Tuesday, 4 November 2014

I am a scammer?

This is a call recording of a call made by someone in response to my standard email offering to settle for junk mailing me...

Recording (wavMP3) - several seconds of silence at start of recording, sorry... Unedited.

This guy is adamant that I am a scammer, that it is "all over the internet" and that he is going to tell 400 people (as well as Simon, who he is calling) that I am a scammer. Maybe I now have a case for defamation too?

So, a bit of background...
  • I, as a private individual, have a number of private email addresses, including one from my mate Simon that owns titanic.co.uk. I pay his company (albeit only £1) for that email address and service as an individual. His company provides communications services to the public, including me. So that means, for that email address, I meet all the rules to make me an "individual subscriber" under the PECR.
  • Sending an unsolicited commercial email to that address is a breach of the regulations, and those regulations allow me to claim damages when someone does that (i.e. to sue).
  • When I get emails I send a standard response. It is actually a full "notice before action" quoting the details of the breach, referencing the regulations, and the part that says I can claim, and so on. It meets all the rules for such a notice. I have pursued several cases but none to a hearing yet (i.e. people settle).
  • The civil procedure pre-action conduct rules for court cases say that I should try and resolve the matter without court, and one such option is discussion and negotiation. So my email offers that, and suggests a starting point for a settlement to resolve this without court. I suggest £200 as a start for negotiation. I based that on googling similar cases.
  • So offering to settle for a fee is not a scam, or extortion - it is what I am required to negotiate before proceeding to the court claim. I am not a scammer, I am a victim!
Now, the big issue with these regulations is the level of damages - what damages can one junk email cause. Clearly hundreds of junk emails are damaging but what is one? Well, considering it I know they wind me up - I have gone in to work after a junk email and ended up wasting time of not just myself by colleagues because of a junk email, especially when the sender has the audacity to reply trying to justify their spam! This is time wasted when I could be working, and when colleagues should be working, so costing the company money. However, it is my company, so that costs me! If I delay a feature on the new FireBrick code a day that could lose a £10,000 sale. There is also the very real risk of junk emails cluttering my inbox such that I miss, and accidentally delete, a real email. That happens! That can also cost me, or the company (and so me). So £200 is not an unreasonable proposal for costs for one email on balance, I think.

What we need is the regulations to change, for junk emails and junk calls, in section 30, to have something like "Where the amount claimed is £50, or less, the claimant does not have to justify the amount claimed, only that they are a party inconvenienced by the breach". That would simplify the matter massively and allow a lot of claims for junk emails and junk calls. The courts would not be flooded by these as all cases would be settled out of court because the case is so clear cut.

There is a consultation on junk calls now, the same regulations. Please reply and suggest this simple change.

P.S. by popular demand, this is the current wording of my email:-


You have transmitted, or instigated the transmission of, an unsolicited communication for the purpose of direct marketing by means of electronic mail to an individual subscriber contrary to section 22 of The Privacy and Electronic Communications (EC Directive) Regulations 2003.

I, as the recipient and individual subscriber, have never given you consent to send me unsolicited marketing emails and I have never provided my email address to you as part of a negotiations or sale by you to me in the past.

Although I am not in a position to offer you legal advice, this is clearly a criminal offence. The Information Commissioner's Office have clearly stated "I would confirm that your understanding of Regulation 22 is correct; that is, if a company sends an unsolicited marketing email to an individual subscriber without their prior consent and/or without satisfying the conditions of the soft opt-in, then they will be breaching the Privacy and Electronic Communications Regulations"

There is a defence for having taken all reasonable steps to comply, but as you have no way to know that any target email address is that of an individual subscriber, the only step you could have taken is not to send unsolicited marketing emails at all.

For the avoidance of doubt here - this is not a Data Protection Act issue, or one where you have the option of relying on an "unsubscribe" link - sending just one email, as you have, is a breach of the regulations.

Section 30 of the regulations permit me to take civil action to recover damages suffered as a result of your breach of the regulations. It is difficult to access damages exactly but your email has used resources on my computers and my Internet connection, wasted some of my time, causes distress and annoyance which has interrupted my chain of thought and concentration, and so disrupted s/w development work I am doing. Looking in to similar cases for such damages it is clear that claims range from £270 to £750. In this instance I feel that a mere £200 would constitute a reasonable level of damages for the hassle you have caused me by your breach of the regulations.

