The DMA's Written Testimony Before the FTC on the Proposed Do Not E-Mail Registry

Counsel:

Gerald Cerasale Ronald Plesser

Senior Vice President, Government Affairs Stuart Ingis

Direct Marketing Association, Inc. Piper Rudnick LLP

1111 19^th Street, N.W., Suite 1100 1200 19^th Street, N.W.

Washington, D.C. 20036 Washington, D.C. 20036

202/955-5030 202/861-3900

The Direct Marketing Association ("The DMA") is pleased to submit these comments on the Federal Trade Commission’s ("Commission") request for public comment on a "National Do Not E-Mail" Registry ("CAN-SPAM Act Rulemaking, Project No. R411008"). Attached to these comments is a paper entitled "Preserving the Promise of the E-Mail Marketplace: An Economic Assessment of the Proposed Federal Do-Not-E-Mail Registry" (hereinafter "Economic Assessment"). This paper provides an economic analysis of the harm, to the burgeoning e-mail marketplace, to small businesses, and to the economy as a whole that would result from the creation of a Do-Not-E-mail Registry.

The DMA’s is the largest trade association for businesses interested in direct, database, and interactive marketing and electronic commerce. The DMA represents more than 4,000 companies in the United States and 53 other nations. Founded in 1917, its members include direct mailers and direct marketers from 50 different industry segments, as well as the non-profit sector. Included are catalogers, financial services, book and magazine publishers, retail stores, industrial manufacturers, Internet-based businesses, and a host of other segments, as well as the service industries that support them.

The DMA member companies have a major stake in the success of electronic commerce, and are among those benefiting from its growth. The DMA’s leadership extends to the Internet and electronic commerce through its subsidiaries the Internet Alliance and the Association for Interactive Media.

Last year, The DMA supported passage of the CAN-SPAM Act. The DMA supported this Act because it believes that it will help in the battle against spam. Spam is clogging consumer inboxes in a manner that is significantly hurting the ability of DMA members, legitimate businesses that send e-mail for commercial purposes, to contact recipients. The Act creates a uniform and predictable national standard for both senders and recipients of commercial e-mail. These standards empower consumers with an opportunity not to receive further commercial e-mail messages. Likewise, requiring senders of commercial e-mail messages to provide a physical address will demand accountability.

The Act also provides a critical resource for ISPs, state Attorneys General, and other law enforcement agencies in their legal efforts to combat this complicated problem. The strong enforcement tools provided in this new law will prove useful in eliminating abuse by those who send fraudulent commercial e-mail messages and evade detection and accountability by falsifying their identities. The positive effects of this law will not occur all at once and must be given time to be fully recognized, as identifying and prosecuting spammers can be a lengthy process. Early returns indicate that the new law may be having an impact. America Online recently reported that in the previous month it had experienced a decrease in the amount of spam sent to its members, as measured by the amount of e-mail that AOL identified as being spam and directed to members’ "spam folders." This number fell from 178 million on February 20 to 113 million on March 17. In addition, AOL witnessed a reduction in the number of member spam complaints from 12.7 million to 6.8 million during the same time period. Brian Morrissey, Amid Industry Spam Deluge, AOL Sees Drop, DM News, March 25, 2004, <http://www.dmnews.com/cgi-bin/artprevbot.cgi?article_id=26942&dest=article>

While The DMA supported the legislation, it strongly opposes the creation of a do-not-e-mail registry. The DMA believes that a do-not-e-mail registry would not reduce spam, while significantly limiting the use of electronic mail for legitimate marketing to consumers and other businesses. This would deprive consumers of special offerings as well as limit businesses’ ability to reach consumers. A do-not-e-mail registry also would create significant privacy and security risks for consumers, while at the same time creating unrealistic expectations that by signing onto the registry consumers will not receive spam.

The comments set forth below explain why a do-not-e-mail registry would not address the real spam problem. Specifically, the comments highlight the problems posed by the several types of registries that the Commission has identified that it is considering for its report to Congress on this issue.

