Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« OMB Sets Security Configuration Contracts Language for Acquisitions | Main | You Can Never Really Tell Who Gets Your Wireless Transmissions »

I Don't Want Spam, Even If it Is "Certified" To be From a Legitimate Business

There are some vendors offering "certifications" to businesses to help get their marketing email past spam filters as well as to help prevent successful phishing exploits.

One of the major players for this certification service is Goodmail Systems, Inc. They recently announced some more big-name ISPs (Comcast, Cox Communications, Time Warner Cable's Road Runner and Verizon) are supporting their "Certified Email trusted class email."

Besides getting the emails past the filters, the blue ribbon is supposed to let consumers know the messages are really from the indicated legitimate company and not a phishing attempt.

But how many consumers actually know about these certifications? What type of awareness are the businesses using the certifications doing with their customers to let them know how customers should look for the certification? I'm a customer of some of the businesses listed as using the certificates, but I don't recall ever seeing anything from them about the certification.

The press release indicates,

"Through Sept. 30, Goodmail is guaranteeing qualifying ecommerce senders who enroll in the program a minimum 300% ROI through increased click-through rates, conversions and revenues per email."

I can see a benefit in receiving vetted and certified email with regard to thwarting phishing attacks.

However, using certifications to get marketing spam past spam filters, and even guaranteeing recipients will, as a result of the certification, click on the ads is interesting. I don't want unsolicited email from any type of organization, no matter how big they are or how legitimate, or even if I have purchased from the organization before.

If one of the companies with whom I do business wants to send me a message with information about my account (but, please, don't include my sensitive personally identifiable information (PII) in the message), my service with them, or something about a product I bought from them, that is all well and good. But if I have not opted-in to receiving marketing information about their other products and services, I don't want to get those marketing emails.

Ah, and there is the rub. In the U.S. the laws generally require businesses to allow customers and consumers to OPT-OUT of receiving marketing communications, as opposed to most other countries, such as those in the European Union, that require companies to obtain explicit OPT-IN from consumers before sending them marketing messages.

It seems rather ironic that the ISPs investing in spam filters as a service for their customers are at the same time using these certifications to allow "certified" spam into their customers' inboxes.

Another certified email vendor is iconix.

And there are others.

Tags:                          
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 14, 2007 12:29 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/436

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.