idnits 2.17.1 draft-ietf-run-adverts-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There is 1 instance of too long lines in the document, the longest one being 1 character in excess of 72. == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. == There are 1 instance of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 126: '...ser, ADVERTISERS SHOULD AVOID THIS OPT...' RFC 2119 keyword, line 314: '... SHOULD AN ADVERTISER PURCHASE A MAI...' Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 1999) is 8960 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '4' is defined on line 1025, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 2635 (ref. '1') -- Possible downref: Non-RFC (?) normative reference: ref. '2' -- Possible downref: Non-RFC (?) normative reference: ref. '3' -- Possible downref: Non-RFC (?) normative reference: ref. '4' -- Possible downref: Non-RFC (?) normative reference: ref. '5' Summary: 9 errors (**), 0 flaws (~~), 4 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Edward T. Gavin 2 IETF RUN Working Group Donald Eastlake 3rd 3 draft-ietf-run-adverts-01.txt Sally Hambridge / Intel 4 October 1999 6 How to Advertise Responsibly Using the Internet 8 or - how NOT to 10 $$$$$ MAKE ENEMIES FAST! $$$$$ 12 Status of this Memo 14 This document is an Internet-Draft and is in full conformance with 15 all provisions of Section 10 of RFC2026. Internet Drafts are working 16 documents of the Internet Engineering Task Force (IETF), its areas, 17 and its Working Groups. Note that other groups may also distribute 18 working documents as Internet Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six 21 months and may be updated, replaced, or obsoleted by other 22 documents at any time. It is inappropriate to use Internet-Drafts 23 as reference material or to cite them other than as "work in 24 progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 Abstract 34 The Internet is not a free resource. Access and a presence on 35 the 'Net comes at a cost to the participants, the service provider, 36 and the recipients of those services made available by the Internet. 37 Because of the rapid growth and "mainstream" acceptance of the 38 'Net, new opportunities have been found for the distribution of 39 information to the vast and ever-growing community of Internet users. 40 This condition has caused an awakening on the part of the Internet 41 community-at-large. With the unprecedented access to people that 42 has been enabled by a more readily available Internet, there are 43 groups and individuals who choose to use the 'Net for purposes for 44 which it was not intended, defying consensus among the practitioners 45 and the unwilling recipients. 47 This practice, of course, is the sending of Unsolicited Commercial 48 and Bulk E-Mail messages, posts to Netnews groups, or other 49 unsolicited electronic communication. This document shall provide 50 some measure of clarity to the definitions, dangers, and details 51 inherent to Internet Marketing, and will propose a common ground 52 where advertiser, recipient, and the Internet Community can coexist 53 in a mutually respectful and productive fashion. 55 1. Introduction 57 There are stereotypes that must be broken before continuing. 58 Not all persons who are new to the Internet are ignorant of the 59 'Net's history and evolution, or its proper and ethical uses. 60 Nor are all experienced, long-term Netizens against the use of 61 the Internet for advertising, marketing, or other business 62 purposes. Where these two groups can find commonality is in 63 their opposition to the use of the Internet in irresponsible 64 ways. Some of these irresponsible uses include, but are not 65 limited to the sending of Unsolicited Bulk or Commercial E-Mail to 66 mailing lists, individuals, or netnews groups. In the 67 vernacular, this activity is called "spamming" (the sending 68 of "spam" [1]). To understand why such activities are 69 irresponsible, one must first understand the true cost and 70 ramifications of such actions. 72 The protocols and architecture upon which the 'Net is built, 73 which are recognized and adhered to as standards, provide for 74 an openness and availability which foster and encourage easy 75 communication. These standards were developed at a time when 76 there was no need to consider the concept of "rejecting" 77 information. While those standards have evolved, they continue 78 to emphasize open communication. As such, they do not associate 79 costs or impact with the user-initiated activities which may 80 occur. Because of this openness, persons can and do send 81 large volumes of E-Mail, with little-to-no cost or financial 82 impact for the volume of messages sent. Needless to say, this 83 presents the attractive option (to those who would consider such 84 activity) of multiplying the recipients of their marketing 85 material, and presumably, increasing their success-rate. 86 However, and to reiterate an earlier statement in this text, 87 there is a cost to be incurred at some point in this communication 88 relationship. In the case of E-Mail advertising, since the cost of 89 operation does not increase on the part of the sender, it must 90 therefore increase on the side of the recipient. 92 And it does. Every recipient of every E-Mail message bears a cost, 93 either direct (cost per message received, an incremental increase 94 in connection charges) or indirect (higher service fees to recoup 95 infrastructural costs associated with the additional 'Net traffic 96 which such mass-mailings create). In addition, other resources, 97 such as the disk space and time of the recipient, are consumed. 99 Because the recipients have no control over whether or not they 100 will receive such messages, the aforementioned costs are realized 101 involuntarily, and without consent. It is this condition (the 102 absence of consent to bear the costs of receipt of a mass- 103 distributed message) that has shaped the Internet Community's 104 viewpoint - that the act of sending spam constitutes a willful 105 theft of service, money, and/or resources. Those who choose to 106 ignore the financial impact, and instead focus on the consumption 107 of indirect resources, have been known to label spam "Internet 108 Pollution". 