Despite the spam that is deluging consumer inboxes, there is a rapidly growing marketplace resulting from commercial e-mail offerings. Consumers respond favorably to legitimate e-mail offerings. Consumers reported spending an estimated $33.3 billion from e-mail solicitations in the 12 months prior to March 2004. Economic Assessment at 10. In fact, sales resulting from e-mail in 2003 accounted for about 14% of Internet commerce. Id. at10. In addition, 15.8% of adult American consumers, 33 million Americans, have bought one or more products or services in response to an e-mail offering. Id.

E-mail is a particularly effective method of communicating offers for products and services to customers because it provides a low-cost, efficient means of reaching customers. E-mail is highly efficient when compared with the other channels of marketing employed by American businesses. E-mail marketing has the highest return on investment of any direct marketing medium for both businesses-to-consumer sales and business-to-business sales. E-mail marketing is about twice as efficient as the next most efficient medium.

For this reason, e-mail is a particularly beneficial marketing medium for start-ups and small firms, providing an inexpensive, efficient, and targeted way to attract new customers and expand and develop relationships with existing customers. This is particularly the case because e-mail marketing generally has among the lowest per-contact costs of any marketing channel. For small businesses, more than 21% of total Internet marketing budgets is devoted to e-mail campaigns. Id. at 31. For large businesses, about 13% of the Internet marketing budget is devoted to e-mail, with medium-sized businesses devoting 6.2%. Id. Whereas the industry-wide average is 12.7% of Internet-based sales being derived from e-mail, small businesses derive almost twice as much, 21.4%, of their Internet-based revenues from e-mail promotions. Id. Significantly, small businesses reported that e-mail driven sales were increasing at a rate of 23% annually.

Legitimate e-mail marketers follow good business practices, and adhere to applicable laws, including the CAN-SPAM Act. The DMA guidelines regarding the sending of commercial e-mail for a number of years have required that recipients be able to opt out of subsequent messages, and that a postal address be included in each e-mail. In stark contrast, senders of spam do not follow responsible business practices or comply with relevant laws.

As much as 90 percent of spam is sent by illegitimate entities, often by exploiting open proxies or through other nefarious methods, and in violation of multiple anti-spam and fraud statutes. America Online has testified that as much as 90% of spam messages contain falsified header or routing information. (Jennifer Carrol Archie of Latham & Watkins LLP, Washington, DC, on behalf of her client, America Online, before the Pennsylvania State Senate Communications and Technology Committee, September 23, 2004.) The Washington Post has reported that nearly two-thirds of all spam on the Internet today is sent through computers running software relays (Brian Krebs, Online Financial Crime Headed From Bad to Worse, Washingtonpost.com, December 17, 2003).

Spammers who do not follow the CAN-SPAM Act are hurting legitimate senders of commercial e-mail. Spam includes e-mail that has become familiar to anyone with an e-mail account: advertising pornography, illegally selling pharmaceuticals, attempting to fraudulently obtain bank information, and others that simply contain unintelligible messages. None of these messages comply with the law. The volume of these messages overwhelms legitimate messages in inboxes.

Spammers who send such messages would not comply with a do-not-e-mail registry. Spammers are bad actors who take illegal steps to evade filters and anti-spam techniques in order to have their messages delivered. ISPs have indicated in their spam-fighting efforts that spam that reaches their customer inboxes, avoiding the ISP spam filters and spam-fighting techniques, in most cases is in violation of the CAN-SPAM Act and other laws.

Two specific legislative examples aimed at stopping spam exemplify the fact that a do-not-e-mail registry would be ineffective in combating spam. First, prior to enactment of the CAN-SPAM Act, numerous state laws required that e-mail solicitations contain an "ADV:" label in the subject line of an e-mail message. This label was intended to allow recipients to identify unsolicited commercial e-mail from the subject line of the message. This labeling requirement had no effect in combating spam. When the Commission analyzed spam as part of its report False Claims in Spam, the Commission determined that compliance with the "ADV;" requirement was "sparse." In fact, only 2% of the spam analyzed by the Commission followed this requirement. False Claims in Spam, A Report by the FTC’s Division of Marketing Practices, April 30, 2003, at 11.

