After four years of drafts and discussions, the Federal Trade Commission has approved the Final Rule - the enforceable implementing regulations - that say how the FTC will be enforcing the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act).

The Final Rule was issued by the FTC on Monday, May 12, and will be published in the Federal Register, most likely within the next week or so. They will take effect 45 days after their publication. You can find a copy (http://www.ftc.gov/opa/2008/05/canspam.shtm) in PDF form at the FTC's website.

(Obligatory disclaimer: The information contained in this blog posting is not intended to serve as legal advice. If you have any questions about compliance or liability, you are urged to seek appropriate legal counsel.)

The entire federal register notice is 109 pages long, although the rule itself is only six pages of that. The rest of the document is a lengthy but incredibly informative discussion of all the feedback they received during the process and an explanation of why they did or did not choose certain approaches.

The rule itself sets out four main issues that will affect senders of commercial email:

• The FTC clarified that when the law uses the term "person," that will include not only individual human beings, but also corporations and non-profit organizations.
• To satisfy the Act's requirement that commercial email display a "valid physical postal address," a sender is allowed to use an accurately-registered post office box or private mailbox, so long as it is established under the applicable United States Postal Service regulations for such services.
• An e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than "sending a reply e-mail message or visiting a single Internet Web page" to opt out of receiving future e-mail from a sender.
• The definition of "sender" will be modified to include a means of creating a "designated sender" who will be responsible for complying with the Act in those situations where multiple parties may be advertising in a single e-mail message.

The first two points are neither earth shattering nor controversial. But the same cannot be said of the other two, or of the many issues which the FTC chose to discuss in its notice but on which it ultimately chose to punt rather than issue regulations.

Prohibiting the charging of a fee to be unsubscribed is a no-brainer. But by prohibiting the asking of additional information, which would include usernames and passwords, could mean some changes for how sites handle the unsubscribe process.

Moreover, the discussion makes it quite clear that the FTC will not look kindly upon any process that takes more than one page, or fills that page with other advertising or marketing pitches. A big flashing banner that says "Please don't unsubscribe!" will definitely not be allowed on the unsubscribe page. Whether you could place some kind of appeal on the landing page after the unsubscribe request itself has been processed is not clear in the discussion by the FTC.

The biggest news in this Final Rule, however, is how the FTC chose to modify the definition of "sender" in response to many inquiries about multi-advertiser messages. They added to the definition of "sender" to clarify that:

"...when more than one person's products, services, or Internet website are advertised or promoted in a single electronic mail message, each such person who is within the Act's definition will be deemed to be a "sender," except that, only one person will be deemed to be the "sender" of that message if such person: (A) is within the Act's definition of "sender"; (B) is identified in the "from" line as the sole sender of the message; and (C) is in compliance with [the Act and the FTC's Final Rule]."

In creating the concept of a "designated sender," the discussion in the notice indicates that the FTC intends that the "element requiring identification of the person in the "from" line [be] mandatory."

Under the Act, the "from" line (the line identifying or purporting to identify a person initiating the message) must accurately identify any person who initiated the message. So when taken in conjunction with this change, the FTC seems to be requiring  that there be at least one entity accurately identified in the "from" line and they're probably going to presume that that entity will be deemed to be sender.

Applying this process to an example, let's say a newsletter publisher "PublishCo" sends an advertisement containing promotions for Company A, Company B, and Company C. Under the originally proposed definition of "sender," all four entities could be considered a sender, and thus all four would be responsible for ensuring CAN-SPAM Act compliance.

But under the Final Rule, the FTC would allow PublishCo to be the "designated sender" to be responsible for all compliance tasks, no matter how many advertisers appear in the body of the message.

To be the designated sender, however, PublishCo would need to be accurately identified in the "from" line, include their physical address in the body of the email message, and provide one of the two designated opt-out mechanisms (e.g., "sending a reply electronic mail message or visiting a single Internet Web page").

