Let Me Unsubscribe

Have you noticed that some spam email makes their unsubscribe link really hard to find, IF it even has one? And many of them, when you click it, requires you to have an account or asks for more information?

In an old version of this site, I had a post about this problem, where I noted I will simply mark these as spam and hope others do as well in order to knock down the reputation of those sources. The problem with this is many of these companies sending the spam use “email marketing” services that are really good about reputation management. So if a particularly egregious group of bad actors use a common provider that’s good at managing their reputation, you end up with a situation where you can’t block the source. And you may end up with a situation where you can’t even block the bad actor.

Here’s a cool thing that I learned: Making unsubscribe links hard to find, and the process onerous beyond a simple link/page may be illegal in the US and various other countries. This is part of the CAN-SPAM act :

You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.

That’s right, those spams must either accept a response requesting removal, or offer a single page that only asks for your email address. Asking for any other information or to log in to manage your subscriptions is a violation of the CAN-SPAM act. And I’ve seen a large number of these that require accounts (many of which I’m pretty sure I never had an account with).

But what is the agency that is responsible for enforcing this? Based on the URL where compliance information comes from, it appears to be the FTC . It appears that each violation can cost both the company who generated the spam and the company sending it $46,517. Yeah, both the originating company and the sender. That doesn’t seem like much for big companies with lots of money, but if many people can get these reported, that can really add up.

I’m considering taking more extraordinary steps to start dealing with these. Maybe if I run across future spam that requires managing account notification preferences to request not being spammed, I’ll start reporting them to the FTC. Unfortunately, this is something that I need to figure out as it appears the FTC changed the way they accept these reports and I’m not sure where everything is directed is the right place (references to fraud).