A record US$60,000 fine for a Canadian spammer and strengthening global laws targeting aggressive email marketing tactics should prompt agencies to revamp their email marketing campaign processes, according to Vendasta Manager of Marketing Programs, Bryce Turner.
Canada this year issued its largest-ever fine to an individual marketing agency for sending unsolicited messages. Scott William Brewer, owner of Advanced Sales Force, was fined C$75,000 (US$60,000) when he violated Canadian Anti-Spam Legislation (CASL) by sending more than 670,000 emails between 2015 and 2018.
The campaigns promoted Brewerβs online marketing and web page development services, and independent online casinos who would compensate him through affiliate marketing programs for referring new customers.
Canadaβs anti-spam watchdog acted on recipient complaints and found Brewer sent over these hundreds of thousands of emails without recipient consent and before email provider anti-spam defenses could respond and block them. It is a tactic known as hailstorm spamming.
Turner says this case study is important for marketers to note as anti-spam regulators in Canada, the United States, and Europe seek to further clamp down on unsolicited messages, consentless marketing, and poor data protection practices.
βAgencies need to ensure theyβre compliant with anti-spam legislation in the jurisdictions which their leads and customers are based. Regulators are likely going to step up fines and enforcement actions against companies engaging in misleading and spam marketing,β he says.
In the final part of The Building Blocks of Effective Email Campaign Marketing series, Turner discusses what you need to know about anti-spam laws and shares top tips to ensure your agency complies with regulations.
Table of Contents
The impact of spam on your βdeliverability rateβ
Merriam-Webster Dictionary describes the term spam as: βunsolicited [and] usually commercial messages (such as emails, text messages, or Internet postings) sent to a large number of recipients or posted in a large number of places.β
Nearly half of all emails in 2020 were spam, according to 99 firms, a company that connects small and medium businesses (SMBs) with marketing agencies.
However, Turner says no major email marketing laws globally have a hard definition of what constitutes spam. “But suffice to say that your subscribers donβt need to hear from you every hour or every day. You want to ensure the frequency of your email campaigns suits your goals without pestering your readers,” he says.
While laws donβt specifically make it illegal to bombard SMBs who have provided marketing consent – which is discussed in the next section – email service providers such as Microsoft and Google are filtering messages that appear to be repetitive, irrelevant, and unsafe for recipients.
Gmail and Outlook have categorized email inboxes into a βprimaryβΒ and βpromotionsβ or βotherβ folder (see the below example).
Where an email ends up landing is determined by the βdeliverability rate,β which is a score assigned to each sender by an email service provider. Itβs measured by factors including how often the senderβs messages are deleted and marked as spam, and βsuspiciousβ keywords used in messages such as β100% freeβ and βyou won $1 million!β.
βWhen your deliverability rate falls below a certain threshold, your emails no longer make it to a recipientβs βprimaryβ inbox. Thatβs going to have an adverse impact on your open and click-through rates because Google and Microsoft have deemed theyβre likely promotional or spam emails,β Turner says.
The conclusion here seems obvious. Just because you can send lots of emails to a large group of people who have given you permission doesnβt mean you should.Β
βThe ability of recipients to complain and mark your emails as spam, in conjunction with the increasingly sophisticated filters being developed by email service providers, will ensure your agencyβs campaigns will eventually go unnoticed if youβre doing the wrong thing,β he says.
Understand the two types of consent rules
Pointing to the Canadian study, Turner says the biggest mistake Brewer made was marketing to email recipients without obtaining their consent.
βConsent involves getting the permission of your subscribers to email them and it can be granted implicitly or explicitly. However, consent works in different ways depending on the jurisdiction,β he says.
Turner explains there are two types of marketing consent rules:
- Opt-out – You can market to a person without prior permission, however, they must be able to easily opt-out or unsubscribe from your email marketing campaigns.
- Opt-in – You can only email a person if they give you verbal or written permission to do so. For example, you ask the intended recipient over the phone if you can send them electronic marketing messages or they sign up to your email list through your website, or itβs implied they want to receive communications from your agency if they have an account with you.
While consent rules seem straightforward enough, important nuances arise depending on the jurisdiction.
Opt-out only applies in the United States, which really is the Wild Wild West when it comes to email marketing. In America, you can market to someone without permission and thatβs totally legal. However, what you need to provide is an easy way to let them opt-out of your marketing and honor unsubscribe requests within 10 business days.Β
The opt-in consent rule only legally applies for recipients in major jurisdictions outside the United States, where email marketing is regulated by The Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM) and enforced by the United States Federal Trade Commission (FTC).
