Political Candidates, Known Spammers, and CAN-SPAM, Part 1

What would you do if you learned your email was sent from an IP address listed by Spamhaus as “being assigned to, under the control of, or providing service to a known professional spam operation”? How about if you found out the server it was sent from was blacklisted on a regular basis? Or that someone who bore no resemblance to the “target audience” in your third-party list rental agreement received your email? And what if you suspected at least some of the email addresses on the list were harvested, which is listed as an “aggregated violation” under the CAN-SPAM Act of 2003?

Think it can’t happen to you? You would be surprised. This is exactly what happened — all at one time — to a political organization that sent a just-before-the-election email missive in support of its candidates. In this column, I’ll present the case study and discuss a loophole in CAN-SPAM you might want to weigh in on as a commercial email marketer.

In two weeks, I’ll cover the business issues of the case. They go beyond the “spam tarnishes your image” arguments into real-world questions about whether these campaign got what they paid for. I’ll also provide tips for protecting your commercial, political, or nonprofit organization against similar situations.

The Case Study

People I spoke with at the political campaign told me they contracted with a political consultancy to procure the email addresses and handle the send. Their target audience consisted of those who met all the follow criteria:

  • They were registered voters affiliated with their political party.

  • They live in their voting district.
  • They voted in one or both of the most recent primaries in their district.

The organization developed an email and sent it to the addresses on the list.

I was one of the people who received it. Just to be clear:

  • I’m a registered voter, but I’m not affiliated with their political party.

  • I don’t live in their voting district, which is over 500 miles from my home, nor have I ever lived there.
  • I didn’t vote in either of these primaries in their voting district (obviously).

The email came to an address I never use to opt in; the only place it’s appeared is within my ClickZ columns as a feedback device, before ClickZ migrated to email forms a few years back. Apparently, the email address was harvested off ClickZ’s Web site and added to this list, without permission and, seemingly, without the demographic information that was supposed to be used to segment the list.

I was intrigued, so I dug further. When I typed the IP address of the server the email was sent from into SpamCop, I learned the server was currently blacklisted and would continue to be for another 23 hours. To date, it’s been blacklisted for a total of 19.3 days. I later learned from SenderBase the server had sent its first email barely a month before, so it’s been blacklisted for two-thirds of its short life.

SpamCop also told me why it had blacklisted the server:

  • The system has sent mail to SpamCop spam traps in the past week.

  • SpamCop users reported system as a source of spam about 40 times in the past week.

Spam traps are email addresses placed on the Web as bait. If they receive email, it’s because they’ve been harvested. That confirmed how they probably obtained my email address.

When I checked out the IP address at Spamhaus, I learned it was listed on the Register of Known Spam Operations (ROKSO) and was “assigned to, under the control of, or providing services to a known professional spam operation.”

The ROKSO profile provided a U.S. postal address for the spam organization, although this particular server was listed as being in Hanoi, Vietnam. The profile said it had been kicked off of numerous Web-hosting services in the States and a number of other countries — and that’s just from July to October 2005. It also said the company had been known to work with other companies and individuals listed on the ROKSO in the past, including the former “Spam King” Scott Richter.

Despite all this, the email itself seemed legitimate and sincere. It included the following assurances:

  • We support responsible and ethical email marketing practices.

  • We encourage and support best practices in responsible email marketing.

In addition, it had an unsubscribe link and the U.S. postal address of the campaign that sent it. I decided to contact the campaign and ask about the send.

To the campaign’s credit, people were very forthcoming and willing to speak with me. They seemed honestly surprised by what I was telling them about their email. They asked for more information on what I’d learned, and I provided it. They gave me information on the send and contact information for the consultancy they’d worked with (which refused to speak with me on the record). One of the candidates even got involved, sending an email with the following:

Thank you for giving us information on the company we used for this email campaign…. You can be sure that I will be asking some questions of the company…. It is not my desire to use, nor will I tolerate, a company that violates the law.

Here’s the rub: bad as this all sounds to anyone doing legitimate email marketing, this campaign didn’t violate the letter of the law.

Political campaigns are exempt from CAN-SPAM regulations. But did Congress intend to give them permission to harvest email addresses and knowingly send to lists built via harvesting, both of which are “aggregated violations” under CAN-SPAM?

I asked Trevor Hughes, executive director of the Email Sender & Provider Coalition and an attorney specializing in spam issues. He confirmed the harvesting section of the CAN-SPAM act was directed specifically at commercial emails and added, “There are strong protections on political speech, which extend to use of email. This doesn’t seem like an FTC issue, as they only regulate commercial email. It’s more a question of political speech.”

What do you think? Should political campaigns be prohibited from harvesting and using harvested email addresses? How about other “aggravated violations,” such as dictionary attacks (define)? Or should political parties, elected officials, and candidates adhere to the same CAN-SPAM guidelines commercial emailers are obliged to? Write to your congressional representatives and please share your thoughts with us, too.

Until next time,

Jeanne

Want more email marketing information? ClickZ E-Mail Reference is an archive of all our email columns, organized by topic.

Related reading

/IMG/853/275853/gmail-logo-2013-320x198
/IMG/550/200550/google-gmail-logo-320x198
email3-1
Gmail-Logo
<