[Search] [txt|pdf|bibtex] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 rfc3098                                              
INTERNET-DRAFT                                           Edward T. Gavin
IETF RUN Working Group                               Donald Eastlake 3rd
draft-ietf-run-adverts-01.txt                    Sally Hambridge / Intel
                                                            October 1999


            How to Advertise Responsibly Using the Internet

                            or - how NOT to

                    $$$$$  MAKE ENEMIES FAST!  $$$$$



Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026. Internet Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its Working Groups. Note that other groups may also distribute
   working documents as Internet Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time. It is inappropriate to use Internet-Drafts
   as reference material or to cite them other than as "work in
   progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.


Abstract

   The Internet is not a free resource. Access and a presence on
   the 'Net comes at a cost to the participants, the service provider,
   and the recipients of those services made available by the Internet.
   Because of the rapid growth and "mainstream" acceptance of the
   'Net, new opportunities have been found for the distribution of
   information to the vast and ever-growing community of Internet users.
   This condition has caused an awakening on the part of the Internet
   community-at-large. With the unprecedented access to people that
   has been enabled by a more readily available Internet, there are
   groups and individuals who choose to use the 'Net for purposes for
   which it was not intended, defying consensus among the practitioners
   and the unwilling recipients.

   This practice, of course, is the sending of Unsolicited Commercial
   and Bulk E-Mail messages, posts to Netnews groups, or other
   unsolicited electronic communication. This document shall provide
   some measure of clarity to the definitions, dangers, and details
   inherent to Internet Marketing, and will propose a common ground


Gavin, et al               Expires: 1Apr2000                    [Page 1]


Internet Draft          Advertising Responsibly           September 1999


   where advertiser, recipient, and the Internet Community can coexist
   in a mutually respectful and productive fashion.


1. Introduction

   There are stereotypes that must be broken before continuing.
   Not all persons who are new to the Internet are ignorant of the
   'Net's history and evolution, or its proper and ethical uses.
   Nor are all experienced, long-term Netizens against the use of
   the Internet for advertising, marketing, or other business
   purposes. Where these two groups can find commonality is in
   their opposition to the use of the Internet in irresponsible
   ways.  Some of these irresponsible uses include, but are not
   limited to the sending of Unsolicited Bulk or Commercial E-Mail to
   mailing lists, individuals, or netnews groups. In the
   vernacular, this activity is called "spamming" (the sending
   of "spam" [1]). To understand why such activities are
   irresponsible, one must first understand the true cost and
   ramifications of such actions.

   The protocols and architecture upon which the 'Net is built,
   which are recognized and adhered to as standards, provide for
   an openness and availability which foster and encourage easy
   communication. These standards were developed at a time when
   there was no need to consider the concept of "rejecting"
   information. While those standards have evolved, they continue
   to emphasize open communication. As such, they do not associate
   costs or impact with the user-initiated activities which may
   occur. Because of this openness, persons can and do send
   large volumes of E-Mail, with little-to-no cost or financial
   impact for the volume of messages sent. Needless to say, this
   presents the attractive option (to those who would consider such
   activity) of multiplying the recipients of their marketing
   material, and presumably, increasing their success-rate.
   However, and to reiterate an earlier statement in this text,
   there is a cost to be incurred at some point in this communication
   relationship. In the case of E-Mail advertising, since the cost of
   operation does not increase on the part of the sender, it must
   therefore increase on the side of the recipient.

   And it does. Every recipient of every E-Mail message bears a cost,
   either direct (cost per message received, an incremental increase
   in connection charges) or indirect (higher service fees to recoup
   infrastructural costs associated with the additional 'Net traffic
   which such mass-mailings create). In addition, other resources,
   such as the disk space and time of the recipient, are consumed.







Gavin, et al               Expires: 1Apr2000                    [Page 2]


Internet Draft          Advertising Responsibly           September 1999


   Because the recipients have no control over whether or not they
   will receive such messages, the aforementioned costs are realized
   involuntarily, and without consent. It is this condition (the
   absence of consent to bear the costs of receipt of a mass-
   distributed message) that has shaped the Internet Community's
   viewpoint - that the act of sending spam constitutes a willful
   theft of service, money, and/or resources. Those who choose to
   ignore the financial impact, and instead focus on the consumption
   of indirect resources, have been known to label spam "Internet
   Pollution".

   The Internet provides a tremendous opportunity for businesses,
   both large and small. There is certainly money to be made using
   the 'Net as a resource. This paper recommends practices and ways
   to use the Internet in a manner which is not parasitic; which will
   not, by their mere existence, engender predetermined opposition,
   litigation, or other negative conditions. This paper does not
   guarantee freedom from those, or other negative responses -
   rather, it provides the reader with a framework through which
   the marketer/advertiser and the 'Net community (and more
   importantly, the seller's target market) can coexist as well
   as possible.


