I frequently get a particular kind of spam on my business account, originating from service providers trying to sell me their services.
Specifically, they appear to actually sign me up for an account on their system (I get emails addressed to what appears to be an account username), then I receive regular emails shilling their product or service, which have a footer that states: You have received this email as a registered user of (company). You can unsubscribe from these emails here
Obviously I’m not talking about the regular kind of email spam for penis enlargement pills, where the source is probably spoofed and the links are probably not what they claim to be - not that - this instead is spam from a traceable company with a web presence and a head office address and such.
Is it illegal (either in the USA where these typically originate, or the UK, where I live) to do this sort of presumptuous signup marketing?
I don’t think so. There’s no law that you can’t be declared a registered user of a web site without your permission. You haven’t agreed to anything, have no obligations. It’s just annoying to deal with. If it was the first step in an actual fraud, for instance trying to convince you that you have agreed to some financial obligation, then it could be illegal.
Such unsolicited e-mails are legal in the U.S., though the (supposedly legit) spammers have to give you an opportunity in their e-mails to opt out of receiving messages, not that everyone complies with the law.
In Europe and Canada you apparently have to opt-in for them to be able to spam you. Not sure about the U.K.
What could make that message illegal in the US is if the company does not provide the required information, such as opt out information, and a valid physical postal address. The opt out mechanism also has to work. Many similar “legitimate” spam I receive the opt-out does not actually work, as in it goes to a broken web page, or generates an error when submitting the opt-out page.
What I don’t see in the CAN-SPAM summary is any indication of how long the opt-out must be followed. I deal with many companies that will add me to new email marketing campaigns every six months or so. I opt out and stop receiving messages, but then 6-12 months later, it starts again.
The other ones I receive, which are almost certainly legal, but still annoying are “transactional” messages that are really just ads. For example, I’ll get an email “About your mortgage” where the only transactional part of the message is “you’re mortgage with us still exists,” followed by a series of ads for the bank’s other products. It seems to meet the definition of a transactional message, but provides no useful or actionable information about my account, just non-opt-out-able ads.
I assume these laws pertain to the location of the sender, rather than the recipient?
Personally (not that my opinion matters much), I think they should be treated the same as ‘inertia sales’ tactics, where companies used to mail non-customers their product, then bill them, with a note saying ‘if you don’t want to pay, send it back’ (this tactic is illegal now in the UK and USA).
Creation of an account in my name on some random company’s database should be opt-in, not opt-out.
A massive loophole in this US law (carried over from the Do-Not-Call law) is the exception if you have an ‘established business relationship’ with the business (are a customer). But this applies to subsidiaries or affiliated businesses of that business. And ‘affiliated’ can be stretched greatly: buying a company’s customer list to offer them a ‘special deal’, and paying that company a fee for each sale made will make you an affiliated business, so you can legally call or email their customers, even if they are on the Do-Not-Call list. That’s a really wide-open loophole!
In Canada, it’s not quite as easy as that website makes it look. Almost every day, I get spam messages from Air Canada, Coast Hotels, Marriott Bonvoy, and so on and so on and so on. Have I done business with these businesses? Yes. Do I want their spam? No. It is true that they must have an “unsubscribe” link, but it’s usually buried in the message, way down at the bottom of the message in the fine print, and if you can find it and unsubscribe, you get nothing else from them. Sounds good so far, but I want my airline and hotel confirmations, so I want those—and just those—but it doesn’t matter; if I opt to get confirmations, I get their spam all over again. No, Air Canada, I did fly you last October, but I do not want to go to London in the next three days, no matter how cheap your flights are.
I was asked for my e-mail address at a Coast Hotel in Edmonton, and I didn’t want to give it, because I knew I’d be spammed by Coast Hotels. I stated so. “Oh no, sir,” the desk clerk said. “It’s just so you’ll have a copy of your bill.” Like hell it was; I got a copy of my bill for that stay, but they have not stopped spamming me. I can opt out, but since an organization that I belong to organizes its quarterly conferences at Coast Hotels, everything resets when I check in, and I’m doomed to get one reservation confirmation for every 36 or more spam messages from Coast Hotels.
“Opt-In” in Canada basically means that if you want what businesses are offering, you have to opt-in. “Unsubscribe” may be buried in the fine print, but the minute you do more business with that company, “unsubscribe” is forgotten, and you’re back to deleting daily spam messages.
Most of the companies I have dealt with, where I ended up getting their marketing stuff after an actual transaction, the unsubscribe feature is granular so you can stop getting marketing mails, but still receive important messages directly related to the transaction (delivery updates, product recalls and such). I think in all of the cases for UK-based signups like this, there would have been some checkbox that I skipped past, where I could have opted out of those mails from the start.
But random company just presuming that I need to be signed up for their services rubs me completely the wrong way. I will go out of my way NOT to do business with a company that does that.
AFAI recall, the EU opt-in principle still applies in the UK, but it’s not impossible that it’s buried within the T&C tick-boxes and/or presented in a way that prompts you to Yes rather than No
Agreed - that’s for companies where you’re transacting with them and overlooking those tick-boxes, and they default to ‘yeah, I love spam’ (instead of explicitly showing you an empty tick-box and letting you choose ‘please spam me’.)
But the notion that it’s OK for a whole signup process to be performed by the company on your behalf, without any action or knowledge or consent of you the (prospective) customer, is just mindbogglingly wrong to me.
Here in the US the sign up process is meaningless since no opt in is required. If I have your email address I can start spamming you. I can register you if I want but it doesn’t mean anything, the registration is a charade.
I think it’s the implication that I chose to register that probably bugs me; ‘You have received this email as a registered user of StreamElements’ implies that I already use the service as a matter of choice.
Also my general mistrust of ‘unsubscribe’ links doesn’t help (in malicious emails, the unsubscribe link is usually the same target as the payload link, and in non-malicious, but still spammy spam, the unsubscribe link doesn’t typically unsubscribe you, but rather, registers that your mailbox is an active target for more spam.