• @[email protected]
    link
    fedilink
    English
    182
    edit-2
    11 months ago

    I’ve been wondering this myself so I just went ahead and read the FCCs CAN-SPAM business compliance guide.

    This is 100% a violation. As per section 7:

    You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request

    OP could probably threaten a lawsuit and their practices will change quickly. That’s assuming the company does business in the US…

    edit: just realized this is stubhub. this smells like a lawsuit waiting to happen

    • @[email protected]
      link
      fedilink
      English
      10411 months ago

      There you have it.

      When I’ve been in OP’s situation, I filed a complaint with the FCC, performed a whois lookup on their site to send emails to the abuse/spam emails of their DNS registrar and host and inspected the email headers to email their email provider’s abuse/spam account(s). I’ve not yet had cause to reach out to my attorney general’s office when I’ve had a company violate CAN-SPAM, but it’s an option.
      I also make sure each company knows there’s a pending CAN-SPAM complaint. I keep it convivial, but serious. “Hey, just letting you know that one of your clients is violating your terms of service and the law! A complaint has already been lodged with the FCC. Toodeloo!”
      That bit of knowledge tends to shift the interpretation of your complaint from “annoyed nerd” to “someone politely informing you that you’re going to get skull fucked by the long dick of the law if you don’t fix this ASAP”

      It may sound sort of excessive, but I’m a bit of a consumer rights absolutist.

        • @[email protected]
          link
          fedilink
          English
          2211 months ago

          I’m currently fairly ill (likely RSV, if the expired COVID tests are to be believed) and this is day 6 of moderate to severe insomnia.

          A state of semi-delirium must be a good look for me, because I have received more complements on my writing in the last 3 days than I have in the last several years.

      • @[email protected]
        link
        fedilink
        English
        311 months ago

        The registrar can’t really do anything, and the service they use to receive email (what you’d see in the DNS MX record) is often totally different to the service used to send marketing emails. You’d need to look at the Received headers of the email to figure out where it was sent from. For example, a lot of companies use Office 365 or G Suite for corporate emails, but something like Mailchimp or ConstantContact for marketing emails.

        • @[email protected]
          link
          fedilink
          English
          311 months ago

          So, here’s my reasoning -

          Inspecting the headers will let you see where the email came from - if it came from MailChimp, then you email the MailChimp abuse folks, who can apply their abuse policies. And the DNS registrar has the keys to the kingdom. Many registrars have terms of service that forbid using their service for spamming. That ought to include emails associated with the domain, no?

          In the end, there’s a high likelihood of no real action being taken (not without a volume of complaints), but if the righteous wrath feels righteous, do its outcomes have to be righteous?

      • @ExhibiCat
        link
        English
        211 months ago

        Assuming of course that the FCC is interested in skullfucking small fry. I kinda doubt that.

        • @[email protected]
          link
          fedilink
          English
          111 months ago

          Shh! We’re supposed to ignore that nearly all power is granted by fiat, and the government hardly enforces its duties to the common citizenry. It’s merely the threat of enforcement that keeps people in line.

          • @[email protected]
            link
            fedilink
            English
            211 months ago

            Even your local police on the front lines have no legal obligation to protect and serve individuals. Instead they use their individual judgment and discretion. Good luck with the government itself!

    • @[email protected]
      link
      fedilink
      English
      311 months ago

      You must honor a recipient’s opt-out request within 10 business days.

      Oh, this explain why they say “may take up to 10 business days.” Why do they have two weeks to remove a name when it can be done near-instantly? It’s not like a person is manually removing every single name that opts out.

    • @[email protected]
      link
      fedilink
      English
      311 months ago

      This is also why companies include their mailing address in the footer of emails - it’s one of the other requirements.

      • @[email protected]
        link
        fedilink
        English
        311 months ago

        I’d say no since it is how pages are loaded and those likely interpreting the law including the user see a visual page change / transition it it would be considered another page since they’d likely not understand what SPA is.