CASL enforcement

As most people know, the Canadian Anti-Spam Law (CASL) went into effect July 1 of this year. This month, the CRTC concluded its first investigation.

A computer reseller based in Saskatchewan was placed under investigation by the CRTC after large numbers of complaints were made through the Spam Reporting Centre. The CRTC revealed that a server owned by the computer reseller sent millions of e-mail spam messages through Saskatchewan-based internet service provider, Access Communications. […] Exercising its discretion, the CRTC chose not to fine the business. CRCT Concludes First Enforcement

One of the biggest complaints about CASL was that innocent senders who just happened to inadvertently violate CASL would be hit with business ending fines. But the agencies tasked with enforcement have discretion. There are no minimum fines that they have to impose, they have discretion. Their first enforcement action demonstrates this. It would be easy for the CRTC to impose business ending fines on their initial case, as a warning to other senders. They didn’t do that.
CRTC has demonstrated they’re willing to work with businesses that violate CASL. That gives all senders a little bit of breathing room for the next 2.5 years. Come July 1, 2017, individual users can exercise their private rights of action against senders. The PRoA is really an unknown variable. How many Canadians are annoyed enough by unsolicited emails that they’re willing to take senders to court? I don’t really know.

Related Posts

Have fun storming the CASL!

I’ve given Humble Bundle my (tagged) email address a bunch of times – as part of purchases, as my username on their website, to download games and books I’ve bought.
And, naturally, they’ve sent me newsletters announcing when they have new sales. Did I check a checkbox or uncheck a checkbox? I don’t remember, and don’t really care. It’s a company I have a real relationship with and have purchased from, they’re sending content I want to see, and I trust them not to misuse my address and to honour an unsubscription request.
So … probably opt-in, and I’m fairly sure they’ve confirmed that it’s my email address. But did they explicitly tell me they’d use my email address for a newsletter? I and my email archive don’t remember that far back, and it’s quite possible that Humble Bundle’s current staff and records don’t either.
In todays newsletter, right above their talking about their summer sales, they had this:
 
All_Mailboxes__Found_118_matches_for_search_
 
They’re confirming that I want to keep getting newsletters, and stressing why I want to keep getting them. Their database probably dates back to the iron age, or at least 2010, and my clicking on the big, friendly green button both lets them know that I’m an engaged subscriber and lets them record in their database that “Yes! This subscriber has explicitly said they want our newsletters!”.
Gradually adding that information to their subscriber database will let them better make decisions in the future about what content to send, how often, whether to try and reengage with a subset of their subscribers.
Oh, and there’s CASL, of course.
If you or your recipients have a Canadian presence you have a little less than eighteen months to make sure you have documented, explicit consent from any recipients for whom you only have implicit (e.g. business relationship) consent or for whom you’ve lost the original records.

Read More

Unsubscribing is hard

A comment came through on my post about unsubscribing that helpfully told me that the problem was I didn’t unsubscribe correctly.
As you know, there are usually two unsubscribe options in many of the bulk senders emails. Are you unsubscribing from the global or the offer unsub? Unless you are unsubscribing from both, you will still be on the lists.
To address the underlying question, I did unsubscribe from both links for those very few mails in my mailbox that had double unsubscribe links. I know that some spammers use multiple unsubscribe links in their emails. We routinely recommend clients not use 3rd party mailers with double unsubscribes because it’s a clear sign the 3rd party mailer is a spammer.
Given the presence of double unsubscribes I generally assume the point is to confuse recipients. By having multiple unsubscribe links the spammers can ignore unsubscribe requests with the excuse that “you unsubscribed from the wrong link.” Plausible deniability at its finest. The best part for the spammer is that it doesn’t matter which unsubscribe link the recipient picks, it will always be the Wrong One.
I’ve been dealing with spam since the late 90s, and have been professionally consulting on delivery for over 14 years. If I can’t figure out what link to use to unsubscribe, how is anyone supposed to figure out how to make mail stop?
In some cases, the unsubscribe links admitted that the address I was trying to unsubscribe was already removed from the list. They helpfully refused to let me unsubscribe again through their form. But they offered a second way to unsubscribe.
UnsubThumb
The address I was unsubscribing was the same one I was unsubscribing. Some of the emails even helpfully told me “this email was sent to trapaddress@” which is the address in the above screenshot.
I’m sure my friend will come back and comment with “why didn’t you unsubscribe by forwarding the email?” Because I was spending enough time unsubscribing as it was, and I didn’t want to have to try and navigate yet another unsubscribe process. I knew they weren’t going to stop mailing me, no matter what hoops I jumped through.
I’m not saying that all unsubscribe processes are broken, there are millions and millions of emails sent every day with simple and effective unsubscribe links. What I am saying is that there is a lot of mail getting to inboxes that users never requested nor wanted. “Just unsubscribing” from this mail Does Not Work. It just keeps coming and coming and coming.
But of course, the mail still coming is my fault, as I was unable to correctly unsubscribe. 53635233

Read More

Yes, spam is actually still a problem

I hear a lot of people claim that spam isn’t really a problem any more. That filters are so good that the average user doesn’t see a lot of spam and if they do get “legitimate” mail that they can just opt out.
These are great sounding arguments, the problem is that those arguments aren’t always true.
There is an address I stopped using for commercial mail around 1997 and all mail around 2002. It still gets hundreds of emails a month.
Those hundreds of emails a month are despite the fact that the address is behind commercial spam filters. It’s been on “flamers lists.” It’s on the “do not mail” list that came with the “Millions CD.”
In addition, I am very open with clients (and their affiliates) that this is a “spam trap” address. I’ve handed it out to dozens and dozens of companies over the years describing it as my spam trap address.
In November 2013, I unsubscribed from every single email received at that account – at least those that had unsubscribe links.
What does the mail volume look like now?
MonthlySpamCounts_Smallpng
If anything unsubscribing made the volume problems worse. In the best case it lowered the volume briefly to something approaching 10 emails a day.
There are currently over 500 messages I’ve received so far in August. These are messages advertising companies like Laura Ashley, MetLife, Military.com, Quibids, Walk In Tubs, Sainsbury’s, Bloomburg, Fidelity, Oral B, Lasix Vision Institute, Virgin Broadband, ClickNLoan, Timeshares, iMotors, Walmart, oil changes, Experian, Credit monitoring, Life insurance, ADT, CHW Home Warranty, Health Plans of America, Bosley Hair Solutions, Jillian Michaels Online, restaurant coupons, credit cards, SBA loans, and that’s before we get to the Garcinia cambogia, herbal viagra and clearly fraudulent stuff.
This account, that hasn’t been subscribed to anything in more than 10 years is getting hundreds of unasked for emails a month, even with the benefit of commercial filters. It appears to be being sold or traded in multiple countries (Laura Ashley, Virgin Broadband and Sainsbury’s are all in the UK). I don’t want this mail. I have tried to stop getting this mail.
Yes, spam is still a problem.

Read More