• beckerist@lemmy.world
      link
      fedilink
      English
      arrow-up
      181
      arrow-down
      1
      ·
      edit-2
      11 months ago

      I’ve been wondering this myself so I just went ahead and read the FCCs CAN-SPAM business compliance guide.

      This is 100% a violation. As per section 7:

      You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request

      OP could probably threaten a lawsuit and their practices will change quickly. That’s assuming the company does business in the US…

      edit: just realized this is stubhub. this smells like a lawsuit waiting to happen

      • Monument@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        103
        ·
        11 months ago

        There you have it.

        When I’ve been in OP’s situation, I filed a complaint with the FCC, performed a whois lookup on their site to send emails to the abuse/spam emails of their DNS registrar and host and inspected the email headers to email their email provider’s abuse/spam account(s). I’ve not yet had cause to reach out to my attorney general’s office when I’ve had a company violate CAN-SPAM, but it’s an option.
        I also make sure each company knows there’s a pending CAN-SPAM complaint. I keep it convivial, but serious. “Hey, just letting you know that one of your clients is violating your terms of service and the law! A complaint has already been lodged with the FCC. Toodeloo!”
        That bit of knowledge tends to shift the interpretation of your complaint from “annoyed nerd” to “someone politely informing you that you’re going to get skull fucked by the long dick of the law if you don’t fix this ASAP”

        It may sound sort of excessive, but I’m a bit of a consumer rights absolutist.

          • Monument@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            22
            ·
            11 months ago

            I’m currently fairly ill (likely RSV, if the expired COVID tests are to be believed) and this is day 6 of moderate to severe insomnia.

            A state of semi-delirium must be a good look for me, because I have received more complements on my writing in the last 3 days than I have in the last several years.

        • dan@upvote.au
          link
          fedilink
          English
          arrow-up
          3
          ·
          11 months ago

          The registrar can’t really do anything, and the service they use to receive email (what you’d see in the DNS MX record) is often totally different to the service used to send marketing emails. You’d need to look at the Received headers of the email to figure out where it was sent from. For example, a lot of companies use Office 365 or G Suite for corporate emails, but something like Mailchimp or ConstantContact for marketing emails.

          • Monument@lemmy.sdf.org
            link
            fedilink
            English
            arrow-up
            3
            ·
            11 months ago

            So, here’s my reasoning -

            Inspecting the headers will let you see where the email came from - if it came from MailChimp, then you email the MailChimp abuse folks, who can apply their abuse policies. And the DNS registrar has the keys to the kingdom. Many registrars have terms of service that forbid using their service for spamming. That ought to include emails associated with the domain, no?

            In the end, there’s a high likelihood of no real action being taken (not without a volume of complaints), but if the righteous wrath feels righteous, do its outcomes have to be righteous?

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        This is also why companies include their mailing address in the footer of emails - it’s one of the other requirements.

        • seang96@spgrn.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          11 months ago

          I’d say no since it is how pages are loaded and those likely interpreting the law including the user see a visual page change / transition it it would be considered another page since they’d likely not understand what SPA is.

      • guacupado@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        You must honor a recipient’s opt-out request within 10 business days.

        Oh, this explain why they say “may take up to 10 business days.” Why do they have two weeks to remove a name when it can be done near-instantly? It’s not like a person is manually removing every single name that opts out.