Similarly, in the European Union, commercial e-mail can only be sent subject to an "opt-in" consent. This requirement also has not stopped spam from ending up in inboxes. There is no indication that the European spam experience is any better than that in the U.S. The fact is that spam is not sent by those who would put "ADV:" in a subject line, by those who receive opt-in consent, or by those who would adhere to a registry. It is sent by bad actors who are violating existing laws. For this reason, attempts to combat the spam problem should not be through a do-not-e-mail registry that would only have the effect of restricting legitimate e-mail communications.

Consumers are not interested in a registry that will not combat spam and that could reduce legitimate communications. In a nationwide poll of more than 1,000 American adults aged 18 and over, the question was asked whether the respondent would support the creation of a national do-not-e-mail registry in the next two years, if such a list did not stop pornographic and fraudulent e-mails, but did stop advertising from legitimate marketers; 54% of those surveyed opposed the creation of such a registry, while only 37% supported it. Economic Assessment at 21. Similarly, 63% of those who acknowledged buying one or more product from e-mail within a 12-month period opposed the creation of a registry. This 63% figure indicates that as consumers become more familiar with the benefits and simplicity of purchasing from e-mail offerings and increasingly sophisticated about who is really spamming them, they become more concerned about the adoption of a program that could limit such benefits.

While a registry would not help combat spam, technological developments to help e-mail recipients manage their inboxes appear to be working. See Stephen Cunningham, Spam-Busters Say They’re Winning the War, Technology - Reuters Internet Report, March 28, 2004, <http://story.news.yahoo.com/news?tmpl=story&cid=582&ncid=582&e=11&u=/nm/20040328/wr_nm/media_internet_spam_dc>. For example, studies estimate that one of many commercially available spam-filtering tools catches 94% of spam while only incorrectly tagging as spam .4% of messages, a very low "false positive" rate. Users of this type of technology are thus witnessing a tremendous decrease in spam. Christine Burns and Keith Shaw, Best Products; Anti-Spam, Network World, February, 23, 2004, www.nwfusion.com/best/2004/0223antispam.html. Other types of programs, described as "trusted sender" programs, being discussed by major providers of Internet e-mail services that would ensure that a message is sent from a source known to be reliable, appear promising as well. Jonathan Krim, Microsoft to Launch Plan to Control Spam, Washington Post, Feb. 25, 2004, at E1; Joyce Cutler, Microsoft Shows Security Experts How Redmond is Looking at Security, BNA Electronic Commerce & Law Report, March 3, 2004, at 201.

A significant portion of the $33 billion in sales per year that currently results from e-mail could be eliminated by the creation of a do-not-e-mail registry. These losses would occur because e-mail addresses that are placed on such a registry no longer would receive commercial e-mail offerings. Individuals could place their e-mail addresses on the registry thinking that it would reduce spam without realizing that they then would no longer receive offers they have become accustomed to and take advantage of, such as discounts from booksellers, airline special offers, discounts on printing of digital photographs, or announcements of the date of sale of tickets for sporting events or performances for which they would have purchased tickets. These and the many similar examples would result in a reduction of billions of dollars of annual sales.

A prediction of the economic loss is set forth in the Economic Assessment. The Economic Assessment indicates that more than $12 billion would be lost to the economy as a result of a do-not-e-mail registry. This number is derived by calculating the marketing costs using e-mail marketing for the most recent 12-month period (with no registry) and comparing it with what it would cost marketers to maintain the same level of consumer sales using direct mail marketing, the second-most efficient marketing channel.

This economic loss would not be just to businesses. There would be a corresponding decrease in consumer savings that result from purchasing products and services from e-mail offerings. One of the chief benefits to consumers of e-mail marketing is companies’ ability to offer lower prices for products and services purchased online. Consumers would lose an estimated $6.8 billion in savings that result from lower price offerings available via e-mail. Economic Assessment at 25.

The Commission has requested comment regarding several types of do-not-e-mail registries that it is evaluating for its report to Congress on this issue. These potential approaches are: a database of registered e-mail addresses, a domain-wide registry, and an e-mail forwarding system. Any of the versions of the E-mail Registry that the Commission is considering would be ineffective in combating spam. The Commission also is evaluating trusted sender systems. We believe that further explorations of such systems in the marketplace may prove useful.

