JUNKBUSTERS Guidelines for Email List Policy


DRAFT ONLY FOR DISCUSSION


[Feedback]  Background

Many companies want to use bulk email without being branded as spammers. This document aims to develop guidelines that have wide approval in the Internet community as responsible use of this medium. It is intended to cover a very broad range, from discussion lists to promotional email that the recipients are paid to read. We are not in the business of monitoring compliance or enforcing adherence. Please note this is only a draft ; we want comments from everyone on how to expand, amend and improvement it.

See also

  1. the MAPS Basic Mailing List Management Principles for Preventing Abuse, a long-standing and well-recognized standard,
  2. a best practices white paper from Whitehat.com,
  3. the book Email Marketing by Jim Sterne and Anthony Priore,
  4. an RFC titled How to Advertise Responsibly Using E-Mail and Newsgroups, by E. Gavin, D. Eastlake 3rd, and S. Hambridge, and
  5. and academic paper on email marketing.

[Feedback]  Acknowledgments

We are grateful for the help of the following people while developing this document.

  1. Dave Rand (dlr@maps.vix.com)
  2. James Lick (jlick@drivel.com)
  3. Doktor DynaSoar (unit4@sputum.com)
This acknowledgment doesn't mean that these people agree with everything here.

--- Back to Top of Page ---


Preamble for traditional marketers


This section is intended for marketers who come to the Internet from the "envelope world" and may be surprised by the enormous differences online. (Others can skip down to the guidelines). The most obvious difference is that millions of people are actively going out, looking for, and asking for information about products and services, and many want to be put on email marketing lists. The flip side of this is that those people don't want to be put on any lists that they don't ask for. The fundamental paradigm is ``opt-in'' (vs the ``opt-out'' of the envelope world).

[Feedback]  Guest contribution by Rosalind Resnick


  1. Marketers seeking to build email house files (customer lists) through their Web site or via product registration cards should notify consumers that their personal data is being collected and let them opt out of any future mailings. Marketers should not rent or exchange their email house files with other marketers unless their customers have specifically requested that their data be used in this manner.
  2. When using email for prospecting purposes, marketers should mail to opt-in email lists only.

    An opt-in list is a list that allows consumers to visit a Web site and request information from a specific marketer or about a particular type of product or service. All opt-in lists should meet the three guidelines set forth by the Federal Trade Commission at the agency's consumer online privacy hearings in June 1997. The first is notice - that is, full disclosure of what data is being collected and how it will be used. Sites that build opt-in lists typically feature a signup page that tells visitors that the information that they provide will be used to send them offers about products and services of interest. The second is choice - the ability to check a box on a Web page and sign up to receive commercial messages about topics of interest and to get off the list at any time. An opt-in list should also contain a header at the top of the message identifying the source of the list and providing the list members with instructions on how to remove themselves from the list and stop receiving mail. The third is access - the ability to return to the list owner's or manager's Web site to check, modify or delete the data collected.

  3. Marketers should avoid renting email lists that fail to give consumers adequate notice, choice and access.

    These lists include harvested lists, "mystery lists," and opt-out lists.

