Slashdot Mirror
First Test of Utah Anti-Spam Law Dismissed
fwoomer writes "Apparently, Utah feels that once you've 'opted-in' you can't opt back out as fast as you've opted in. From the story: 'Gillman requested removal on May 14, 2002, from the e-mailing lists his visit to Audio Galaxy a month earlier had linked him to. Two days later, he received a Sprint ad, and on May 28 he filed suit. The court found his attempt to have himself removed from the lists was insufficient to void the pre-existing business relationship.' If he was receiving spam in May after 'opting in' in April, I don't see how it could be unreasonable to expect to be removed from lists as fast as he was added. Unfortunately there's not much detail in this story. A good read, nonetheless." I don't see how signing up with Audiogalaxy establishes a business relationship with Sprint, but, whatever. Presumably some of the other lawsuits filed are against people that have no possible claim to the receiver opting-in.
so businesses could group together, making the receipt of "email notifications" part of the terms of service... poof, no more opting out.
If you opt-in, it's quite easy to put an entry to the data entry department. If you opt-out, you need someone who's trained to delete (which believe it or not, is a big deal in the data entry industry).
Do you think that AudioGalaxy connects to all its partners in real time when it comes to sharing email addresses? If they generate a list for their partners every week, for example, wouldn't it make sense that it also takes at least a week to get off the list? I'm against spam but I'm also for common sense. Which this guy didn't seem to have when he gave permission to be emailed in the first place.
Most likely, the agreement to opting in to AudioGalaxy includes recieving offers from third parties.
Michael Loves Me!
Unfortunately there's not much detail in this story. A good read, nonetheless.
A "good read" has lots of details, not media bullshit. Remember that submitters and staff before posting a story please.
Pretty soon everyone in Utah is going to be getting spammed with extra wives.
:)
Well at least then the people in Utah will find a purpose for the "Add inches onto your member!" spam won't they?
Seriously though folks, this ruling can't be good for us, I hope the guy appeals, the last thing we need is precident for spammers.
The argument sounds a little on the weak side too, kind of like saying "You bought a car so you established a buisness relationship with Baskin Robins"... spam is not just spam people.
This was clearly outlined in paragraph 7 of page 83 of the AudioGalaxy Terms of Service. It's right below the paragraph outlining the rights to your lungs in case of death by bear mauling. I don't know you could miss it, it was in huge 1pt print.
What does it matter if you opt-out of a mail list?
Once you've opted in, the third party can then sell your address again and you then have NO way of tracking it around.
Unless a system identical to the national "Do-Not-Call Registry" can be established for email addresses, there's not a damn thing you can do about spam in relation to opt-in/opt-out lists.
I agree with the comment; how does opting in for Audiogalaxy ammount to a Sprint ad?
I may be a member of the ASPCA; but I don't expect to receive credit cards in the mail as a result..
For those who don't know this already, all that does is validate that there is a user who actively checks/reads that email account. A list of valid email addresses is VERY valuable to other spammers, who eagerly shell out the $$$ so they can send you MORE spam.
So in reality "Opting out" often will only bring you MORE spam, not less.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
And what does a "good post" have?
(-1, Raw and Uncut is the only way to read)
I plan on taking a stand against this personally by breaking off business relationships with companies that insist on sharing my data with their "exclusive marketing partners" and crap like that. I signed up for the Massachusetts State Opt-Out list for a reason.
... because in no other era could my penis have had this much correspondence dedicated to its well-being. We're living in a Golden Age, people, but none of you appreciate it...
Roving Web-Teleoperated Robot
Secondly, without using tagged addresses, how are we, as end users, supposed to know if we've "opted in" to receiving an email? (This assumes the email in question in this article was not sent by AudioGalaxy on behalf of Sprint, but by Sprint itself to a list it bought from AudioGalaxy.) For example, if I sign up for AudioGalaxy on Monday, they sell their list of addresses to Sprint on Tuesday, and Wednesday I get emails from both Sprint and MCI. The Sprint one is "legit," the MCI one is not, but there's no way to differentiate between them.
