Weblogs: Spam

Anti-spam laws will legalise spam

Wednesday, July 02, 2003

The Register reports on Steve Linford's comments on the proposed legislation during the UK Spam Summit held yesterday, 1 July, in Westminster. In effect, the US' position of allowing opt-out mailings to be legalised will only increase the furious growth in spam volumes.

What the US hopes to achieve is a crackdown on unsolicited bulk email by legalising an apparently consumer friendly system - the opt-out system. In Linford's opinion, as well as my own and many other anti-spam groups, this will not lead to a reduction of spam, but rather opens the flood gates for more spam.

Opt-in

An opt-in system forces a recipent to opt himself out of every mailing list he has been signed up for. In this situation a recipient has no say as to which email lists he has been subscribed to, and so anyone with a bulk mailing can add this recipient to their lists.

Opt-in and spam volumes

At the moment 90% of all spam derives from a group of 200 hard core spammers. These spammers have the capability of sending out millions of pieces of spam each day - and every day. These guys know that over 99.9% of recipients of their mail don't want it, and never asked for it in the first place.

So 200 people are the sole reason why there's so much spam clogging up our email systems. Two hundred people are bringing the communications systems of half a billion people to their knees. Two hundred is a frightfully small number in Internet terms.

Now instead of 200 full-time spammers, imagine 23 million US businesses joining those ranks. Why would they join these ranks? Because US legislation has legalised opt-out emailing. They could send email to everyone that currently receives spam - because it has been legalised. Email recipients would have to opt-out of each and every one of the 23 million individual mailing lists. Can the Internet actually manage the load when 500 million people decide to opt-out of 23 million US business email lists? The numbers are astronomical, and bandwidth is a finite resource. It may actually take decades before people have actually opted out of all the mailing lists they don't want. How many people will want to spend twenty or thirty years continually opting out of mailing lists?

Because of the vast size of the Internet and the World Wide Web, an opt-out mechanism is not a feasible mechanism for maintaining a mailing list. Both the phenomenal increase in spam volume, and the phenomenal bandwidth requirement of 500 million people trying to opt out of one email is impossible to achieve, let alone sustain.

Opt-in

An opt-in process is marginally better but contains a massive flaw - accountability. Typically someone enters an email address in a form (be it an application form, or a newsletter subscription form) and that address is added to the mailing list.

However the problem with this method is that there is no confirmation that the email address actually belongs to the person entering it on the form, and so it is feasible for me to enter your email address into that form. You haven't consented to receving this email, but it pours into your inbox - this is the problem with pure opt-in email lists, the lack of proof that it is the recipient that entered their email address allows too much scope for spammers to add whomever they like to mailing lists under the guise of an opt-in list (leading to the understanding, "I'm sure you'd like my wares, so I'll opt you - and a million other email addresses - in myself.")

Confirmed opt-in

A confirmed opt-in system is the only way to sensibly manage email mailing lists. Basically a visitor enters their email address into a form, which when submitted sends a confirmation email to that email address. The confirmation email is a short email that informs the recipient that someone has entered this email address as wanting to sign-up for their mailing list, and lays out a confirmation process that the recipient uses to confirm that they actually indeed want to receive mail from this list. Only after the recipient has confirmed their email address and consent to receive email should that address be added to the mailing list.

For confirmed opt-in to work, two very important guidelines need to be met:

The confirmation email must be a confirmation email - and not any content normally sent via the mailing list. This is because the recipient hasn't confirmed their consent to receiving email, and thus you have no right to send them solicitations of any sort.
The confirmed opt-in mailing list requires a properly working and rapid means of unsubscribing. And that means when the recipient unsubscribes, no further email can be sent to that email address, since the recipient has withdrawn their consent to receiving your email.

An important point to note is that consent for one mailing list to send an email to a recipient is not transferable to another mailing list. So the mailing list owner should under no circumstances, without the recipient's consent, pass along their email address to any other party in any form or manner.

Recipient consent is the only way

The choice of what mailing lists to join should be solely up to the recipient - only the recipient owning an email address should have the right to choose what email he receives. It should always be the recipient's choice to decide to join an email list.

Confirmed opt-in, backed by international legal force is the only way of reducing the intolerable levels of spam. Legalising opt-out is a farce, and serves only to legitimise spamming.

Weblogs: Spam

Anti-spam laws will legalise spam

Opt-in

Opt-in and spam volumes

Opt-in

Confirmed opt-in

Recipient consent is the only way

Further reading on the UK Spam Summit: