Ask the Expert: Anne P Mitchell, CEO and President, Get to the Inbox by ISIPP SuretyMail

August 01, 2023
Written by
Denis O'Sullivan
Opinions expressed by Twilio contributors are their own
Reviewed by
Ayanna Julien
Opinions expressed by Twilio contributors are their own
Alex Price
Opinions expressed by Twilio contributors are their own

Ask the Expert: Anne P Mitchell, CEO and President, Get to the Inbox by ISIPP SuretyMail

Countless myths abound in the world of email deliverability. That’s why there’s no one better to clear up these common misconceptions than the leading experts in the world of email. Every month, we’ll bring you a Q&A with leaders from inbox providers, spam trap networks, antispam systems, and more in our new Expert Series blog. 

In our seventh Expert Series blog, we’re chatting with Anne P. Mitchell. A graduate of Stanford Law School, Anne was the first email marketing and antispam attorney in the U.S. before going on to author a portion of our federal antispam law, the CAN-SPAM Act of 2003. Anne is the CEO and President of email reputation and deliverability assistance service Get to the Inbox by ISIPP SuretyMail.

 Now, let’s dive in.

11 questions with email marketing and antispam attorney Anne P Mitchell

1. Can you tell us a little about your company and provide some background on your career within email, cyberlaw, and cybersecurity?


I entered the world of email and email law when Paul Vixie brought me in as in-house counsel at Mail Abuse Prevention System, which, as you may know, was the first antispam blocklist. I oversaw the lawsuits filed against MAPS by spammers listed on the MAPS remote blocklist.

When I left MAPS a couple of years later, that same week, I received an offer from the incubator looking to create what eventually became Habeas. I was the only person at the time who had the legal background and the credibility with the internet service providers (ISPs), spam filters, and other email receivers, as well as the email marketers and other senders.

2. How did SuretyMail by the Institute for Social Internet Public Policy come to be? 

After I left Habeas, I decided to get out of the sender reputation game and start a purely email policy institute. However, the email marketers and email service providers (ESPs) kept asking me to start a sender reputation service. I started to hear the same from email receivers. 

So after a few months of hearing this from many different senders and receivers, I got it through my head that when the market keeps telling you what they want you to give them, you should probably give it to them. And so, I created SuretyMail.

3. You helped write part of the CAN-SPAM Act. How did you get involved, and what was your goal when contributing?  

The way it happened is pretty funny. I was on vacation at Disneyland with my family when I got a call from the former U.S. Sen. John McCain’s office saying they had an idea for an amendment to the not-yet-enacted CAN-SPAM Act that would address affiliate marketing. It would effectively make a brand unable to hide behind saying, “We didn’t send it, our affiliate did.” Sen. McCain’s office asked if I would be willing to write that amendment for them.  

Of course, I was, and I did. But I’ll never forget taking that call in the middle of Disneyland. My goal was to help the senator close that affiliate loophole, which we did.

4. What do some senders commonly misunderstand about CAN-SPAM ? 

Well, let’s face it: for the most part, CAN-SPAM is pretty weak. So it’s pretty hard to run afoul of it so long as you follow best practices about being honest with your information, including your headers and so on. 

That said, what some (if not most) senders misunderstand is the one-step unsubscribe requirement. There’s a one-step unsubscribe requirement in CAN-SPAM, but many senders still require several steps to unsubscribe, including clicking a link, entering an email address, and selecting from a menu of options.

5. Here’s a familiar question: Is this mail transactional or marketing? How do you differentiate these? 

From our definitions:
Transactional email is a single email that is sent by an email sender to one single primary email address, for the purpose of providing specific, unique information to the holder of that email address, and which content is not applicable to anyone else.
By contrast, marketing email is any email where there’s something in it, which, if acted upon by the recipient, benefits the sender (even if it also benefits the recipient), and which is applicable, or with little modification can be applicable, to others besides a given recipient.

Learn more about transactional and marketing email. Add Montana, Tennessee, Indiana, and Iowa, as all have data privacy laws coming online. As you may have heard (or read) me say elsewhere, this is what we expected: more and more states will pass a patchwork of laws until we reach a tipping point, and there's a federal law introduced. In fact, there are discussions surrounding an American Data Privacy and Protection Act.

All the state privacy laws are “data privacy laws,” not specifically email laws. Of course, your email address is one of those covered pieces of personally identifiable information (PII), along with things like your name, address, and date of birth. Each state privacy law, in some form or another, allows you to opt out of having your personal information used in, for example, targeted advertising. 

However, each state privacy law also (at least as of the time of writing) has a threshold the company must cross before the law applies to them. For example, having the records of at least 50,000 consumers, or 25,000 if it sells the records.

7. Some businesses decided after the introduction of the Global Data Protection Regulation to block European and UK visitors. Why is this a flawed strategy? 

Most of those businesses did this by IP geo-location. GDPR specifically lists IP addresses as one of the pieces of PII you may not take, note, store, or use without consent. So ironically, by blocking someone based on their IP address to get around GDPR, you violate GDPR.

8. With lead generation, cold outreach has long been a staple of building a business' database and sales pipeline. How, if at all, has new state legislation impacted this practice?

Cold outreach, a not-very-veiled euphemism for spam, can violate the new laws in some states, depending on how many email addresses you've collected. The thing that’s crucial to note is that while cold outreach may violate the laws of some states, it violates all of what we call the “laws of the ISPs” and the “laws of the ESPs.”  The most likely legal dangers in not confirming an email address stem from the sender getting the wrong email address, either intentionally or through a typo (confirming the email address is the only way to counter this). 

If you’re in a jurisdiction where it’s illegal to put someone’s email address on a mailing list without their consent (such as in the EU, the UK, and Canada ), every time you fail to confirm an email address, you risk legal repercussions if the email address that you have is someone else’s email address.

10. Every election season, inboxes get flooded with unsolicited political emails? Do political senders need to include an unsubscribe option in emails?   


Now, technically, political emails aren't commercial, so political senders don't have to follow the law. However, best practices dictate they need to include an unsubscribe option. And from a deliverability (and hey, manners!) standpoint, they need to because if someone wants to unsubscribe from your political email and they have no way to do so, they'll mark it as spam, which hurts your deliverability.

11. Google recently announced ending the Verified Sender Pilot Program for political campaigns. What was that program? Were there any findings? 

It was a program under which political campaigns could register with Google to demonstrate adherence to a particular set of best practices. Upon meeting the criteria, the political campaigns could bypass certain spam filtering (because following those best practices meant meeting Google’s definition of “not spam”). 

The findings were that not many campaigns were willing to stop spamming, so few signed up.

Thanks to Anne! And be sure to stay tuned each month, as we’ll chat with another expert in the world of email marketing to provide you with further insight into the ins and outs of email deliverability. 

Until next time, check out Twilio SendGrid’s email deliverability services packages to level up your email program with the help of a deliverability expert.

Recommended For You

Most Popular

Send With Confidence

Partner with the email service trusted by developers and marketers for time-savings, scalability, and delivery expertise.