An Agency’s $60,000 Email Marketing Campaign Mistake and How It Could Have Been Avoided
A record US$60,000 fine for a Canadian spammer and strengthening global laws targeting aggressive email marketing tactics should prompt agencies to revamp their email marketing campaign processes, according to Vendasta Manager of Marketing Programs, Bryce Turner.
Canada this year issued its largest-ever fine to an individual marketing agency for sending unsolicited messages. Scott William Brewer, owner of Advanced Sales Force, was fined C$75,000 (US$60,000) when he violated Canadian Anti-Spam Legislation (CASL) by sending more than 670,000 emails between 2015 and 2018.
The campaigns promoted Brewer’s online marketing and web page development services, and independent online casinos who would compensate him through affiliate marketing programs for referring new customers.
Canada’s anti-spam watchdog acted on recipient complaints and found Brewer sent over these hundreds of thousands of emails without recipient consent and before email provider anti-spam defenses could respond and block them. It is a tactic known as hailstorm spamming.
Turner says this case study is important for marketers to note as anti-spam regulators in Canada, the United States, and Europe seek to further clamp down on unsolicited messages, consentless marketing, and poor data protection practices.
“Agencies need to ensure they’re compliant with anti-spam legislation in the jurisdictions which their leads and customers are based. Regulators are likely going to step up fines and enforcement actions against companies engaging in misleading and spam marketing,” he says.
In the final part of The Building Blocks of Effective Email Campaign Marketing series, Turner discusses what you need to know about anti-spam laws and shares top tips to ensure your agency complies with regulations.
The impact of spam on your ‘deliverability rate’
Merriam-Webster Dictionary describes the term spam as: “unsolicited [and] usually commercial messages (such as emails, text messages, or Internet postings) sent to a large number of recipients or posted in a large number of places.”
Nearly half of all emails in 2020 were spam, according to 99 firms, a company that connects small and medium businesses (SMBs) with marketing agencies.
However, Turner says no major email marketing laws globally have a hard definition of what constitutes spam. "But suffice to say that your subscribers don’t need to hear from you every hour or every day. You want to ensure the frequency of your email campaigns suits your goals without pestering your readers," he says.
While laws don’t specifically make it illegal to bombard SMBs who have provided marketing consent - which is discussed in the next section - email service providers such as Microsoft and Google are filtering messages that appear to be repetitive, irrelevant, and unsafe for recipients.
Gmail and Outlook have categorized email inboxes into a ‘primary’ and ‘promotions’ or ‘other’ folder (see the below example).
Where an email ends up landing is determined by the “deliverability rate,” which is a score assigned to each sender by an email service provider. It’s measured by factors including how often the sender’s messages are deleted and marked as spam, and “suspicious” keywords used in messages such as “100% free” and “you won $1 million!”.
“When your deliverability rate falls below a certain threshold, your emails no longer make it to a recipient’s ‘primary’ inbox. That’s going to have an adverse impact on your open and click-through rates because Google and Microsoft have deemed they’re likely promotional or spam emails,” Turner says.
The conclusion here seems obvious. Just because you can send lots of emails to a large group of people who have given you permission doesn’t mean you should.
“The ability of recipients to complain and mark your emails as spam, in conjunction with the increasingly sophisticated filters being developed by email service providers, will ensure your agency’s campaigns will eventually go unnoticed if you’re doing the wrong thing,” he says.
Understand the two types of consent rules
Pointing to the Canadian study, Turner says the biggest mistake Brewer made was marketing to email recipients without obtaining their consent.
“Consent involves getting the permission of your subscribers to email them and it can be granted implicitly or explicitly. However, consent works in different ways depending on the jurisdiction,” he says.
Turner explains there are two types of marketing consent rules:
- Opt-out - You can market to a person without prior permission, however, they must be able to easily opt-out or unsubscribe from your email marketing campaigns.
- Opt-in - You can only email a person if they give you verbal or written permission to do so. For example, you ask the intended recipient over the phone if you can send them electronic marketing messages or they sign up to your email list through your website, or it’s implied they want to receive communications from your agency if they have an account with you.
While consent rules seem straightforward enough, important nuances arise depending on the jurisdiction.
Opt-out only applies in the United States, which really is the Wild Wild West when it comes to email marketing. In America, you can market to someone without permission and that’s totally legal. However, what you need to provide is an easy way to let them opt-out of your marketing and honor unsubscribe requests within 10 business days.
The opt-in consent rule only legally applies for recipients in major jurisdictions outside the United States, where email marketing is regulated by The Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM) and enforced by the United States Federal Trade Commission (FTC).
