BLOG
Registration is not permission
“But we only mail people who registered at our website! How can they say we’re spamming?”
In those cases where website registration includes notice that the recipient will be added to a list, and / or the recipient receives an email informing them of the type of email they have agreed to receive there is some permission involved. Without any notice, however, there is no permission. Senders must tell the recipient they should expect to receive mail at the time of registration (or shortly thereafter) otherwise there is not even any pretense of opt-in associated with that registration.
Take, for example, a photographers website. The photographer took photos at a friend’s wedding and put them up on a website for the friend and guests to see. Guests were able to purchase photos directly from the site, if they so desired. In order to control access, the photographer required users to register on the site, including an email address.
None of this is bad. It’s all standard and reasonably good practice.
Unfortunately, the photographer seems to have fallen into the fallacy that everyone who registers at a website wants to receive mail from the website as this morning I received mail from “Kate and Al’s Photos <pictage@pictage.example.com>.” It includes this disclaimer on the bottom:
This email was sent by Pictage, Inc. to laura-tagged@mydomain.example.com, a registered user on www.pictage.com or an affiliated partner. If you’d rather not receive future email from Pictage, please click here.
No. No. No. Bad Sender. No Cookie.
I registered because I wanted so see specific photos on your website. Not because I want to receive email from you. I read your privacy policy (http://www.pictage.com/static/about/termsofservice.html) and there was nothing on there about sending mail. You didn’t mail me a welcome message. You didn’t tell me I’d be receiving advertising from you. You simply added me to a mailing list and then, 3 months later, sent me an email. And you didn’t just spam me, but you spammed a bunch of Al’s closest friends (many of whom are also delivery and anti-spam folks and at least one of whom is a spamhaus volunteer).
This is a very bad way to run a mail campaign. There was no information about email in the privacy policy. There wasn’t an opportunity to opt-out at registration. There was no welcome message alerting me to the chance that I’d receive mail from you in the future.
Registration is not an opt-in request and does not confer permission for the sender to add the receiver to a mailing list.
EDIT: Al’s reaction to his name being used in mail he did not authorize
Interesting choice of examples. There’s another large photography website out there (I won’t mention any names, but it sounds similar to the last name of that Pablo guy, and it’s owned by a Very Large Search Company). My sister took some family pictures, uploaded them to this website, and used their “send a link” function to invite me to view them. The address she sent that two has gotten at least one “New Activity” email per month from this website since then, despite my never having given them my address.
I get spammed by my sister and a close friend. I asked my sister to send any “chain” emails to my other email address (that I use for subscribing to unimportant lists) and now she sends them to both of them!
And my friend – who works as an engineer added my personal email address to his “list” of friends and every now and then I receive an email from him that he sends out to his friends too without using Bcc. So now my personal email address is on his friends’ address books too!
Annoying!
And you didn’t just spam me, but you spammed a bunch of Al’s closest friends (many of whom are also delivery and anti-spam folks and at least one of whom is a spamhaus volunteer).
“That’s what they all say. They all say ‘DOH!’.” –Chief Wiggum
Great post. I linked to it from mine.
My post has a bit of a different angle, I focused more on the “hey, this claims to be from me, but I didn’t send it” side of things.
Interesting that Pictage will also email on behalf of their “affiliated partner[s]“. So does that mean that if I register at a partner site (like Zookbinders or SimplyCanvas, etc) I’m going to [also?] get unexpected emails from Pictage?
–Jaren
Really Laura u dont have any knowledge about IT Act 2000.Please read and especially Cyber Laws …………….then say not a Spam….
Why is it that spammers can’t spell? Or write a coherent comment?
Gosh, John, it is odd how neither Laura and I would care about a law in India, considering the mail was sent by a US company to US citizens, in the US. Maybe U should read some more about the spams and not a spams.
Oi, I got the same spam. And spam it most certainly was.
[…] Registration is not permission […]