Mailing List Archive

Technically not spam
How do people deal with lists that a user subscribed to that require logging in to an account to unsubscribe? I seem to be seeing a lot more complaints from users who cannot get off lists (probably because they didn't realize they were creating an account for getting multiple-mails per day).

Most legitimate mails have a simple unsubscribes list, but many online stores seem to "forget" to do this.

I can't just blacklist the IPs because some people want these emails.


--
Stomach in! Chest out! on your marks! get set! GO! Now, now that
you're free, what are you gonna be? Who are you gonna see? And
where, where will you go, and how will you know you didn't get it
all wrong?
Re: Technically not spam [ In reply to ]
On Friday 29 May 2020 at 17:40:42, @lbutlr wrote:

> How do people deal with lists that a user subscribed to that require
> logging in to an account to unsubscribe?

Well, as you say in your Subject, this isn't spam; it's just email that the
user asked for but has decided they no longer want.

> Most legitimate mails have a simple unsubscribes list, but many online
> stores seem to "forget" to do this.

Surely they do not forget to have a "forgot my password" option, though?

> I can't just blacklist the IPs because some people want these emails.

My opinion is: it's not your (as email admin) problem - it's the user's
problem. They signed up for it; they can sign out of it. If they no longer
know their password, they can use the "forgot password" mechanism to get back
in again, and turn off the emails they no longer want.

Basically, I don't think this is a problem you need to try to solve, because
it's something the users did themselves - it's not like some miscreant has
discovered their email address and is sending stuff they *really* don't want to
see (and is probably sending to several other of your users too) - that you
can block, but this is genuine email which the user signed up for, and is
responsible for signing out of.


Antony.

--
3 logicians walk into a bar. The bartender asks "Do you all want a drink?"
The first logician says "I don't know."
The second logician says "I don't know."
The third logician says "Yes!"

Please reply to the list;
please *don't* CC me.
Re: Technically not spam [ In reply to ]
On 29 May 2020, at 09:51, Antony Stone <Antony.Stone@spamassassin.open.source.it> wrote:
> On Friday 29 May 2020 at 17:40:42, @lbutlr wrote:
>> How do people deal with lists that a user subscribed to that require
>> logging in to an account to unsubscribe?
>
> Well, as you say in your Subject, this isn't spam; it's just email that the
> user asked for but has decided they no longer want.

"Asked for" may be a bit strong.

>> Most legitimate mails have a simple unsubscribes list, but many online
>> stores seem to "forget" to do this.
>
> Surely they do not forget to have a "forgot my password" option, though?

Probably not, but the user doesn't care, just wants the mail gone and to stop showing up. Telling them to go to the site, jump through password recovery hoop and then unsubscribe (which on some sites is quite difficult, as you will be signed up for 5 or 6 different mailings, each of which you have to seek out individually) is … well, not going to work with many users, especially the less technical.

>> I can't just blacklist the IPs because some people want these emails.
>
> My opinion is: it's not your (as email admin) problem - it's the user's
> problem. They signed up for it; they can sign out of it. If they no longer
> know their password, they can use the "forgot password" mechanism to get back
> in again, and turn off the emails they no longer want.

That may work in a corporate environment where the users can't really get mad at you for not fixing it.

> Basically, I don't think this is a problem you need to try to solve, because
> it's something the users did themselves - it's not like some miscreant has
> discovered their email address and is sending stuff they *really* don't want to
> see (and is probably sending to several other of your users too) - that you
> can block, but this is genuine email which the user signed up for, and is
> responsible for signing out of.

Well, "genuine" and "signed up" are *technically* correct, but in many cases only technically. "We will snd you emails about your order and future orders" seems like something you want, until you get 4 or 5 emails a day every day from them, exactly one of which was about your order.



--
'Can't argue with the truth, sir.' 'In my experience, Vimes, you can
argue with anything.'
Re: Technically not spam [ In reply to ]
> Probably not, but the user doesn't care, just wants the mail gone and to stop showing up. Telling them to go to the site, jump through password recovery hoop and then unsubscribe (which on some sites is quite difficult, as you will be signed up for 5 or 6 different mailings, each of which you have to seek out individually) is … well, not going to work with many users, especially the less technical.

