Slashdot Mirror
UCE Fallout - Newsletter/Mailing List Confirmations are SPAM?
battlemage asks: "According to
this
Article [heise.de; Google translation - pretty unreadable], a german court decided on 9/19/02 that the common confirmation E-Mails sent to new subscribers of newsletters could be considered unsolicited e-mail, aka SPAM, if they are sent to somebody who did not actually subscribe. According to German laws, this could actually mean fines for the site running the newsletter. They said it was the site owners obligation to prove that somebody actually requested such e-mail. The question is, how would that be possible without e-mail and without cost-intensive Passport/ID/CreditCard-Checks? I do work on a website in my free-time, and we would probably like to offer newsletters in the future, but I'm now unsure how we could do that." Mailing list and newsletter admins in other countries might do well to keep an eye on this in case such laws migrate to their area.
Write it into the terms of usage agreement for joining the newsletter that the user agrees to accept a confirmation e-mail to a user-specified e-mail address. To protect the user, create a server-side database that monitors sign-ups and disallows multiple-signups within a 24-hour period. Additionally, accounts for which no confirmation is received in, say, a 72-hour period would then be moved to an "unconfirmed" database. A user would get a second chance to join and ask for confirmation on this address and, if still unconfirmed, the account would be marked void.
These are just some ideas on how to take care of it. Unfortunately, there's no real way to do this on the client side....at least none of which I can think.
So do I. I consider them "the usual spam", nothing more, nothing less. I also get fake "Reply to your question" spam. Does that mean we have to outlaw all Reply buttons in e-mail clients?
I agree with you in that the system - like so many others - can be exploited. The problem is that forbidding it does (in my opinion) more harm than good. What we have to do is go against spam and the spammers, not shut down the channels they (might) abuse.
Don't mix up the medium with the message. Don't shoot the messenger.
But surley the site operator had the subscribers IP address as well? I know a few times when I've joined mailing lists via the web, I've received an email along the lines "A request was made at xx-xxx-xx xx:xx:xx from IP address xx.xx.xx.xx to subscribe you to this mailing list. To confirm your subscription, please reply to this mail or click this link. If this subscription is in error, you do not need to do anything".
This way both parties have knowledge of who attempted the sign up: if the email account owner claims the message is spam, then at least the mail-admin has got a third-party to blame.
People who run news servers or list servers or whatever could, instead of sending out emails, run their own, kinda, pop server. People wouldn't send emails to it, but when you wanted to check the latest update or whatever, your email client would check the server for email and if there was an update, well it'd be there waiting for you.
Has anyone thought of this before?