You've Got Mail—And Potential Hassles
Compliance with the law and following a regular maintenance routine can help you manage your growing volume of e-mail.

For a legitimate business, complying with the CAN-SPAM Act takes little effort. Just make sure any mass e-mails you send include an opt-out option, and honor that request.

Unfortunately, your e-mail problems probably don't end there. Few companies keep up to date on virus protection, employ adequate security or even make good use of filters.

There are a number of steps you can take to help ensure compliance, protect your company's assets and satisfy your customers, vendors and employees.

Obey the CAN-SPAM Act
The law, in effect since January 1, 2004, was the first step in setting national standards for sending bulk unsolicited commercial e-mail (UCE). The anti-spam law makes it a misdemeanor to intentionally send bulk UCE with falsified headers and sets civil penalties for other common spamming practices. Penalties also apply to businesses knowingly promoted in UCE with false or misleading header information.

Although the national law replaces some more stringent state laws, CAN-SPAM's aim is to thwart high-volume spammers.
E-marketers are allowed to send UCE that contains an opt-out mechanism, a functioning return e-mail address, a valid subject line indicating the e-mail is an advertisement and the legitimate physical address of the mailer.

When sending broadcast e-mails, your company needs to ensure that the appropriate opt-out legal language and e-mail address appear on every e-mail sent. Your e-mail service provider can help provide the appropriate language and probably has a mechanism to ensure that language is automatically included at the end of every broadcast e-mail. If you use a customer relationship management (CRM) package for e-mail, have the opt-out option added to your client database. If you send a large volume of e-mail communications and have trouble managing opt-out responses, add software to track responses and build a database. Then make sure those addresses are deleted from your distribution list.

Managing E-mail
While not specifically tied to the CAN-SPAM Act, experts suggest that addressing the following key points can help in dealing with the growing volume of e-mail:

If your system has a filter that separates spam messages, encourage employees to check the spam folder regularly. Timely messages have been known to get filtered and left unnoticed in the spam folder. Each employee is responsible for reviewing the folder to make sure it contains no important messages.

Subscribe to a filtering service. Don't waste valuable time and resources reinventing the wheel. Filtering services such as Postini or others can help you stem the tide of unwanted messages. Beware of do-it-yourself filtering solutions that could accidentally turn a new prospect or referral into electronic trash.

When sending important messages, click on return receipt. Doing so helps take the guesswork out of whether your e-mail message actually reached its destination. Most e-mail packages offer this feature, which notifies the sender when the recipient reads the message. Note, however, that because most e-mail packages also give recipients the option not to return the requested receipt, return receipts aren't a failsafe indicator of whether your message reached its destination.

Pay attention to "bounced" e-mail. If a server blocks your message, it could be a sign that your e-mail address has been used inappropriately. Most servers check incoming addresses against a "blacklist" and then reject messages from those addresses. Spammers often use an "innocent" address to protect their own identity. To help safeguard your company's e-mail addresses, think twice before posting employees' e-mail addresses on your Web site.

Consider options for integrity. "Integrity," when applied to e-mail, means ensuring that a message is not tampered with while being sent. The term is often coupled with "authentication," which means ensuring that a message really came from the sender. Some e-mail systems have built-in integrity checking. There are a wide variety of tools and standards that can help you achieve good e-mail integrity, most involving both certificates and one or more methods of encryption.

PKI, short for Public Key Infrastructure, is a standard that provides encryption and authentication. To establish secure communications, two individuals exchange public keys (a password or pass phrase) that accompany all messages for verification. It only works if both parties download and install the software from PGP—short for Pretty Good Privacy—and exchange public keys.

Don't wait for a breach to learn that your e-mail system lacks integrity. Keep up-to-date on the latest security measures and make sure they are implemented in a timely manner.

Update virus protection weekly. More than 85,000 viruses exist and new ones are created every day. To make sure you're protected, update your virus definitions at least weekly. Companies that own corporate licenses of anti-virus software packages should also implement the anti-virus management console that allows centralized inventory, distribution and reporting of anti-virus activities.

Beware of "phishing." Caution employees about bogus e-mails and Web sites that try to fool people into providing credit card numbers, account names, Social Security numbers and more.

Beware of attachments and links. Warn employees: If you don't know the sender, don't click on either an attachment or a link. The spread of viruses is getting more sophisticated. With certain browsers, going to a "rigged" site can initiate unwanted actions on the computer. Likewise, scripting added to a Microsoft Word or Excel file can execute commands on the hard drive that will delete or rename files and wreak havoc with your system.
 
RSM McGladrey Business Services, a wholly-owned subsidiary of H&R Block (NYSE: HRB), offers a broad range of business services to mid-sized companies, including business and tax consulting, wealth management, retirement resources, payroll services and corporate finance. For more information, contact Kristin Wing at (816) 751-1813.
© 2004 RSM McGladrey, Inc. All rights reserved.