110 The Internet provides a tremendous opportunity for businesses, 111 both large and small. There is certainly money to be made using 112 the 'Net as a resource. This paper recommends practices and ways 113 to use the Internet in a manner which is not parasitic; which will 114 not, by their mere existence, engender predetermined opposition, 115 litigation, or other negative conditions. This paper does not 116 guarantee freedom from those, or other negative responses - 117 rather, it provides the reader with a framework through which 118 the marketer/advertiser and the 'Net community (and more 119 importantly, the seller's target market) can coexist as well 120 as possible. 122 2. Image and Perception of the Advertiser 124 While it may appear to be financially attractive to advertise 125 via the use of Mass-Messaging ("spam"), as a responsible 126 Internet user, ADVERTISERS SHOULD AVOID THIS OPTION. The 127 possibility of income generation and market or business 128 expansion are minuscule when compared to some of the risks: 130 - The alienation of the vast majority of the recipients 131 of an advertising message [2][3] 133 - The damage or loss of credibility in the advertiser's 134 market [2] 136 - Loss in advertiser's and/or seller's Internet 137 connectivity (most service providers have strict 138 "zero tolerance" policies which prohibit the use 139 of their systems for the sending of spam, or 140 for encouraging or enabling such activities) 142 - Civil and Criminal litigation (in the United States, 143 and progressively in other sovereign states, it is 144 becoming accepted as fact that the theft-of-service 145 associated with spamming is equitable to real theft) 147 It is a fundamental tenet to any Internet presence that a party 148 will be responsible for their Internet "image", or the personae 149 that they create. If an advertiser sells a product which is 150 enjoyed by many, and the advertiser has not alienated, 151 offended or angered a disproportionately larger number of 152 uninterested recipients, that advertiser could be viewed 153 as a hero. Conversely, an advertiser broadcasting their 154 product to millions of uninterested parties, at the parties' 155 cost, will earn the advertiser the moniker of "spammer", 156 thief, or other less attractive names. The advertiser will 157 be held responsible for those actions, and the effects those 158 actions have in the marketplace, which is to say, the 'Net 159 community. 161 "On the Internet, nobody knows you're a dog."[4] That was the 162 caption to an illustration published in the 1990's. The message 163 is clear - the Internet renders all parties anonymous. The 164 methods used to sell products in the traditional sales channels - 165 language, image, relationships, eye contact or body language - 166 no longer apply when measuring an Internet sale. Reputation, 167 reliability, honesty, trustworthiness, and integrity have taken 168 the place of the more direct sales approaches that have been 169 previously used. These are dictated by the rate at which both 170 information and misinformation travel on the Internet. And, 171 just as an Internet user cannot control what messages are 172 sent to them, neither can the Internet marketer control the 173 information that is disseminated about them, or their activities. 174 Some information will circulate that is not accurate. Perhaps 175 there will be cases where there will be information 176 circulating which is downright incorrect. But, a successful 177 market reputation, based on ethical behavior, will render 178 the inevitable piece of misinformation meaningless. For an 179 advertiser to exist responsibly on the Internet is for 180 the advertiser and seller to take active responsibility 181 for their actions. 183 3. Understanding Theft 185 As this paper has pointed out, there is ample reason to expect 186 that the sending of spam will result in a significant level of 187 undesirable reactions, targeted at the advertiser and/or the 188 seller. Death threats, litigation and retaliatory actions are 189 commonplace. For these reasons, "spammers" (and in particular, 190 those entities providing mass-mailing services for third-party 191 businesses) will frequently take steps to ensure their anonymity. 192 These actions take various forms, and have been known to include: 194 - Forging the sender name, domain name, or IP Address 195 of the sender (called "spoofing") 197 - Sending messages through any type of hardware, software 198 or system which belongs to an uninvolved third-party 199 (called "relaying") 201 Each of these activities, as well as numerous others, are 202 criminal acts in many countries. It is unethical to use the 203 resources of any other party without their express permission. 204 To do so breaches the laws of numerous jurisdictions and 205 international agreements - offenders have been successfully 206 prosecuted in numerous jurisdictions. 208 4. Caveat Mercator 210 "Let the Seller beware." Advertisers and Sellers can be held 211 responsible for the appropriateness (or lack thereof) of the 212 messages they send when applied to the recipients to whom the 213 advertisements are sent. For this reason, all prospective 214 advertisers must first be absolutely certain that the 215 recipients of their advertising are appropriate. For example, 216 sending an advertisement which contains a link to a website 217 where content of an overt sexual nature is displayed can have 218 many undesirable consequences: 220 - In many countries, providing such material to under- 221 age minors is a crime. As the provider of the link, 222 the advertiser's position is tenuous. 224 - In some countries, such material is a crime to view, 225 possess, or distribute ("trafficking"). As the website 226 owner or advertiser, a party engaging in such activities 227 must consider the ramifications of international law. 229 To prevent such risk, advertisers should qualify the recipients 230 of their advertising. However, it must be noted that E-Mail 231 addresses provide little useful information to that end. Remember, 232 "On the Internet, nobody knows you're a dog." Advertisers will 233 have no way to qualify a prospective recipient as an adult with 234 complete discretionary and plenipotentiary authority. In other 235 words, an advertisement targeting a high-income population in need 236 of property investment opportunities may be sent to a group of 237 school children. Or a dog. 239 How then, does the prospective advertiser/seller determine the 240 quality of their leads? The essential requirement is that the 241 advertiser "know" their audience. 