2. Image and Perception of the Advertiser

   While it may appear to be financially attractive to advertise
   via the use of Mass-Messaging ("spam"), as a responsible
   Internet user, ADVERTISERS SHOULD AVOID THIS OPTION. The
   possibility of income generation and market or business
   expansion are minuscule when compared to some of the risks:

        -   The alienation of the vast majority of the recipients
            of an advertising message [2][3]

        -   The damage or loss of credibility in the advertiser's
            market [2]

        -   Loss in advertiser's and/or seller's Internet
            connectivity (most service providers have strict
            "zero tolerance" policies which prohibit the use
            of their systems for the sending of spam, or
            for encouraging or enabling such activities)

        -   Civil and Criminal litigation (in the United States,
            and progressively in other sovereign states, it is
            becoming accepted as fact that the theft-of-service
            associated with spamming is equitable to real theft)






Gavin, et al               Expires: 1Apr2000                    [Page 3]


Internet Draft          Advertising Responsibly           September 1999


   It is a fundamental tenet to any Internet presence that a party
   will be responsible for their Internet "image", or the personae
   that they create. If an advertiser sells a product which is
   enjoyed by many, and the advertiser has not alienated,
   offended or angered a disproportionately larger number of
   uninterested recipients, that advertiser could be viewed
   as a hero. Conversely, an advertiser broadcasting their
   product to millions of uninterested parties, at the parties'
   cost, will earn the advertiser the moniker of "spammer",
   thief, or other less attractive names. The advertiser will
   be held responsible for those actions, and the effects those
   actions have in the marketplace, which is to say, the 'Net
   community.

   "On the Internet, nobody knows you're a dog."[4] That was the
   caption to an illustration published in the 1990's. The message
   is clear - the Internet renders all parties anonymous. The
   methods used to sell products in the traditional sales channels -
   language, image, relationships, eye contact or body language -
   no longer apply when measuring an Internet sale. Reputation,
   reliability, honesty, trustworthiness, and integrity have taken
   the place of the more direct sales approaches that have been
   previously used. These are dictated by the rate at which both
   information and misinformation travel on the Internet. And,
   just as an Internet user cannot control what messages are
   sent to them, neither can the Internet marketer control the
   information that is disseminated about them, or their activities.
   Some information will circulate that is not accurate. Perhaps
   there will be cases where there will be information
   circulating which is downright incorrect. But, a successful
   market reputation, based on ethical behavior, will render
   the inevitable piece of misinformation meaningless. For an
   advertiser to exist responsibly on the Internet is for
   the advertiser and seller to take active responsibility
   for their actions.


3. Understanding Theft

   As this paper has pointed out, there is ample reason to expect
   that the sending of spam will result in a significant level of
   undesirable reactions, targeted at the advertiser and/or the
   seller. Death threats, litigation and retaliatory actions are
   commonplace. For these reasons, "spammers" (and in particular,
   those entities providing mass-mailing services for third-party
   businesses) will frequently take steps to ensure their anonymity.
   These actions take various forms, and have been known to include:

        -   Forging the sender name, domain name, or IP Address
            of the sender (called "spoofing")




Gavin, et al               Expires: 1Apr2000                    [Page 4]


Internet Draft          Advertising Responsibly           September 1999



        -   Sending messages through any type of hardware, software
            or system which belongs to an uninvolved third-party
            (called "relaying")

   Each of these activities, as well as numerous others, are
   criminal acts in many countries. It is unethical to use the
   resources of any other party without their express permission.
   To do so breaches the laws of numerous jurisdictions and
   international agreements - offenders have been successfully
   prosecuted in numerous jurisdictions.


4. Caveat Mercator

   "Let the Seller beware." Advertisers and Sellers can be held
   responsible for the appropriateness (or lack thereof) of the
   messages they send when applied to the recipients to whom the
   advertisements are sent. For this reason, all prospective
   advertisers must first be absolutely certain that the
   recipients of their advertising are appropriate. For example,
   sending an advertisement which contains a link to a website
   where content of an overt sexual nature is displayed can have
   many undesirable consequences:

        -   In many countries, providing such material to under-
            age minors is a crime. As the provider of the link,
            the advertiser's position is tenuous.

        -   In some countries, such material is a crime to view,
            possess, or distribute ("trafficking"). As the website
            owner or advertiser, a party engaging in such activities
            must consider the ramifications of international law.

   To prevent such risk, advertisers should qualify the recipients
   of their advertising. However, it must be noted that E-Mail
   addresses provide little useful information to that end. Remember,
   "On the Internet, nobody knows you're a dog." Advertisers will
   have no way to qualify a prospective recipient as an adult with
   complete discretionary and plenipotentiary authority. In other
   words, an advertisement targeting a high-income population in need
   of property investment opportunities may be sent to a group of
   school children. Or a dog.

   How then, does the prospective advertiser/seller determine the
   quality of their leads? The essential requirement is that the
   advertiser "know" their audience.







Gavin, et al               Expires: 1Apr2000                    [Page 5]


Internet Draft          Advertising Responsibly           September 1999


   As with all sales leads, the ones which are developed and generated
   by the advertiser who will use them are of the most value. There is
   an inherent value to collecting the data first-hand; by collecting
   the data directly from the prospective recipient, the advertiser
   can accomplish two important goals:

        -   The advertiser ensures that the recipient is genuinely
            interested in receiving information. Thus, the advertiser
            can protect themselves from the negative impact of sending
            Unsolicited E-Mail ("spam").

        -   The advertiser maintains the ability to "pre-qualify" the
            lead. One interested lead is worth more, from a sales and
            marketing perspective, than millions of actively
            disinterested potential recipients.

