We are in the midst of developing a "do not market" system for our entire enterprise. This will live at the customer database level and will eventually appear on our web pages, VRUs, etc. Right now, if someone doesn't want spam, they can email us or opt-out over the phone. Their account is then flagged. Most of our "spam" is sent via a 3P provider. We currently only spam our customers and include all the required information in our spam. The 3P provider tracks the opt-outs, of which we have had a few. We've also had a few customers report us to the spam cops where we've been blacklisted.
The problem we still have is policing the spam sent from desktops - the lenders and bankers who are letting customers and prospects know about our great rates. Those are the ones that will get us in trouble. I believe our email filters can identify some of these and kick them back to the sender. We've also talked about setting up our filters to place the required notices on every email that is sent to the Internet.
Information Security has taken a big interest in our still draft Email Marketing Policy. Info Security's requirements have caused the slow down in the approval process -- although I agree with their requirements.
_________________________
Life is good.