Slashdot Mirror
When Does Signing Up Become 'Opting In?'
AmyVernon writes "This piece from RWW got me thinking about whether, when you sign up for access to a site, you're actually signing up to get a slew of email spam from them. The single opt-in is still really popular, which I've noticed because I often check the box indicating I don't want further emails from a company or publisher. I always assume that giving my actual email address means I'm going to get spam-type emails from whomever. It still surprises me that most people don't. But it does raise a good question: Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?'"
Simply put, if they spam you and you click them as so, then even their legitimate emails will end up in other peoples spam folder. ... SPAM
If they are a little agresive in sending you emails without a easy way to opt out
In Canada unless it's clearly defined it's a privacy violation to do so. It's also a privacy violation in Germany, and I believe California. Signing up != A business relationship. So marketers take heed. Just because you can do something, and haven't been sued yet. Doesn't mean you won't. It just means that people can't afford to do so, or they don't care enough right now.
Om, nomnomnom...
But it won't happen, at least not anytime soon. They make too much money right now.
You really should also be able to explicitly tell them not to sell your personal information to other companies and have them actually follow through with not doing that, but it doesn't look like that will actually happen anytime soon either despite the victories won by privacy advocates. Too many people just don't care as long as they're not being physically inconvenienced.
Sign up using a throwaway account that is name-related to the site you are signing up to. That way you will always know who are the ones that send you spam, or sell your address to spammers.
Assume that every email address you give out is going to get spam, so use different ones in different places.
When the inevitable spam starts, make the decision. Do you believe that this entity is likely to respect unsubscribe requests? If so, hit unsubscribe. If not, forward to /dev/null.
The practice is so damn common now, that no matter how much it pisses you off, you have to understand that the other guy has no idea that you think he is a worthless scumbag. You really can't buy from anyone online without them assuming that you want to hear about their specials every week until the end of time.
Oh, and an added bonus: if their customer database ever gets leaked, you only need to ditch the one throwaway address and update your info with just the one site.
There are other variations too, for example I have two main work email addresses. One is the one I use and give out, the other is on the website. As far as I can tell, the one on the website has never ever been legitimately used. 100% of email to that address is spam. Because of the nature of my job, I give people quite a bit of leeway when it comes to harvesting that address and adding it to their spam lists. But if I recognize the source, like if they send more than one email every few weeks, that entire domain/spam service goes in the permanent block list.
See that "Preview" button?
They are only asking for your email address so that they can sell it to spammers and spam you themselves.
Use http://www.mailinator.com/ and thwart their evil plans...
"Grab them by the pussy" -- President of the United States of America
With hotcopper.com.au (Australian trading forum) you have to opt-in to spam, if you opt out they actually disable your account!
Of course your consent must be specifically given to receive advertising emails otherwise it's called spam and yes there are laws against it. The author and the entire article aren't aware of the definition of spam. Registering on a website does not automatically give the owners of that site permission to email you in any way other than policy changes that might affect your data on their server. It's been that way for quite a long time. Originally I believe guestbooks were the reason why some companies started doing that. Since then we've instituted laws against having companies abuse the data users give them.
This article seems like it belongs in the 1990's not 2010's.
Example: my real email could be (but isn't) RalphSpoilsportMotors@gmail.com. My SPAM email could be (but isn't) RalphsSpambucket@Gmail.com.
They get their email address, I get their content sans bullshit and every one is happy.
Now, how hard is THAT?
RS
Shoes for Industry. Shoes for the Dead.
I use http://mytrashmail.com/ whenever I need to sign up for anything. Use it finish the e-mail validation that these sites make you do, and then forget about it.
I really wish that Google would build something like that into GMail -- something that would let you create a disposable address that is forwarded to your real address, but then can be easily blocked once you start getting spammed. (No, the "+" addresses doesn't cut it, since it reveals your real address to anyone who cares.)
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
Spammers are different then companies. They they are in the grey, I typically signup those emails with yahoo or gmail, adding them to the spam list, hurts credibility or you can list them as spam? Typically if they are legitimate they have some way to remove you from email lists, if not...
Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?'"
Short Answer: NO. Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha.!!!!!!
And if you happen to have a first-initial-last-name type email address at a popular provider, then you get potentially dozens of other peoples' single-opt-in spam. Over 50% of the email I get is addressed to someone other than me. Painful.
Own mail server with Postfix + 1 email address per vendor && if they send UCE or SPAM, report to SpamCop && disable their email address.
No need to deal with creating extra accounts on Gmail or Spammotel.
Script:
vi + /etc/postfix/virtual # dup last line and edit email address
postmap /etc/postfix/virtual
postfix reload
Whenever I sign up for some random site that I'll never visit again, I use an e-mail alias so I can track what they send me, who they're selling my e-mail address to, or who hacked them and stole my information. It's simple enough, just set up a catch-all e-mail address on a domain, then when you sign up for www.uselesssite.com, use the e-mail address uselesssite.com@yourdomain.com. If you start getting a bunch of spam to that address, it's pretty hard for them to refute that they're the cause of it.
The problem is that this does not work for everything.
I fly every week and therefore I receive every week three emails asking me to rate how pleasant the service was from my airline, car rental firm and the travel agent.
Eventhough, I am loyal to these companies, everytime I delete such an email (yes, I do not respond to these quality questionnaires), I hate them a little more...
So a spammebadly@gmail.com will not help me, I need my confirmation emails from these companies.
And yes, a rule in my email client will do the trick, I just do not work that way...
Load New Commander (Y/N)?
(Slashdot, some random story about spam) Blah blah blah paragon of virtue morals everyone should do what's right holier than thou...
(Slashdot, some random story about copyright infringement) whine anger pout serves them right greedy thieving fascists yeah it's wrong but *&^% those &^%*# I'll keep on downloading stuff I haven't bought until the day I die (justify blindly, etc....)
I mean, as long as they are up front about what they'll do with your email address, aren't you essentially agreeing to that in exchange for the service they offer?
This smacks of the old days when people used TV antennas to get "free" TV, and then complained about commercials. If the service isn't worth the unwanted communications, don't use it. But they're under no obligation to give you what you want, on your terms, and subject to your every whim.
Now, places that are dishonest or deceptive about the contract, that's a problem. But most larger businesses are pretty straightforward, and as an adult (right?) it's up to you to make the decision of whether it's worth it.
If I wanted a sig I would have filled in that stupid box.
Single opt-ins suck. Why would you ever want to subject your list that that much "spam" notations? No one wants to see your promotions if they've not signed up for them. If you're running the business right, people will want to open your emails because they provide value.
I use double opt-ins for my online listbuilding, and am very explicit that the user will receive solicitations. I use single opt-in in the real world only, such as when I run a contest dropbox to collect email address to win a prize. Physically writing your email on a scrap of paper is good enough verification for me.
Learn about Photography Basics.
Not associated with the site in any way except as a long time user, but I urge people to set up an account with spamgourmet.com. They will forward your e-mail to your real e-mail address. Not only can you create a unique address for everyone that you have to give an e-mail address to on the fly, but you can disable any of the addresses at any time and you can tell who is abusing your e-mail address. For example, I just checked with spamgourmet and I see that the last 3 pieces of junk mail they discarded were from suxjhb@wzju.com, suidvv@frkm.com and suundq@xcfk.com. More interestingly, the spam was all sent to an e-mail address that I created for and only gave to Equifax. So I know that they are responsible for it, they either sold my address outright or were sloppy about security and had it stolen by an employee or hacker.
I've even had close friends who's accounts were hacked and spammers tried to send out spam to all of their contacts. In such cases you will be glad to know that the person in Nigeria has the address of an account that you can easily disable without completely changing your e-mail account for all of your contacts.
And I should mention that I've never received junk mail from Spamgourmet and to my knowledge I've never had any problems with them revealing the address that they forward to. They even provide a nice mechanism that allows you to "reply" to email sent through them, and the response goes back to them and is sent from their domain, so you don't reveal your true address even if you reply.
