Mandating Permission Won’t Solve Spam

Engage in a conversation about the plague called spam and it won’t take long until words such as “permission,” “opt-in,” “double opt-in,” and “opt-out” are bandied about. If a customer buys something from a Web site, it is generally accepted he will receive a purchase receipt by email even if he didn’t explicitly opt in. A recent court decision in New York, involving MonsterHut, held that telling someone she must uncheck a prechecked box to avoid receiving future messages does not meet the legal requirement for permission. If a customer has bought something in a store and the store decides it would like to use email, rather than printed mail to communicate with the customer, can it contact the customer (by email) asking permission to deliver future messages that way? Defining permission is complicated.

It used to be marketers could simply ask forgiveness if they annoyed people with a call during dinner or unwanted mail. Not any more. Now it not only is considered good form but is increasingly becoming a legal requirement to ask permission before contacting consumers. And, as the old saying goes, it’s a lot harder to ask permission than forgiveness.

Gaining consent from customers or prospects has become a central tenet of all modern direct marketing and customer communications and is at the heart of the legitimate email marketing versus spam debate. Yet defining consent can be a really tricky business. Even if we could come up with a good, generally accepted working definition, it wouldn’t solve the spam problem.

Permission: agreement to allow something to happen or be done.

That’s the Encarta World English Dictionary definition. I give you permission to do something, you do it, and we’re all set.

Not quite! If I remember exactly what I gave you permission to do and you were very clear about what was going to “happen or be done,” we’re probably OK. But how often does that happen? When I give a company permission to market to me, chances are the company does not record and remember all the details of how that permission was granted. And if, several months later, I even remember I did give the company permission, I probably won’t remember the details either.

So if at some point I were to claim the company abused or did not even have permission, then it is my word against the company’s incomplete database record. It is not uncommon for a company that has asked permission and adhered to existing best practices for collecting personal information to have databases with thousands, even millions, of email addresses. Unfortunately, the company often has no record of how, when, and where each individual ended up in the database.

Don’t get me wrong. Asking permission before contacting someone is just plain common sense and something all legitimate marketers must do. The strategic importance of building relationships with customers has become essential to the modern corporation, and you can’t have a relationship if you don’t ask permission first. Most of us learned that when we started dating. Giving individuals control of what information they receive and from whom is, if nothing else, just plain good manners (and it makes business sense, too). Yet, there are two problems associated with much of the debate and many of the legal attempts at defining permission.

The first problem is with companies’ existing database records. They contain information on millions of customers and prospects, but the records don’t have a clear, auditable record of the kind of permission that has been granted. Furthermore, as these companies engage with individuals in the future, what is going to constitute good-enough proof they, in fact, have received permission?

Given the private right of action and high penalties baked into many of the proposed state anti-spam laws, it will become a tremendous liability for marketers if they cannot prove in a court of law the recipients gave them permission to send those emails. What constitutes the burden of proof and what represents “good enough” permission is still an area wide open to debate and surely future court deliberations.

The second problem is the greater one: the belief that defining permission will solve the spam problem. This is a red herring because spam breaks all the rules. Although making it a legal requirement to ask permission will certainly make legitimate marketers more polite (they’ll be asking permission instead of forgiveness), it won’t solve the spam problem.

Why? Spammers are deceptive. They use false identities and misleading subject lines that they constantly change to trick the technology filters and detection systems. They collect email addresses by “stealing” them from Web sites and by guessing common names, sending emails to those names, and seeing if they get a bounce to verify whether the email address is active. If it becomes illegal to operate in one state, they will move to another. And if federal legislation is enacted, they will move overseas. Focusing on consent is not going to stop these people from sending billions of junk messages every day because they never have, nor will they ever, ask for permission, nor even forgiveness, as they blanket us with annoying, offensive, and deceptive junk.

Only one thing will solve the spam problem: hold those who send high-volume email accountable for what they send. Accountability is the key to eradicating spam. Imagine if it were impossible to get high-volume email delivered without letting the world know who you are. Imagine if it were very difficult or expensive to continually morph your identity. If the mail gateways knew who was sending high-volume email, it would become virtually impossible for the spammers to send their unwanted junk unless they adhered to best practices.

Until the email infrastructure supports accountability, spam will continue to exist and thrive. Agreeing on standards for permission will make legitimate marketers more polite, but it won’t solve the spam problem.

Related reading

Overhead view of a row of four business people interviewing a young male applicant.