243 As with all sales leads, the ones which are developed and generated 244 by the advertiser who will use them are of the most value. There is 245 an inherent value to collecting the data first-hand; by collecting 246 the data directly from the prospective recipient, the advertiser 247 can accomplish two important goals: 249 - The advertiser ensures that the recipient is genuinely 250 interested in receiving information. Thus, the advertiser 251 can protect themselves from the negative impact of sending 252 Unsolicited E-Mail ("spam"). 254 - The advertiser maintains the ability to "pre-qualify" the 255 lead. One interested lead is worth more, from a sales and 256 marketing perspective, than millions of actively 257 disinterested potential recipients. 259 If an advertiser maintains an active website or uses other mass- 260 marketing tools (such as direct-mail), and they are interested in 261 pursuing Internet Advertising, the advertiser can add a mechanism 262 to gather sales lead data in a relatively simple manner. From the 263 perspective of Responsible Use, the only such mechanism to be 264 discussed in this text will be the "Opt-In" concept, to be discussed 265 in detail later in this document. 267 Regardless of the manner in which the information is gathered, there 268 are certain steps which the advertiser must follow. The advertiser 269 must inform the person that data is being collected. In addition, 270 the reason why the information is being collected must be clearly 271 stated. BE AWARE! There are jurisdictions which restrict the 272 collection of Personal Data. The laws addressing collection and 273 future handling of Personal Information will vary from place to 274 place; advertisers must take steps to gain an understanding of 275 those laws. 277 Prudence should be the advertiser's guide. If an advertiser is 278 unsure as to the applicability or legality of an action, both in 279 the jurisdiction of the advertiser as well as that of the 280 recipients, the action must be avoided entirely. 282 5. Targeting the Audience 284 Advertisers have something to sell. It may be a product, service, 285 or other tangible or intangible item. And, of course, the advertiser 286 needs to get the word out to the market - quickly. After all, neither 287 the seller or the advertiser are making sales and earning profits if 288 nobody is buying the product. However, before advertisers can 289 advertise the product, they must first determine to WHOM the product 290 will be advertised. 292 There are considerations in determining the answer to that 293 question. This text has already addressed how the sending of 294 Unsolicited Commercial E-Mail ("spam") can generate a number of 295 negative effects. In addition, numerous surveys cited herein show 296 that the vast majority of publicly-available mailing lists and Netnews 297 groups similarly abhor spam. The advertiser's first step should 298 always be to determine which avenues are appropriate for advertising. 299 Then, advertisers much determine which avenues are appropriate for 300 EACH SPECIFIC ADVERTISEMENT. Advertisers are faced with the task of 301 determining which Netnews groups accept ads, then of those, 302 which groups are of a topic to which the proposed advertising is 303 relevant. Similarly, the same work should be done for mailing lists. 304 Advertisers should take some level of comfort in the fact that there 305 *are* Netnews groups and mailing lists which welcome advertising - 306 finding them is a worthwhile investment of the advertiser's time 307 and resources. 309 For assistance in locating such advertising-friendly websites, 310 mailing lists, and Netnews groups, advertisers can consult existing 311 ethical and responsible Internet advertisers. Alternatively, 312 any low- or no-cost research resource or search engine can be 313 employed to find those groups and lists. BUT UNDER NO CIRCUMSTANCES 314 SHOULD AN ADVERTISER PURCHASE A MAILING LIST AND START MAILING! 315 There are other reasons which will be addressed further into this 316 document, but to engage in such activity opens the advertiser to 317 the liabilities and negative ramifications previously stated. Such 318 negative conditions cause increased costs to the seller/advertiser, 319 when the risks (loss of connectivity, defense against litigation, 320 avoiding discovery, etc...) are factored into an advertiser's 321 overall operation. In short, it is in the best interests of the 322 seller and advertiser to ensure that the proper audience is 323 targeted, prior to any further steps. 325 6. Reaching the audience 327 Once the prospective advertiser has determined a target market for 328 a specific advertisement, a manner of advertising must be selected. 329 While these are too numerous to mention, this document concerns 330 itself only with those that apply to the ethical use of Internet 331 resources. Of those, the pertinent ones to be examined are: 333 - A dedicated website or web page 335 - Advertisement placed on a "shared" advertising site 336 (placing an advertisement on an established web-page 337 which caters to people that indicate a potential 338 for interest in (a) specific type(s) of product(s). 339 Such advertisements can take the form of text, links, 340 "Click-Through Banners", or other. 342 - Netnews posting 344 - Targeted E-Mail messages 346 Note that any manner of blind broadcast (distribution-based) 347 advertising which does not involve the targeting of the recipients 348 is not considered responsible. 