UCE Fallout - Newsletter/Mailing List Confirmations are SPAM?

battlemage asks: "According to this Article [heise.de; Google translation - pretty unreadable], a german court decided on 9/19/02 that the common confirmation E-Mails sent to new subscribers of newsletters could be considered unsolicited e-mail, aka SPAM, if they are sent to somebody who did not actually subscribe. According to German laws, this could actually mean fines for the site running the newsletter. They said it was the site owners obligation to prove that somebody actually requested such e-mail. The question is, how would that be possible without e-mail and without cost-intensive Passport/ID/CreditCard-Checks? I do work on a website in my free-time, and we would probably like to offer newsletters in the future, but I'm now unsure how we could do that." Mailing list and newsletter admins in other countries might do well to keep an eye on this in case such laws migrate to their area.

Just an idea...

[Xner]

My knowledge of the german language is sketchy, my knowledge of german law is absolutely non-existent. I would like though to try and propose a possible work-around.

What about going full-disclosure about it?
What about providing all the details of the request in the confirmation email, including timestamp, IP adress, browser ID, referrer, etc?

In that way, the recipient can see who was responsible for signing up and can take out their issues on them.

Of course, the operator of the mailing list should be ready and willing to provide the same information under oath to a court of law.

Email this a friend

[tdemark]

Wouldn't this ruling make all "Email this to a friend" links illegal?

If I understand the ruling, if Person A causes site B to send an email to Person C, then Site B spammed Person C.

How is this any different than the Email a friend feature of many sites?

Interesting But a quick fix is there

[pauldy]

if the last 3 digits of the email are .de the redirect the user to a page that says something to the effect.

Due to the stringent confusing laws in Germany this site cannot afford the potential of being held liable for spam in Germany therefore you must use another e-mail account like those you can get for free at yahoo.com or yada yada.

Seems you would at least be doing your part to make sure no one is using your site to flood someone elses mailbox.

Re:Do it like the list servers.

[Mr+Z]

It sounds like the problem list operators face is that Person A may forge a subscription request from Person B (say, as a prank). The confirmation letter that Person B receives but did not request is considered actionable spam. This places the list operator in a pickle.

The irony is that the confirmation letter is the primary mechanism to prevent pranksters from signing up thier targets en masse to a series of mailing lists.

I think the intention is to punish those who send confirmation messages for which there is no outside subscription request as spam. That is, remove prankster Person A from the above sequence, and insert the list operator in their place. Such a scenario is similar to the "you've been preapproved to receive this blah blah; call 900-xxx-xxxx with confirmation number" type of snail-mail spam we receive.

I would think the list operator could probably shed liability in the prankster case by claiming that the subscribe request was made under false pretenses, and so the list operator himself was defrauded. Thus, the spam is the liability of the person sending the forged subscription request and not the list operator or the recipient.

--Joe

How can you ever reply to an email

[Chacham]

How can you ever reply to an email? If the FROM header is forged (or even the REPLY-TO) a reply of any sort would be unsolicited. Otherwise, I'd say, let people subscribe by email (instead of through the web) then the reply would be solicited.

It makes one wonder. The purpose of the confirmation is *specifically* to keep the addresse from getting unsolicited emails. Making that UCE, it just plain silly.