by Mike Masnick

Noticing The CAN SPAM Loopholes

from the those-are-some-mighty-big-loopholes-you've-got-there dept

The line between "legitimate email marketer" and "spammer" may be very fine indeed, but the way the CAN SPAM law is set up isn't doing anyone any favors. David Berlind notes one of the major loopholes that could allow a spammer to keep spamming you even after you've opted out. He received some spam that appeared to originate from a company closer to the "legitimate" side of the line (though, that could be questioned as well), and which appeared to follow the CAN SPAM rules about providing contact info and an opt-out. However, when he went to opt-out, the system displayed that he was on two separate lists, neither of which he signed up for. In both cases, it didn't say what those lists were. However, after he unsubbed from those lists, he realized that he could still review his profile. In other words, he was still in the spamming company's database, and there was nothing at all to stop them from simply adding him to other cryptically named mailing lists and force him to opt out again. He then called the contact name on the spam and found that the guy was perfectly useless in helping -- having no real answers and saying the best he could do was get him in touch with the spamming company's "IT guy."

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • identicon
    Charles Jolley, 6 Sep 2005 @ 4:59pm

    To comply with CAN-SPAM you must keep database inf

    CAN-SPAM requires that if you unsubscribe from a company, they can no longer contact you unless you opt-in again. This means that a company like this one that buys lists of emails needs to keep your information around so they know not to resubscribe you later.
    I'm not defending this company--I think they probably don't have their act together. But I am saying that keeping your information around may be part of them trying to comply with CAN-SPAM, not violate it.


    reply to this | link to this | view in chronology ]

  • identicon
    Pete Austin, 7 Sep 2005 @ 1:10am

    The sender has to keep details

    Charles is right. Here's the official advice in the UK which has similar rules: "If you have already been contacted by a company you do not wish to hear from, contact the company and tell them to stop sending marketing material to you. They are obliged to identify themselves in their messages and to provide a valid address for opt-out requests. Ensure you provide them with details of the number or email address that they contacted you on. This enables them to add those details to their suppression list which will ensure that they keep a record of your objection." PDF, Information Commissioner.

    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.