In accordance with section 8.2(1) of the Pre-Action Conduct Directions of the Civil Procedure Rules, I would like you to consider Alternative Dispute Resolution to this matter by means of discussion and negotiation. I therefore invite your comments and any offer of settlement or other negotiation.

However, if I do not receive a reply within 14 days I reserve my right to issue a claim on the small claims track of the county court without further notice.

Should this matter go to court I will rely on the email you have sent and associated headers, whois data and other resources identifying the sender. If you believe you have evidence that shows I did give consent to the sending of this unsolicited email I ask that you forward this to me by reply.

I look forward to your prompt reply.

-- Name&address


  1. I found the call alarming at first then menacing as the chap accused me of being "in on it". I believe that these are offences under the Telecommunications Act. He deliberately withheld his identity and I am not sure what he was trying to achieve.

    1. If the call was of a menacing nature, take a look at the (generally disliked) s127 Communications Act 2003. It talks in terms of "sending a message", but might cover voice telephony too.

  2. Rev, Just wondering, which were the cases that had the damages amounts? I'd like to start suing a few spammers myself and ideally would like to throw case names about...

    1. I googled for such cases and saw a couple.

  3. Nice letter. A few nits to pick though if I may...

    In the 2nd paragraph the word "unsolicited" is unnecessary, indeed it it is probably impossible to consent to unsolicited email as the act of consent would make the email solicited.

    In the 4th paragraph you should make it clear you are referring to use of 3rd party bulk email lists. If the sender were using a private list (say a sales database) but a email address got there by mistake it is likely he could claim due diligence (IANAL etc) and, however unlikely, you can't be 100% certain this isn't the case.

    Also I would spell out software in full rather than s/w and drop the "a mere" before the £200.

    1. Thanks for feedback. I have also had comments that the regulations do not immediately lead to a [criminal] offence - as that is down to DPA changes. Sounds like getting as far as an offence is ignoring ICO after action for breach of regulations. Thankfully none of that stops the civil action under section 30, but I may tone down the "criminal offence" bit too.

    2. I wasn't aware that breaching PECR was ever a criminal offence, just a civil offence. IANAL, but I think "unlawful" is the correct term.

      I send a form email response to British companies that spam me, and I include a DPA subject access request in it too (because I want to know WTF they got my details). To date, very few companies have even responded and unfortunately the ICO informs me that there is next to no way for me to actually force a company to comply with the subject access request - the DPA simply states that I can inform the ICO, but the ICO have said they will not take enforcement action in isolated cases (they will merely write the company a letter reminding them of their obligations - so far no company has actually followed up after the ICO sent them that letter!).

      To me, the most frustrating thing is that my information is being bought and sold against my wishes and there's nothing I can do to find out who's doing it and put a stop to it.

      (As a side note, I also find it pretty bad that a company is allowed to charge to respond to a subject access request - I don't see why I should be required to pay a company who is using my data unlawfully).

  4. Adrian, having listened to the recording, it seems to me that the caller may not regard his original email as spam. Can you provide an overview of the content to put the caller's reaction in context?

    1. Recruitment company selling their services. They bought a list and send emails, which is unsolicited commercial email. They may feel there is nothing wrong with UCE, and it is not unlawful when sent to a non individual email subscriber, but they have no way to know if any email address is that of an individual. Even our published business contact emails are actually those of an individual subscriber (me), and ICO (eventually) agreed that was the case!

    2. 'Bought a list' is meaningless. It's impossible to buy permission to send email to/phone anyone on that list, so what they have is a list, nothing more.

      Unfortunately many of these companies are victims themselves - they believe that if that pay £££ for a list it makes it OK, because the list vendors tell them that. Unfortunately there's no law to go after the people selling the lists.

      That said, if the company sending the email doesn't, when informed of their error, immediately stop doing it, nail 'em to the wall.

  5. FYI, if it is the one I think it is, then it was a recruitment company touting for business.

  6. I may add "This is not a scam and you should take this seriously. If you are unsure, please do take legal advice."

  7. If this "scam" is "all over the Internet", how come Google doesn't bring anything adverse up?

  8. In In the sixth paragraph you should use permits, not permit because Section 30 is a singular noun. Also, at two lines later, "difficult to access damages" should read "difficult to ASSESS damages". I've no doubt that damages are difficult to actually obtain but I don't think that's the meaning you intend in this context.

    1. Thank you - silly mistakes on my part...