(813)-421-4338

The CAN-SPAM act is a horridly named law that was put into place in 2003. More and more ISPs and email providers are getting strict on the rules. So I thought I would let you guys know what it means for you and how you can avoid being caught by it.

The Awful Name

When I read CAN-SPAN I read it as  the “allow to spam” act. It’s intention was more along the lines of “ditch or disallow spam”. Try to keep that in mind when trying to comply. The rules are “deny first”. So unless you meet ever single rule, you can get dinged.

The penalties

Not adhering to CAN-SPAM rules can cost you up to $1,600 an email. So if you send something to 50 people, and do it wrong, that can cost you $80,000.  Now imagine you did that to every member of your website, or all your customers, or that huge mailing list you just got.

Who does it apply to

It applies to any and ever email that is sent when the emails primary purpose is selling or advertising a good or service.  That means every email, even when your sending a single email to one of your customers just because you think they will be better served by an upgrade or downgrade.  There are no exceptions for B2B emails or emails that offer free services or goods.

How to comply

Compliance is a bit of a pain the first time you do it, but after that it’s not so bad.  Just follow these easy rules:

• Use only valid email headers, this can sometimes be a problem if your mailing from a website or forum software directly, but most of the time this is not a problem and is automaticly taken care of by your email program. If your not sure, send your developer an email and ask them to check. It’s very easy to check.
• Subject lines must reflect the content of the email. Plain and simple.
• Declear the email as an ad. Nothing fancy here, but don’t try to send ad emails that don’t look like ads. Just clearly state that the email is an ad or give the pourpose for the email.
• Tell the recipiants where you are located. Every email should contain your physcall address. Normally this is included in the footer of the message.
• Tell the recipiants how to opt out, then honor the opt-outs. Make sure that you include some way that your recipiants can stop getting these emails, then honor the request to not receive them any more. You have 10 days to proccess their request. A return email address is usually a good way to handle small lists. Just make sure that it’s easy to find and that you honor their request. This is the big one that gets people into trouble.
• Make sure that if your using a SAAS solution, or contract out your mass mails that the people your having do it are honorable. You are sill legally responcibal for the emails and their compliance.

Some tips for complaince.

• If your using a HUGE list of thousands, then use a third party service like icontact. They handle this stuff for you.
• If your using a small list of 1-100 people and just sending manually or via forums or other automated tools, test it first, and ask your self, “If I wanted to opt-out, is it clear how to, can I find the physical location easly?”
• Make sure you are being honest. Clearly state that the email is an add. Make it clear. Don’t try to trick someone into clicking a link or some such, just be strait forward.
• Never send the emails through your ISP with out checking with them first. This will just cause a problem for you. Make sure you contact them first with your intent. If they don’t allow that many emails (and most won’t) you can use a third party like authsmtp.  In both cases, they can help you be compliant if you need help, and will surely help make sure the headers are correct.
• Never send emails from a website like a blog or forum with out checking with both the developer, and the hosting provider. Many “pre-packaged” sites have mods or plug-ins that can send large amounts of emails, but 9/10 hosting providers (myself included) will block large amounts of emails, or even disable your account.  While websites are generally allowed to send a low volume of emails (like new user sign-ups, or sales receipts), but mass mailings, even to a few hundred, could really get you in trouble.
• Create an opt-out method for your users that is internet based. For small lists, “Send an email here” is good enough, but you have to be committed to reading it, and removing them from the list. For larger lists the “click this link” or “login here and un-check this box”  are good automated methods.
• Always send from a real address. Don’t use a made up address like “no-reply@domain.com”. The address it’s self is fine, but the address should exist, and it should be monitored, at least a little.
• Don’t purchase or rent email lists. You need to be able to prove that the people your emailing have a relationship with you. Use opt-in forms, or membership sites, customer lists, etc. It’s easy to build a list. Purchasing a list (or renting one) is a sure fire way to get in trouble.
• Make sure your list is kept up to date. Don’t use a list from a product you stopped selling seven years ago.
• Remind your recipients where you got their email from. Even if they just bought something last week, some people will need reminding.

Complying with the CAN-SPAM act is not too difficult, and spending a little extra time upfront to get it right is worth it. Not complying can get your domain added to a list of spammers, fines from the FTC, and other not so nice things.

if you have been following Internet trends then you have surly read about Google marking the entire internet as Malware. Well, they fixed that a long time ago. But newer borwsers including both Firefox and Google Chrome are using the Google database of malware sites to pop up warning messages if you try to go to a site that contains or links to malware.  What that means to you is that if you provide or link to malware your visitors will get a very ugly and nasty message about hwo unsafe and dangerous your web site is. Most visitors will not know how to by pass this warning, and even fewer will be willing to.