In Canada and Europe, sending marketing emails without permission is a violation of the laws in those jurisdictions, so obtaining consent is mandatory.
Be aware that foreign laws can apply to you
Turner says one of the biggest email campaign marketing misconceptions among agencies is that they only have to comply with anti-spam laws of the jurisdiction in which their office address is based. This is untrue.
“If you’re based in Boston and you’re marketing to clients and prospects in Canada, then Canadian anti-spam legislation applies to you. If you’ve got clients or prospects in Germany, then European law applies to you,” he says.
“Another thing that gets missed is that, if your clients are in California, then you have to consider the specific legislation that California has developed to protect consumers from spam on top of the CAN-SPAM Act.”
Different jurisdictions have their own anti-spam and data protection laws, and penalties vary. Primary regulations that United States agencies need to abide by include, but are not limited to, the following:
- United States - CAN-SPAM is the first United States law to establish guidelines for commercial email communication. In addition, American marketers also need to consider the California Consumer Privacy Act (CCPA) when marketing to Californians.
- Canada - CASL is a federal law introduced in 2014 that is meant to protect the inboxes of Canadians by setting strict rules around commercial electronic messages. It was enacted in response to a rise in phishing, identity theft, and malware that targeted Canadians.
- European Union - General Data Protection Regulation (GDPR) is a law that applies to all European Union (EU) member states. It was introduced in 2016 and enforced as recently as May 2018. The purpose of the GDPR is to ensure EU data is only collected with consent and used appropriately.
Depending on the jurisdiction you’re marketing to, you may also be required to provide or obtain recipient agreement with your privacy policy which requires your agency to disclose:
- The kinds of information you collect for marketing purposes
- How the information may be shared
- The process recipients can follow to review and change information you have about them
- Your policy’s effective date and a description of any changes since
Turner says if you have an online store or if you’re marketing to people online in the United States, you’re likely to have customers or potential customers in California, so you should take care to comply with CCPA.
Fines vary significantly across regions
Brewer was hit with a US$60,000 fine for his unsolicited hailstorm spam campaign, but Turner says regulators have the power to go much further under the law.
“Fines can be astronomical for any single person or agency. In the United States the FTC can technically fine you up to US$43,792 for each separate email that is in violation of the CAN-SPAM Act,” he says.
“In Europe, it’s much worse. They can actually fine you 4 percent of your prior year’s revenue or up to US$23.5 million (20 million euros). In Canada it’s up to US$800,000 (C$1 million) for an individual.”
In the Canadian case study, the regulator found: “Evidence reviewed during the investigation demonstrated that Brewer registered and hosted the domains which were being promoted in the commercial electronic messages. Investigators also identified other indicators of non-compliance, including several mailing lists and millions of records of failed email delivery attempts. Conversely, no exculpatory evidence, such as records of consent, was found.”
“The government has the power to investigate and conduct forensic analysis on businesses violating or allegedly violating anti-spam laws,” Turner says, adding Brewer “clearly didn’t have his ‘ducks in order’” as he couldn't prove obtaining consent.
Anti-spam laws extend into email content
Another misconception is that anti-spam laws apply only to unsolicited and highly repetitive email campaigns and what’s said in an email is irrelevant. In fact, regulations globally dictate the nature and accuracy of underlying content in your email marketing campaigns.
Here’s a rundown of CAN-SPAM’s main requirements:
- Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
- Don’t use deceptive subject lines. The subject line must accurately reflect the message content.
- Identify the message as an advertisement. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
- Tell recipients where you’re located. Your message must include a valid physical postal address. This can be a current street address, registered post office box with the U.S. Postal Service, or a private registered mailbox.
- Tell recipients how to opt-out of receiving future emails from you. Your message must include a clear and conspicuous explanation of how a recipient can opt out of receiving email from you in the future.
- Honor opt-out requests promptly. Any opt-out mechanism must process opt-out requests within 30 days after receiving it. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.
- Monitor what others do on your behalf. The law makes clear that, even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
Tips to ensure legal compliance
Understanding and following all these different laws may seem overwhelming, so Turner suggests agencies should implement several straightforward steps to ensure they meet legal requirements across multiple jurisdictions.
Get consent
Even if your agency and SMB clients are based in the United States, Turner recommends you take the ‘opt-in’ approach because this method demonstrates a recipient is likely engaged to some degree in your business.
