Oct 09, 2002
SUMMARY: If your company has any well-known brand names, chances are a s*pammer will use your brand in a mailing soon (if not already). This no-nonsense article includes steps you should take today to prep yourself before it happens. Plus, you will also learn what to do the minute a s*pammer strikes, pretending to be affiliated with you.
This article contains instructions on how to post a "we're not a s*pammer" message to the message system that most big ISPs check when they are considering blacklisting you. Very, very valuable information!
It has happened to Sony. It has happened to Microsoft. It has happened to hundreds of companies, big and small.
A spammer has broadcast a message out to millions of people with your brand name in the subject line and/or "from" field. It looks like either your company is engaged in spamming or as though you're closely affiliated with a spammer who is offering your products.
Example: One night in February a spammer sent millions of people an email with the subject line 'Motorola Pager Deal Wont Last!' (Typo not ours.) The spammer was not an authorized Motorola dealer, nor did the spam in question even contain a way to purchase from Motorola.
It did however get opened by thousands of people who trust Motorola's brand name. That is exactly what the spammer was hoping for.
How should you react when a spammer uses your brand name? Here are some tips:
-> Three steps to take now, before a spammer uses your name
#1. Set up a formal early warning system.
Ask all employees to keep an eye out for possible abuses so you can react quickly. Larger companies should add a spam-reporting form to their intranet which feeds alerts to legal, PR and marketing.
Josephine Posti, Motorola Personal Communications Sector PR Manager, told us having an awareness program in place meant that hundreds of Motorola employees alerted their legal department when the spammer abused Motorola's name. Legal was able to act quickly and decisively.
Also, meet with all customer service departments (inbound telesales, email service, sales reps, tech support, anyone on the front line) regularly to make sure they take any incoming message claiming that someone has been s*pammed by you seriously.
Have escalation procedures in place for routing any s*pam complaints to the correct parties at PR, Legal and IT. Frequently customer service has no idea what to do with these complaints, thus dismisses the message as having come from a sender who is not Web savvy.
Remember, many consumers will check your site rather than ask you directly, 'Did you send that spam?'
-> Fast Steps to Take When a Spammer Uses Your Brand Name
#1. Most important: Do not try to hide the fact that this has happened.
Your brand credibility is under attack. You will gain customer trust by letting them know you are not the spammer.
Immediately, post a message on your Web site with a link from a prominent place on your home page. The URL of that page should be simple enough that it people could type it in or email it to each other without having it wrap. (i.e. fewer than 65 characters.)
This message should not read like a press release. Think: simple, direct, conversational, serious. By all means do not let your legal department write it.
At the end of the message, you should provide all of the following:
* PR contact information, including a direct phone number
* IT Contact information, including a direct phone number
* An email address to which people can send copies of any messages they receive with other references to your company. Ask submitters to make sure they forward the messages as attachments with full headers displayed so that IT can have more information to trace the source of the spam.
#2. Immediately post a brief note on the newsgroup news.admin.net-abuse.email (A.K.A. NANAE) with a link to your "a spammer is abusing our brand without permission" announcement.
Here is a suggested subject line for your posting: “Evidence that [brand name] is not s*pamming.”
Most of the email blacklist administrators look to this list to find out and to inform others about s*pammers, and about companies that have been erroneously associated with spammers. Be sure to provide clear contact information (ideally to someone in your IT department, not to PR, with a phone number so major ISPs can check for details if they want to).
This is a mission critical step to make sure that your own company is not blacklisted. If you are blacklisted, it could mean much of your own email will not be delivered even if your own activities are entirely opt-in and kosher.
#3. If you use any outside vendors or ASPs to send email marketing, newsletters or other broadcast email for you, contact them immediately to inform them about the problem.
Why? Their own IP addresses might be in jeopardy if the spammer used the IP address from which they send mail for you. They should immediately take steps to determine whether any of their IP addresses are being or have been blacklisted.
Email broadcast vendors are understandably wary these days about working with any client who might be a suspected spammer. If the vendor is blacklisted as a result, it could hurt their other clients and ultimately cost them their business. Maintain open communication lines with them.
Unfortunately you can not stop spammers from using your brand name. With these procedures, at least you have a fighting chance to salvage your reputation and stay off blacklists.