    1. Harvested Lists - Some list owners use Web crawling software to compile targeted lists of people who post notes to specialized newsgroups (Internet discussion groups) and send them offers for products and services that appear to match their interests. For example, people who frequent a newsgroup about alternative health care may receive an offer about a new type of vitamin. While lists like these may be a cut above mass email blitzes (commonly known as "spam"), they are inappropriate just the same.
    2. Mystery Lists - Some list owners, fearful that their customers or Web site visitors might not like the idea of their names being rented, ask their list managers to omit a header identifying the source of the list and allowing recipients to opt out. Lists like these not only confuse the consumers who are on the list but also generate ill-will toward the marketers who rent them.
    3. Opt-out Lists - Unlike opt-in lists that allow consumers to check a box on a Web page to request information about products and services of interest, opt-out lists take short cuts to recruit members. Some Web site owners pre-check the boxes on their signup forms to increase the size of their lists. Other owners hide their opt-out disclosures in the fine print of their terms of service agreements. Neither of these practices is acceptable.
  4. Marketers should avoid participating in cooperative email databases unless their customers have specifically authorized them to share data in this manner. In the postal world, co-op databases allow marketers such as catalog companies to pool their lists of recent buyers, then mail to participating companies' customer lists in the hope of winning them as customers of their own. Co-op databases typically enrich their data by overlaying and appending it with data from other sources, such as credit reporting agencies. Because consumer privacy is paramount on the Internet, marketers who seek to build or participate in databases like these should first disclose their intentions to the customers who purchase through their Web sites, then ask their customers' permission to include their purchase history, email addresses and other personally identifiable information in such a database. Marketers who seek to append or overlay information on their customers' records should secure their customers' approval for this action as well. Like opt-in lists, co-op databases should give consumers the ability to verify their records in the database and to opt out at any time.

--- Back to Top of Page ---


The guidelines


[Feedback]  Do not send unsolicited bulk email

This means: don't send email to many people who haven't asked you to.

  1. Not even if it's targeted.
  2. Not even if it contains a very valuable offer.
  3. Not even if most of the addressees will surely be interested.
  4. Not even if it contains important information for the public and is not a solicitation.
  5. Not even once.

[Feedback]  Be sure the addressees have asked for the email

Bulk solicited email is fine, provided each addressee gets only what they understood they were asking for .

Do not assume that merely because you have an existing business relationship with the person that they are willing to receive email from you. [Dissenting opinion from RR: a business should be able to contact its own customer list provided that these customers are given an opportunity to opt out with every mailing.] They must have volunteered their email address with a clear understanding of the extent to which they permit you to use it. You must go no further than the explicitly agreed use. For example, if the email address was given while ordering an item, you should use it only to confirm the order or to handle problems concerning it, not for subsequent promotions. If the primary apparent purpose of gathering the email is for some other purpose, such as entry into a sweepstakes or being alerted about some event such as the availability of a new product, the statement that a subscription is entailed should be so clear and prominent that no reasonable person would be surprised to find themselves subscribed. If checkboxes are used to indicate whether an email subscription is desired, the default should be no subscription.

[Feedback]  State prominently your policy of keeping addresses confidential

State prominently that email addresses will be used by your organization only (never ``shared,'' sold or rented). In the privacy policy on your web site, state that no disclosure of these email addresses will be made without the prior consent of the subscriber, except in the following cases.

  1. By due process of law.
  2. The task of management and/or delivery of the list may be outsourced to another organization, provided this is done under an agreement specifying the same policy.
  3. If the subscriber places an order with the list owner, the list owner may supply the address to a separate organization for use in fulfillment of that order only, under an agreement specifying the same policy.
Even within a single company, don't send people who have signed up for email from a certain domain name any email from a different company's domain name unless the addressee was expecting that they would get mail from both. It's OK (though perhaps confusing to both humans and filtering systems) to send email from different subdomains within the company's domain name, provided this is not stepping beyond the consent granted above, and provided the source of the list is identified in the message header. Example: Jim subscribes to a list produced by company XYZ about their product widget1. Company ABC, which makes a similar product called widget2, acquires XYZ. Jim should not be emailed pitches for widget2 (or even info on widget1) from domain ABC.com; he might construe this as spam. Of course info about widget2 could be included in mailings from XYZ.com or ABC.XYZ.com. [Question: what if domain XYZ.com is to be abandoned? Is it OK to transfer the list to ABC.com with notice but without an affirmative sign-up?]

[Feedback]  Make the first message an acknowledgment

The first email message should be an acknowledgment restating what the user subscribed to. (Of course it may be phrased as something like ``Thank you for requesting email delivery of our newsletter...'')

It's a good idea to restate the scope and frequency of the lists. (``At the beginning of each week you'll receive our picks of the top new products in digital photography...'')