In Canada and Europe, sending marketing emails without permission is a violation of the laws in those jurisdictions, so obtaining consent is mandatory.
Be aware that foreign laws can apply to you
Turner says one of the biggest email campaign marketing misconceptions among agencies is that they only have to comply with anti-spam laws of the jurisdiction in which their office address is based. This is untrue.
βIf youβre based in Boston and youβre marketing to clients and prospects in Canada, then Canadian anti-spam legislation applies to you. If youβve got clients or prospects in Germany, then European law applies to you,β he says.
βAnother thing that gets missed is that, if your clients are in California, then you have to consider the specific legislation that California has developed to protect consumers from spam on top of the CAN-SPAM Act.β
Different jurisdictions have their own anti-spam and data protection laws, and penalties vary. Primary regulations that United States agencies need to abide by include, but are not limited to, the following:
- United States – CAN-SPAM is the first United States law to establish guidelines for commercial email communication. In addition, American marketers also need to consider the California Consumer Privacy Act (CCPA) when marketing to Californians.
- Canada – CASL is a federal law introduced in 2014 that is meant to protect the inboxes of Canadians by setting strict rules around commercial electronic messages. It was enacted in response to a rise in phishing, identity theft, and malware that targeted Canadians.
- European Union – General Data Protection Regulation (GDPR) is a law that applies to all European Union (EU) member states. It was introduced in 2016 and enforced as recently as May 2018. The purpose of the GDPR is to ensure EU data is only collected with consent and used appropriately.
Depending on the jurisdiction youβre marketing to, you may also be required to provide or obtain recipient agreement with your privacy policy which requires your agency to disclose:
- The kinds of information you collect for marketing purposes
- How the information may be shared
- The process recipients can follow to review and change information you have about them
- Your policyβs effective date and a description of any changes since
Turner says if you have an online store or if youβre marketing to people online in the United States, youβre likely to have customers or potential customers in California, so you should take care to comply with CCPA.
Fines vary significantly across regions
Brewer was hit with a US$60,000 fine for his unsolicited hailstorm spam campaign, but Turner says regulators have the power to go much further under the law.
βFines can be astronomical for any single person or agency. In the United States the FTC can technically fine you up to US$43,792 for each separate email that is in violation of the CAN-SPAM Act,β he says.
βIn Europe, itβs much worse. They can actually fine you 4 percent of your prior yearβs revenue or up to US$23.5 million (20 million euros). In Canada itβs up to US$800,000 (C$1 million) for an individual.β
In the Canadian case study, the regulator found: βEvidence reviewed during the investigation demonstrated that Brewer registered and hosted the domains which were being promoted in the commercial electronic messages. Investigators also identified other indicators of non-compliance, including several mailing lists and millions of records of failed email delivery attempts. Conversely, no exculpatory evidence, such as records of consent, was found.β
βThe government has the power to investigate and conduct forensic analysis on businesses violating or allegedly violating anti-spam laws,β Turner says, adding Brewer βclearly didnβt have his βducks in orderββ as he couldn’t prove obtaining consent.
Anti-spam laws extend into email content
Another misconception is that anti-spam laws apply only to unsolicited and highly repetitive email campaigns and whatβs said in an email is irrelevant. In fact, regulations globally dictate the nature and accuracy of underlying content in your email marketing campaigns.
Hereβs a rundown of CAN-SPAMβs main requirements:
- Donβt use false or misleading header information. Your βFrom,β βTo,β βReply-To,β and routing information β including the originating domain name and email address β must be accurate and identify the person or business who initiated the message.
- Donβt use deceptive subject lines. The subject line must accurately reflect the message content.
- Identify the message as an advertisement. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
- Tell recipients where youβre located. Your message must include a valid physical postal address. This can be a current street address, registered post office box with the U.S. Postal Service, or a private registered mailbox.
- Tell recipients how to opt-out of receiving future emails from you. Your message must include a clear and conspicuous explanation of how a recipient can opt out of receiving email from you in the future.
- Honor opt-out requests promptly. Any opt-out mechanism must process opt-out requests within 30 days after receiving it. You must honor a recipientβs opt-out request within 10 business days. You canβt charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.Β
- Monitor what others do on your behalf. The law makes clear that, even if you hire another company to handle your email marketing, you canβt contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
Tips to ensure legal complianceΒ
Understanding and following all these different laws may seem overwhelming, so Turner suggests agencies should implement several straightforward steps to ensure they meet legal requirements across multiple jurisdictions.
Get consent
Even if your agency and SMB clients are based in the United States, Turner recommends you take the βopt-inβ approach because this method demonstrates a recipient is likely engaged to some degree in your business.
