mail providers (i.e. Junk button in Hotmail, or the "Report spam" button in Gmail).

Dear CAUCE Team,

We are looking for support resources to thwart a massive spam/forgery
attack that misuses our company name -- claiming we are the spam
source. The spam contains url links to numerous computers that
apparently download viruses. We are looking for assistance and
guidance in dealing with this. Any suggestions?

Regards,
Forged

******************
Dear Forged,

We have a lot of sympathy for your predicament. Internet e-mail has
no built-in security, and there is little one can do to prevent bad
guys from putting fake names on their junk. We have seen a large
number of spam with faked return addresses from your competitors as
well as from your brand. There are several things we can recomend to
potentially help with your email program, and protect users from
receiving email with your forged from addresses (note:
this will not completely remove this threat, but can help protect your
users/brand):

• Only send email from well branded mail servers (i.e.
  MTA1.outbound.yourdomain.com) and not generic mail.myisp.com. This
  will help ISPs distinguish between your mail and a fake mail server.
  
• Implement, or fix, one or more of these popular authentication
  solutions; SPF, Sender ID, DKIM, and BATV.
  
• Send email from your own domain, do not use the senders email
  address - authentication solutions will generally cause these messages
  to fail.
  
• Let your users know of these changes and your policies regarding
  the structure of your emails
  
• Provide instructions on your web pages with information similar to this:
• "We only send email with fully qualified domain names
  (http://www.yourcomapny.com) and never with an IP address in the URLs
  (http://1.2.3.4) - if you receive and email with IPs in the body - DO
  NOT CLICK THESE LINK WITH IP ADDRESSES."
• "We in no way endorse the sending of spam and have taken the
  following actions to protect our users: SPF,Sender ID, etc...)
  

Do you have a question you would like answered? Email them to
comments.

From time to time we get questions from our members and we will try to answer many of them here.

I work for an organization that has a "community" portion of its site. People sign up and among the "benefits" they get is a newsletter. There is no way to opt out of this newsletter and we get a lot of complaints about it. This organization is run by an individual who would not be likely to listen to any employee who pointed out that an opt out or unsubscribe option would not only be courteous but also probably less illegal than what we're doing now.

Q: How can we shake the boss up to alert her to the fact that people should be able to unsubscribe?

• It bans false or misleading header information.
• It prohibits deceptive subject lines.
• It requires that your email give recipients an opt-out method.
• It requires that commercial email be identified as an advertisement and include the sender's valid physical postal address.

Q: If I give you the company information, can you get in touch with her?

A: We know several great consultants that work in the field of email marketing we can point you in the right direction for that. However, if your worried about telling this to your employeer yourself... Will they listen to anyone else?

Q1 - I would like to know if inviting viewers of my email to subscribe to my
newsletters that I send out from MyNewSite.com seen as spam?

Q2 - As I surf on the internet and come across a group or individual I would like to invite to subscribe to my group on Mysite.com and the
newsletter?

This is sort of how the invitation would look like, it may also have some graphics with it.

Subject: {Your Friend} is Inviting to join MyNewSite.com
From: Invite at MyNewSite.com
To: Invited User Email
Data: Today

{Your Friend} has invited you to join MyNewSite.com

To Accept this invitation click this link: http://www.MyNewSite.com/join/invite=12354

To Decline this invitation do Nothing, You have not been subscribed to receive any emails

{Your Friend's Message goes here}

you should join this!

Thanks,

{Your Friend} and MyNewSite.com

A1 - To answer the first art of your question, Invitations that are sent by a individual to a friend or aquantence are generally not considered to be spam. Current subscribers of your list should be ok with this, that is if you have already obtained their permission to communicate with them via email. Sending an announcement in your current email program that invites them to your new one would be the best way to do this.

A2 - As for invitations there are several ways for list managers and users to utilize these types of invitation tools correctly:

DO:

• Users: Know the individual your inviting
• Users: Know that they have some interest in the topic that they are being invited to
  
  
• List Managers: Invitations are one time triggered mailings to a individual or group of individuals that are entered by the initiator {Your Friend}
• List Managers: Include an opt-out of all future invites, regardless of who sends it for recipients

DO NOT:

• Users: Send to everyone in your address book
• List Managers/Users: Send invitations to addresses that are harvested from newsgroups, web pages or other by other means.
• List Managers: Send multiple invitations to users that do not click the "Accept this invitation" link or have previously asked not to be communicated with.