350 Once the advertiser has determined the medium for reaching their 351 target audience, there are key points to be considered, each being 352 specific to the medium of advertisement: 354 A. Dedicated website or web page 356 Advertisers have the option of creating a dedicated website, or 357 a page within another site for their advertisement. If, from a 358 technical standpoint, an advertiser is unsure of the process for 359 creating such a website, there are numerous resources available 360 to provide assistance. From no-cost avenues such as 361 instructional websites; to low-cost resources such as books, 362 videotapes or classes; to full-service businesses and 363 consultants who can advise advertisers throughout the entire 364 scope of the website/web page design, implementation and hosting 365 process (or any part thereof), there is a solution available 366 for every type of site and cost-structure. 368 B. "Shared" Advertising website 370 Advertisers have the option of placing their advertisements on 371 a website operated by a third-party. For advertisers with an 372 immediate need, such sites (also called "Electronic Malls", 373 "E-Shops" or other names) have several advantages. In some 374 cases, a shared site can be more cost-efficient than building 375 a dedicated website. Many sites will target a specific market 376 (refer to Section 5 of this document). By using existing 377 resources, advertisers can avoid the cost and burden of 378 owning their own site. Many websites will target a specific 379 advertisement to a specific audience, thus providing much of 380 the research for the prospective advertiser, and providing 381 the advertiser the means with which to reach the most receptive 382 audience. Additionally, advertisements from such advertising 383 sites can be integrated into a larger context, such as 384 supporting free e-mail services, Internet access, or news 385 broadcasts. Such integration can lend a level of credibility 386 to an advertising effort that might not exist otherwise. 388 Some notes on the use of any type of website for advertising: 390 Regardless of what method an advertiser chooses to use for 391 for advertising on the Web, there are some specific caveats 392 regarding customer interactions: 394 First, the advertiser must ensure that their contact 395 information - name, phone, e-mail address - are all clear 396 and available; 398 Second, advertisers should take care in creating forms 399 which gather information about customers, as there is 400 concern in the United States and other countries about 401 gathering information from minors without parental consent. 402 There is also concern about grabbing dynamic information 403 via persistent state information; 405 Third, if advertisers DO gather information about people 406 and plan to use it for marketing in ANY way, advertisers 407 must be VERY clear to specify their plans as people 408 submit their information. 410 C. Netnews and E-Mailing list group postings 412 If an advertiser has selected newsgroups as a targeted medium, 413 there are critical preliminary determinations to be made. The 414 accepted presumption should be that a Netnews group will not 415 welcome spam, although there are newsgroups which are 416 advertising-friendly. However, the only way to determine whether 417 a group welcomes a particular type or form of advertising is 418 to either: 420 - read the Frequently Asked Questions (FAQ) to determine 421 what is specifically permitted or prohibited on that 422 particular group. 424 or 426 - ask the group by posting a message which briefly 427 notes how you intend to advertise your product. Do not 428 mention any product details in this message, merely ask 429 if the group would object. 431 or 433 - if it is a "moderated" newsgroup, send an e-mail to 434 the group's moderator. Many group moderators will have 435 a specific preference for how to deal with advertising, 436 through compilation, "digest" formats, or other. 438 It is a recommendation that prospective advertisers read the 439 groups to which they choose to post for a period before posting. 440 Generally, an extended period of reading the messages in the 441 group will give the advertiser an indication as to how their 442 advertisement will be viewed or accepted on the group in 443 question. 445 However, this period of reading should not be used as a 446 substitute for the suggestions above. Many groups will have 447 specific instructions and/or requirements for posting 448 advertisements. Advertisers who fail to meet those 449 requirements will be undertaking irresponsible behavior, 450 and will be subject to the effects thereof. 452 D. Compiled E-Mail Lists 454 It bears repeating at this point: Let the Seller Beware. The 455 material discussed in Section 4 of this document is 456 particularly relevant in the consideration of E-mail, and 457 the use of compiled lists of e-mail addresses for advertising. 458 Advertisers should understand that they bear the responsibility 459 for ensuring the proper targeting of their recipients; the 460 proper display of their or their seller's identities; and the 461 use of resources or systems only with the express permission 462 of the owners of those systems. 464 When faced with the task of collecting and compiling recipient 465 information, one option that is frequently presented is that of 466 pre-compiled mailing lists. Most often, these are advertised 467 using the very method which is irresponsible, that of 468 Unsolicited E-Mail. There are numerous reasons why these lists 469 should not be used. 471 Many suppliers create mailing lists from addresses which they 472 have gathered in mildly to extremely unethical ways. Many of 473 these list-makers rely on grabbing volumes of addresses without 474 checking their legitimacy. In other words, they send out 475 software robots to grab addresses they find in News or Mailing 476 List archives which may be many years old! People change jobs, 477 change ISPs, and change everything about themselves over time; 478 trusting a third party for a mailing list is just not wise. 480 It is known that some mailing list providers have created 481 mailing lists from E-mail addresses of people who have asked to 482 be REMOVED from their mailing lists. They then sell these lists 483 to other advertisers who think they're getting a list of people 484 who will welcome the unsolicited information. 