To help the subscribers distinguish cases where they forgot they enrolled from cases where they really didn't (a ``friend'' forgot to tell them, or someone was trying to annoy them) we recommend that the acknowledgment include as much information as possible to document how the subscription was received. If via email, include the full text of the email, with full headers. If via a web page, include its URL, the time (and time zone) and date of the subscription, and the IP address of the client subscribing, and (if available) the hostname associated with that IP address. All this information would be placed at the bottom of the confirmation message.

Be prepared for people putting fake email addresses instead of their own. These may or may not exist: both of these cases cause problems. Many sites require a ``handshake'' or ``double opt-in,'' the name is not added to the list until where affirmatively reply to the acknowledgment message is received. Majordomo accomplishes this by responding to a subscribe request with a code that must be send back before the subscribe takes effect. Some web sites send a confirmation message directing the subscriber to a URL to click to activate the subscription. Either of these methods ensures that at most one mail is sent to someone who doesn't want it. There is a little extra work for the user, but this is highly recommended high volume commercial lists.

[Feedback]  Keep adequate records of each registration

You must be able to determine how a user registered, even years afterward. Some users forget, and the best way to handle complaints such as "I never signed up for this" is to reply with the details of the original registration. Occasionally this may turn out to be a typographical error from someone else, but often the response is "Oh yeah. Sorry." At a minimum, the time, date, and IP address should be kept, as long as they are participating in the database.

[Feedback]  State the origin of the message up front

Include at the beginning of the email a short (just one or two lines if possible) explanation of why they are receiving the message. Many people get a lot of mail and won't immediately recall why they are getting this piece. Consider that your addressee may be getting other mail from your organization: avoid confusion by providing clear and consistent labels.

Some jurisdictions (e.g. Washington State) have requirements for labels in headers, such as in the Subject header and even the routing information in the headers. It is important to conform to all such laws, because it may be difficult to determine the jurisdiction of a given email address. If the list is truly opt-in, there may be no labeling requirement. Do not ``munge'' headers. [Can someone please expand, amplify and improve this paragraph?]

[Feedback]  Always include clear instructions on how to unsubscribe

You must make it easy for people to say 'stop'. Make sure the process works. Make sure removals take effect promptly, within minutes or hours, not days. The phrases "opt-out" and "remove list" should be avoided, because of their association with spammers. The preferred phrases are "subscribing" and "unsubscribing" to the mailing list. "Opt-in" is an acceptable synonym for subscribing.

[Feedback]  Keep a human available to deal with problems

A human should monitor and respond promptly to email inquiries. At a minimum, the account nominated as the technical contact in the Internic records for the domain (typically "webmaster") and the account "abuse" should be monitored. An autoresponder reply including answers to FAQs may be used, but this should not be assumed to have resolved the problem. A human should examine each item, determine the action to be taken (if any), and reply stating this determination. The timeframe for a response should typically be within one business day. The human should be equipped with tools to quickly suspend and remove addresses, to track down cases of abuse such as subscription by a third party, and to provide details of how the enquiring address was originally added to the list. The human should be familiar with typical problems, such as people asking to be removed using a different addresses from the one they are listed under, with no name to match. To this end, common procedures should be documented to help new staff.

[Feedback]  Maintain adequate security of your lists

Protect the email addresses from misuse. An all-too-common mistake is to misconfigure list server software so that anyone on a list that should have been proprietary can send email to everybody.

[Feedback]  To be continued

This document still needs further detail, plus rewriting to distinguish essential requirements from optional suggestions.

--- Back to Top of Page ---

Home · · Site Map · Legal · Privacy · Cookies · Banner Ads · Telemarketing · Mail · Spam · Opt Out
  ·  Surf The Web Faster Without Ads, Free!

Copyright © 1996-2005 Guidescope Inc ®. Copying and distribution permitted under the GNU General Public License. 2005/01/15 http://www.junkbusters.com/emailing.html