In the days before email filters became ubiquitous, spammers used to tell recipients If you don't want it, just hit DELETE
. Email users quite rightly pointed out that they had better things to do than spend all day deleting chaff from their mailboxes, and deployed filters to 'hit delete' for them. This didn't exactly please the spammers, who now go to immense lengths to sneak their messages past filters and try to trick the recipient into reading them.
I haven't heard anyone advise me to 'just hit DELETE' in a while. Its place has been taken by a new spammer mantra, namely If you don't want it, just hit 'unsubscribe'
. Various pieces of legislation, such as the US CAN-SPAM Act and the Australian Spam Act have given a legal status to this notion by mandating the inclusion of unsubscribe links in commercial email.
Predictably, the spammers seized on this enthusiastically. This isn't spam, because we provide an 'unsubscribe' link
is an argument that you'll sometimes hear. In October 2006, lawyers representing Australian bulkmailer Clarity1 argued in court that because email recipients hadn't made use of the unsubscribe link on the company's messages, they 'consented' to continuing to receive the spam. The judges didn't buy it and the company was fined AU$5.5 million. This was probably at least in part because Clarity1 failed another crucial test. Unlike the bought-and-paid-for CAN-SPAM Act, the Australian law includes the vital notion of consent. In CAN-SPAM, consent is only an issue if the spam fails some other test (such as absence of identifying information, deceptive headers or the lack of an unsubscribe link). In Australia, lack of consent is sufficient grounds for classifying a message as spam.
Is there any merit to the argument that Clarity1 and other spammers make, namely that if the recipient doesn't use the unsubscribe link, they consent to receiving further spam? The answer is 'no', for a variety of reasons.
First, the behavior of spammers has educated recipients not to use the unsubscribe link. Many spammers will provide an unsubscribe link that is simply non-functional, that causes email to be sent to a third-party, or that sends the recipient's address to a collector that will record the address as 'validated' and allow them to resell it to other spammers. The idea that unsubscribing (which is a deceptive term, since recipients never actually 'subscribed' to the spammer's list in the first place) might be a way off a spam list was dead long before the CAN-SPAM Act was even drafted.
Even if we didn't have a history of bad practice to look back on, there's no reason for recipients to believe that an unsubscribe link will work. A bulkmailer who sends unsolicited email knows that the majority of recipients don't want to receive messages from them: if a marketer can't be trusted not to send mail to people who they know don't want it in the first place, how can they be trusted to stop sending it when asked?
The CAN-SPAM Act requires that marketers honor unsubscribe requests, and prohibits them from sharing or re-selling addresses after an unsubscribe request has been received. The problem here is that it's trivial to work around the law. Unsubscribe requests are valid with respect to a particular 'sender', but the definition of 'sender' includes:
If an entity operates through separate lines of business or divisions and holds itself out to the recipient throughout the message as that particular line of business or division rather than as the entity of which such line of business or division is a part, then the line of business or the division shall be treated as the sender of such message for purposes of this Act.
Rather than giving every company on the planet 'one bite at the apple', it gives every company as many bites as it has departments. So you unsubscribed from messages sent by the New York office of MortgageQuotes-U-Like? Get ready for mail from the Kansas, Montana and California 'divisions' (offers valid, of course, only to residents of those states). And from each of our 'affiliates'. And from the forty different websites and corporations that we set up as 'lines of business'. And, when you've finally unsubscribed from every possible morph of MortgageQuotes-U-Like, for more mail from the same bulkmailer or 'affiliate marketer' that has been sending the mail in the first place.
Of course, the unsubscribe request doesn't take effect immediately; the spammer has ten days to comply (or rather, ten days in which the New York office can spam you with impunity before handing over to the Kansas 'division'.
If it's already starting to sound as if the presence of an unsubscribe link doesn't do much for recipients, the reality is worse. Email users already rejected 'just hit DELETE' because of the impracticality of hitting the DELETE key for every piece of unwanted mail they receive, but you can delete an unwanted email with a single keystroke. Unsubscribing is not nearly as quick or easy.
The CAN-SPAM Act requires that senders provide a return address or comparable mechanism
that recipients can use to unsubscribe. Because the Act doesn't specify how unsubscribing is to be carried out, the sender can make it almost arbitrarily complicated. In the simplest case, a recipient could just reply to the message to be removed from the list but what works for one sender might not work for another. Another sender might take a reply as confirmation that the recipient wants to receive more email, so just hitting 'reply' automatically is definitely not an option. The sender could specify that a removal request is only valid if the subject of the message contains the word 'remove'. Or 'cancel'. Or 'unsubscribe'. Or the recipient's mail address. Or '0pt-out', with a zero in place of the first 'o'. The magic word must be written in upper case. In lower case. Or it must be in the body, instead of the subject. The address that the request must be sent to can be in the headers of the original message. Or in the body. It can be attached as an embedded linked graphic (which many email clients won't download, for the good reason that such links are often constructed to betray the recipient's address to the sender). The unsubscribe address can be spelled out with spaces between each character to force the recipient to retype it. And so on.
The 'comparable mechanism' can also be web-based. Instead of sending back an email, the recipient is now required to visit a website to submit their request. That site can, of course, be made arbitrarily slow or confusing. It can bombard the user with pop-up ads for other products and services, add baffling language or include checkboxes that subscribe users to different lists. Every unsubscribe request can become a logic puzzle requiring the user to weave their way through a maze of options in which any false step will result in the request not being taken into account.
It takes a second to press the DELETE key, but if you get hundreds of pieces of spam every day, that's impractical. Now suppose that instead of hitting DELETE, you have to go through an unsubscribe procedure that can take several minutes to complete and requires close attention in order to perform correctly. Repeat that for every piece of spam you receive in a day. Add that to all the reasons why users have to distrust the unsubscribe link and it should be obvious why the argument that They didn't unsubscribe, therefore they must have wanted my messages
didn't convince the Australian judges.
'Just hit unsubscribe' is as poor an answer to spam as 'just hit DELETE': it's a pity that it should have been enshrined as law in the CAN-SPAM Act.