It's important to note that the rule does not require that there be a designated sender. The FTC discussion indicates that having an entity identified in the "from" line is "mandatory," but the discussion goes on to indicate that the rule:

"does not eliminate the possibility that a message may have more than one "sender." However, marketers can use the criteria set forth in the proviso to establish a single sender and reduce CAN-SPAM's compliance burdens. If marketers fail to structure the message to avoid multiple senders under the sender definition, then each sender is obligated to comply with CAN-SPAM requirements for senders, notably, to provide its physical postal address and to honor any opt-out requests."

In other words, if you don't have a designated sender, every advertiser appearing in a message could be deemed a sender and be responsible for processing unsubscribes and sharing suppression lists with all other senders. In a newsletter containing ads for a half-dozen advertisers, this could rapidly turn into a compliance mess, with each and every one of the advertisers liable for ensuring that all the collecting, processing, and trading of unsubscribe lists with all the other advertisers occurs without a hitch.

Under our example above, if the email "from" line did not indicate a single designated sender and instead provided something less definitive (e.g., "A_Consortium_of_Fine_ Businesses@PublishCo.net"), then all of the advertisers in the message could still be considered "senders" under the Act and be responsible for not only its own compliance but the compliance activities of every other "sender" on that message.

There's also another twist to this. In order for PublishCo to meet the Act's definition of a sender, it would need to be considered as advertising in the message. This requirement could be met with something as simple as including the words, "For the best in new products and services, come visit PublishCo.net." Without some content that could be clearly considered advertising for itself, however, PublishCo might not fulfill the legal definition of a sender and leave all the other advertisers on the hook.

The decision about whether to be a designated sender is one that a company like our fictional PublishCo will have to make with its legal counsel. But it might make sense for PublishCo to step up and be the entity identified as the designated sender, placing their address in the "from" line, their contact information in the message body along with their unsubscribe process, allowing PublishCo to take on the tasks of providing consumers with the opt-out choices, and in turn providing each advertiser with the suppression list arising from that campaign. For most ESPs or publishers, this could mesh well with the existing value-added services such organizations already provide.

Taking on this role as the designated sender would also allow PublishCo to offer choices to subscribers about exactly which advertisements they want to receive. While we noted that the FTC expects the unsubscribe process to be simple and unencumbered with additional advertisements or appeals, the law does still permit offering an array of choices.

Simplifying the compliance process by having a "designated sender" may help avoid legal problems, but it can also help email deliverability. Think of our example above with three advertisers and a publisher. If all four entities were considered senders, each with its own boilerplate disclosures and opt-out processes, a consumer receiving such an email might be confused about whether they might need to follow four different unsubscribe processes in order to effectively communicate their desire.

Some less-than-reputable advertisers might rejoice at such a prospect: by making the unsubscribe process cumbersome some recipients might be dissuaded from doing so - or so the theory goes. But in the end, it is really all of the senders who will wind up as the ultimate losers.

When faced with a confusing or cumbersome process, consumers will take the path of least resistance and click the "Report Spam" button or report the senders to email blacklists. Anything that drives consumers to click the spam button is among the most damaging things a sender can do to its email reputation.

At Habeas, we have long encouraged the customers of our online reputation management services to adhere to prevailing email industry best practices. Foremost among those is compliance with the CAN-SPAM Act, including making sure that the unsubscribe process is clear and simple.

At the end of the day, if a consumer is no longer interested in your email, you want to get them off your list as quickly - and from the consumer's perspective, as effortlessly - as possible, in order to avoid being labeled as spam and harming your email reputation.

Finally, it is worth noting that the FTC decided not to address a number of other thorny issues in the regulations. But the Federal Register notice does include some useful, if lengthy, discussions of many of those topics and provides some insights into how the agency might rule if pressed on those points.

Among the other topics discussed are: CAN-SPAM's definition of "transactional or relationship message"; the Commission's decision not to alter the length of time a "sender" of commercial e-mail has to honor an opt-out request; the Commission's determination not to designate additional "aggravated violations" under the Act; and the Commission's views on how CAN-SPAM applies to forward-to-a-"friend" email marketing campaigns.

