Last night, I heard a speaker at a marketing industry event tell the audience that harvesting the emails of your visitors without their knowledge was good marketing practice.
I kid you not.
The speaker, a branding consultant from Northern Virginia, told a story of how, after she visited a website, she received an email from that very same site. The email was unsolicited. But she said it was still an example of effective outreach in today’s marketing environment where brands have to put their name before consumers five or ten times before that consumer might be ready to buy.
I was appalled by her response.
Hadn’t she heard what Seth Godin says about “permission marketing,” that these days, consumers have nearly zero tolerance for unsolicited interruptions?
And wouldn’t sending unsolicited email in the first place be illegal under federal anti-spam regulations?
And I was also confused. The branding consultant said that she didn’t fill out any kind of form or give that site her email address. So how did they even get her email address in the first place?
I’m still convinced that sending somebody an unsolicited email after a single visit to your website is bad marketing. And it’s super creepy.
But it turns out that I had a lot to learn about both the technology and the law.
Harvesting email addresses
First, the technology. Believe it or not, a shady website can in fact harvest your email from your web browser from a single visit.
[Tweet “A shady website can in fact harvest your email from your web browser from a single visit.”]
And it can all be done automatically through various technical tricks, without needing you to fill out a form on the site. You won’t even know it happened until you get a spam email from the site after your visit.
Sending email to a harvested address is illegal in the United States. So I was right that what this website did to the marketing speaker could get them in trouble.
But I was wrong about the reason. In fact, it’s perfectly legal to send spam as long as you don’t send it to an illegally harvested address.
One strike and you’re not out — yet
The CAN-SPAM Act regulates commercial email in the United States. “The Act does not require opt-in by recipients, however, and so unsolicited messages are still lawful,” explains cybercrime expert Alex Kigerl.
The bill does not prohibit spam, but rather regulates the way it is sent and the content that is delivered. The messages must be truthful and not fraudulent. The sender must also comply with a recipient’s express request to opt-out of all future emails.
So, though the site that the branding consultant visited did indeed break the law by harvesting her email address from her visit, the site was allowed to send her unsolicited email.
However, if she asked to get off their list and they didn’t remove her within 10 days, then they’d be breaking the law on that point also.
Illegal or not, sending unsolicited email still wouldn’t be good marketing practice.
[Tweet “Illegal or not, sending unsolicited email still wouldn’t be good marketing practice.”]
“If I meet you and you add me to your mailing list without asking my first, I’ll be annoyed but I’ll give you a few emails to show how you add value to my life,” as lawyer Ruth Carter writes. “But if we’ve never met and you’re sending me unsolicited email, I don’t like you. It’s because of people in the latter category that I’m glad we have the CAN-SPAM Act.”
Crack that whip, can that spam
In 2003, Congress passed and President George W. Bush signed the Controlling the Assault of Non-Solicited Pornography and Marketing Act. As attorney Zachariah Parry explains,
The cleverly titled acronym, CAN-SPAM Act, sought to provide refuge to consumers weary of unsolicited emails. (It did not, however, make any attempt to shield the feelings of legitimate marketers who resent being lumped in the same category as pornographers.)…
The Act, which itself does not use the word “spam,” defines “commercial electronic mail messages,” i.e. commercial email, as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” 15 U.S.C. § 7702(2)(A).
Commercial email for the purposes of the law is not just bulk email but all email sent out by companies or employees to try to sell you something.
How to determine if your email is really commercial, or if it’s just a receipt or some other service message not subject to the restrictions on spam? The Federal Trade Commission offers a handy test.
Seven deadly email sins
Common small business email marketing systems such as MailChimp or Constant Contact are set up to help you avoid the biggest legal mistakes on your next email blast.
But, remember, the CAN-SPAM act is not about quantity, and the FTC doesn’t care if you send 1,000 emails or just one. As long as the email tries to sell something or comes from a commercial website, then it has to follow the law.
[Tweet “Whether you send 1,000 emails or just one the FTC still expects you to follow the law.”]
So especially if you’re sending unsolicited emails to customers one at a time from your Outlook or Gmail account, avoid the temptation to play clever with the law. The FTC lays it out for you:
- Don’t use false or misleading header information. Instead, use your real name and company name in your “From,” “To,” “Reply-To,” and routing information. Commercial email is not the place to be anonymous.
- Don’t use deceptive subject lines.
- Don’t be too cute pretending the message is not selling something. You probably don’t want to label your message “advertisement” but you can come up with more subtle ways to show that the message is selling something.
- Don’t try to hide behind the Internet. Even if your business is 100% online, to send commercial email, you also must demonstrate a presence in the physical world. Any commercial email message you send needs to list a current street address, a post office box or a private mailbox.
- Don’t make it so damn hard for recipients to opt out of your email. Forget the tiny type or the need to email you back with lots of personal information. Instead, follow the example of one popular email service that inserts at the bottom of each of its customers’ emails an easy-to-find “SafeUnsubscribe” link. Make sure your spam filter doesn’t block these opt-out requests.
- Don’t ignore opt-out requests. You need to give recipients 30 days to opt out after getting your email and you need to stop sending to them within 10 days. And once someone has opted out, you can’t send emails to them anymore in the future unless they opt back in. This means you need to keep a record of an email address even after it’s opted out. Again, the commercial services do this for you automatically. Yet another reason to scrap your manual email list in Outlook or Gmail and sign up for Constant Contact already.
- Don’t let your email guy go rogue. Hiring an outside contractor to send your emails is no excuse for breaking the law. And when the FTC comes calling, your email guy will get in less trouble than you will, since it’s your email. Only hire reputable email marketers who can demonstrate a history of knowing the law and complying with it.
I don’t need no stinkin’ anti-spam policy
Think that your business is too small to get dinged by the FTC for sending out spam?
Anybody who gets annoyed that your unsolicited emails won’t stop even after they opted out can report you to firstname.lastname@example.org. “Their site On Guard Online has some other useful tips for managing and reducing the amount of spam email you receive,” writes Ruth Carter.
The fine for one single incident of violating the CAN-SPAM Act is $16,000. And since that doesn’t seem to deter the big nasty spammers, the FTC can also throw in jail time to boot.
[Tweet “The fine for one single violation of the CAN-SPAM Act is $16,000.”]
That’s what happened to 34-year-old Milos Vujanic. In April, a Texas court sentenced the uber-spammer to spend 48 months in federal prison and pay $17.3 million in restitution. A couple of accomplices got smaller fines but much longer prison sentences — a mind-blowing 30 and 40 years respectively.
If you forget to take somebody off the new product update list you have in Outlook even after they’ve sent you two angry emails about it, even if the person complains to the FTC, your chances of spending decades at Club Fed are small.
But everybody hates spam and following the law on your commercial email is just doing the right thing. And that’s the best kind of marketing these days.
[Tweet “Everybody hates spam – following the law on your commercial email is good marketing.”]
As Seth Godin puts it, marketing today needs to be so good that consumers won’t want to opt out of your email list. And you need to start by getting permission to send your customers an email or any other marketing content.
Real permission works like this: if you stop showing up, people complain, they ask where you went.
— Erik Curren, Curren Media Group