Not to mention that it is a violation of Federal law. Federal law requires a "one-step" unsubscribe method.

Anne

--
Anne P. Mitchell, Esq.
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)
Re: Technically not spam [ In reply to ]
On 29 May 2020, at 10:16, Anne P. Mitchell, Esq. <amitchell@isipp.com> wrote:
>> Probably not, but the user doesn't care, just wants the mail gone and to stop showing up. Telling them to go to the site, jump through password recovery hoop and then unsubscribe (which on some sites is quite difficult, as you will be signed up for 5 or 6 different mailings, each of which you have to seek out individually) is … well, not going to work with many users, especially the less technical.
>
> Not to mention that it is a violation of Federal law. Federal law requires a "one-step" unsubscribe method.

Really? Does it specific that the user dodoesn’t have to be logged in to the site?

Do you have the law handy, I'd like to add it to some boilerplate.



--
"The person, be it gentleman or lady, who has not pleasure in a good
novel, must be intolerably stupid".
Re: Technically not spam [ In reply to ]
> Really? Does it specific that the user dodoesn’t have to be logged in to the site?
>
> Do you have the law handy, I'd like to add it to some boilerplate.

It was part of the FTC's 2008 update to CAN-SPAM, using their rulemaking authority, so it's not directly in the text of the original CAN-SPAM (which was brought online in 2003). What the FTC said in that update in 2008 is:

"an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender."

It's this:

"or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender"

that creates the one-step rule.

Having to visit a page, and then enter a password, and then opt-out is 3 steps.

The somewhat plain English explanation of this and the other new 2008 rules/clarifications is here:

https://www.ftc.gov/news-events/press-releases/2008/05/ftc-approves-new-rule-provision-under-can-spam-act

The more in-depth version is here:

https://www.ftc.gov/sites/default/files/documents/federal_register_notices/definitions-and-implementation-under-can-spam-act-16-cfr-part-316/080521canspamact.pdf

Anne

--
Anne P. Mitchell, Esq.
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)
RE: Technically not spam [ In reply to ]
@lbutlr wrote:
> How do people deal with lists that a user subscribed to that require
> logging in to an account to unsubscribe? I seem to be seeing a lot
> more complaints from users who cannot get off lists (probably because
> they didn't realize they were creating an account for getting
> multiple-mails per day).
>
> Most legitimate mails have a simple unsubscribes list, but many
> online stores seem to "forget" to do this.
>
> I can't just blacklist the IPs because some people want these emails.

You don't mention your MTA but I have to believe all have the ability to
handle a from->to blacklist. I know that if you use MailScanner it can also
be done there, if you use MailWatch For MailScanner it can be done there by
the user themselves.

Our users can login to their accounts and add an email address to their
personal blacklist so everyone can receive emails from a particular address
except them. Where and how you inject this into the delivery would depend on
the MTA or backend you are using.
Re: Technically not spam [ In reply to ]
On 2020-05-29 17:40, @lbutlr wrote:

> I can't just blacklist the IPs because some people want these emails.

http://squirrelmail.org/ have support for list-* headers

round-cube and others web-mail missing it, oh dear is software from 2011
still stable ?
Re: Technically not spam [ In reply to ]
Personally,


I mark and categorize them as SPAM, IF they do not have 1-2 clicks unsubscribing. Then they are spam.
99% of the times these are senders who opt you in automatically to few lists without double opt-in whilst never giving you a choice of what to ask for, or even when they do, they do not abide by it. If they are not decent enough to at least let you get off their spam list with a 1-2 clicks, I'm gonna mark write rules against them, teach spamassassin and for some persistent ones, I'll even report them.

