UCE Fallout - Newsletter/Mailing List Confirmations are SPAM? 36
battlemage asks: "According to
this
Article [heise.de; Google translation - pretty unreadable], a german court decided on 9/19/02 that the common confirmation E-Mails sent to new subscribers of newsletters could be considered unsolicited e-mail, aka SPAM, if they are sent to somebody who did not actually subscribe. According to German laws, this could actually mean fines for the site running the newsletter. They said it was the site owners obligation to prove that somebody actually requested such e-mail. The question is, how would that be possible without e-mail and without cost-intensive Passport/ID/CreditCard-Checks? I do work on a website in my free-time, and we would probably like to offer newsletters in the future, but I'm now unsure how we could do that." Mailing list and newsletter admins in other countries might do well to keep an eye on this in case such laws migrate to their area.
Re:Do it like the list servers. (Score:2, Insightful)
It sounds like the problem list operators face is that Person A may forge a subscription request from Person B (say, as a prank). The confirmation letter that Person B receives but did not request is considered actionable spam. This places the list operator in a pickle.
The irony is that the confirmation letter is the primary mechanism to prevent pranksters from signing up thier targets en masse to a series of mailing lists.
I think the intention is to punish those who send confirmation messages for which there is no outside subscription request as spam. That is, remove prankster Person A from the above sequence, and insert the list operator in their place. Such a scenario is similar to the "you've been preapproved to receive this blah blah; call 900-xxx-xxxx with confirmation number" type of snail-mail spam we receive.
I would think the list operator could probably shed liability in the prankster case by claiming that the subscribe request was made under false pretenses, and so the list operator himself was defrauded. Thus, the spam is the liability of the person sending the forged subscription request and not the list operator or the recipient.
--JoeJust an idea... (Score:3, Insightful)
What about going full-disclosure about it?
What about providing all the details of the request in the confirmation email, including timestamp, IP adress, browser ID, referrer, etc?
In that way, the recipient can see who was responsible for signing up and can take out their issues on them.
Of course, the operator of the mailing list should be ready and willing to provide the same information under oath to a court of law.
TOU (Score:3, Interesting)
These are just some ideas on how to take care of it. Unfortunately, there's no real way to do this on the client side....at least none of which I can think.
email the newsletter first (Score:1)
Subscribe via mail (Score:2)
This might be a Good Thing for another reason. Whitelist antispam solutions can auto-subscribe you to mailing lists, if the list works by send out a 'reply to join' message after you fill in a web page. If that practice was banned, implementing white lists would be safer.
-Baz
Human translation (Score:5, Informative)
After companies offering e-cards, now senders of online newsletter could face extinction. In the opinion of the Berlin regional court, the unsolicited sending of a newsletter subscription by e-mail is an illegal advertisement.
The applicant for the decision from September 19th, 2002, had received an e-mail, in which he was asked to click an activation link in order to be added to a newsletter mailing list. If he did not wish to be added, he should just delete the mail. The applicant considered this UCE and requested a cease & desist against the operator of the information service.
The court confirmed in its decision again the current public opinion that the unsolicited sending of an e-mail with commercial contents constitutes an illegal interference with the business of companies receiving them. Private persons also have a right to be spared from such mails as stated in 1004, 823 sect. 1 of German Civil Law.
The newsletter operator's objection that the applicant had signed in for the mailing list himself was not accepted by the court. In its opinion, the operator must prove that the applicant signed in personally. This couldn't be proved by the provider. The decision is seen controversially among jurists. The opt-in method for newsletters the decision is based on is used widely throughout the internet and was considered legally unobjectionable up to now.
Just to put this clear... (Score:4, Informative)
The newsletter operator used the standard procedure: Subscribe on the website, get a confirmation mail, reply to the mail. In the court's opinion, the problem is: Someone signs up for you, you get a confirmation mail you didn't ask for, so this is spam, so this is illegal. The only way to circumvent this would probably be digital signatures used during subscription.
By the way: Yes, this decision is also considered crazy among German geeks.
Re:Just to put this clear... (Score:2, Interesting)
So do I. I consider them "the usual spam", nothing more, nothing less. I also get fake "Reply to your question" spam. Does that mean we have to outlaw all Reply buttons in e-mail clients?
I agree with you in that the system - like so many others - can be exploited. The problem is that forbidding it does (in my opinion) more harm than good. What we have to do is go against spam and the spammers, not shut down the channels they (might) abuse.
Don't mix up the medium with the message. Don't shoot the messenger.
Re:Just to put this clear... (Score:1)
Re:Just to put this clear... (Score:1)
As was already mentioned in another thread, e-mail headers can be faked ad libitum, so none the better...
Re:Just to put this clear... (Score:1)
Re:Just to put this clear... (Score:4, Interesting)
But surley the site operator had the subscribers IP address as well? I know a few times when I've joined mailing lists via the web, I've received an email along the lines "A request was made at xx-xxx-xx xx:xx:xx from IP address xx.xx.xx.xx to subscribe you to this mailing list. To confirm your subscription, please reply to this mail or click this link. If this subscription is in error, you do not need to do anything".
This way both parties have knowledge of who attempted the sign up: if the email account owner claims the message is spam, then at least the mail-admin has got a third-party to blame.
Re:Just to put this clear... (Score:2)
I get a different IP address every time I dial up my ISP. And then there's proxies...
Re:Just to put this clear... (Score:2)
Some proxies (like the ones provided by ISPs) also log the IP making the request along with a time stamp.
A definition of spam (Score:3, Informative)
-russ
Well it really is spam... (Score:2)
Re:Just to put this clear... (Score:1)
Untill I recalled this email "Thanks for subscribing to the SuperPorn eMail Newsletter. To confirm blah blah blah". This clearly was Spam disguised as a confirmation eMail. My tip (and what I and a lot of people do) is to log the IP of the inital submitter. I want to know more about this specific case until I cry "idiot judges". It could have been someone sending spam disguised as confirmations.
Just a thought -- Alex
subscribing as other person.. (Score:2)
like, it's not legal to order pr0n to your teacher.. with teacher as the paying recipent..
Apologies from those who don't sprecche.... (Score:2, Informative)
In otherwords, it wasn't a confirmation letter, it was an invitation. As well, if the e-mail had stated specifically that it was a confirmation and that the user had to have given them reason to send the e-mail, this case wouldn't have gotten as far as the court steps.
a possibility: pgp (Score:2)
pgp keys could solve this, if tied to a certified third-party the way they are supposed to be. they could (should) eventually replace passwords altogether, with or without a period of secondary usage (secondary password, instead of maiden name).
problem is most people (even a large number of
Re:a possibility: smarter courts? (Score:2)
See how quickly a good idea (outlaw spam) can become a dumb idea (impede desirable mail)?
Email this a friend (Score:2, Insightful)
If I understand the ruling, if Person A causes site B to send an email to Person C, then Site B spammed Person C.
How is this any different than the Email a friend feature of many sites?
Interesting But a quick fix is there (Score:3, Insightful)
Due to the stringent confusing laws in Germany this site cannot afford the potential of being held liable for spam in Germany therefore you must use another e-mail account like those you can get for free at yahoo.com or yada yada.
Seems you would at least be doing your part to make sure no one is using your site to flood someone elses mailbox.
How can you ever reply to an email (Score:2, Insightful)
It makes one wonder. The purpose of the confirmation is *specifically* to keep the addresse from getting unsolicited emails. Making that UCE, it just plain silly.
Interesting Idea (Score:2, Interesting)
Has anyone thought of this before?
Re:Interesting Idea (Score:1)
If you had said "it's called 'Usenet'," I might have been able to partially agree.