The purpose of a written policy is to protect the provider by protecting the customer. Stated policies — primarily written — provide a baseline of expected behavior that other people on the Internet can look toward. So, customers, prospects, recipients, and other providers can see what standards apply to using company resources. The provision of this baseline also helps to set a reputation for the company. Companies that have and enforce policies that align with the expectations of others in the ecosystem will enjoy a more significant measure of success than those that do not have or do not enforce policies.
Policy & law
In my years of policy enforcement, I have noticed the common refrain that “the law does not require this.” That is usually said in response to a policy requirement that senders obtain permission from recipients before sending them messages.
I used to say that “the law provides a floor.” But that’s not true. When you come down to it, the law provides the bedrock for behavior. You dig down to the bedrock and begin building the structure. You don’t usually walk on the bedrock — you know you cannot go below it.
These days, I ask what the point of having a policy that merely agrees with the law is. If the policy is more lenient than the law allows, then the law controls. If the policy is set by the law (i.e., a policy that says “follow the CAN-SPAM Act”), then the law is the policy. In both cases, having a policy is useless as most contracts will already contain a clause requiring both parties to abide by applicable laws.
So, you want to consider a policy “the floor.” In a perfect world, you would like to see customers exceeding the policy’s requirements. Either way, you want to see them operating well more than the law’s requirements.
Why is this important?
A few years ago, I was talking with one of the postmasters for a major mailbox provider. That postmaster told me, “We block millions of CAN-SPAM-compliant messages per day.” And that’s true. At one point, AOL displayed a counter showing how many messages it was blocking in real-time. You couldn’t even make out the last couple of digits due to the speed with which the numbers changed.
If mailbox providers are blocking messages that fully comply with “the law,” then it stands to reason that the actual standard for sending mail in the modern world has to be something greater than the law. What those mailbox providers want to see is a policy that aligns with their standards for allowing messages into their systems. They want to know that something will change if they have concerns and reach out.
Policy at scale
It’s easy to set policies on the fly and in response to inquiries made by specific customers. But, providers with many customers need to set policies that recognize the scale of their business.
In many cases, policy adherence will be a contractual obligation. This means setting policies that are reasonably clear and precise but not so rigid that they cannot adapt to changing business needs or unpredictable actions on the part of others (customers, message recipients, or even mailbox providers). Why? Because material alterations to a policy can sometimes constitute a material change in the contract itself that will necessitate either a “grandfathering” of the old policy or a renegotiation of the contract moving forward. Since this series is about “policy at scale,” we would mean either massively uneven enforcement of published rules. At the same time, the old agreements age out, or the time and money are spent getting new signatures on new contracts for every customer. Both of these are things to be avoided.
In conclusion
Publishing and enforcing a policy helps to tell other relevant parties that messages sent from your platform are worth receiving and routing to the recipient’s inbox. This protects the customer’s interest (seeing their messages delivered), but that can only happen by first protecting the company’s interest in establishing and maintaining a clean reputation.