(Most of Google Groups, Twitter and Facebook emails go to the same category coincidentally because even if the mail addresses do not exist, you can not get out of the list and can't report address as fake)




--
M. Omer GOLGELI


May 29, 2020 6:40 PM, "@lbutlr" <kremels@kreme.com> wrote:

> How do people deal with lists that a user subscribed to that require logging in to an account to
> unsubscribe? I seem to be seeing a lot more complaints from users who cannot get off lists
> (probably because they didn't realize they were creating an account for getting multiple-mails per
> day).
>
> Most legitimate mails have a simple unsubscribes list, but many online stores seem to "forget" to
> do this.
>
> I can't just blacklist the IPs because some people want these emails.
>
> --
> Stomach in! Chest out! on your marks! get set! GO! Now, now that
> you're free, what are you gonna be? Who are you gonna see? And
> where, where will you go, and how will you know you didn't get it
> all wrong?
Re: Technically not spam [ In reply to ]
On 29 May 2020, at 10:57, Anne P. Mitchell, Esq. <amitchell@isipp.com> wrote:
> "an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender."
>
> It's this:
>
> "or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender"

Thank you!


--
"Are you pondering what I'm pondering?"
"I think so, Brain, but don't you need a swimming pool to play Marco
Polo?"
Re: Technically not spam [ In reply to ]
On 29 May 2020, at 11:11, Benny Pedersen <me@junc.eu> wrote:
> On 2020-05-29 17:40, @lbutlr wrote:
>
>> I can't just blacklist the IPs because some people want these emails.
>
> http://squirrelmail.org/ have support for list-* headers

They generally do not have list headers, of course. At least not List-unsubscribe. Most of them pretend they are not mailing lists at all, as is the case with nearly all marketing email.

> round-cube and others web-mail missing it,

Roundcube has plugins that support list headers (Roundcube has plugins for most things). I believe Horde does as well, but I am less sure there.

> oh dear is software from 2011 still stable ?

Squirrelmail is not supported and I would definitely not recommend anyone run it, especially since you have to run a version of PHP that hasn’t been supported in 4 years and has known exploits that will never be fixed.



--
'I think, if you want thousands, you've got to fight for one.'
Re: Technically not spam [ In reply to ]
"@lbutlr" <kremels@kreme.com> writes:

> Squirrelmail is not supported and I would definitely not recommend
> anyone run it, especially since you have to run a version of PHP that
> hasn’t been supported in 4 years and has known exploits that will
> never be fixed.

I don't want to disagree with you, because I agree... except to point
out that the statement about old PHP being required is not true, you can
run squirrelmail with php7.3.

--
micah
Re: Technically not spam [ In reply to ]
On 31 May 2020, at 06:53, micah anderson <micah@riseup.net> wrote:
> "@lbutlr" <kremels@kreme.com> writes:
>
>> Squirrelmail is not supported and I would definitely not recommend
>> anyone run it, especially since you have to run a version of PHP that
>> hasn’t been supported in 4 years and has known exploits that will
>> never be fixed.
>
> I don't want to disagree with you, because I agree... except to point
> out that the statement about old PHP being required is not true, you can
> run squirrelmail with php7.3.

Good to know (I guess?) the last update note I saw for Squirrelmail was to make it work with PHP 5.5 back in 2013. Is there a fork somewhere or does it just work with PHP 7.3. And does that include 7.2?


--
"Are you pondering what I'm pondering?"
"Well, I think so, Brain, but snort no, no, it's too stupid!"
Re: Technically not spam [ In reply to ]
On May 31, 2020, at 3:35 PM, @lbutlr <kremels@kreme.com> wrote:
>
> Good to know (I guess?) the last update note I saw for Squirrelmail was to make it work with PHP 5.5 back in 2013. Is there a fork somewhere or does it just work with PHP 7.3. And does that include 7.2?

The SVN version (1.4.23+) supports PHP 7 and has a number of bug fixes. EPEL 7's squirrelmail rpm was recently updated to 1.4.23-svn, and works fine on my CentOS 7 install. I think EPEL 8 was also updated, not sure about EPEL 6.

Cheers.

--- Amir