Brands Beware: Affiliate Tricks Used In Email

Less than two years ago, I wrote an article for Brand Aid about display URL tricks used by affiliates and other brand hijackers in paid search ads. In that article, one of the tactics discussed, ‘tactic # 2’, was a misdirected display URL – where the display URL of the paid ad shows one domain, but the landing page is a completely different top level domain.

In that scenario, the typical landing page would contain the advertiser’s logo and look ‘official’ as if it were authorized or even owned by the brand holder through the use of colors and brand like design.

The website might prominently display a form for you to enter your email address in order to receive a prize such as a gift card or will ask you for more information about yourself, thus creating a ‘lead’ to be sold by an affiliate marketer.

Affiliates Misrepresent Your Brand Identity In Email

This tactic has an additional ploy – email. Yes, I am talking about SPAM, but a special kind of SPAM where the brand owner is unknowingly being exploited in unsolicited emails for the benefit of affiliate marketers with a tricky design, intended to skirt around the CAN SPAM act.

We have seen all sorts of brands exploited in this manner including phone providers, phone manufacturers, nationally known restaurant chains, computer brands, and major airlines. I am purposefully not mentioning any of these brands by name due to potential liabilities for them under the CAN SPAM act.

To refresh your memory, the CAN SPAM act sets out rules to govern email messages that promote or advertise commercial products or services.

The basic tenets of the act are:  not to be false or misleading in the header or subject, to allow recipients to opt-out, and to inform recipients of who you are, where you are located, and how to opt out.

The misdirected brand tactic for email uses the following clever ruse:

• A prominent brand is mentioned in the email with a call to action e.g. confirm your phone order for a [cell phone brand].
• The ‘from’ field contains an alias disguised to look like a subject such as ‘Travel Confirmation’.  You will need to view the email details to see the email address of the sender (which is an extra step if you use a free web mail account).  When you do that, the ‘from’ field will appear to come from an individual, probably a fake name, at a website that doesn’t display a web page and is registered as a private domain so that you can’t obtain the registration information.
• The message subject makes it look like you have already ordered something e.g. ‘please confirm reservation ABC123’
• The message body consists of 2 lines of text – no images.  Your email is the greeting line, followed by a message in the body such as ‘Please claim your promotional tickets on [a popular airline]:  Confirmation Code ABC123’. Like the sample shown below.

• The opt-out portion of the email appears below the fold, after scrolling through a yard of white space. You will then find 2 places to click to opt-out. The first will appear in text with a bogus address. The second will only appear if you enable images, and will contain a second different address embedded in a blurry image.
• If you click through on the link in the email, just like in the misdirected display URL trick, you are misdirected to a web page that appears to be an official site sanctioned by the brand with a logo and brand colors, but is actually designed by an affiliate marketer to obtain your email address or other personal information.
• Finally, opting-out of the email is not effective. The reason is because the affiliate is operating under multiple aliases. Opting out of a single alias does not opt you out of the others.

The ruse is compounded in that on the surface, it appears to be compliant with CAN SPAM, however it is not. In fact, violates several of the tenets of CAN SPAM laws:

1. It is false and misleading. The subject implies that you ordered something when you did not. The link leads to a brand imposter web site. Last, the domain from which it is sent is a private domain, thus violating the underlying spirit of being upfront as opposed to misleading.
2. It doesn’t provide a proper address. It is implied that the address provided should match the sender. However, there is no way to verify a match since the private domain makes it impossible to verify.
3. The Opt-out is Improper. While you can opt-out, the method violates the spirit of the act. Since the affiliate is using multiple aliases, you would need to opt-out from each alias at an incredible pace in order to keep up with the barrage of spam. Further, the opt-out is located after a lengthy stretch of white space, making it tough to find. Finally, opting-out may only be another clever way to confirm your email address and thus opt you in instead.

As Brand owners, you need to be aware of this tactic and monitor email vigorously for it.

The CAN SPAM act specifically makes it your responsibility to monitor email messaging. If your brand is identified in the email, you are just as culpable as the affiliate. The fine for violating the CAN SPAM act is up to $16,000 for each separate email. Monitoring costs a lot less than the penalty and will save the good will of your brand.