Date: Thu, 18 May 2000 125017 -0700

To: bbbcode@cbbb.bbb.org

From: Nick Nicholas <nick@mail-abuse.org>

Subject: Comments on Code of Online Business Practices (Draft 2)

Greetings:

I am writing on behalf of Mail Abuse Prevention System LLC (MAPS), the leading provider of education, tools and resources for the control of electronic mail abuse. Our goal is to ensure that the Internet's electronic mail delivery system is not overwhelmed by e-mail abuse and that e-mail remains an important mechanism for the conduct of electronic commerce.

I am writing to comment on Draft 2 of the Better Business Bureau's proposed Code of Online Business Practices ("Code"). MAPS commends the Better Business Bureau for taking the effort to develop and promulgate best current practices for electronic commerce. From the Internet's inception, best current practice documents have played a pivotal role in its development. These documents, which include protocols known as Requests for Comments (RFCs), became the foundation for a global system which allows distant parties to communicate and network with each other using disparate and often incompatible equipment. This system flourished *because* it emerged from a consensus to adhere to agreed-upon standards. The Internet is thus a self-regulating community.

The Internet community has directed much discussion and effort towards resolving the problem of e-mail abuse, a problem costing hundreds of millions of dollars each year. In October 1995 the Internet Engineering Task Force (IETF) released RFC 1855, Netiquette Guidelines ( ftp//ftp.isi.edu/in-notes/rfc1855.txt ). In May 1999 the London Internet Exchange (LINX) adopted a Best Current Practice for Combating Unsolicited Bulk Email ( http//www.linx.net/noncore/bcp/ube-bcp.html ), and concurrently the RIPE Network Coordination Centre adopted a Good Practice for Combating Unsolicited Bulk Email ( http//www.ripe.net/ripe/docs/ripe-206.html ). In June 1999 the IETF released RFC 2635, DON'T SPEW A Set of Guidelines for Mass Unsolicited Mailings and Postings (spam) (ftp//ftp.isi.edu/in-notes/rfc2635.txt ). MAPS published its best current practice document, Basic Mailing List Management Principles for Preventing Abuse, in August 1999 ( http//mail-abuse.org/rbl/manage.html ).

All best practices documents emphasize the necessity of obtaining the permission of recipients *before* they are added to electronic mailing lists. This practice is generally known as "opt-in" and is contrasted with "opt-out" which permits mailers to arbitrarily subscribe recipients to mailing lists until they ask for mailings to cease. In addition to the organizations identified above, the US Direct Marketing Association has affirmed that opt-in is the preferred policy for bulk e-mail. The Canadian Direct Marketing Association has also embraced opt-in as a best current practice.

An opt-out approach to bulk e-mail will lead to network congestion and abandonment of e-mail, thus causing a significant adverse impact on electronic commerce. The US Small Business Administration estimates that there are approximately 25 million small business in the United States. If recipients receive only one message from only one percent of these businesses in the next year, nearly seven hundred unsolicited messages will arrive in all users' mailboxes each and every day. The Internet infrastructure would collapse under this amount of traffic. Moreover, it should be obvious that such a barrage of unsolicited mail would lead to widespread abandonment of e-mail as a communications medium.

MAPS promulgates best current practices relating to bulk e-mail. Our method for implementing and enforcing best current practices is to compile and publish a list of IP addresses of networks and businesses which do not comply with best current practices relating to opt-in e-mail. All e-mail from IP addresses appearing on the MAPS list is rejected by MAPS subscribers. Much of the Internet concurs with our approach, as evidenced by the voluntary adoption by more than 20,000 organizations world-wide of the MAPS list of networks which do not adhere to best current practices. Other large providers, including America On Line (AOL), do not use the MAPS list, but compile their own lists of networks generating large quantities of abusive traffic.

Any business enterprise adopting an opt-out policy will be included in the MAPS list of non-compliant hosts and networks known as the Realtime Blackhole List (RBL). Such listing will result in severely impaired connectivity for these businesses. Moreover, others are likely follow the lead of MAPS and make similar policy decisions, thus further impairing connectivity for those who adopt opt-out policies. Due to the fact that the Internet is a global communications medium, promulgation by the Better Business Bureau of policies which conflict with standards and best current practices widely accepted elsewhere will be ineffective and counterproductive.

A standards document permitting unsolicited broadcast e-mail in the presence of an opt-out mechanism has no bearing on MAPS policies or those adopted by recognized standards-setting organizations. Any company distributing unsolicited broadcast e-mail that is not in compliance with the standards and policies set forth by MAPS is eligible for listing on our RBL. Any efforts to point to the Better Business Bureau's Code of Online Business Practices as justification will fail. Anything short of an agreement to conform with MAPS policies *will* result in a listing.

MAPS urges the Better Business Bureau to acknowledge and embrace the standards and best current practices which are in broad use already, and to establish opt-in policies as a best current practice and the only permitted method for distributing bulk e-mail. Section C of Principle III ("Respect Customer's Preferences Regarding Unsolicited E-mail") must be revised in order for the Code to be in accord with all other best current practices documents. The language of Draft 2 will mislead businesses to their detriment as they find themselves unable to take advantage of the enormous commercial potential of the Internet.

In place of the current Draft 2 language in Principle III, Section C, MAPS urges the Better Business Bureau to adopt language which affirms the following principles

(i) Online businesses should adhere to generally accepted Internet best current practices, which includes forbearance from distribution of unsolicited broadcast e-mail and mandates the adoption of opt-in policies;

(ii) Online businesses should make adequate disclosure to customers about the manner in which their e-mail addresses will be used;

(iii) Online businesses should use customers' e-mail addresses only to the extent and for the expressed purposes for which informed consent was given;

(iv) Online businesses should provide a convenient and effective means for their customers to discontinue receiving promotional mailings.

Thank you for providing an opportunity to comment on the draft Code. Again, MAPS commends the Better Business Bureau for taking the effort to draft best current practices documents for the guidance of online businesses. MAPS shares with the Better Business Bureau an avid interest in ensuring that electronic commerce flourishes, with e-mail continuing to play a central role. Other than Section C of Principle III which is at variance with generally accepted standards, the proposed Code provides a strong and needed foundation for the development of electronic commerce which ensures consumer confidence in the online environment.

Please do not hesitate to let me know if you have any questions or if MAPS can be of any assistance to the Better Business Bureau as it proceeds with adoption of best current practices.

Regards,

Nick Nicholas
Director, Policy and Communications
Mail Abuse Prevention System LLC

By Nick Nicholas, last revised: Jun. 11, 2000.