FTC announces "click-to-cancel" rule making it easier to cancel subscriptions

There really seems to be no loophole or workaround despite there being huge incentive for there to be one. Every time I click an “Unsubscribe” link in an email (it seems like they’re forced to say “Unsubscribe” and not use weasel words to hide the link) I’m either immediately unsubscribed from the person who sent me the email, or I’m taken to a page which seemingly MUST have a “remove me from all emails” option.

The level of compliance (and they can’t even do malicious compliance!) with this is absurd. If these new rules work anything like that, they’ll be awesome. Clearly regulating behavior like this is indeed possible.

There are now email unsubscribe services, but they don't really work either: https://www.nytimes.com/wirecutter/reviews/best-email-unsubs...

CAN-SPAM specifies that the link must be clearly marked and suggests using CSS to do so, but the link is still always going to be at the bottom of the email in the smallest font used. It only matters for those of us who know to look for it; many people just have to live with the spam because they don't know it's easy to unsubscribe.

Sometimes it's not even going to be underlined or distinguished at all (that may be a violation actually but I'm not going to take them to court over it).

There's other dark patterns too, like certain unsubscribe pages requiring you to type/paste your email in to actually complete the process. That is 100% intentional friction, like github making you type the name of a repo into the deletion form. It should also be illegal for unsubscribing.

The trouble is they're endlessly creative about the lists they put you on. I'd get one email from "Alumni Connections" and then another from "Faculty Spotlight" and then another from "Global Outreach" and then another from "Event Invitations, 2023 series". I'm making those names up because I forget exactly what they were called, but you get the idea. I hope this was in violation of the regulation: surely you can't invent a new mailing list that didn't used to exist, add me to it, and require me to unsubscribe from it individually.

They finally stopped after I sent them an angry email.

Also most clients provide an unsubscribe button at the top too.

If I catch any of these email lists not respecting my unsubscribing, I immediately mark them as "spam".

Gmail then doesn't send them to my inbox anymore. I don't think just one person marking them as spam hurts them, but at least I feel gratified and my ego is satisfied.

During the ~20 years that my predecessor in my current job worked in it, it gradually evolved from being primarily a hardware position with a little software development to primarily a software position with a little hardware building. My moderate expertise with electronic hardware helped get me the job, but then I basically never had to use it in the ~15 years I've been here.

I still get multiple emails from Electronic Design daily. No amount of attempting to unsubscribe stops them. I've blocked multiple sending email addresses; they rotate them fairly frequently.

It's possible I could report them for this (I haven't researched it), but since I think my spam filter has missed maybe 1-2 emails in all that time, it tends not to be worth it.

The sheer number of comments that think the state of "unsubscribe" is good is... saddening. I should not have to click a link to "unsubscribe" from something that I did not subscribe to. There's no recourse for me against these thieves.

Ahh yes, the feel-good response that Google gives you without doing anything substantial to prevent spam from reaching you in the future.

That other problems also exist doesn't mean this solution for this thing isn't good.

The loophole is that companies now claim that the email is 'service' related as part of your 'account relationship' so you cannot unsubscribe at all, even though it clearly is for marketing and promotion.

Imo it should be a single header that points to a url that accepts a post payload. Email clients could then surface the link

Anyway, email delivery is regulated by Microsoft and Google.

The FAQ confirms this is the correct place to report email spam https://reportfraud.ftc.gov/faq

Most, if not all, political junk email also ends up in my spam folder after judicious use of the spam button a few years ago.

What is your experience?

No, people should be able to email me as they would normally.

I should be able to block senders, or entire domains. To use a direct example: if I decide that substack is shit because they subscribe people without consent (which is exactly true), then I should be able to block all things from substack and not just a single email address from the domain.

If the spammer is operating within the continental US (or any other country with a reasonable court system), then the spammer should be legally and monetarily liable for the time and money wasted. Everything from the second it takes my server to receive the message, to the second it takes to transmit to my email client, to the multiple seconds it takes me to read the headline and/or body, and the time it takes to press the block button -- the energy costs, the hardware cost, the bandwidth cost, my own time's cost, and the cost of lost confidence in the safety of the internet (just as a thief in your home makes you lose confidence in the safety of your neighborhood) -- all of it should be legally and monetarily liable.

So when that shit substack email puts on a SendGrid or Mailchimp facade, or goes through some Cloudflare or CloudFront or whatever CDN, those "businesses" also get blocked and sued into oblivion because fuck any "business" that doesn't want to own the relationship with their customer, and fuck any "business" whose customer is not the person they're emailing.