   If an advertiser maintains an active website or uses other mass-
   marketing tools (such as direct-mail), and they are interested in
   pursuing Internet Advertising, the advertiser can add a mechanism
   to gather sales lead data in a relatively simple manner. From the
   perspective of Responsible Use, the only such mechanism to be
   discussed in this text will be the "Opt-In" concept, to be discussed
   in detail later in this document.

   Regardless of the manner in which the information is gathered, there
   are certain steps which the advertiser must follow. The advertiser
   must inform the person that data is being collected. In addition,
   the reason why the information is being collected must be clearly
   stated. BE AWARE! There are jurisdictions which restrict the
   collection of Personal Data. The laws addressing collection and
   future handling of Personal Information will vary from place to
   place; advertisers must take steps to gain an understanding of
   those laws.

   Prudence should be the advertiser's guide. If an advertiser is
   unsure as to the applicability or legality of an action, both in
   the jurisdiction of the advertiser as well as that of the
   recipients, the action must be avoided entirely.


5. Targeting the Audience

   Advertisers have something to sell. It may be a product, service,
   or other tangible or intangible item. And, of course, the advertiser
   needs to get the word out to the market - quickly. After all, neither
   the seller or the advertiser are making sales and earning profits if
   nobody is buying the product. However, before advertisers can
   advertise the product, they must first determine to WHOM the product
   will be advertised.





Gavin, et al               Expires: 1Apr2000                    [Page 6]


Internet Draft          Advertising Responsibly           September 1999


   There are considerations in determining the answer to that
   question. This text has already addressed how the sending of
   Unsolicited Commercial E-Mail ("spam") can generate a number of
   negative effects. In addition, numerous surveys cited herein show
   that the vast majority of publicly-available mailing lists and Netnews
   groups similarly abhor spam. The advertiser's first step should
   always be to determine which avenues are appropriate for advertising.
   Then, advertisers much determine which avenues are appropriate for
   EACH SPECIFIC ADVERTISEMENT. Advertisers are faced with the task of
   determining which Netnews groups accept ads, then of those,
   which groups are of a topic to which the proposed advertising is
   relevant. Similarly, the same work should be done for mailing lists.
   Advertisers should take some level of comfort in the fact that there
   *are* Netnews groups and mailing lists which welcome advertising -
   finding them is a worthwhile investment of the advertiser's time
   and resources.

   For assistance in locating such advertising-friendly websites,
   mailing lists, and Netnews groups, advertisers can consult existing
   ethical and responsible Internet advertisers. Alternatively,
   any low- or no-cost research resource or search engine can be
   employed to find those groups and lists. BUT UNDER NO CIRCUMSTANCES
   SHOULD AN ADVERTISER PURCHASE A MAILING LIST AND START MAILING!
   There are other reasons which will be addressed further into this
   document, but to engage in such activity opens the advertiser to
   the liabilities and negative ramifications previously stated. Such
   negative conditions cause increased costs to the seller/advertiser,
   when the risks (loss of connectivity, defense against litigation,
   avoiding discovery, etc...) are factored into an advertiser's
   overall operation. In short, it is in the best interests of the
   seller and advertiser to ensure that the proper audience is
   targeted, prior to any further steps.


6. Reaching the audience

   Once the prospective advertiser has determined a target market for
   a specific advertisement, a manner of advertising must be selected.
   While these are too numerous to mention, this document concerns
   itself only with those that apply to the ethical use of Internet
   resources. Of those, the pertinent ones to be examined are:

        -   A dedicated website or web page

        -   Advertisement placed on a "shared" advertising site
            (placing an advertisement on an established web-page
            which caters to people that indicate a potential
            for interest in (a) specific type(s) of product(s).
            Such advertisements can take the form of text, links,





Gavin, et al               Expires: 1Apr2000                    [Page 7]


Internet Draft          Advertising Responsibly           September 1999


            "Click-Through Banners", or other.

        -   Netnews posting

        -   Targeted E-Mail messages

   Note that any manner of blind broadcast (distribution-based)
   advertising which does not involve the targeting of the recipients
   is not considered responsible.

   Once the advertiser has determined the medium for reaching their
   target audience, there are key points to be considered, each being
   specific to the medium of advertisement:

   A.   Dedicated website or web page

        Advertisers have the option of creating a dedicated website, or
        a page within another site for their advertisement. If, from a
        technical standpoint, an advertiser is unsure of the process for
        creating such a website, there are numerous resources available
        to provide assistance. From no-cost avenues such as
        instructional websites; to low-cost resources such as books,
        videotapes or classes; to full-service businesses and
        consultants who can advise advertisers throughout the entire
        scope of the website/web page design, implementation and hosting
        process (or any part thereof), there is a solution available
        for every type of site and cost-structure.

   B.   "Shared" Advertising website

        Advertisers have the option of placing their advertisements on
        a website operated by a third-party. For advertisers with an
        immediate need, such sites (also called "Electronic Malls",
        "E-Shops" or other names) have several advantages. In some
        cases, a shared site can be more cost-efficient than building
        a dedicated website. Many sites will target a specific market
        (refer to Section 5 of this document). By using existing
        resources, advertisers can avoid the cost and burden of
        owning their own site. Many websites will target a specific
        advertisement to a specific audience, thus providing much of
        the research for the prospective advertiser, and providing
        the advertiser the means with which to reach the most receptive
        audience. Additionally, advertisements from such advertising
        sites can be integrated into a larger context, such as
        supporting free e-mail services, Internet access, or news
        broadcasts. Such integration can lend a level of credibility
        to an advertising effort that might not exist otherwise.

