Subscribe
group of doctors doing operation inside room

Enforcement Is Therapeutic

Policies exist for a reason. For instance, most email service providers have a policy forbidding the use of non-opt-in lists. Those policies exist because of statements like this one:

Microsoft prohibits the use of the service in any manner associated with the transmission, distribution, or delivery of any unsolicited bulk or unsolicited commercial e-mail (“spam”). You may not use the service to send spam. You also may not deliver spam or cause spam to be delivered to any Microsoft service, Web site, or customer.1

While some companies cannot vet incoming lists, most companies are greatly dependent upon incoming reports from third parties. Most of those reports these days come via feedback loop reports. That means that many of the reports used to tell “good” customers from “bad” customers come from the mailbox provider due to input given from recipients. The other significant input of this data comes from direct complaints sent by those same recipients.

Ultimately, this means that the data used by policy enforcement agents at email service providers to find customers violating their policies are also being used by the mailbox providers themselves to make reputation decisions.

The result is that policy enforcement is purely therapeutic. That is to say, that damage has been done, and the job of policy enforcement is to limit the amount of damage done, prevent that damage from intensifying, and attempt to begin repairs to whatever damage has occurred.

That damage will usually take one of two forms:

  1. Customer-oriented. This means that most of the reputational damage is limited to the customer’s reputation. The use of dedicated IP space and the growing use of domain-based reputation have greatly helped mailbox providers pin the blame for poor practices directly upon the mailers responsible for sending the mail that users complain about.
  2. Provider-oriented. By the time that provider-oriented reputational damage has occurred, it is usually the case that a mailbox provider has noticed many unmitigated instances of customer-oriented reputational damage. As it becomes more and more apparent that the provider itself is either unwilling to police its customers or is perhaps actively assisting them in doing things that cause end-user complaints, it becomes more and more likely that the provider will become understood to be the problem and that punitive measures against the provider become seen as the best option.

In a well-run company, policy enforcement’s job is to protect the company from falling victim to the second of those two options. They do this by carefully working with customers who violate published policies to either bring them into compliance or remove them from the equation.

And either result is therapeutic.

Footnotes

  1. Microsoft Support, Microsoft Anti-Spam Policy, Microsoft Support, https://support.microsoft.com/en-us/topic/microsoft-anti-spam-policy-e4506f97-694f-49bc-8231-cac4369afcb8 (last visited Feb 3, 2020). ↩︎
Picture of Mickey

Mickey

A recognized leader in the fight against online abuse, specializing in email anti-abuse, compliance, deliverability, privacy, and data protection. With over 20 years of experience tackling messaging abuse, I help organizations clean up their networks and maintain a safe, secure environment.