From the article, it seems that this is what happened:
- User signs up on website run by company A (Audio Galaxy)
- company A sells User's email address to company B (Sprint)
- User opts-out on company A's web site
- User gets spam from company B
I hate spam as much as everyone else, but I don't see how this can violate any law. If the User opted-in, which it appears he did, and then later opted-out, Audio Galaxy can't be expected to go around to everyone they sold his email address to and say "Hey, that email we sold to you before? Stop using it!" Audio Galaxy should stop selling his email address at that point, but that would have no effect on the apparent sequence of events here.
If anyone is able to find the actual court ruling I'd be interested in reading it. I don't see where the "existing business relationship" exists (for all we know he may be a Sprint customer), but if the events happened as I listed, I don't think it's relevant.
Apparently Paul doesn't have enough spam to really help him understand that spam is spam, regardless of wether it comes from a large "deep-pocketed" company, or a small time bedroom spammer.
Coincidentally, his email address is pcd@pwlaw.com
"Arent said her bill's language could use some fine-tuning, included (sic) providing e-mailers reasonable time to comply with requests for removal."
It seems to me that in this connected electronic world the maximum "reasonable time" for removal would be the amount of time it takes to add someone.
If you plan to share the data with your "partners" then you should be damn certain that you have a mechanism in place to effect removals from all associated databases just as fast.
This would of course only apply to time of message origination - you can't unregister on Monday and then sue on Tuesday for receiving a mail sent on Sunday but stuck in an intermediate server.
~~~~~~~
"You are not remembered for doing what is expected of you." - Atul Chitnis
buy a domain name (or get a free subdomain from someone -- whatever). I have all my email directed to one account.
o ebob-slashdot@junk.foofoofoobar.com
so for signing up with any service i use this address
joebob-audiogalaxy@junk.foofoofoobar.com
or
j
and that redirects to my real email address
joebob@foofoofoobar.com
any email with To "junk.foofoofoobar.com" i direct to a spam folder. If i find a site that vlaims it won't sell my information, but magically sprint is emailing my audiogalaxy address... it tends to perk my ears up. Proof.
WTPOUAWYHTTOTWPA
What's the point of using acronyms when you have to type out the whole phrase anyways?
I usually just block it instead of opting out, but I've found that SO MANY TIMES when I try to opt out, their servers never seem to respond. Surprisingly, their opt-in servers never have the same problem.
You have to give telemarketers 30 days to remove you from their lists when you ask. I dont see how online spam should be different.
If you opt in, and then later opt-out, and get an e-mail 2 days later, I don't see it as some great evil. You shouldnt have opted in in the first place.
You all need to chill pushing for all these spam laws, regulating the internet is a bad thing in the end. Do you really want your real name and SSN tied to your e-mail account for the sake of ending spam? (Because thats about the only solution the government will come up with).
Beef up your filters and accept it.
I don't need no instructions to know how to rock!!!!
The majority of the responsibility here belongs to the individual. If a firm handles addresses improperly, it's the user's choice whether or not to continue using the service. No company is forcing any user to subscribe to their services. Use some common sense - protect your main address by only giving it out to those you trust, and give everyone else a separate address. That's how I keep myself spam free.
Part of the hardcore faithful who believed in Apple long before it was cool again to do so
If the courts have decided that you've got a business relationship, could you send sprint employees mail as well with the message at the bottom which reads "This email is permitted under the terms of the court identying that Spring and ____ person have a business relationship."? Although it sounds very childish, is possible to throw it back in their faces?
Unless you use sneakemail. Whenever I encounter a webform where it seems like I need to provide a valid email address, e.g. to recieve a tracking number or an initial PIN code or some such thing, I just pull up sneakemail, create a new address, label it with the date and the party who is getting the initial address (March 14 03, audiogalaxy).
That way, if audiogalaxy sells that address to someone else, not only do I know where that someone else got my address from and (approximately) when it must have happened, but (and this is the important part)
I CAN CUT THEM OFF
Sprint can send as many emails as they want to the address from audiogalaxy... that address is no longer valid, because sneakemail let me kill it.
yes, i'm a paying subscriber, and i've been using it for about 2 years now.
