But I have been chatting with other ISPs and we are really seeing an increase in this new type of spam.
- From UK companies
- HTML emails
- Well formed enough to pass spam assassin
- Sent to somewhat silly and often made up email targets (one ISP said they seemed to be trying whole dictionaries)
- Showing company name, company address, company number, even VAT number, making it easy to action.
- Including an unsubscribe link
We have had replies suggesting senders believe they meet ICO guidelines and are complying with Data Protection Act rules by having an unsubscribe link. So what?
None of this addresses the Privacy an Electronic Communications Regulations issues that we are trying to tackle. I don't think I am going mad here, read the regs yourself. The regs are pretty clear, you cannot send unsolicited marketing emails to an individual subscriber unless the recipient has consented to you sending or the email address was obtained from a sale or negotiation to the recipient by the sender and it is email about related products and where there was an unused opt out at that time and each subsequent time.
I know that is long winded, but key things from that are:-
- The recipient has to have notified the sender of consent. If I notified company A of consent, and company A sells to company B, and company B sends email to me then that is not valid as I have not notified that sender (company B) of my consent.
- Even if company A got the email via sale or negotiation with me and gave me an opt out which I did not use, as sold to company B, that is not valid as company B did not obtain by sale or negotiation with the recipient.
The ICO need to make this clear on their web site and tell spammers that it is illegal.
I have had two key issues with trying to get money out of spammers:-
- It has to be an individual subscriber. It turns out that I am the individual paying A&A for the email services on all of the A&A domains, so even for "company emails" I am the individual subscriber, and for many I am the recipient of the email. So that is sorted. However, I have many emails to mad- up email addresses at some of my .me.uk domains. This is very clearly an individual subscriber with no doubt. Even the domain has to be registered to an individual. So I'll probably try action for these emails first.
- How to asses the damages. This is where I am getting creative by arranging that A&A will pay the subscriber (me) £50 compensation for a spam getting passed the filters. That means A&A have suffered a clear and demonstrable loss as a result of the breach of the regulations. Section 30 says: "A person who suffers damage by reason of any contravention of any of the requirements of these Regulations by any other person shall be entitled to bring proceedings for compensation from that other person for that damage". It does not require that the person suffering damages be the recipient, so A&A can then sue for the £50 damages. Worth a try.