486 Regardless of the source, however, advertisers and sellers bear 487 the responsibility for maintenance of their lists. Purchasing a 488 list from a third-party shifts the maintenance costs of that 489 list onto the advertiser who uses it. Needless to say, this is 490 only economical for mailing list vendor. 492 Given these conditions, all evidence points to the fact that 493 the greatest level of control of an advertiser's own success 494 and liability rests with the advertiser themselves. This being 495 the case, advertisers are faced with the task of compiling their 496 own lists of willing recipients of Advertising-related E-Mail 497 messages. As discussed previously, those leads which are 498 generated by the advertiser are the most likely to have an 499 interest in the advertisement, so they are also the least likely 500 to protest the receipt of such advertisements via E-Mail. It 501 is this circumstance that makes the use of an "Opt-In" list 502 (refer to Section 7 of this text) to be perhaps the most 503 successful method of advertising distribution on the Internet. 505 7. Opt-In Mailing Lists 507 This document has laid out the basic facts of Internet Marketing; 508 the advertiser bears the responsibility of their actions; there will 509 always be recipients of that advertising who do not wish to receive 510 it; there are reactions to every responsible and irresponsible act. 511 Given these considerations, and taking into account the central 512 message of this document; that Internet Advertising *can* be a 513 successful venture for everyone involved; there remains a key tool 514 for the Internet advertiser to harness. Opt-In mailing lists provide 515 the prospective Internet advertiser with the control they need over 516 the list of their prospective target audience (validity of e-mail 517 address; applicability to the intended product; willingness to 518 receive advertising via e-mail). 520 Opt-In mailing lists are consistently shown to be more effective in 521 starting and maintaining customer relationships than any other type 522 of Internet advertising; studies have shown Opt-In mailing to be 523 Eighteen (18%) Percent more effective than Banner advertising [5]. 524 It is so successful because the recipients of those E-mailed 525 advertisements made a specific effort to receive them, thus 526 indicating their interest in receiving information about products 527 which the recipient felt were of interest to themselves. 529 Advertiser's wishing to employ Opt-In mailing lists in their 530 advertising can turn to several resources for assistance. If an 531 advertiser operates their own website or web page, they already 532 possess the most important facet, a web presence with which to 533 invite participation in the Opt-In list. If the advertiser chooses 534 to use a shared website for their product, they can also utilize 535 an Opt-In data gathering mechanism. There are numerous forms and 536 technologies that can be employed to build an Opt-In list - this 537 document will not address them individually. Rather, the purpose 538 of this section is to provide the advertiser with information 539 which, when used, will help protect the advertiser, and make the 540 advertising experience a successful one. 542 A. Privacy 544 As stated previously, advertisers should take care in 545 gathering information from Opt-In participants. First and 546 foremost, the person providing the information must be aware 547 that they are doing so. By taking these preliminary steps, 548 an advertiser decreases the risk of having any messages 549 interpreted as spam. If, in submitting information for any 550 purpose, the advertiser intends to use the submitted or 551 inferred data for any mailings, there should be clear 552 language indicating so. Furthermore, persons submitting data 553 must be given the choice to "Opt-Out"; that is, to choose to 554 submit the data but NOT receive any advertisements. A safe 555 course of action is for the advertiser to configure their 556 data-gathering so "Opt-Out" is the default; that is, to 557 ensure that any members of the list have made a concerted 558 effort to get onto said list. In nearly all cases, merely 559 having a "check-box" available with the caption 561 "Please send me E-Mail advertisements or 562 announcements about your products." 564 is sufficient. 566 It is crucial that advertisers be aware that different 567 jurisdictions deal with the collection of personal data 568 differently - the burden of verification of these laws rests 569 on the advertisers. For additional information on privacy, 570 refer to Appendix C of this document. 572 B. Integrity 574 When maintaining a list where names can be submitted via some 575 type of public or semi-public resource, such as a website, 576 advertisers should take steps to verify every subscription to 577 that list. There are key pieces of data that can be used to 578 verify the integrity of a particular subscription request, 579 but the only person who can attest to the genuineness of the 580 actual act of subscribing is the owner of the E-Mail address 581 which has been submitted. 583 To protect themselves from the risk of inadvertently spamming 584 an unsuspecting recipient, advertisers should immediately 585 confirm any submission. In doing so, advertisers can satisfy 586 all requirements for responsible confirmation of a subscription 587 request. In addition, if a person's E-Mail address has been 588 submitted to a list without the knowledge or permission of the 589 owner of that E-mail address, immediate notification of that, 590 and the receipt of supporting data, enables the owner of that 591 account to act accordingly to protect their account from future 592 wrongdoing. 594 When generating confirmations, the following information must 595 be provided to the subscriber: 597 - the E-Mail address subscribed 599 - the manner in which it was subscribed 600 (website or mailing list address) 602 - the Date and Time of the subscription request 603 (via NTP, for uniformity in future reference) 605 - the IP Address of the host which submitted 606 the request 608 - the full headers of the subscription request 609 (where applicable, such as mailing lists) 611 - the Name, website address, and contact E-Mail 612 address of the advertiser 614 - instructions to the recipient as to how to 615 permanently remove themselves from the list 617 In addition, a well-represented business will make an effort 618 to communicate this material in a way which the average 619 recipient can understand and relate to, such as the following 620 example: 622 - - - - - - C O N F I R M A T I O N - - - - - - - - - - - - 624 Thank you for your interest in Widget Sales! 