        Some notes on the use of any type of website for advertising:





Gavin, et al               Expires: 1Apr2000                    [Page 8]


Internet Draft          Advertising Responsibly           September 1999



        Regardless of what method an advertiser chooses to use for
        for advertising on the Web, there are some specific caveats
        regarding customer interactions:

             First, the advertiser must ensure that their contact
             information - name, phone, e-mail address - are all clear
             and available;

             Second, advertisers should take care in creating forms
             which gather information about customers, as there is
             concern in the United States and other countries about
             gathering information from minors without parental consent.
             There is also concern about grabbing dynamic information
             via persistent state information;

             Third, if advertisers DO gather information about people
             and plan to use it for marketing in ANY way, advertisers
             must be VERY clear to specify their plans as people
             submit their information.

   C.   Netnews and E-Mailing list group postings

        If an advertiser has selected newsgroups as a targeted medium,
        there are critical preliminary determinations to be made. The
        accepted presumption should be that a Netnews group will not
        welcome spam, although there are newsgroups which are
        advertising-friendly. However, the only way to determine whether
        a group welcomes a particular type or form of advertising is
        to either:

             -   read the Frequently Asked Questions (FAQ) to determine
                 what is specifically permitted or prohibited on that
                 particular group.

                 or

             -   ask the group by posting a message which briefly
                 notes how you intend to advertise your product. Do not
                 mention any product details in this message, merely ask
                 if the group would object.

                 or

             -   if it is a "moderated" newsgroup, send an e-mail to
                 the group's moderator. Many group moderators will have
                 a specific preference for how to deal with advertising,
                 through compilation, "digest" formats, or other.

        It is a recommendation that prospective advertisers read the
        groups to which they choose to post for a period before posting.
        Generally, an extended period of reading the messages in the


Gavin, et al               Expires: 1Apr2000                    [Page 9]


Internet Draft          Advertising Responsibly           September 1999



        group will give the advertiser an indication as to how their
        advertisement will be viewed or accepted on the group in
        question.

        However, this period of reading should not be used as a
        substitute for the suggestions above. Many groups will have
        specific instructions and/or requirements for posting
        advertisements. Advertisers who fail to meet those
        requirements will be undertaking irresponsible behavior,
        and will be subject to the effects thereof.

   D.   Compiled E-Mail Lists

        It bears repeating at this point: Let the Seller Beware. The
        material discussed in Section 4 of this document is
        particularly relevant in the consideration of E-mail, and
        the use of compiled lists of e-mail addresses for advertising.
        Advertisers should understand that they bear the responsibility
        for ensuring the proper targeting of their recipients; the
        proper display of their or their seller's identities; and the
        use of resources or systems only with the express permission
        of the owners of those systems.

        When faced with the task of collecting and compiling recipient
        information, one option that is frequently presented is that of
        pre-compiled mailing lists. Most often, these are advertised
        using the very method which is irresponsible, that of
        Unsolicited E-Mail. There are numerous reasons why these lists
        should not be used.

        Many suppliers create mailing lists from addresses which they
        have gathered in mildly to extremely unethical ways. Many of
        these list-makers rely on grabbing volumes of addresses without
        checking their legitimacy. In other words, they send out
        software robots to grab addresses they find in News or Mailing
        List archives which may be many years old! People change jobs,
        change ISPs, and change everything about themselves over time;
        trusting a third party for a mailing list is just not wise.

        It is known that some mailing list providers have created
        mailing lists from E-mail addresses of people who have asked to
        be REMOVED from their mailing lists.  They then sell these lists
        to other advertisers who think they're getting a list of people
        who will welcome the unsolicited information.

        Regardless of the source, however, advertisers and sellers bear
        the responsibility for maintenance of their lists. Purchasing a
        list from a third-party shifts the maintenance costs of that
        list onto the advertiser who uses it. Needless to say, this is




Gavin, et al               Expires: 1Apr2000                   [Page 10]


Internet Draft          Advertising Responsibly           September 1999



        only economical for mailing list vendor.

        Given these conditions, all evidence points to the fact that
        the greatest level of control of an advertiser's own success
        and liability rests with the advertiser themselves. This being
        the case, advertisers are faced with the task of compiling their
        own lists of willing recipients of Advertising-related E-Mail
        messages. As discussed previously, those leads which are
        generated by the advertiser are the most likely to have an
        interest in the advertisement, so they are also the least likely
        to protest the receipt of such advertisements via E-Mail. It
        is this circumstance that makes the use of an "Opt-In" list
        (refer to Section 7 of this text) to be perhaps the most
        successful method of advertising distribution on the Internet.


7. Opt-In Mailing Lists

   This document has laid out the basic facts of Internet Marketing;
   the advertiser bears the responsibility of their actions; there will
   always be recipients of that advertising who do not wish to receive
   it; there are reactions to every responsible and irresponsible act.
   Given these considerations, and taking into account the central
   message of this document; that Internet Advertising *can* be a
   successful venture for everyone involved; there remains a key tool
   for the Internet advertiser to harness. Opt-In mailing lists provide
   the prospective Internet advertiser with the control they need over
   the list of their prospective target audience (validity of e-mail
   address; applicability to the intended product; willingness to
   receive advertising via e-mail).