I'm an American. I love this country and the freedoms that we used to have.
This just shows how disconnected the MBAs are from the people who really have to implement it or deal with it. Only managers think that it is good practice to bombard paying customers with crap that they don't really want. It sure looks good on paper or in a Powerpoint, right? Could help get that extra 3% market share!
The original posting talks about "signing up" in the general context of creating an account on a site.
The article, however, seems pretty clear in talking about "signing" up to receive emails. (And very clearly puts forward that "no option == spam")
Looking at the two modes of failure for a user receiving emails you can have:
- False positives: user starts receiving email, but doesn't want it
- False negatives: user doesn't get any email, but does want it
The main debate in the original article boils down to:
- Single opt-in results in fewer false negatives, but more false positives
- Double opt-in results in fewer false positives, but more false negatives
At which point the question is one of whether it's better to optimize for fewer false positives or fewer false negatives.
In the context of the original article, if someone is signing up to receive emails, both of the following situations will lead to the original user not receiving the emails that they requested:
- If they misspell their address and the email goes to someone else
- If they enter a different address purposefully and it goes to someone else
For the user signing up for messages, the opt-in message isn't something they specifically wanted -- it's a barrier that prevents them from getting what they wanted (as such, a double opt-in request could be seen as a false positive). For someone whose email was entered in a form by someone else, any message they receive may be seen as a false positive (including a double opt-in request).
I use spamgourmet.com for disposable email addresses.
Among other things, spamgourmet lets you set the number of messages that can be sent, so it can be useful for things like placing an order where you need to register, get an email with a link to validate your email address and then get an order confirmation and a few tracking status emails, but then stop accepting anything after that.
It doesn't catch as many bad actors as I thought it would, but when they do misbehave, it's kind of cool to see the number of deleted messages that never filled my inbox.
They also have it set up so that it you can reply to messages routed through spamgourmet without giving away your real email address. There's also an alternate domain so that when you're dealing with an actual human being they won't be freaked out by an email address that has the work "spam" in it.
Signatures are a waste of bandwi (buffering...)
I worked for a company that had a manager who insisted on sending out a newsletter to everyone in the company customer database. We warned him that was illegal. We warned him that would be spamming.
He refused to listen and ordered the email sent.
The entire company was blocked from sending emails less than 24 hours later.
You should have seen him rant and rave about the importance of getting the emal "fixed." His manager found out about the "newsletter", and fired him on the spot.
I do not fail; I succeed at finding out what does not work.
Well duh. They define the entire business model on the idea that each user in their database is worth $x. If they reach a certain amount of users, they will make x amount of money. That disconnection between IT and Management is a two way street.
Someone flopped a steamer in the gene pool.
Tropico 4 is a game published by german Kalypso Media and requires you to a) register with an email at kalypsomedia.com and b) log in with those credentials every time you want to play. There is no option to NOT receive their "updates" (you cannot opt-out later either!) and other spam mails and they do not reply to questions regarding this issue ... If it's a privacy violation in Germany, apparently most culprits get away with it.
It's not so bad if they have a button to say don't get these anymore and it just works.
If I have to enter ANYTHING in after doing this, like logging in or a survey or something retarded like that, they are just blocked.
Each and every site I sign up to gets a unique e-mail address and all my mail goes through both my gmail account and isp filtering.
While I prefer to have the choice to opt out at sign up (and have that choice respected), this method means I can simply update or remove just one e-mail address and stop the problem should a site not respect my wishes.
Adds a tiny admin. overhead to each sign-up but is worth it
Go permanent? In your dreams and my worst nightmares.
"When Does Signing Up Becoming 'Opting In?"
Please translate the title in english.
Thank you.
I just use a special email account for all businesses that I expect TurboMails from.
In a way it's so simple it's easy - it's easy to remember when you're on the spot signing up for stuff, and you know there's nothing "important" there. So you just let them all fight it out.
"You have 1422 new mails!"
So what? They're all corralled in the email-box resembling Montana. Radio Shack, Groupon and more.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
This is the way to go.
