Can You Afford to Send Spam?

Empty pocketsKeeping email inboxes free of spam is one of the biggest responsibilities the email administrator of a small to medium sized organization is tasked with. Fortunately, most managers and executives understand this and budget for the tools and training necessary to help stop spam and other malicious emails from causing damage throughout the organization.

However while many email admins are focused on stopping the incoming spam threat, too many are neglecting to stop their organization from sending spam messages.

In the past, we have seen headlines that told of the New York Times accidentally spamming 9 million readers, or Tiger Airways being fined $110,000 for spamming its customers. In 2012, Papa John’s was hit with a $250 million class action lawsuit for spam text messages and now even small to medium sized enterprises are being hit financially because they have sent marketing emails that are considered spam.

Cellarmaster Wines of Australia sent 3000 promotional emails without unsubscribe details and as a result they are being fined $110,000.

“This is simply a case where a business has failed to take sufficient care in managing its Spam Act responsibilities,” said Chris Chapman, Chairman of the Australian Communications and Media Authority.

Stopping Spam Before It Is Sent

In a case like this, who should be the one to blame?

Someone in marketing likely wrote the email and is to blame for failing to:

  • Understand the laws and regulations
  • Place necessary components (the unsubscribe information) in the email
  • Have a system for checking all marketing communications before they are sent

But could the email administrator be to blame as well? Some would clearly say yes.

As the person in charge of all email communications entering and leaving the organization he or she should have had the controls in place to check for the unsubscribe information and they should have had some type of process and training in place that showed their co-workers how emails need to be crafted.

Most organizations will have something in place that scans outgoing email for anything inappropriate or for confidential information. After all, they don’t want the public embarrassment that goes along with employees sending naughty messages or divulging private data. These embarrassing moments warrant technical controls however the embarrassment of being labeled a spammer seems to escape them; probably because they don’t truly understand how spam is detected and they don’t considered themselves to be spammers.

A Look at a Spam Email

To better understand this, lets take a look at an email campaign similar to the one that caused so much trouble for Cellmaster Wines.

Alice works in marketing for XYZ Company and she buys a list of 5000 email addresses that meets the demographic of their target customer. She writes up an email that announces a sale on all products on XYZ’s website along with a link to their online store. Her manager Bob looks over the email and everything looks to be in order. Alice even included an unsubscribe link unlike Cellmaster. The upload the mail list and send out their email campaign. All they have to do is sit back and wait for the success to start rolling in.

Carlos, the email administrator is alerted to the fact that their domain has been flagged as being a source of spam. His boss Dana calls him into her office and tells him that their company is being fined because they sent out spam.

Looking back at this scenario we can see quite a few problems. First of all, the list was bought, not collected by XYZ Company. Recipients of their emails probably reported these messages as spam and enough ISPs took notice to this. Secondly, a large number of emails were sent out at once which is enough to trigger just about any technical control to identify these emails as spam. And the fact that they included an unsubscribe link, doesn’t that clear them of any wrongdoing? Nope. Spammers add these as well to make their emails look legitimate.

While Alice and Bob should have learned the best practices for email marketing, Carlos too could have stopped this from happening by using a mail filtering solution that would have made it easy for him to a) throttle how many emails are sent out at once and b) identify emails, based on content, that may look like spam. If he had seen a mass email campaign he might have been able to talk to the marketing department about where they originally collected all of the addresses and discussed email strategies with them to prevent this from happening.

Written by Jeff Orloff

5 Comments

  1. Basti · May 30, 2013

    It reminded me of a ruling before. I don’t know if it was with Apple. Anyway, the spammer was charged with a very huge fine, but in the end, all the parties are aware the spammer can’t afford to pay the money anyway. I don’t know what happened next. It just goes to show all these fines are useless when we don’t really enforce it. Whether they can afford it or not, I don’t care. It just needs to be stopped.

  2. Nikki Ann · June 2, 2013

    Despite the fact that quite a number of companies are aware of spam and what it can do, there are still a lot of things that need to be understood and discussed. This post proves that it is really essential to understand how spam works in order to learn how to control or prevent it. In the example given, an unsubscribe link was indicated in the emails sent with the thought that it would make them legitimate. Before reading this post, I thought the same, too. It turns out that there is more to spamming than what we already know.

  3. John · June 2, 2013

    Well, it’s a good thing spammers are penalized. I know that not all of them, especially marketers spam deliberately, but then again, being asked to pay for it is necessary so everyone will be more conscious when it comes to mail. However, I have to recognize that it may affect individuals who are victims of hacking and do outbound spam.

  4. Lance · August 31, 2013

    Thanks for the article. This actually points out one of the growing trends in spamming, and so far, there have been rulings about this one. A great example is Papa John’s, which faced a class-action lawsuit worth $250 million. It wasn’t really through e-mail but text, but still a spam is a spam. The company, however, was allowed to pay only $16 million. I really don’t think they can afford what their complainants were asking for anyway.

  5. Dino · March 3, 2014

    @Nikki Ann: Yes, there is a lot of proof that the need for regular employee training on email security is a necessity. And it is important that this is done by schedule. You see, spammers regularly update their tactics. They can come up with an idea one moment and then decide to come up with a new one the next time. It is not easy to predict what they plan to do next because they keep updating their techniques. In order to stay “in the game”, we need to keep up with them by constantly studying, observing, and coming up with better ways to “catch” them.

Leave A Reply