   Opt-In mailing lists are consistently shown to be more effective in
   starting and maintaining customer relationships than any other type
   of Internet advertising; studies have shown Opt-In mailing to be
   Eighteen (18%) Percent more effective than Banner advertising [5].
   It is so successful because the recipients of those E-mailed
   advertisements made a specific effort to receive them, thus
   indicating their interest in receiving information about products
   which the recipient felt were of interest to themselves.

   Advertiser's wishing to employ Opt-In mailing lists in their
   advertising can turn to several resources for assistance. If an
   advertiser operates their own website or web page, they already
   possess the most important facet, a web presence with which to
   invite participation in the Opt-In list. If the advertiser chooses
   to use a shared website for their product, they can also utilize
   an Opt-In data gathering mechanism. There are numerous forms and
   technologies that can be employed to build an Opt-In list - this





Gavin, et al               Expires: 1Apr2000                   [Page 11]


Internet Draft          Advertising Responsibly           September 1999



   document will not address them individually. Rather, the purpose
   of this section is to provide the advertiser with information
   which, when used, will help protect the advertiser, and make the
   advertising experience a successful one.

   A. Privacy

      As stated previously, advertisers should take care in
      gathering information from Opt-In participants. First and
      foremost, the person providing the information must be aware
      that they are doing so. By taking these preliminary steps,
      an advertiser decreases the risk of having any messages
      interpreted as spam. If, in submitting information for any
      purpose, the advertiser intends to use the submitted or
      inferred data for any mailings, there should be clear
      language indicating so. Furthermore, persons submitting data
      must be given the choice to "Opt-Out"; that is, to choose to
      submit the data but NOT receive any advertisements. A safe
      course of action is for the advertiser to configure their
      data-gathering so "Opt-Out" is the default; that is, to
      ensure that any members of the list have made a concerted
      effort to get onto said list. In nearly all cases, merely
      having a "check-box" available with the caption

         "Please send me E-Mail advertisements or
          announcements about your products."

      is sufficient.

      It is crucial that advertisers be aware that different
      jurisdictions deal with the collection of personal data
      differently - the burden of verification of these laws rests
      on the advertisers. For additional information on privacy,
      refer to Appendix C of this document.

   B. Integrity

      When maintaining a list where names can be submitted via some
      type of public or semi-public resource, such as a website,
      advertisers should take steps to verify every subscription to
      that list. There are key pieces of data that can be used to
      verify the integrity of a particular subscription request,
      but the only person who can attest to the genuineness of the
      actual act of subscribing is the owner of the E-Mail address
      which has been submitted.

      To protect themselves from the risk of inadvertently spamming
      an unsuspecting recipient, advertisers should immediately
      confirm any submission. In doing so, advertisers can satisfy




Gavin, et al               Expires: 1Apr2000                   [Page 12]


Internet Draft          Advertising Responsibly           September 1999



      all requirements for responsible confirmation of a subscription
      request. In addition, if a person's E-Mail address has been
      submitted to a list without the knowledge or permission of the
      owner of that E-mail address, immediate notification of that,
      and the receipt of supporting data, enables the owner of that
      account to act accordingly to protect their account from future
      wrongdoing.

      When generating confirmations, the following information must
      be provided to the subscriber:

         -     the E-Mail address subscribed

         -     the manner in which it was subscribed
               (website or mailing list address)

         -     the Date and Time of the subscription request
               (via NTP, for uniformity in future reference)

         -     the IP Address of the host which submitted
               the request

         -     the full headers of the subscription request
               (where applicable, such as mailing lists)

         -     the Name, website address, and contact E-Mail
               address of the advertiser

         -     instructions to the recipient as to how to
               permanently remove themselves from the list

      In addition, a well-represented business will make an effort
      to communicate this material in a way which the average
      recipient can understand and relate to, such as the following
      example:


           - - - - - - C O N F I R M A T I O N - - - - - - - - - - - -

           Thank you for your interest in Widget Sales!

           This is confirmation of your subscription request for the
           Widget Sales E-mail list.

           You are currently subscribed with this address:

                   foo@bar






Gavin, et al               Expires: 1Apr2000                   [Page 13]


Internet Draft          Advertising Responsibly           September 1999



           Your request was received via our website at

                   http://www.foo.bar/input.html

           If you did not submit this request, someone may have
           submitted it for you, or may be pretending to be you.

           If you wish to be removed from this list, Reply to this
           message with the word UNSUBSCRIBE as the body of the
           message.

           If you feel you were added to the list without your
           permission, the information below should be forwarded to
           your ISP's Administrative staff for follow-up, with an
           explanation of your concern.

