UCE Fallout - Newsletter/Mailing List Confirmations are SPAM?

battlemage asks: "According to this Article [heise.de; Google translation - pretty unreadable], a german court decided on 9/19/02 that the common confirmation E-Mails sent to new subscribers of newsletters could be considered unsolicited e-mail, aka SPAM, if they are sent to somebody who did not actually subscribe. According to German laws, this could actually mean fines for the site running the newsletter. They said it was the site owners obligation to prove that somebody actually requested such e-mail. The question is, how would that be possible without e-mail and without cost-intensive Passport/ID/CreditCard-Checks? I do work on a website in my free-time, and we would probably like to offer newsletters in the future, but I'm now unsure how we could do that." Mailing list and newsletter admins in other countries might do well to keep an eye on this in case such laws migrate to their area.

Just an idea...

[Xner]

My knowledge of the german language is sketchy, my knowledge of german law is absolutely non-existent. I would like though to try and propose a possible work-around.

What about going full-disclosure about it?
What about providing all the details of the request in the confirmation email, including timestamp, IP adress, browser ID, referrer, etc?

In that way, the recipient can see who was responsible for signing up and can take out their issues on them.

Of course, the operator of the mailing list should be ready and willing to provide the same information under oath to a court of law.

TOU

[Trane+Francks]

Write it into the terms of usage agreement for joining the newsletter that the user agrees to accept a confirmation e-mail to a user-specified e-mail address. To protect the user, create a server-side database that monitors sign-ups and disallows multiple-signups within a 24-hour period. Additionally, accounts for which no confirmation is received in, say, a 72-hour period would then be moved to an "unconfirmed" database. A user would get a second chance to join and ask for confirmation on this address and, if still unconfirmed, the account would be marked void.

These are just some ideas on how to take care of it. Unfortunately, there's no real way to do this on the client side....at least none of which I can think.

Human translation

[soegoe]

Court forbids sending unsolicited newsletter activation mails

After companies offering e-cards, now senders of online newsletter could face extinction. In the opinion of the Berlin regional court, the unsolicited sending of a newsletter subscription by e-mail is an illegal advertisement.

The applicant for the decision from September 19th, 2002, had received an e-mail, in which he was asked to click an activation link in order to be added to a newsletter mailing list. If he did not wish to be added, he should just delete the mail. The applicant considered this UCE and requested a cease & desist against the operator of the information service.

The court confirmed in its decision again the current public opinion that the unsolicited sending of an e-mail with commercial contents constitutes an illegal interference with the business of companies receiving them. Private persons also have a right to be spared from such mails as stated in 1004, 823 sect. 1 of German Civil Law.

The newsletter operator's objection that the applicant had signed in for the mailing list himself was not accepted by the court. In its opinion, the operator must prove that the applicant signed in personally. This couldn't be proved by the provider. The decision is seen controversially among jurists. The opt-in method for newsletters the decision is based on is used widely throughout the internet and was considered legally unobjectionable up to now.

Just to put this clear...

[soegoe]

Okay, some people don't seem to "get" the problem stated in the article, so just for clarification:

The newsletter operator used the standard procedure: Subscribe on the website, get a confirmation mail, reply to the mail. In the court's opinion, the problem is: Someone signs up for you, you get a confirmation mail you didn't ask for, so this is spam, so this is illegal. The only way to circumvent this would probably be digital signatures used during subscription.

By the way: Yes, this decision is also considered crazy among German geeks.

Re:Just to put this clear...

[beebware]

But surley the site operator had the subscribers IP address as well? I know a few times when I've joined mailing lists via the web, I've received an email along the lines "A request was made at xx-xxx-xx xx:xx:xx from IP address xx.xx.xx.xx to subscribe you to this mailing list. To confirm your subscription, please reply to this mail or click this link. If this subscription is in error, you do not need to do anything".

This way both parties have knowledge of who attempted the sign up: if the email account owner claims the message is spam, then at least the mail-admin has got a third-party to blame.

Interesting But a quick fix is there

[pauldy]

if the last 3 digits of the email are .de the redirect the user to a page that says something to the effect.

Due to the stringent confusing laws in Germany this site cannot afford the potential of being held liable for spam in Germany therefore you must use another e-mail account like those you can get for free at yahoo.com or yada yada.

Seems you would at least be doing your part to make sure no one is using your site to flood someone elses mailbox.

A definition of spam

[Russ+Nelson]

Here's a definition of email spam. A confirmation isn't bulk, so it's not spam. Did anybody make that point to the judge? That spam is not just any old unwanted email?
-russ