The viral "tell a friend" email model, in which someone either receives a commercial e-mail message and forwards the e-mail to another person, or uses a Web-based mechanism to forward a link to or copy of a Web page to another person, is a hallmark of today's hottest social networking websites. The FTC declined to wade into regulating those kinds of emails, but they took pains to explain that, as a general matter, if the seller offers something of value in exchange for forwarding a commercial message, the seller must comply with the Act's requirements, such as honoring opt-out requests.

At the end of the day, for those familiar with the regulatory process, it's not surprising that this one has produced a set of rules that raises almost as many questions as it answers. We will undoubtedly see a number of additional inquiries to the FTC seeking further advice as companies explore how the Final Rule affects their particular ways of doing business.

But the good news for senders is that the new FTC rules will probably not have a significant adverse effect on senders who are already following the industry's best practices recommendations.

For those Habeas customers who are already utilizing our online reputation management services, our deliverability analysis and auditing process will be updated to reflect the guidance provide by the FTC for CAN-SPAM Act compliance. (Should you have any questions about your compliance practices, your customer service rep can provide you with further information.)

In the meantime, all email marketers should assume that the 45-day compliance clock is running and that they will soon be held accountable under the new regulations. For some senders, these new regulations will require changes in how they process unsubscribes or manage multi-sender campaigns.

To tackle these and other compliance questions, senders should consider a Compliance Analysis by the Habeas Advisory Services team, in which experts from Habeas review your CAN-SPAM Act compliance practices and make recommendations for reducing your risks. You can contact Ray Everett-Church <ray@habeas.com>, Director at Habeas, for more information.

It's an exciting time in Silicon Valley and spring is in the air. The fruit trees, the ones that haven't been replaced by buildings housing start-ups, are in full blossom. Habeas' headquarters are located just a stone's throw from such iconic companies as Google, Apple and In & Out Burger. The ongoing tussle between Yahoo! and Microsoft is keeping the Valley blogs buzzing. Judging by the recent San Francisco ad:tech and Google's earnings report, Silicon Valley companies in the interactive marketing space are not feeling the effects of any recession. The energy and optimism of the Valley springs eternal.

And it's truly an exciting time at Habeas. We're growing our customer and partner base rapidly -- revenue growth for 2008 is more than 50% year over year. We hit or exceeded all our financial targets in the first quarter of 2008. Habeas recently announced partnership deals with eleven and Cloudmark to extend our SafeList coverage and reputation data network. We've launched major enhancements to our software platform to deliver blazing speed, add new reputation data sources and increase overall capacity for our growing customer base. While I could look back in amazement at the progress in the company from 4.5 years ago when Chuck and I re-started the company (we used to have a haiku?), there isn't any time for that. We're too busy looking ahead. And what we see is exciting.

Online reputation management (previously known as: accreditation, whitelisting, email deliverability...) is ever more critical in a world where the Internet and email have increasing importance in the global economy, yet online crime and exploits like spam, phishing, keylogging and malware continue to grow. We're proud to be the only company solely focused on online reputation management services. We've successfully been building a trusted brand, great group of employees and a sophisticated reputation network and technology platform since 2003.

There's been some chatter about Habeas as of late. Here's the deal. Habeas, like some of our competitors and many leading email companies, is venture backed. Venture backed companies talk to each other all the time about partnering, investing, etc. Those discussions are often facilitated by investment bankers. Habeas is working with a firm called William Blair. They're helping us look at our options to finance the continued growth of our business. There are many options available to Habeas to do so and these guys are the experts -- they know email and SaaS (software as a service) business models. William Blair has worked with Constant Contact on their recent IPO as well as the S-1 filings of both Exact Target and Convio.