           Widget Sales, Inc.            |         http://www.foo.bar/
           Responsible Internet          |                info@foo.bar
           Marketing - Made Easy!        |           cust-serv@foo.bar
           -----------------------------------------------------------

           Submission Information:

           Request received for foo@bar from 192.168.0.1 at
           06:41:55:13(GMT) on 07.03.1999 via

           http://www.foo.bar/input.html

           E-Mail headers follow:

           Received: from 01.anytown.dialup.bar.foo
           ([192.168.0.1]) by adshost.foo.bar
           (FooBarMail v01.01.01.01 111-111) with SMTP
           id <19990703054206.VDQL6023@77.anytown.dialup.bar.foo>
           for <marcel@foo.bar>; Sat, 3 July 1999 01:41:55 +0000
           From: Customer <foo@bar>
           To: mail-list@foo.bar
           Subject: Submision Request
           Date: Sat, 03 July 1999 01:41:55 -0400
           Organization: Zem & Zem Bedding Company, Inc.
           Reply-To: foo@bar
           Message-ID: <k???12qelNxp7Q=??3dbgLHWTLv@4??.bar>
           X-Mailer: FooBarMail HTTPMailer Extension 1.0.532
           MIME-Version: 1.0
           Content-Type: text/plain; charset=us-ascii
           Content-Transfer-Encoding: quoted-printable







Gavin, et al               Expires: 1Apr2000                   [Page 14]


Internet Draft          Advertising Responsibly           September 1999



   C. Protection

      Advertisers should be advised of certain measures they can take
      to protect themselves. Frequently, and especially when the
      traffic on a particular mailing list is low, a subscriber may
      forget that they had requested membership on that list. When a
      new message is sent and subsequently received, said recipient
      may lodge a complaint of spamming. If this situation is
      multiplied by several recipients, the advertiser and/or seller
      risks losing their Internet access, even if they have acted
      responsibly throughout the process.

      For this reason, advertisers should keep an archive of all
      submission requests which are received. This archive should be
      kept as diligently as the advertiser's operational data, and
      should be similarly safeguarded. Having such requests available
      will protect the advertisers from any reports of spamming,
      whether they are malicious, or the result of a genuine
      misunderstanding. For reasons that should be obvious, those
      messages should remain archived for a period that lasts AT
      LEAST as long as the list remains active. While this is not
      necessarily a requirement for responsible behavior, it is a
      measure of safety for the responsible advertiser.


8. Responsible Behavior

   Shotgunning a message doesn't really work in any medium, but it is
   much easier to do with the Internet than with paper mail or
   telephone solicitations. The steps which have been provided in
   this paper will assist the advertiser in creating a favorable
   environment for their work; in ensuring that they maintain a
   responsible presence on the Internet; and in targeting the types
   of customer and the methods to be used to reach those potential
   customers. Given these steps, there are some actions which should
   be avoided as the basis for any Responsible advertising presence
   on the Internet.

   DON'T advertise money-making opportunities that can, in any way,
   be construed as Pyramid or Ponzi schemes. (For information
   regarding those types of "investments", refer to Appendix 1 of
   this document)

   DON'T forge E-mail headers to make it look as if the messages
   originate from anywhere other than where they really originate.
   Particularly germane to this point is the fact that many domain
   owners have won litigation against advertisers who have used
   their domain name in an effort to conceal their true identity.





Gavin, et al               Expires: 1Apr2000                   [Page 15]


Internet Draft          Advertising Responsibly           September 1999



   DON'T send out any sort of bogus message to "cover" the intended
   activity, which is advertising. In other words, don't pretend that
   a personal message from the advertiser to someone else was sent
   to a mailing list by mistake so that the body of that message can
   be used to advertise, as in this example:

      Dear Tony - had a great time at lunch yesterday. Per your
      request, here's the information on the latest widget I
      promised [...].

   DON'T use aggravating statements such as "Our research shows you're
   interested in our product." Most recipients know this is usually
   a bogus claim. Use of it can rob any legitimacy that the
   advertisement may hold.

   DON'T create mailing lists from third party sources (see
   Section 6; Part D of this document, above).

   Enough negativity! Now for some helpful suggestions.

   DO create a lively signature which tells the minimum about the
   product/service. But keep it to 4 lines total (four lines is the
   maximum recommended length for signatures).

   DO participate in mailing lists and newsgroups which discuss
   topics related to the particular product/service. Advertisers
   will find people of a similar interest there and many potential
   customers. So long as an advertiser isn't offensive in their
   interactions with these groups they can find their participation
   quite rewarding.

   DO ask people if they want to be part of any mailing list that
   is created. Advertisers must be clear about their intentions of
   how they plan to use the list and any other information that
   is collected.

   DO tell people how list data has been gathered.  If recipients
   are signed up from a web page, make sure the prospective
   recipient is aware that they will be getting mail. Many web pages
   have getting mail selected as default. Our recommendation is that
   the default be that recipients do NOT wish to receive mailings -
   even if the prospective recipients find an advertiser's site of
   interest.

   DO respect the privacy of customers. Keep a mailing list private.
   For an advertiser to sell a mailing list is not responsible or
   ethical. In addition, if offering any type of online transactions,
   advertisers should take care to encrypt any sensitive information
   The addresses of the list members should never be viewable by the
   list recipients, to protect your list members' privacy.



Gavin, et al               Expires: 1Apr2000                   [Page 16]


Internet Draft          Advertising Responsibly           September 1999


   being taken from customers, such as Credit Card or other Payment
   information. Provide honest information regarding the methods
   being used to protect the customer's data.