First things first

Malware is not virus. It has nothing to do with viruses, other then both are bad. Malware is just bad software. Most of the time when talking about websites, it’s a cookie that is left behind with certain permissions, or an image that is loaded from a traffic monitoring server that uses that data for less then legal means.  Most of the Malware is installed by the site owner or developer without ever intending to do so.

What this means

For end consumer websites (where the visitor is doing the buying or reading), getting this message will stop most of the traffic to your site resulting in fewer sales, or less income from ads.  For SAAS websites it means that all your clients will have their traffic blocked, and they will be very angry with you, and will likely no longer be your customers. The same goes for link list providers and other directory services.

How to prevent

Prevention is obviously the best thing to do in this case. It is however very tricky and easy at the same time.

First make sure that you only link to quality sites with no malware on them. You can only be dinged if you link to malware sites, not if they link to you. Make sure before you include links to any site you check it thoroughly. For forums, blogs, and other consumer drive content sites, I recommend disabling automatically linking all URLS. This means the users can still type in URLs but that visitors have to copy and paste the URL into their browsers. This separation keeps you from getting dinged by a user pasting in a malware site link.

Second avoid including anything from a less-then-quality source that says things like “past this code on your page”. That is the number one way to get on the Malware list. A lot of these services come across are traffic watchers, Traffic boosters, or such.  Some come across as totally legitimate services like tickers, and contact forms.  The best advise I can give here is “just don’t”. Of course sometimes it’s needed for site functionality, and that’s ok, just make sure you know where it is coming from (i.e. Icontact forms are ok because Icontact is a known provider) and make sure that you keep a list of when you have made this exception so that they can be easily removed if need be.

Getting off the list

Ok, so something happened, a user posted a link, you included a counter you shouldn’t have, that last image you posted was actually hosted by someone who got dinged, or in most cases, a site you have been using for years just got added to the malware list for some reason.  Well, removing your self from the list is very simple. It involves making a google account, verifying you own the domain, removing the offending content, certifying that you did so, then waiting about 3 days.  It is a very simple thing to do, and if your already using Google analytics, your half way there.  I can help with this if need be, or most other developers can too. Removing the offending content is the hardest part, the rest is basically just paper work.  Again the best method is prevention.

I thought I would take a moment to comment on this as it effects my customers directly. Google announced that it would be dropping support in Google Apps for older browsers.  I have always advised my clients to make sure their sites are standards compliant and that doing so would mean that they would continue to work in future versions of browsers.  Any site that I have created will work in newer browsers without any problems. But for thoes of you with many sites or sites that have had many developers, this could be the start of a very intresting trend. There are two trends that I wish to point out.

Dropping of old browser support

While this does not mean that you can stop development for IE6 if thats what your customer base is using, it does mean that you should start, at the very least, including code for modern browsers. In time this will have a recipicating effect. As more sites move away from IE6 few people will use it, and newer browsers will be less tolorant of IE6 workarounds(taking advantage of browser bugs to get something to look right on IE6). This is very likely to mean that certian things that you have done in the past for IE6 compatability will break newer browsers.

The solution; If your one of my clients you already are doing it. Make sure your developer writes standards compliant code.  Stop using IE6 fixes. If your developer is not doing this, demand that they do. A quick test can be run at http://validator.w3.org/. Just make sure you ask your developer why there are errors. There may be a good reason for one or two errors.

Adoption of new browers

Dropping old browsers or course means accepting new browsers. Most new browsers have some type of mal-ware detection in it. Google and Firefox (along with many others) use a shared database of malware providers.  If your on this list, or link to someone on this list, users will get a nasty warning message saying that we website is unsafe. This is a new trend in the latest browsers and has hit a few of my clients for something very simple. For example, one of my clients got hit because they linked to an image on a site that provided malware. This got them added to the list. Removal from the malware list is very simple and easy to do, but can take 2-3 days. Image what would happen if your site was down for 3 days because you just linked in to some ad server or something completely legitimate.  The best method to protect against this is be aware. Do  not link to other untrusted sites, and make sure that your developers are not as well. Most of this stuff passes off as traffic tracking, or ad tracking. Use only respected traffic tracking providers such as Google or Yahoo. Stay away from smaller services unless they have been throughly checked out. When linking to other sites, be aware of who your linking to and know that if they provide malware, your site will be added to the list of “bad” sites because you link to them.  I will make another post about this in the near future. For now it is important to know that as older browsers are upgraded, more people will be seeing there “bad site” error messages, and the data bases of bad sites will be growing.