Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Spam

UCE Fallout - Newsletter/Mailing List Confirmations are SPAM? 36

Posted by Cliff from the even-innocent-communication-is-now-suspect dept.
battlemage asks: "According to this Article [heise.de; Google translation - pretty unreadable], a german court decided on 9/19/02 that the common confirmation E-Mails sent to new subscribers of newsletters could be considered unsolicited e-mail, aka SPAM, if they are sent to somebody who did not actually subscribe. According to German laws, this could actually mean fines for the site running the newsletter. They said it was the site owners obligation to prove that somebody actually requested such e-mail. The question is, how would that be possible without e-mail and without cost-intensive Passport/ID/CreditCard-Checks? I do work on a website in my free-time, and we would probably like to offer newsletters in the future, but I'm now unsure how we could do that." Mailing list and newsletter admins in other countries might do well to keep an eye on this in case such laws migrate to their area.
This discussion has been archived. No new comments can be posted.

UCE Fallout - Newsletter/Mailing List Confirmations are SPAM? More

UCE Fallout - Newsletter/Mailing List Confirmations are SPAM?

Comments Filter:

  • Just an idea... (Score:3, Insightful)

    by Xner ( 96363 ) on Tuesday December 17, 2002 @05:57AM (#4905985) Homepage
    My knowledge of the german language is sketchy, my knowledge of german law is absolutely non-existent. I would like though to try and propose a possible work-around.

    What about going full-disclosure about it?
    What about providing all the details of the request in the confirmation email, including timestamp, IP adress, browser ID, referrer, etc?

    In that way, the recipient can see who was responsible for signing up and can take out their issues on them.

    Of course, the operator of the mailing list should be ready and willing to provide the same information under oath to a court of law.

  • TOU (Score:3, Interesting)

    by Trane Francks ( 10459 ) <trane@gol.com> on Tuesday December 17, 2002 @06:03AM (#4906006) Homepage
    Write it into the terms of usage agreement for joining the newsletter that the user agrees to accept a confirmation e-mail to a user-specified e-mail address. To protect the user, create a server-side database that monitors sign-ups and disallows multiple-signups within a 24-hour period. Additionally, accounts for which no confirmation is received in, say, a 72-hour period would then be moved to an "unconfirmed" database. A user would get a second chance to join and ask for confirmation on this address and, if still unconfirmed, the account would be marked void.

    These are just some ideas on how to take care of it. Unfortunately, there's no real way to do this on the client side....at least none of which I can think.
  • you could have the newsletter subscribers email the newsletter maker first, with something like "subscribe" in the subject line. of course, theres always the possibility of forged email headers, making it seem like the email is coming from someone else, but i imagine that would be eaisier to defend in court
  • Its incredibly easy to implement; when they submit their details, give them a link to an email whose subject or address contains a confirmation key.

    This might be a Good Thing for another reason. Whitelist antispam solutions can auto-subscribe you to mailing lists, if the list works by send out a 'reply to join' message after you fill in a web page. If that practice was banned, implementing white lists would be safer.

    -Baz

  • Human translation (Score:5, Informative)

    by soegoe ( 580877 ) on Tuesday December 17, 2002 @06:19AM (#4906038)
    Court forbids sending unsolicited newsletter activation mails

    After companies offering e-cards, now senders of online newsletter could face extinction. In the opinion of the Berlin regional court, the unsolicited sending of a newsletter subscription by e-mail is an illegal advertisement.

    The applicant for the decision from September 19th, 2002, had received an e-mail, in which he was asked to click an activation link in order to be added to a newsletter mailing list. If he did not wish to be added, he should just delete the mail. The applicant considered this UCE and requested a cease & desist against the operator of the information service.

    The court confirmed in its decision again the current public opinion that the unsolicited sending of an e-mail with commercial contents constitutes an illegal interference with the business of companies receiving them. Private persons also have a right to be spared from such mails as stated in 1004, 823 sect. 1 of German Civil Law.

    The newsletter operator's objection that the applicant had signed in for the mailing list himself was not accepted by the court. In its opinion, the operator must prove that the applicant signed in personally. This couldn't be proved by the provider. The decision is seen controversially among jurists. The opt-in method for newsletters the decision is based on is used widely throughout the internet and was considered legally unobjectionable up to now.

  • Just to put this clear... (Score:4, Informative)

    by soegoe ( 580877 ) on Tuesday December 17, 2002 @06:25AM (#4906055)
    Okay, some people don't seem to "get" the problem stated in the article, so just for clarification:

    The newsletter operator used the standard procedure: Subscribe on the website, get a confirmation mail, reply to the mail. In the court's opinion, the problem is: Someone signs up for you, you get a confirmation mail you didn't ask for, so this is spam, so this is illegal. The only way to circumvent this would probably be digital signatures used during subscription.

