Enforcement is therapeutic
Policies exist for a reason. For instance, most email service providers have a policy forbidding the use of non-opt-in lists. Those policies exist because of statements like this one:
Microsoft prohibits the use of the service in any manner associated with the transmission, distribution, or delivery of any unsolicited bulk or unsolicited commercial e-mail (“spam”). You may not use the service to send spam. You also may not deliver spam or cause spam to be delivered to any Microsoft service, Web site, or customer.
Microsoft Corp., Microsoft Anti-Spam Policy, Microsoft Support (2020), https://support.office.com/en-us/article/Microsoft-Anti-Spam-Policy-e4506f97-694f-49bc-8231-cac4369afcb8 (last visited Apr 30, 2024).
While some companies have a limited ability to vet incoming lists, most companies are greatly dependent upon incoming reports from third-parties. Most of those reports these days come via feedback loop reports. That means that many of the reports used to tell “good” customers from “bad” customers come from the mailbox provider as a result of input given from recipients. The other major input of this data comes in the form of direct complaints sent by those same recipients.
Ultimately, this means that the same data used by policy enforcement agents at email service providers to find customers who are violating their policies are also being used by the mailbox providers themselves to make reputation decisions.
The result is that policy enforcement is purely therapeutic in nature. That is to say that damage has been done and the job of policy enforcement is to limit the amount of damage done, prevent that damage from intensifying, and attempt to begin repairs to whatever damage has occurred.
That damage will usually take one of two forms:
- Customer-oriented. This means that most of the reputational damage is limited to the customer’s own reputation. The use of dedicated IP space and the growing use of domain-based reputation have greatly helped mailbox providers to pin the blame for poor practices directly upon the mailers who are responsible for sending the mail that users are complaining about.
- Provider-oriented. By the time that provider-oriented reputational damage has occurred, it is usually the case that a mailbox provider has noticed many unmitigated instances of customer-oriented reputational damage. As it becomes more and more apparent that the provider itself is either unwilling to police its customers or is perhaps actively assisting them in doing things which cause end-user complaints, it becomes more and more likely that the provider will become understood to be the problem and that punitive measures against the provider become seen as the best option.
In a well-run company, it is the job of policy enforcement to protect the company from falling victim to the second of those two options. They do this by carefully working with customers who violate published policies to either bring them into compliance or to remove them from the equation.
And either result is therapeutic.
- Introducing: Arcana - 22 November 2024
- Help me see if there is a need for that I can fill - 23 September 2024
- Verkada: Data Protection Issues - 19 September 2024