Humpty Dumpty was pushed.
I don't see how signing up with Audiogalaxy establishes a business relationship with Sprint, but, whatever.
I don't see how being a Slashdot Editor gives you justification for attaching your comments to the story submission instead of leaving a comment like everyone else, but, whatever.
Time, I think, to go to Preferences and banish Michael to the bit bucket. I'm sure Jon Katz would be glad to switch places with him.
The judge was 100% correct. The technical part of what is happening is that site P (Provider) gets your email address and adds it to it's database.
Site P's database is sold to company B (Broker) on a monthly basis. Company B replicates the information from the database once a month on a given date.
Company C (Consumer) buys the rights to send email to company B's list once a month.
If then you request not be be spammed from site P a month later, you must not expect that this change will be reflected immediately in Company B's database.
The basic facts in the article are right: Gillman opted-in to GroupLotto's list to receive stuff, then some time later opted out. A day after he had opted-out, a received an email from Sprint, an GroupLotto "partner". Gillman sued.
Sprint moved for summary judgment on four grounds:
1. Sprint itself did not send the email
2. The email was sent unitentionally
3. Gillman had consented to receive the email
4. Gillman had a preexisting relationship with Audiogalaxy that made the email not "unsolicited."
The court decided as follows:
1. The law defines the spammer as either the sender, or the one who causes email to be sent. So Sprint is still a spammer.
2. This argument calls for a factual judgment, so it isn't appropriate to rule on as a matter of law.
Sprint basically said that it was GroupLotto's fault that it was sent -- Sprint only wanted to send to opted-in people. Thus the sending was unintentional. However, there are several issues about what the different parties obligations are, so this claim was rejected.
3. Sprints third argument was also not suitable for summary judgment. Sprint argued that at the time Sprint contracted with GroupLotto to send the email, Gillman was opted-in, and had therefore consented to receive the spam. This argument was partially based on a "two-to-three day" unsubscription time that Sprint claimed was standard -- Gillman could not have expected that he had opted-out until several days had passed. However, there was no such temporal disclaimer from GroupLotto, and it was granted that Gillman had unsubscribed by the time the email was actually sent. This issue of fact was unsuitable for summary judgment. Therefore, it is explicitly undecided if the fact that the email was "in the pipeline" when Gillman opted-out makes it spam or not.
4. For this argument, Sprint argued that Gillman had a preexisting business relationship that made the spam not "unsolicited." Unfortunately, they were right. The Utah law reads as follows:
"commercial email is not 'unsolicited' if the sender has a preexisting business or personal relationship with the sender."
The law makes no provision for discontinuing a business relationship. Thus, you have a "preexisting business relationship" with *anyone* you have ever done business with under the Utah law.
The judge noted that this is probably not what the legislature meant, but still, she was constrained to follow what they actually passed into law, not what she thought they meant.
There were a few other problems with the case, but that one flaw was enough to grant summary judgment.
Not that it's worth anything, but who knows. When I get spam from a reputable company, I typically try to find their customer service email address and send them this little form letter. I doubt that it does any good, but if enough people showed the larger corporations that we don't want spam, perhaps the meat and potatoes of the spam mailing list scumbags would be dropped just a little.
Dear: Company
Today I received an unwanted, unsolicited email from your company (spam). I always believed that your corporation was honest and forthright, and it is beyond my comprehension why you would decide to set yourself alongside pornographers and scam artists by using unsolicited spam email.
Regardless of what your spam mailing company has told you, I have never consciously 'opted in' to receive email from them, you, or any of their partners. They have either gained my 'approval' using deception or trickery, or they have simply lied and found the email address somewhere on the Internet. In either event, I have never, nor will ever want to receive unsolicited spam email. In other words, I don't want to get this type of mail. Ever. And I have never actively asked to receive it.
Spam mailing companies such as the one you use are corrupt and crooked. These are not honest businesses. And I cannot with good conscious do business with any company that chooses to partner with near criminals to conduct marketing. As such, I will not do business with you until you stop associating with these shady organizations.