“If the recipient has never interacted with you previously and receives your emails, they may be more inclined to delete it or mark it as spam which isn’t going to bode well for your email campaign marketing metrics,” Turner says.
The European standard demands “double” opt-in consent, whereby a user registers to receive a marketing newsletter and then receives a subsequent verification email where they must click on a link to confirm their agreement to subscribe to that content. Below is a verification example from social media platform provider Vero’s double opt-in process.
“Marketers might worry that this is too many steps for a user and they may not see the subscriber growth they want to because people forget or don’t click on that verification email. But in fact this step will likely lead to better quality subscribers because they’ve demonstrated they’re interested in your agency,” Turner says.
“And, if you have clients in Europe, it also provides a mechanism whereby you have proof that you’ve obtained a recipient’s marketing consent because they clicked on that verification email.”
Set up an autoresponder
Turner recommends setting up an auto-responder or welcome email which tells recipients exactly what they signed up for, what content they can expect to receive, and how often they’ll be sent emails.
“This is a great way to establish trust and rapport with a subscriber and covers some of the compliance nuances within different laws. You could also let them know in that email that they can change their preferences to get emails weekly or monthly if your agency has that capability,” he says.
Test your emails and check important links
Each email marketing campaign should be reviewed and tested for the following prior to sending:
- Ensuring the unsubscribe link works, and is clearly prominent and readable
- Your business address, contact details, and website link(s) have been included
“You never want to get an email from a recipient saying, ‘Your unsubscribe link is broken.’ This is bad and will likely lead to spam complaints,” Turner says.
The below email from Bed Bath and Beyond hits the mark as it provides a prominent unsubscribe link and a privacy policy. Plus, it cleverly offers the option to subscribe to the company’s mailing list in case the message is shared with a non-recipient.
If someone wants to opt-out, remove them immediately
Most email platforms will handle unsubscribes for you. That means whenever someone hits “unsubscribe” in an email, they’re added to your email software’s “suppression list”. People on this list won’t receive future emails from you unless they re-subscribe.
However, when a recipient phones, tells or emails you directly that they no longer want to receive marketing emails, Turner says you’ll manually need to add them to your suppression list and you should do it immediately.
“Different jurisdictions give you different deadlines to remove customers from your marketing list. But the bottom line is: don’t delay. Just do it as quickly as you can,” Turner says.
Practice good mailing list hygiene
Agencies shouldn't just react to unsubscribe requests. Turner recommends they should proactively seek to regularly remove clients who are unengaged or are ‘bouncing’ (not receiving messages for reasons such as a full inbox or an invalid email address) from their mailing list.
“This actually comes back to deliverability rates and maintaining healthy marketing metrics. If you remove unengaged and invalid subscribers, your open rates and click-through rates are going to improve. That’s actually a positive for your deliverability rate and improves your chances of staying in their ‘primary‘ inbox,” Turner says.
Quality content is king
The last line of defence, and the strategy most conducive to helping your agency’s email campaign marketing strategy succeed, is to ensure you’re sending your subscribers high quality and relevant messages at appropriate intervals..
This means understanding and segmenting your audience, which was discussed in our previous blog.
“At the end of the day, when an SMB gives you their email address, they want you to be respectful with it. The best way to engage and hopefully convert them will be to send quality content and in a frequency that doesn’t make them want to mark it as spam,” Turner says.
In conclusion
Spam continues to be a major global concern. It’s likely regulators will step up enforcement action on unsolicited and misleading messages, while email service providers will make it harder for ungenuine messages to reach recipients.
“Penalties are going to get harsher and regulators will be monitoring more companies to ensure they follow all the right steps in terms of obtaining consent and sending appropriate commercial emails,” Turner says.
“For agencies, this is a critical area where you need to ensure all your bases are covered and consider getting expert advice, depending on how sophisticated and trans-jurisdictional your email campaign marketing strategy is.”
Here is a recap of best practices:
- Obtain consent from your SMB leads and clients before marketing to them
- Send subscribers an autoresponder and let them know what content they can expect to receive
- Send quality content and determine appropriate intervals, practice good list hygiene, and be sure your unsubscribe link works and your agency’s contact details appear in each email
- Remember that just because you can send a high volume of emails doesn’t mean you should. Even if your marketing is legitimate, it can affect deliverability rates and adversely impact open and click-through rates
- Violations of anti-spam laws can result in tens of thousands of dollars in fines and cause significant disruption to your business and reputation
This blog concludes our The Building Blocks of Effective Email Campaign Marketing series. We hope that the content from this series provides your agency’s email marketing strategy a solid foundation.