Several people have already told the virtues of this, which I won't repeat. I do add a little twist because I run my own spamtrap and DNS RBL which I update whenever one of the addresses yields unsolicited newsletters and similar spam. Then that company 's mailservers are blacklisted more or less forever. Basically it works like this:
Each address on the disposable list initially is an alias of my real email address.
If one gets compromised, it is switched to being an alias of the spamtrap instead and every mailserver delivering mail to the spamtrap gets immidiately blacklisted, no matter what.
Mails to the spamtrap bypasses the RBL checks, but mails to regular addresses are checked against my own RBL and a few more, and is refused upfront if listed. The result is close to zero spam. Before this, I got 10-20 spam each day that made it past the regular RBLs and spamassassin.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
The way to automatically agree to things and you have to opt out may in some countries be illegal.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
The new startup culture, focuses entirely on user experience, to the point where most innovation being done today is not strictly tech, but UX. Part of UX is to, at all times, strive to provide the user with only exactly what they want. Nothing more, nothing less. This means, you only email or dm the user when they asked you a question, or when something they have asked for is ready. Anything beyond this is spam, and if you send it, you will lose users.
This was not the case 5 years ago, but it is slowly but surely taking hold
I've got an idea: rather than report on geek news, let's just randomly talk about something.
The best thing about a boolean is even if you are wrong, you are only off by a bit.
I don't get spam from companies I've done business with. I couldn't tell you which ones I remembered to opt-out from and which ones I didn't. I can't remember a time when I had to opt-out after the fact because I was getting spammed.
OTOH, my spam folder is full of ads from companies I've never done business with. Guthy-Renker for some line of cosmetics – I'm a guy. Singles Black Dating – I'm white. Speed Dating – I'm married. Get Cash for my Timeshare – I've never owned a timeshare. Etc. Every one of them has their weasel word disclaimer that says I'm getting their spam because I opted in. Really? That's news to me.
And now, you can be sure, I will never do business with them under any circumstances, not that I was ever likely to be a customer in the first place.
>> Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?
That's why http://10minutemail.com/ was invented.
When does grammar becoming trashing?
Have you heard about SoylentNews?
The Dutch law requires opt-in. The "send me spam" option can't be checked by default, the user must manually check this before sending the form. This means that without a specific user action, you won't receive any spam. Make this a global law, et voila.
It seems that most websites treat it as opt-out and not opt-in. They assume it's ok if they have an opt-out option at the end of their messages, but it's still annoying. I used to think that I forgot to uncheck the box to receive 'updates', but some sites will spam you no matter what.
I had a few websites that I wasn't receiving any emails from and decided to change my email on my account. All that I changed was my email address, nothing else, and what do you know?! I start getting junk again, forcing me to go through the opt-out procedure again. I'm certain that I didn't opt-in by simply changing my email.
iPod then iTunes (even to load mp3 on it!) then Apple account then Credit Card data needed... I just wanted a device to hear music (*), now I must engage in a further deal with iTunes... wth?
And gtkpod didn't work (yet), but MediaMonkey... ;-P
(*): Why the iPod you ask? Well, I'm also befuddled, but whatever I'd say about free formats... well, have you seen that animation about a vendor trying to sell another product when the client wants an iPad?
Doesn't everyone have an email address that they use for non-human communication? If your dealing directly with a human you give them your direct account sgt_scrub@. If your dealing with an online entity you give them your non-human address spamaway_beotch@.
Having to work for a living is the root of all evil.
As someone that has a common name, I'm constantly getting signed up for stuff by people that mistype their email address. Instead of getting annoyed I click "opt-out" and magically they stop sending me crap. It's really not that complicated...
Frankly, if single opt-in is something that is this concerning to you... you might want to get a hobby...