626 This is confirmation of your subscription request for the 627 Widget Sales E-mail list. 629 You are currently subscribed with this address: 631 foo@bar 633 Your request was received via our website at 635 http://www.foo.bar/input.html 637 If you did not submit this request, someone may have 638 submitted it for you, or may be pretending to be you. 640 If you wish to be removed from this list, Reply to this 641 message with the word UNSUBSCRIBE as the body of the 642 message. 644 If you feel you were added to the list without your 645 permission, the information below should be forwarded to 646 your ISP's Administrative staff for follow-up, with an 647 explanation of your concern. 649 Widget Sales, Inc. | http://www.foo.bar/ 650 Responsible Internet | info@foo.bar 651 Marketing - Made Easy! | cust-serv@foo.bar 652 ----------------------------------------------------------- 654 Submission Information: 656 Request received for foo@bar from 192.168.0.1 at 657 06:41:55:13(GMT) on 07.03.1999 via 659 http://www.foo.bar/input.html 661 E-Mail headers follow: 663 Received: from 01.anytown.dialup.bar.foo 664 ([192.168.0.1]) by adshost.foo.bar 665 (FooBarMail v01.01.01.01 111-111) with SMTP 666 id <19990703054206.VDQL6023@77.anytown.dialup.bar.foo> 667 for ; Sat, 3 July 1999 01:41:55 +0000 668 From: Customer 669 To: mail-list@foo.bar 670 Subject: Submision Request 671 Date: Sat, 03 July 1999 01:41:55 -0400 672 Organization: Zem & Zem Bedding Company, Inc. 673 Reply-To: foo@bar 674 Message-ID: 675 X-Mailer: FooBarMail HTTPMailer Extension 1.0.532 676 MIME-Version: 1.0 677 Content-Type: text/plain; charset=us-ascii 678 Content-Transfer-Encoding: quoted-printable 680 C. Protection 682 Advertisers should be advised of certain measures they can take 683 to protect themselves. Frequently, and especially when the 684 traffic on a particular mailing list is low, a subscriber may 685 forget that they had requested membership on that list. When a 686 new message is sent and subsequently received, said recipient 687 may lodge a complaint of spamming. If this situation is 688 multiplied by several recipients, the advertiser and/or seller 689 risks losing their Internet access, even if they have acted 690 responsibly throughout the process. 692 For this reason, advertisers should keep an archive of all 693 submission requests which are received. This archive should be 694 kept as diligently as the advertiser's operational data, and 695 should be similarly safeguarded. Having such requests available 696 will protect the advertisers from any reports of spamming, 697 whether they are malicious, or the result of a genuine 698 misunderstanding. For reasons that should be obvious, those 699 messages should remain archived for a period that lasts AT 700 LEAST as long as the list remains active. While this is not 701 necessarily a requirement for responsible behavior, it is a 702 measure of safety for the responsible advertiser. 704 8. Responsible Behavior 706 Shotgunning a message doesn't really work in any medium, but it is 707 much easier to do with the Internet than with paper mail or 708 telephone solicitations. The steps which have been provided in 709 this paper will assist the advertiser in creating a favorable 710 environment for their work; in ensuring that they maintain a 711 responsible presence on the Internet; and in targeting the types 712 of customer and the methods to be used to reach those potential 713 customers. Given these steps, there are some actions which should 714 be avoided as the basis for any Responsible advertising presence 715 on the Internet. 717 DON'T advertise money-making opportunities that can, in any way, 718 be construed as Pyramid or Ponzi schemes. (For information 719 regarding those types of "investments", refer to Appendix 1 of 720 this document) 722 DON'T forge E-mail headers to make it look as if the messages 723 originate from anywhere other than where they really originate. 724 Particularly germane to this point is the fact that many domain 725 owners have won litigation against advertisers who have used 726 their domain name in an effort to conceal their true identity. 728 DON'T send out any sort of bogus message to "cover" the intended 729 activity, which is advertising. In other words, don't pretend that 730 a personal message from the advertiser to someone else was sent 731 to a mailing list by mistake so that the body of that message can 732 be used to advertise, as in this example: 734 Dear Tony - had a great time at lunch yesterday. Per your 735 request, here's the information on the latest widget I 736 promised [...]. 738 DON'T use aggravating statements such as "Our research shows you're 739 interested in our product." Most recipients know this is usually 740 a bogus claim. Use of it can rob any legitimacy that the 741 advertisement may hold. 743 DON'T create mailing lists from third party sources (see 744 Section 6; Part D of this document, above). 746 Enough negativity! Now for some helpful suggestions. 748 DO create a lively signature which tells the minimum about the 749 product/service. But keep it to 4 lines total (four lines is the 750 maximum recommended length for signatures). 752 DO participate in mailing lists and newsgroups which discuss 753 topics related to the particular product/service. Advertisers 754 will find people of a similar interest there and many potential 755 customers. So long as an advertiser isn't offensive in their 756 interactions with these groups they can find their participation 757 quite rewarding. 759 DO ask people if they want to be part of any mailing list that 760 is created. Advertisers must be clear about their intentions of 761 how they plan to use the list and any other information that 762 is collected. 