Those projects that William Blair has been involved in underscore a key point -- email and interactive marketing industries are hot areas now and going forward. Habeas believes in the current and long-term importance of reputation services to the overall health and sustainability of the email and interactive marketing industries. We're proud to be a unique leader in this area and to be managing the growth and capabilities of the company to best serve our customers and partners. Onward!

Two Thousand and Seven was a great year for e-mail and 2008 is going to be even better. The key for e-mail success in 2008 will be continued vigilance in the cause of online brand reputation and careful segmentation and treatment of your outbound e-mail. The best practice of sending fewer e-mail messages to a more targeted audience of customers in your database will emerge as a standard in 2008. Less e-mail will mean more success for your business, whether you define success in terms of reliable communications, revenue, click-through, registrations, retention or other success factors.

In that spirit of "less is more," let's look back at 2007 and think more about 2008!

In 2007, email became sexy again! Witness the IPOs of Constant Contact and S-1 filings of ExactTarget and Convio. The public markets are enthused about e-mail again and the merger and acquisition realm sees it no differently. The acquisition of eDialog by publicly-traded e-commerce platform company GSI Commerce shows how valuable e-mail is as a core component of any online business or platform.

The DMA published its annual statistics guide in October 2007 and once again cited e-mail as the highest ROI online marketing medium. DMA projects e-mail marketing to generate an average of $48.56 in return for every $1 spent. That's why online marketers love e-mail; done right, it's incredibly cost-effective. And e-mail usage is booming among consumers too. According to a recent Pew Internet Research study over 90 percent of U.S. Internet users use e-mail regularly and most of them use e-mail once a day or more.

When measured as a percentage of consumer time spent online, email once again staked its claim as the number one online application -- beating out search, news, traffic and weather applications. Furthermore, penetration into the population and the frequency of e-mail usage are both growing year over year.

But you didn't need me to tell you that consumers love e-mail. You know you're addicted to your Blackberry, your webmail, your Outlook and so is everyone around you!

That's not to say that 2007 was all just a bed of roses for e-mail. Unfortunately, spam continues to cast a long, dark shadow over the world of e-mail marketing. Anti-spam solution vendors are telling us that over 90 percent of e-mail traffic on the Internet is spam. Our own Habeas data tells us that 99.8 percent of IP addresses sending e-mail are, in fact, spammers!

The good news is that most of the spam isn't getting to your inboxes or cluttering the inboxes of your customers. The bad news is that the continued growth of spam levels means that you need to continue to vigilantly protect your online brand and your connection to your customers' inboxes. Your company needs to stand out and join that 0.02 percent of senders who aren't spammers and whose legitimate e-mail is delivered regularly to customer inboxes.

How can the holy grail of reliable e-mail delivery be accomplished? Through hard work and perseverance, continual segmentation, testing and self-education. It requires getting your entire team -- including marketing, IT and executive management -- on board with adopting e-mail best practices and working with the right vendors as partners to execute those practices.

Simple, right? It isn't.

It's a lot of hard work to do e-mail well. It was hard work in 2007 and it will continue to be a challenge in 2008. We call all this hard work "online reputation management": keeping a focus on and visibility into your brand's online reputation with ISPs, blacklists and, most importantly, your customers.

All that discipline pays off when you are thinking carefully about what offers to send to different audiences on your prospect list. Do you send offers for a 20 percent discount on Coach handbags to the same people who have been responding to your Super Bowl Lazyboy promotion? Probably not a good idea, as you'll generate complaints, unsubscribes and brand erosion amongst the Super Bowl set.

For 2008, the industry must adopt the mantra of "less is more." Before your next campaign, think about segmenting your list -- by gender, historic response rate, self-disclosed interest or item last bought -- and tailoring more targeted offers to those segments. Your volume may be less, but your complaints will drop dramatically, your unsubscribe churn will decrease and your business results should be solid. The days of "batch and blast" are long gone.

Your 2008 New Year's resolution must be a commitment to building a discipline of online reputation management that reduces the outreach that drives customers away and, through intelligent targeting, brings "more" success to your business.