I worked at a company, some years ago, when the "Controlling the Assault of Non-Solicited Pornography and Marketing" (CAN-SPAM Act) came out. It made spam 'illegal' (hard to enforce, though) but had a specific exception if the customer recently engaged or transacted with you. So, by receiving a good or service you've basically opt-ed in! Like most of the other posters I assume by providing an email I'll be spammed - so I use an email address specifically set up for that purpose.
mu
I created a single mailbox to handle email from websites that ask for an account sign up. For each website, I created a unique email alias for that single account that is delivered to my consumer email account. The idea being, once I started receiving unwanted spam in that account, I would simply delete the email alias that was receiving that junk email. This was based on the idea from the early days of email, where you created a totally separate email account for each thing you signed up for in order to avoid spamming. Aliases are far more flexible, and do not use up a limited number of email accounts available from one's ISP. My intent was that this would be come my "email honeypot" and use it to collect domains that I would add to my email blacklist. I also intended that it would reveal which companies were selling my email address to spammers and I would dutifully report these companies to the internet, getting them pretty much blacklisted.
Over a number of years, I've amassed nearly 150 email aliases that point to the consumer account. Of all the email accounts I have—a couple are pushing past twenty-years-old now—this consumer account with nearly 150 different email aliases draws in the least amount of junk email than any and all my other accounts. In fact, it garners almost no junk email at all! My oldest email address brings in more junk email in a month than my consumer address brings in since the time I created it!
Clearly, my expectation of this account sucking in all unwanted email turned out to be a complete failure. My intent of revealing companies that were taking the low moral road came to naught. What it did reveal was that the web sites I signed onto were actually taking care to ensure that my email address was not revealed and these companies were dutifully trying to keep me from being harassed by slimy, junk-mail-producing parasites. Indeed, there were a few sites I signed onto with the expectation that I would be absolutely flooded with junk email within a month of signing on. These proved to be the quietest sites among the many.
In the end, I must confess to being impressed that many companies truly are honoring subscribers' privacy. I do get email from these sites, but the email is pertinent of the products being sold by the site from which the email is coming. So, I count these emails as being legitimate. I have never gotten third-party email (illegitimate) through these addresses. When I opted out of a given company's email list, by golly they actually respected the request and the email stopped!
All this showed me that—as one poster above stated—companies have realized it is in their better interest to keep their email lists private than try to make a profit selling these email lists to others. It doesn't take much intelligence to think this through, either. If you sell your email lists to a marketer, that marketer will sell the emails to your competitors, telling them that these emails came from a company that makes similar products. Sell your email lists, and you could find your customers being poached away by your competitors.
Whew! This water sure is cold!
...is having an address that retards accidentally use as their own - e.g. if you were to score the address, "fred@gmail.com".
Very soon you discover that few "opt in" companies actually verify that you own the address you're submitting - and more, you discover that there's no provision to get out of it, unless you know the account name/pass.
help me i've cloned myself and can't remember which one I am
For someone whose email was entered in a form by someone else, any message they receive may be seen as a false positive (including a double opt-in request).
And can be great fun - such as signing up your co-worker or boss to the list subscription pages of magazines aimed at pre-teen girls or just general trash magazines. Such as the Teen Vogue or Vanity Fair.
The magazine companies are especially lax at doing double opt-in, most of them do single opt-in and you can sign up anyone for anything.
If you ever use Delta Skymiles to get some "free" magazine subscriptions, be prepared for a shit-ton of frequent spam that you literally can't unsubscribe from. It also has the awesome feature of coming from no less than 5 different email addresses, making it a PITA to effectively block once you figure out that their unsubscribe links are purposefully broken. Bastards!
grep -iw skynet
1) enter whaterveryouwant@yopmail.com, no need to register or even visit the site before
2) go to yopmail.com, paste that adress in the form
3) read mail
no registering with spamgourmet or anything
and of course, dont use this if your "email adress" is going to be seen by other users of the site
I've been resisting the urge to comment but I can't hold back. Me and a small team of friends have been working on a service which makes it easy for people to revoke what web sites take as permission to spam. Deep down it's not that dissimilar to what a lot of people do with their own domains, but we are trying to make it very easy and enjoyable, and there will be more features coming soon.
The service is called leemail, our web site is: https://leemail.me
We have just launched a invitation-driven public beta. I hope people will find it useful.
Michael