βIf the recipient has never interacted with you previously and receives your emails, they may be more inclined to delete it or mark it as spam which isnβt going to bode well for your email campaign marketing metrics,β Turner says.
The European standard demands βdoubleβ opt-in consent, whereby a user registers to receive a marketing newsletter and then receives a subsequent verification email where they must click on a link to confirm their agreement to subscribe to that content. Below is a verification example from social media platform provider Veroβs double opt-in process.
βMarketers might worry that this is too many steps for a user and they may not see the subscriber growth they want to because people forget or donβt click on that verification email. But in fact this step will likely lead to better quality subscribers because theyβve demonstrated theyβre interested in your agency,β Turner says.
βAnd, if you have clients in Europe, it also provides a mechanism whereby you have proof that youβve obtained a recipientβs marketing consent because they clicked on that verification email.β
Set up an autoresponder
Turner recommends setting up an auto-responder or welcome email which tells recipients exactly what they signed up for, what content they can expect to receive, and how often theyβll be sent emails.
βThis is a great way to establish trust and rapport with a subscriber and covers some of the compliance nuances within different laws. You could also let them know in that email that they can change their preferences to get emails weekly or monthly if your agency has that capability,β he says.
Test your emails and check important links
Each email marketing campaign should be reviewed and tested for the following prior to sending:
- Ensuring the unsubscribe link works, and is clearly prominent and readable
- Your business address, contact details, and website link(s) have been included
βYou never want to get an email from a recipient saying, βYour unsubscribe link is broken.β This is bad and will likely lead to spam complaints,β Turner says.
The below email from Bed Bath and Beyond hits the mark as it provides a prominent unsubscribe link and a privacy policy. Plus, it cleverly offers the option to subscribe to the companyβs mailing list in case the message is shared with a non-recipient.
If someone wants to opt-out, remove them immediately
Most email platforms will handle unsubscribes for you. That means whenever someone hits βunsubscribeβ in an email, theyβre added to your email softwareβs βsuppression listβ. People on this list wonβt receive future emails from you unless they re-subscribe.
However, when a recipient phones, tells or emails you directly that they no longer want to receive marketing emails, Turner says youβll manually need to add them to your suppression list and you should do it immediately.
βDifferent jurisdictions give you different deadlines to remove customers from your marketing list. But the bottom line is: donβt delay. Just do it as quickly as you can,β Turner says.
Practice good mailing list hygiene
Agencies shouldn’t just react to unsubscribe requests. Turner recommends they should proactively seek to regularly remove clients who are unengaged or are βbouncingβ (not receiving messages for reasons such as a full inbox or an invalid email address) from their mailing list.
βThis actually comes back to deliverability rates and maintaining healthy marketing metrics. If you remove unengaged and invalid subscribers, your open rates and click-through rates are going to improve. Thatβs actually a positive for your deliverability rate and improves your chances of staying in their βprimaryβ inbox,β Turner says.
Quality content is king
The last line of defence, and the strategy most conducive to helping your agencyβs email campaign marketing strategy succeed, is to ensure youβre sending your subscribers high quality and relevant messages at appropriate intervals..
This means understanding and segmenting your audience, which was discussed in our previous blog.
βAt the end of the day, when an SMB gives you their email address, they want you to be respectful with it. The best way to engage and hopefully convert them will be to send quality content and in a frequency that doesnβt make them want to mark it as spam,β Turner says.
In conclusionΒ
Spam continues to be a major global concern. Itβs likely regulators will step up enforcement action on unsolicited and misleading messages, while email service providers will make it harder for ungenuine messages to reach recipients.
βPenalties are going to get harsher and regulators will be monitoring more companies to ensure they follow all the right steps in terms of obtaining consent and sending appropriate commercial emails,β Turner says.
βFor agencies, this is a critical area where you need to ensure all your bases are covered and consider getting expert advice, depending on how sophisticated and trans-jurisdictional your email campaign marketing strategy is.β
Here is a recap of best practices:
- Obtain consent from your SMB leads and clients before marketing to them
- Send subscribers an autoresponder and let them know what content they can expect to receive
- Send quality content and determine appropriate intervals, practice good list hygiene, and be sure your unsubscribe link works and your agencyβs contact details appear in each email
- Remember that just because you can send a high volume of emails doesnβt mean you should. Even if your marketing is legitimate, it can affect deliverability rates and adversely impact open and click-through rates
- Violations of anti-spam laws can result in tens of thousands of dollars in fines and cause significant disruption to your business and reputation
This blog concludes our The Building Blocks of Effective Email Campaign Marketing series. We hope that the content from this series provides your agencyβs email marketing strategy a solid foundation.