    By the way: Yes, this decision is also considered crazy among German geeks.

    • That's not the only way. The list operator could just move the opt-in procedure to an email system (to:list, subject:subsribe) instead of the webpage, which makes more sense than that other option you mentioned.
      • The list operator could just move the opt-in procedure to an email system

        As was already mentioned in another thread, e-mail headers can be faked ad libitum, so none the better...

        • Some verification is probably a better legal defense than no verification.

          • Re:Just to put this clear... (Score:4, Interesting)

            by beebware ( 149208 ) on Tuesday December 17, 2002 @10:21AM (#4906777) Homepage

            But surley the site operator had the subscribers IP address as well? I know a few times when I've joined mailing lists via the web, I've received an email along the lines "A request was made at xx-xxx-xx xx:xx:xx from IP address xx.xx.xx.xx to subscribe you to this mailing list. To confirm your subscription, please reply to this mail or click this link. If this subscription is in error, you do not need to do anything".

            This way both parties have knowledge of who attempted the sign up: if the email account owner claims the message is spam, then at least the mail-admin has got a third-party to blame.

    • Here's a definition of email spam [crynwr.com]. A confirmation isn't bulk, so it's not spam. Did anybody make that point to the judge? That spam is not just any old unwanted email?
      -russ
    • but the perpetrator is the person who signed up for you, not the newsletter operator. Correct remedy is make the request forger liable.
    • I am a German Geek, and thought this was crazy...

      Untill I recalled this email "Thanks for subscribing to the SuperPorn eMail Newsletter. To confirm blah blah blah". This clearly was Spam disguised as a confirmation eMail. My tip (and what I and a lot of people do) is to log the IP of the inital submitter. I want to know more about this specific case until I cry "idiot judges". It could have been someone sending spam disguised as confirmations.

      Just a thought -- Alex
  • ..is fraud, yeah?

    like, it's not legal to order pr0n to your teacher.. with teacher as the paying recipent..
  • But aside from that, this company actually did not send this e-mail solicited.

    In otherwords, it wasn't a confirmation letter, it was an invitation. As well, if the e-mail had stated specifically that it was a confirmation and that the user had to have given them reason to send the e-mail, this case wouldn't have gotten as far as the court steps.
  • most sites still need to confirm that an email address exists, but many of them deliver plain-text passwords.

    pgp keys could solve this, if tied to a certified third-party the way they are supposed to be. they could (should) eventually replace passwords altogether, with or without a period of secondary usage (secondary password, instead of maiden name).

    problem is most people (even a large number of /. readers) don't have keys, and many who do (like myself) have not bothered to register them with big validation groups.
    • This could be the fault of dumb laws or confused judges, it is unclear here. But unless you agree in principle with the court's ruling, the absolute best thing would be to deal with the source of the problem --- and it's not the newsletters! Authentication and signatures and so on are a long way from practical use, and surely they're unnecessary here. A responsible mailer requires confirmation from the user (authentication) and does nothing further if none is forthcoming. Sounds pretty good.

      See how quickly a good idea (outlaw spam) can become a dumb idea (impede desirable mail)?

  • Email this a friend (Score:2, Insightful)

    by tdemark ( 512406 )
    Wouldn't this ruling make all "Email this to a friend" links illegal?

    If I understand the ruling, if Person A causes site B to send an email to Person C, then Site B spammed Person C.

    How is this any different than the Email a friend feature of many sites?

  • Interesting But a quick fix is there (Score:3, Insightful)

    by pauldy ( 100083 ) on Tuesday December 17, 2002 @10:14AM (#4906725) Homepage
    if the last 3 digits of the email are .de the redirect the user to a page that says something to the effect.

    Due to the stringent confusing laws in Germany this site cannot afford the potential of being held liable for spam in Germany therefore you must use another e-mail account like those you can get for free at yahoo.com or yada yada.

    Seems you would at least be doing your part to make sure no one is using your site to flood someone elses mailbox.
  • How can you ever reply to an email? If the FROM header is forged (or even the REPLY-TO) a reply of any sort would be unsolicited. Otherwise, I'd say, let people subscribe by email (instead of through the web) then the reply would be solicited.

    It makes one wonder. The purpose of the confirmation is *specifically* to keep the addresse from getting unsolicited emails. Making that UCE, it just plain silly.

  • Interesting Idea (Score:2, Interesting)

    by finity ( 535067 )
    People who run news servers or list servers or whatever could, instead of sending out emails, run their own, kinda, pop server. People wouldn't send emails to it, but when you wanted to check the latest update or whatever, your email client would check the server for email and if there was an update, well it'd be there waiting for you.
    Has anyone thought of this before?

Slashdot Top Deals

Never test for an error condition you don't know how to handle. -- Steinbach

Close