764 DO tell people how list data has been gathered. If recipients 765 are signed up from a web page, make sure the prospective 766 recipient is aware that they will be getting mail. Many web pages 767 have getting mail selected as default. Our recommendation is that 768 the default be that recipients do NOT wish to receive mailings - 769 even if the prospective recipients find an advertiser's site of 770 interest. 772 DO respect the privacy of customers. Keep a mailing list private. 773 For an advertiser to sell a mailing list is not responsible or 774 ethical. In addition, if offering any type of online transactions, 775 advertisers should take care to encrypt any sensitive information 776 The addresses of the list members should never be viewable by the 777 list recipients, to protect your list members' privacy. 779 being taken from customers, such as Credit Card or other Payment 780 information. Provide honest information regarding the methods 781 being used to protect the customer's data. 783 DO let recipients know how to remove themselves from a mailing list. 784 Advertisers should make this as easy as possible. 786 DO let people know for what purpose any data is being collected. 787 Advertisers must ensure that their plans regarding data collection 788 are legal. 790 Advertisers and Sellers can check with the web site of the Better 791 Business Bureau, which operates in the United States and Canada. 792 (www.bbb.org) This organization has several programs and services 793 which can help advertisers in those countries, and has other 794 resources which will benefit advertisers of any nationality. 796 "Advertisers should advertise responsibly the better mousetrap 797 they have built, and the world will beat a path to their E-mail 798 address." 800 Appendices 802 Most readers of this document are probably aware as to why 803 "Pyramid" or "Ponzi" schemes are fraudulent, and in most places, 804 criminal. However, for those who do not, Appendix "A" is 805 provided. 807 For a topical review of Privacy law across multiple jurisdictions, 808 including several sovereign nations, Appendix "B" provides some 809 resources for advertisers or other interested parties. 811 A.1 The classic Pyramid 813 In the classic Pyramid scheme, there is a list of a few people. A 814 Participant sends money to one or all of them, and then shifts that 815 person off the list and adds their own name. The participant then 816 sends the same message to N people.... 818 The idea is that when a recipient's name gets to the special place 819 on the list (usually at the "top" of the pyramid), they will get lots 820 of money. The problem is that this only works for everyone if there 821 are an infinite number of people available. 823 As an example, examine a message with a list of four people where 824 each participant sends US$5.00 to each; removes the first name, and 825 adds their own name at the bottom. There may also be some content 826 encouraging the participants to send "reports" to people who submit 827 money. Presume the rules encourage the participants to send out lots 828 of copies until they each get ten direct responses, 100 second level 829 responses, etc., and claim there is a guarantee that the participants 830 will earn lots of money fast if they follow the procedure. 832 First, note that some person or group has to have started this. When 833 they did, they got to specify all four names so it was probably four 834 people working together to split any profits they might get from 835 being the top of the pyramid (or maybe they send out four versions 836 of the original letter with their name order rotated). In some cases, 837 all names on the list have been proven to be the same person, 838 operating under assumed business names! 840 While the letters that accompany these things usually have all kinds 841 of language about following the instructions exactly, the most 842 rational thing for a participant to do if they decided to participate 843 in such a thing would be to; 845 (1) send no money to anyone else; and 847 (2) find three other people and replace all the names on 848 the list. 850 But, presume that not just this participant, but everyone who ever 851 participates decides to follow the "rules". To avoid the start-up 852 transient, assume that it starts with one name on the list and for 853 the next three layers of people, one name gets added and only after 854 the list is up to four does any participant start dropping the 855 "top" name. 857 What does this look like after nine levels if everything works 858 perfectly? The following table shows, for nine levels, how many 859 people have to participate, what each person pays out, gets in, and 860 nets. 862 Level People Out In Net 863 1 1 0 $55,550 $55,550 864 2 10 $5 $55,550 $55,545 865 3 100 $10 $55,550 $55,540 866 4 1,000 $15 $55,550 $55,535 867 5 10,000 $20 $55,550 $55,530 868 6 100,000 $20 $5,550 $5,530 869 7 1,000,000 $20 $550 $530 870 8 10,000,000 $20 $50 $30 871 9 100,000,000 $20 0 -20 873 So if this scheme ever progressed this far (which is extremely 874 unlikely) over 10,000 people would have made the "guaranteed" 875 $50,000. In order to do that, One Hundred Million people (or over 876 ten thousand times are many) are out twenty dollars. And it can't 877 continue because the scheme is running out of people. Level 10 878 would take One Billion People, all of whom have $20 to submit, 879 which probably don't exist. Level 11 would take Ten Billion, more 880 people than exist on the earth. 882 Pyramid schemes are _always_ like this. A few people who start them 883 may make money, only because the vast majority lose money. People 884 who participate and expect to make any money, except possibly those 885 who start it, are being defrauded; for this reason, such schemes 886 are illegal in many countries. 888 A.2 What about Ponzi? 890 A Ponzi scheme is very similar to a pyramid except that all of the 891 money goes through a single location. This method of confidence fraud 892 is named after Charles Ponzi, a Boston, Massachusetts "businessman" 893 who claimed to have discovered a way to earn huge returns on money 894 by buying international postal reply coupons and redeeming them in 895 postage for more than their cost. Early "investors" in this scheme 896 did get their promised return on investment, but with money that 897 later investors were investing. Ponzi was actually doing nothing 898 with the money other than deriving his own income from it, and 899 paying latter investors' money to earlier investors. 