You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request
OP could probably threaten a lawsuit and their practices will change quickly. That’s assuming the company does business in the US…
When I’ve been in OP’s situation, I filed a complaint with the FCC, performed a whois lookup on their site to send emails to the abuse/spam emails of their DNS registrar and host and inspected the email headers to email their email provider’s abuse/spam account(s). I’ve not yet had cause to reach out to my attorney general’s office when I’ve had a company violate CAN-SPAM, but it’s an option.
I also make sure each company knows there’s a pending CAN-SPAM complaint. I keep it convivial, but serious. “Hey, just letting you know that one of your clients is violating your terms of service and the law! A complaint has already been lodged with the FCC. Toodeloo!”
That bit of knowledge tends to shift the interpretation of your complaint from “annoyed nerd” to “someone politely informing you that you’re going to get skull fucked by the long dick of the law if you don’t fix this ASAP”
It may sound sort of excessive, but I’m a bit of a consumer rights absolutist.
I’m currently fairly ill (likely RSV, if the expired COVID tests are to be believed) and this is day 6 of moderate to severe insomnia.
A state of semi-delirium must be a good look for me, because I have received more complements on my writing in the last 3 days than I have in the last several years.
The registrar can’t really do anything, and the service they use to receive email (what you’d see in the DNS MX record) is often totally different to the service used to send marketing emails. You’d need to look at the Received headers of the email to figure out where it was sent from. For example, a lot of companies use Office 365 or G Suite for corporate emails, but something like Mailchimp or ConstantContact for marketing emails.
Inspecting the headers will let you see where the email came from - if it came from MailChimp, then you email the MailChimp abuse folks, who can apply their abuse policies.
And the DNS registrar has the keys to the kingdom. Many registrars have terms of service that forbid using their service for spamming. That ought to include emails associated with the domain, no?
In the end, there’s a high likelihood of no real action being taken (not without a volume of complaints), but if the righteous wrath feels righteous, do its outcomes have to be righteous?
Shh! We’re supposed to ignore that nearly all power is granted by fiat, and the government hardly enforces its duties to the common citizenry. It’s merely the threat of enforcement that keeps people in line.
You must honor a recipient’s opt-out request within 10 business days.
Oh, this explain why they say “may take up to 10 business days.” Why do they have two weeks to remove a name when it can be done near-instantly? It’s not like a person is manually removing every single name that opts out.
beckerist@lemmy.world 5 months ago
I’ve been wondering this myself so I just went ahead and read the FCCs CAN-SPAM business compliance guide.
This is 100% a violation. As per section 7:
You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request
OP could probably threaten a lawsuit and their practices will change quickly. That’s assuming the company does business in the US…
Monument@lemmy.sdf.org 5 months ago
There you have it.
When I’ve been in OP’s situation, I filed a complaint with the FCC, performed a whois lookup on their site to send emails to the abuse/spam emails of their DNS registrar and host and inspected the email headers to email their email provider’s abuse/spam account(s). I’ve not yet had cause to reach out to my attorney general’s office when I’ve had a company violate CAN-SPAM, but it’s an option.
I also make sure each company knows there’s a pending CAN-SPAM complaint. I keep it convivial, but serious. “Hey, just letting you know that one of your clients is violating your terms of service and the law! A complaint has already been lodged with the FCC. Toodeloo!”
That bit of knowledge tends to shift the interpretation of your complaint from “annoyed nerd” to “someone politely informing you that you’re going to get skull fucked by the long dick of the law if you don’t fix this ASAP”
It may sound sort of excessive, but I’m a bit of a consumer rights absolutist.
Lionel@endlesstalk.org 5 months ago
That last paragraph is art
Monument@lemmy.sdf.org 5 months ago
I’m currently fairly ill (likely RSV, if the expired COVID tests are to be believed) and this is day 6 of moderate to severe insomnia.
A state of semi-delirium must be a good look for me, because I have received more complements on my writing in the last 3 days than I have in the last several years.
dan@upvote.au 5 months ago
The registrar can’t really do anything, and the service they use to receive email (what you’d see in the DNS MX record) is often totally different to the service used to send marketing emails. You’d need to look at the
Receivedheaders of the email to figure out where it was sent from. For example, a lot of companies use Office 365 or G Suite for corporate emails, but something like Mailchimp or ConstantContact for marketing emails.Monument@lemmy.sdf.org 5 months ago
So, here’s my reasoning -
Inspecting the headers will let you see where the email came from - if it came from MailChimp, then you email the MailChimp abuse folks, who can apply their abuse policies. And the DNS registrar has the keys to the kingdom. Many registrars have terms of service that forbid using their service for spamming. That ought to include emails associated with the domain, no?
In the end, there’s a high likelihood of no real action being taken (not without a volume of complaints), but if the righteous wrath feels righteous, do its outcomes have to be righteous?
ExhibiCat@lemmynsfw.com 5 months ago
Assuming of course that the FCC is interested in skullfucking small fry. I kinda doubt that.
Monument@lemmy.sdf.org 5 months ago
Shh! We’re supposed to ignore that nearly all power is granted by fiat, and the government hardly enforces its duties to the common citizenry. It’s merely the threat of enforcement that keeps people in line.
thomasloven@lemmy.world 5 months ago
This made me happy. Thanks!
Dave@lemmy.nz 5 months ago
Are single page apps considered one page?
Carighan@lemmy.world 5 months ago
More generally, are single page apps legal? And if yes, why?
psud@lemmy.world 5 months ago
Because they are useful and provide a good experience to most users
guacupado@lemmy.world 5 months ago
Oh, this explain why they say “may take up to 10 business days.” Why do they have two weeks to remove a name when it can be done near-instantly? It’s not like a person is manually removing every single name that opts out.
dan@upvote.au 5 months ago
This is also why companies include their mailing address in the footer of emails - it’s one of the other requirements.