The Commission is evaluating a database of registered e-mail addresses, that would have a structure similar to that of the registry model used in the National Do-Not-Call Registry. Under this scenario, the Commission would make available a list of e-mail addresses that have been submitted to a registry of those who do not want to receive commercial electronic mail messages.

As described above, this type of database of registered e-mail addresses would not help combat the spam problem. Spammers, who do not follow the law and who take steps to avoid detection and game filters, would not adhere to a requirement not to send e-mail to addresses on such a list. Rather, spammers would attempt to obtain the list and use it as a source of e-mail addresses to which to send spam.

There is no effective means of restricting how an entity that obtains such a registry from the Commission would use it. Such a database would be vulnerable to abuse, and its potential for being compromised and exploited by spammers would be high. Once this list got into the spammers hands, it would become a major source of addresses for bad actors to use to send spam. Spammers would use these addresses, which are known to be functioning addresses, to flood e-mail accounts with spam. In many cases, e-mail addresses are very cautiously shared in order to avoid spam. Such accounts would be bombarded with unwanted messages, exactly the opposite of the intended purpose of a registry.

Spammers who violated a registry would not be able to be identified for enforcement purposes. This situation stands in stark contrast to the Do-Not-Call registry. The Do-Not-Call Registry is effective because companies that violate the registry usually can be identified, fined and made to comply with the law. A do-not-e-mail registry, on the other hand, would not work because spammers routinely falsify or conceal their identities and, for this reason, are difficult to catch.

An example of how widespread the use of e-mail addresses by spammers becomes once the addresses get into the wrong hands is seen in the area of e-mail harvesting. Lists of e-mail addresses that are harvested make it into spammers’ hands and result in an abundance of spam to those addresses. According to Commission research on harvesting of e-mail addresses, 250 new e-mail addresses that were harvested resulted in 3,349 spam e-mails in just six weeks. Federal Trade Commission, Email Address Harvesting: How Spammers Reap What You Sow, November 2002, http://www.ftc.gov/bcp/conline/pubs/alerts/spamalrt.htm.

Creation of a registry would result in an unrealistic expectation of the government and providers of e-mail accounts that by putting an e-mail address on the registry, the account holder would no longer receive spam. Such an unrealistic expectation could have a negative customer relations effect on businesses sending legitimate e-mail and providers of e-mail services.

A do-not-e-mail registry also would impose significant costs on senders of legitimate electronic mail. It is estimated that the cost to businesses of scrubbing their e-mail recipient lists against such a registry would be more than $56 billion annually. Economic Assessment at 34. This list would forever grow in size as there would be no reliable means of determining whether an e-mail account is no longer operable. On average, the annual rate for e-mail address turnover, where an individual changes their e-mail address, is 32%. Return Path, Inc. and Global Registry, LLC, Lost Relationships: The Collateral Damage of E-Mail Address Changes, October 16, 2002, at 2. For this reason, any registry would consist of a high number of inoperable e-mail addresses. The list also could be very long because many computer users have multiple e-mail addresses and individuals from around the world could elect to place their e-mail addresses on the list. The download time for businesses to obtain the list, as compared to the do-not-call list, could be significant. In addition, the entire list would have to be purchased and scrubbed, even if the e-mail was only being sent to a small number of recipients. This differs from the do-not-call list approach whereby telemarketers can obtain the list of numbers by area code, thereby avoiding having to pay for the entire list and scrub the potential recipients against a list that could contain hundreds of millions of entries.

Such a registry also would negatively impact the consumer experience. Consumers may not understand the impact of signing onto a registry. Consumers who sign onto the registry may not obtain legitimate e-mail messages that they are expecting or have requested from the sender. Individuals have different preferences as to the types of e-mail that they wish to receive, and a do-not-e-mail list would limit their ability to exercise such choices.

The Commission also requested comment regarding a domain-wide opt-out. Under this type of registry, entire domains could be placed on the registry. A domain-wide opt-out registry would suffer from the same problem as a database of registered e-mail addresses: it would not reduce spam. The concept of an entire domain not accepting classes of e-mail already exists in the marketplace. For example, many ISPs already prohibit bulk unsolicited commercial e-mail on their networks. Even in these instances, spam is still sent to these networks by use of techniques to avoid spam filters that would otherwise block bulk messages. Private networks themselves can legally enforce for contract violations and violations of their policies. Government resources should not be used to enforce private contracts and are better used to enforce the CAN-SPAM Act.