901 Notice the similarity to early pyramid participants, who "earn" 902 money from the later participants. 904 Just as pyramids always collapse, Ponzi schemes always collapse 905 also, when the new people and new money run out. This can have 906 serious consequences. People in Albania died and much of that 907 country's savings were squandered when huge Ponzi schemes that 908 "seemed" to be partly backed by the government collapsed. 910 A.3 So all multi-levels are evil? 912 No, all multi-level systems are not the same, nor are they all 913 "evil". 915 If what is moving around is just money and maybe "reports" or the 916 like that are very cheap to produce, then almost certainly it is a 917 criminal scam. If there are substantial goods and/or services being 918 sold through a networked tier-system at reasonable prices, it is more 919 likely to be legitimate. 921 If the advertisement says participants can make money "fast", 922 "easy" or "guaranteed", be very suspicious. If it says participants 923 may be able to make money by putting in lots of hard work over many 924 months but there is no guarantee, then it may be legitimate. As 925 always, if it seems "too good to be true", it probably is. 927 If people are paid to recruit "members" or can "buy" a high "level", 928 it is almost certainly a criminal scam. If people are paid only for 929 the sale of substantial goods and/or services, it is more likely to 930 be legitimate. 932 It may also be worthwhile to look at the history of the 933 organization and its founders/leaders. The longer it has been around, 934 the more likely it is to continue being around. If its founders or 935 leaders have a history of fraud or crime, a person should think very 936 carefully before being part of it. 938 B.1 Why Web Privacy? 940 Directories, lists or other collection sources of personal data are 941 the current informational "gold rush" for Internet Marketers. In the 942 United States and other countries, there is no explicit guarantee 943 of personal privacy. Such a right, under current legislation, stands 944 little chance against certain electronic technologies. Some members 945 of the global community have expressed concern regarding perceived 946 intrusion into their personal privacy. Still, the collection and 947 sale of such information abounds. 949 Self-regulation by businesses utilizing the Internet is the first 950 choice of legislators, commercial websites, and Internet aficionados. 951 However, the profits to be made by selling personal information 952 and by using these lists for advertisement purposes, often dissuades 953 self-regulation. 955 United States Senator Patrick Leahy, Ranking Minority member of the 956 Judiciary Committee of the United States Senate (at the time of the 957 writing of this document) states very succinctly why we should 958 consider Internet Privacy: 960 "Good privacy policies make good business policies. New 961 technologies bring with them new opportunities, both for 962 the businesses that develop and market them, and for 963 consumers. It does not do anyone any good for consumers 964 to hesitate to use any particular technology because they 965 have concerns over privacy. That is why I believe that 966 good privacy policies make good business policies." 968 The Center for Democracy and Technology suggests Five Conditions 969 that websites should use to be considerate of individual's 970 rights to privacy: 972 - Notice of Data Collection 974 - Choice to Opt Out 976 - Access to Data to rectify errors 978 - Adequate Security of Information Database 980 - Access to contact persons representing the data collector 982 Notice that the practice of data collection authorization can be 983 accomplished using something as simple as an automated response 984 E-Mail message. This will help assure prospective customers that 985 an advertiser is a business of integrity. 987 An additional consideration must be made for those businesses 988 that intend to pursue international trade (do business across 989 national boundaries). The European Communities have legislation for 990 the flow of Personal Information. If an advertiser is interested in 991 pursuing business interests across borders, and particularly if a 992 business intends to solicit and/or share Personal Information, the 993 advertiser/seller must be able to guarantee the same privacy 994 considerations as a foreign counterpart, or as a business operating 995 in the nation in which the advertiser is soliciting/performing 996 their business. 998 Other countries and their legislation are shown below: 1000 Germany - BundesDatenSchutzGesetz (BDSG) 1002 France - Commision nationale de l'informatique et de 1003 libertes (CNIL) 1005 UK - Data Protection Act (DPA) 1007 Netherlands - Wet PersoonsRegistraties (WPR) 1009 Australia - Privacy Act of 1998 (OECD DAta Protection 1010 Guidelines) 1012 Canada - The Personal Information Protection and 1013 Electronic Documents Act 1015 References 1017 [1] Hambridge & Lunde. RFC-2635. Internet Society. 1999 1019 [2] Internet Spam / UCE Survey #1. 1020 http://www.survey.net/spam1r.html . July 24, 1997 1022 [3] ISPs and Spam: the impact of spam on customer retention and 1023 acquisition. Gartner Group, San Jose, CA. June 14, 1999. Pg. 7 1025 [4] Steiner, P. _New Yorker_. July 5, 1993. p.61. 1027 [5] Spam slam -- opt-in e-mail gains favor. 1028 http://www.zdnet.com/zdnn/stories/news/0,4586,2267565,00.html . 1029 May 28, 1999. 1031 Authors' Addresses 1033 Edward T. Gavin 1034 Penn Ventilation, Inc. 1035 1370 Welsh Road 1036 North Wales, PA 19454 1037 tedgavin@worldnet.att.net 1039 Donald E. Eastlake 3rd 1040 IBM 1041 65 Shindegan Hill Road, RR #1 1042 Carmel, NY 10512 1043 dee3@us.ibm.com 1045 Sally Hambridge 1046 Intel Corp 1047 2200 Mission College Blvd 1048 Santa Clara, CA 95052 1049 sallyh@ludwig.sc.intel.com 1051 Acknowledgements and Significant Contributors 1053 JC Dill Barbara Jennings 1054 jcdill@vo.cnchost.com Sandia National Laboratories 1056 Albert Lunde April Marine 1057 Northwestern University Internet Engines, Inc.