Please do not forward this to your spam mailing list provider in a show of 'good faith' to 'opt me out'. All this will do is inform them that this is a valid email address, and place me on numerous other mailing lists. Like I said, these are not honest business people. If you doubt this, ask them exactly where and where I 'opted in' to get this junk. Ask them why they often use different and misleading domains to get around my 'block sender list'. They will be unable to provide you with an answer, because I have never actively 'opted-in', and they will try every trick in the book to get their junk through. Again, this is because they are dishonest.
If you decide to stop using this sort of unethical marketing, please inform me. I would be more then happy to continue doing business with you.
The Internet is generally stupid
Spam filters, certain ISPs, hotmail, etc, will often just delete mail, not bounce it. With no bounce, they just know it didn't bounce and will keep using that address. however, when you click the opt-out link, (or even open some emails that have images tied to dynamic pages) you just verified with 100% certainty that they have found a real, in-use, and monitored email address.
The truth doesn't care what I think.
But doesn't that "SCREAM" that selling "email-based permission" lists illegal?
After all, if business A sells your email address for 2.95, and business B sells it to C for 5.95 and business C does something illegal with it, how would business A sue business C for illegal use? It can't, and that places the burden on the customer. But since you can't limit WHO they sell your "permission to" (obstruction of commerce) that means you're writing them a blank check, with little to zero chance of ever having your rights respected. (the amount of spam makes prosecution for a single spam unlikely in the extreme) YET each spam is an individual crime, that must be investigated seperately.
There is also the question of just how "valid" the permission you gave to A for purpose X be translated to C for any purposes other than X... And with X usually being "promotions related to a product I bought" X is of little sale value to C... purpose Y is however, very valuable... Hence C wants to buy address "blue" from business A, for purpose Y, now if purpose Y wasn't known at the time permission was given, how can permission be considered to have been given(say permission to advertise an invention that didn't exist when blue gave permission to A)?
Doesn't the burden it places on the victim(the person whose rights have been abused, by receiving mail whom in most other contexts would be considered illegal) signify to legislators that
1) to properly track when a permission is given, when most spammers close up shop within a few days and just reappear with the same list, under a different company, require an independant registry of permissions?
2) to be able to correlate permission with origins of spam, you require to be able to track the origin of any single email message. By that reasoning wouldn't sending a message with forged header be considered illegal until proven otherwise(a bit like how a radar detector or any other device that allows one to bypass enforcement of a law illegal)?
3) Since permission would have to be tracked by purpose and by sender, shouldn't access to that single registry be paid for to cover administration costs? And once headers are fully considered thrustworthy again, shouldn't it be possible to bill per spam sent?
I think those are all valid questions, that the legislators should consider
For example, some of my web design and hosting customers pay me to send out their newsletters (strictly opt-in). Say company X sends me their newsletter and mailing list on Feb 25th to be mailed out on March 1st... if somebody decides to opt-out on Feb 28th, they're still going to get the March newsletter because I don't maintain the list.
I think it's only fair to give companies a few business days to sort things out in an opt-in/opt-out scenario, as outgoing mail may already be in a sense "queued".
Let me also head off any insistance that the large spam brokers be responsible for handling the opt-out requests and maintaining a live database: this service usually involves large setup fees, and the client may not want to get married to one spam broker right away... so they will often send a static mailing list for a one-time mailing instead.
I personally think it's rediculious that this article even found its way onto slashdot. For chrissake, it might have taken two full days or more to process a single LARGE mailing list if they are contending with SMTP flood thresholds at large ISPs with lots of opt-in subscribers. You can't just rapid-fire 10,000 emails to MSN accounts from one server and not expect to get your IP blocked! Infact, most companies even tell you when you opt-out that it may take a few days before you stop receiveing emails.
Now, watch me get modded down by the idealist slashdot spam nazis for having a potentially unpopular opinion.
Slashdot: rejecting tech news in favor of rubber band guns since 1997.