A domain-wide opt-out would create significant problems when recipients want to receive messages from an individual company and their domain is on the registry. Significant questions exist as to how recipients who want to receive commercial e-mail within a domain that is on the registry would be able to receive commercial e-mail that they desire. For example, if an individual signs up to receive e-mail from a sender and the e-mail address of the individual has a domain that is on the registry, the sender would be put in the irreconcilable position of either not being able to send the message or violating the registry. The only means to send messages could be to force e-mail account holders to change domains and, thus, their e-mail addresses. Individuals would not want to undertake such a change.

Finally, complications would arise over who has authority to register domains with the Commission. There are tens of thousands of domains that potentially could be added to such a registry. Determining whether the correct person is placing the domain on the registry would be very difficult.

The third type of registry that the Commission is considering would use an e-mail forwarding system. As with each of the other registries, this approach would not address the problem of bad actors, who would not adhere to it.

This type of forwarding system would add a level of complexity that would make it difficult for legitimate businesses to send messages. For example, if recipients are scrubbed from the list, how would senders know that the e-mail was scrubbed and never reached the recipient? Similarly, the size of the list to be scrubbed never would decrease, because the sender would not know what names to remove from the list. Marketers also would have difficulty evaluating the success of a solicitation, because they would not know the real number of addresses that actually receive an e-mail offer.

An e-mail forwarding system also would result in significant technological problems. Such a system could create choke points in the network and make it more difficult for all e-mail to reach its intended destination. Many of the benefits of a decentralized system of sending e-mail could be compromised by such an approach. The time for delivery of messages also could increase significantly. Additionally, the forwarding points through which commercial e-mail would travel could become targets for denial-of-service attacks by spammers who seem ready to take any measure to thwart attempts to limit their ability to send spam.

Such a system also would raise a major privacy problem for senders of commercial e-mail. Many of these senders have committed to their customers in their privacy policies that they will not share e-mail addresses with third parties for any purpose. The Commission and businesses have taken considerable measures over the last few years to ensure in the e-commerce environment that information practices are stated in privacy notices and that these statements are adhered to. Forcing a regime that requires e-mail addresses to be forwarded to an independent third party for scrubbing in many instances would violate this commitment.

The final type of system that the Commission has raised for comment surrounding its registry submission to Congress is that of "trusted sender" authentication systems. These types of systems are intended to authenticate the sender of a message prior to its delivery. Only senders who are known to be "trusted," and not spammers, would be authenticated and their messages delivered. This approach attempts to combat spam by blocking messages from senders who are not known to be "trusted." There has been a great deal of activity in recent months surrounding the development of such programs. See Krim, supra at 7; Cutler, supra at 7. While these systems have not yet been widely deployed and adopted, their potential to combat spam should be explored in more detail in the marketplace.

Commission involvement in this area is unnecessary at this time as numerous significant efforts are occurring throughout industry. Commission involvement in this area could raise complicated questions regarding the qualifications required of a "sender" to become certified as "trusted." For example, in order to become certified, what types of messages could be sent? A scheme where the Commission was to pick and choose among the entities that are "trusted" based upon the type of entity sending the message and the content of the message could raise free-speech issues. Additionally, there would be significant procedural questions regarding who would determine whether the entity requesting certification meets the standard. Additional questions that raise complexities include: How would an entity lose its certification? Could the entity appeal? How could the entity regain certification? The qualifications regarding what senders are "trusted" ultimately should be left to the marketplace and reside with the consumer.

For the reasons stated above, The DMA believes that the Commission should not establish a do-not-e-mail registry. A do-not-e-mail registry would not address the real source of spam and would impose significant and unnecessary costs on legitimate senders of commercial e-mail. Similarly, such a registry could limit consumers’ receipt of e-mail they desire. The Commission should indicate to the Congress that the creation of a registry is not feasible, is impractical, and not appropriate for regulation of electronic mail. If the Commission ultimately recommends a specific proposal, we would welcome the opportunity to constructively work on the specifics of any such proposal.

RSS Subscription

© Direct Marketing Association | Privacy Statement | Share