   DO let recipients know how to remove themselves from a mailing list.
   Advertisers should make this as easy as possible.

   DO let people know for what purpose any data is being collected.
   Advertisers must ensure that their plans regarding data collection
   are legal.

   Advertisers and Sellers can check with the web site of the Better
   Business Bureau, which operates in the United States and Canada.
   (www.bbb.org) This organization has several programs and services
   which can help advertisers in those countries, and has other
   resources which will benefit advertisers of any nationality.

   "Advertisers should advertise responsibly the better mousetrap
   they have built, and the world will beat a path to their E-mail
   address."


































Gavin, et al               Expires: 1Apr2000                   [Page 17]


Internet Draft          Advertising Responsibly           September 1999


Appendices

   Most readers of this document are probably aware as to why
   "Pyramid" or "Ponzi" schemes are fraudulent, and in most places,
   criminal.  However, for those who do not, Appendix "A" is
   provided.

   For a topical review of Privacy law across multiple jurisdictions,
   including several sovereign nations, Appendix "B" provides some
   resources for advertisers or other interested parties.

A.1  The classic Pyramid

   In the classic Pyramid scheme, there is a list of a few people. A
   Participant sends money to one or all of them, and then shifts that
   person off the list and adds their own name. The participant then
   sends the same message to N people....

   The idea is that when a recipient's name gets to the special place
   on the list (usually at the "top" of the pyramid), they will get lots
   of money. The problem is that this only works for everyone if there
   are an infinite number of people available.

   As an example, examine a message with a list of four people where
   each participant sends US$5.00 to each; removes the first name, and
   adds their own name at the bottom. There may also be some content
   encouraging the participants to send "reports" to people who submit
   money. Presume the rules encourage the participants to send out lots
   of copies until they each get ten direct responses, 100 second level
   responses, etc., and claim there is a guarantee that the participants
   will earn lots of money fast if they follow the procedure.

   First, note that some person or group has to have started this. When
   they did, they got to specify all four names so it was probably four
   people working together to split any profits they might get from
   being the top of the pyramid (or maybe they send out four versions
   of the original letter with their name order rotated). In some cases,
   all names on the list have been proven to be the same person,
   operating under assumed business names!

   While the letters that accompany these things usually have all kinds
   of language about following the instructions exactly, the most
   rational thing for a participant to do if they decided to participate
   in such a thing would be to;

        (1) send no money to anyone else; and

        (2) find three other people and replace all the names on
            the list.





Gavin, et al               Expires: 1Apr2000                   [Page 18]


Internet Draft          Advertising Responsibly           September 1999



   But, presume that not just this participant, but everyone who ever
   participates decides to follow the "rules". To avoid the start-up
   transient, assume that it starts with one name on the list and for
   the next three layers of people, one name gets added and only after
   the list is up to four does any participant start dropping the
   "top" name.

   What does this look like after nine levels if everything works
   perfectly? The following table shows, for nine levels, how many
   people have to participate, what each person pays out, gets in, and
   nets.


      Level         People       Out          In        Net
      1                  1         0     $55,550    $55,550
      2                 10        $5     $55,550    $55,545
      3                100       $10     $55,550    $55,540
      4              1,000       $15     $55,550    $55,535
      5             10,000       $20     $55,550    $55,530
      6            100,000       $20      $5,550     $5,530
      7          1,000,000       $20        $550       $530
      8         10,000,000       $20         $50        $30
      9        100,000,000       $20           0        -20

   So if this scheme ever progressed this far (which is extremely
   unlikely) over 10,000 people would have made the "guaranteed"
   $50,000. In order to do that, One Hundred Million people (or over
   ten thousand times are many) are out twenty dollars. And it can't
   continue because the scheme is running out of people. Level 10
   would take One Billion People, all of whom have $20 to submit,
   which probably don't exist. Level 11 would take Ten Billion, more
   people than exist on the earth.

   Pyramid schemes are _always_ like this. A few people who start them
   may make money, only because the vast majority lose money. People
   who participate and expect to make any money, except possibly those
   who start it, are being defrauded; for this reason, such schemes
   are illegal in many countries.


A.2  What about Ponzi?

   A Ponzi scheme is very similar to a pyramid except that all of the
   money goes through a single location. This method of confidence fraud
   is named after Charles Ponzi, a Boston, Massachusetts "businessman"
   who claimed to have discovered a way to earn huge returns on money
   by buying international postal reply coupons and redeeming them in
   postage for more than their cost. Early "investors" in this scheme





Gavin, et al               Expires: 1Apr2000                   [Page 19]


Internet Draft          Advertising Responsibly           September 1999


   did get their promised return on investment, but with money that
   later investors were investing. Ponzi was actually doing nothing
   with the money other than deriving his own income from it, and
   paying latter investors' money to earlier investors.

   Notice the similarity to early pyramid participants, who "earn"
   money from the later participants.

   Just as pyramids always collapse, Ponzi schemes always collapse
   also, when the new people and new money run out.  This can have
   serious consequences.  People in Albania died and much of that
   country's savings were squandered when huge Ponzi schemes that
   "seemed" to be partly backed by the government collapsed.


A.3  So all multi-levels are evil?

   No, all multi-level systems are not the same, nor are they all
   "evil".

   If what is moving around is just money and maybe "reports" or the
   like that are very cheap to produce, then almost certainly it is a
   criminal scam.  If there are substantial goods and/or services being
   sold through a networked tier-system at reasonable prices, it is more
   likely to be legitimate.

   If the advertisement says participants can make money "fast",
   "easy" or "guaranteed", be very suspicious.  If it says participants
   may be able to make money by putting in lots of hard work over many
   months but there is no guarantee, then it may be legitimate. As
   always, if it seems "too good to be true", it probably is.

   If people are paid to recruit "members" or can "buy" a high "level",
   it is almost certainly a criminal scam.  If people are paid only for
   the sale of substantial goods and/or services, it is more likely to
   be legitimate.

   It may also be worthwhile to look at the history of the
   organization and its founders/leaders. The longer it has been around,
   the more likely it is to continue being around. If its founders or
   leaders have a history of fraud or crime, a person should think very
   carefully before being part of it.

B.1   Why Web Privacy?

   Directories, lists or other collection sources of personal data are
   the current informational "gold rush" for Internet Marketers. In the
   United States and other countries, there is no explicit guarantee
   of personal privacy. Such a right, under current legislation, stands





Gavin, et al               Expires: 1Apr2000                   [Page 20]


Internet Draft          Advertising Responsibly           September 1999


   little chance against certain electronic technologies. Some members
   of the global community have expressed concern regarding perceived
   intrusion into their personal privacy. Still, the collection and
   sale of such information abounds.

   Self-regulation by businesses utilizing the Internet is the first
   choice of legislators, commercial websites, and Internet aficionados.
   However, the profits to be made by selling personal information
   and by using these lists for advertisement purposes, often dissuades
   self-regulation.

   United States Senator Patrick Leahy, Ranking Minority member of the
   Judiciary Committee of the United States Senate (at the time of the
   writing of this document) states very succinctly why we should
   consider Internet Privacy:

      "Good privacy policies make good business policies. New
      technologies bring with them new opportunities, both for
      the businesses that develop and market them, and for
      consumers. It does not do anyone any good for consumers
      to hesitate to use any particular technology because they
      have concerns over privacy. That is why I believe that
      good privacy policies make good business policies."

   The Center for Democracy and Technology suggests Five Conditions
   that websites should use to be considerate of individual's
   rights to privacy:

        -   Notice of Data Collection

        -   Choice to Opt Out

        -   Access to Data to rectify errors

        -   Adequate Security of Information Database

        -   Access to contact persons representing the data collector

   Notice that the practice of data collection authorization can be
   accomplished using something as simple as an automated response
   E-Mail message. This will help assure prospective customers that
   an advertiser is a business of integrity.

   An additional consideration must be made for those businesses
   that intend to pursue international trade (do business across
   national boundaries). The European Communities have legislation for
   the flow of Personal Information. If an advertiser is interested in
   pursuing business interests across borders, and particularly if a
   business intends to solicit and/or share Personal Information, the





Gavin, et al               Expires: 1Apr2000                   [Page 21]


Internet Draft          Advertising Responsibly           September 1999


   advertiser/seller must be able to guarantee the same privacy
   considerations as a foreign counterpart, or as a business operating
   in the nation in which the advertiser is soliciting/performing
   their business.

   Other countries and their legislation are shown below:

   Germany     -     BundesDatenSchutzGesetz (BDSG)

   France      -     Commision nationale de l'informatique et de
                     libertes (CNIL)

   UK          -     Data Protection Act (DPA)

   Netherlands -     Wet PersoonsRegistraties (WPR)

   Australia   -     Privacy Act of 1998 (OECD DAta Protection
                     Guidelines)

   Canada      -     The Personal Information Protection and
                     Electronic Documents Act

































Gavin, et al               Expires: 1Apr2000                   [Page 22]


Internet Draft          Advertising Responsibly           September 1999


References

   [1] Hambridge & Lunde. RFC-2635. Internet Society. 1999

   [2] Internet Spam / UCE Survey #1.
       http://www.survey.net/spam1r.html . July 24, 1997

   [3] ISPs and Spam: the impact of spam on customer retention and
       acquisition. Gartner Group, San Jose, CA. June 14, 1999. Pg. 7

   [4] Steiner, P.  _New Yorker_.  July 5, 1993.  p.61.

   [5] Spam slam -- opt-in e-mail gains favor.
       http://www.zdnet.com/zdnn/stories/news/0,4586,2267565,00.html .
       May 28, 1999.



Authors' Addresses


   Edward T. Gavin
   Penn Ventilation, Inc.
   1370 Welsh Road
   North Wales, PA 19454
   tedgavin@worldnet.att.net

   Donald E. Eastlake 3rd
   IBM
   65 Shindegan Hill Road, RR #1
   Carmel, NY 10512
   dee3@us.ibm.com

   Sally Hambridge
   Intel Corp
   2200 Mission College Blvd
   Santa Clara, CA 95052
   sallyh@ludwig.sc.intel.com


Acknowledgements and Significant Contributors

   JC Dill                                  Barbara Jennings
   jcdill@vo.cnchost.com                    Sandia National Laboratories

   Albert Lunde                             April Marine
   Northwestern University                  Internet Engines, Inc.







Gavin, et al               Expires: 1Apr2000                   [Page 23]