So... you want to send me an email? Cool! I hope you will agree that it's legitimate *and wanted*. Because if it's not then I should be able to take you, or your business, to court for wasting my time (and time is money) -- and win on that ground alone.

tl;dr:

Why do I have such a stark view on this, many might ask?

Well let me put it simply: "legitimate" spam is indistinguishable from targeted phishing. So that "unsubscribe" link that people so proudly claim is a great solution? Clicking it does not improve the spam situation and does increase vulnerability to malicious actors. I'm not going to click on that because it doesn't go anywhere that I recognize and can verify. That "unsubscribe" link is worse than a real solution because it's only theatre.

You might want to start by addressing physical mail, or advertising billboards, if you want to radically overhaul some of the fundamentals of society.

Reporting spam does not block the email from being received by my client -- it only blocks the mail from being seen in the inbox, but it still shows up in the spam box.

I don't send mail that gets reported as spam in the first place. Or, if it does, then I haven't been meaningfully affected because I can still send and receive the email I want to.

It's on my todo list. The amount of incessant spam, that's legally protected by the USPS, is astonishing.

I've had numerous "businesses" that I've reported spam end up back in my gmail inbox after years.

I've stopped using gmail because of it not iterating on spam blocking capabilities.

I look at that email once a week for the false positives. Huge QoL increase.

Even now the CAN-SPAM act feels outdated -- I do like the unsubscribe button, but I would like to see email verification made explicitly required. That in order to start emailing you, you need to send an initial engagement email saying that the organization wants to start emailing you, and requiring you to actively opt-in to emails rather than just start sending them.

This would both cut down on marketing spam as well as mistaken email addresses. Most reputable websites do email verification where you have to enter a code or click on a link, but I have a surprising number of emails that get sent to me even though I am not the person the emails were aimed at.

Despite the requirement for a link in the email, of course they're going to put it at the bottom, using a smaller font, often with a font color that's closer to the background color. This is garbage. Instead we should have a standard for an email header that specifies how to unsubscribe, so that email clients can present their own unsubscribe button in a conspicuous place, and then unsubscribe the recipient without any extra interaction required. And if these links fail to work too many times, the email provider can use this as a signal to stop accepting mail from that sender entirely. (And we do have this standard header! It's called List-Unsubscribe-Post.)

But this still doesn't really go far enough. I want a full ban on sending me unsolicited marketing emails. Signing up for an account somewhere should not mean they're allowed to send me marketing emails, and any checkboxes authorizing that along the way should be initially unchecked. And they shouldn't be able to dark-pattern me into checking them by making it look like a required consent type checkbox.

Absent that, any entity that wants to market to me should have to send me an initial email confirming that I indeed want to receive their marketing emails. If I do not reply, that's considered lack of consent, and then they should not be able to try again, at all, forever.

> I don't send mail that gets reported as spam in the first place.

I ran a newsletter where people had to opt in to receiving it. It was announce news for a video game. You only ended up on this list if you entered your email, clicked join list, and then clicked the link in the email we sent to you to confirm subscription. We had a big unsubscribe button at the very top of the email. We still regularly got people who hit report spam on us, presumably as a way of saying g they didn’t want the email anymore.

The state of Unsubscribe is better than what it was before the laws around it went into effect, but it doesn't go far enough.

If someone, say, signs up for an account on your website and opts-in to marketing emails, then sure, you can send them marketing emails.

If you have no relationship with someone, or they haven't opted in, no, you should never send them even a single marketing email.

it's not me, it's you. Screw you if you send me mail I don't want!

Most emails I get aren't long enough to scroll anyway. Companies generally know people aren't going to read more than maybe a sentence in a given email. I can get to most unsubscribe buttons without even scrolling. If I do scroll, it's like 3 scroll wheel notches.

Equifax abuses this to the extreme, with every single change to your credit usage triggering an “account related” alert. But you still need to allow them for that one time they actually send a useful alert.

If there is no regulation, the government is at fault

If regulation doesn’t work, government is at fault

And if it works, they still don’t get the credit

The FTC's establishing laws make "unfair or deceptive acts or practices in or affecting commerce" unlawful and give them power to regulate that. It doesn't seem to be straining at the limits of remit to rule that making it hard for people to end a subscription is unfair/deceptive.

E.g. $0.001 per email, paid to the recipient

Insignificant at personal scale, but a deterrent to sending low-value emails at mass scale, and double-painful when an unbalanced flow (i.e. a spammer who receives no organic email coming in)

I've seen how the campaigns pass around email addresses without consent. (Mostly from ActBlue) So I'm concerned about validating an email address via unsubscribe.

I've reported this to abuse at sendgrid, and now sparkpostmail. They're shopping for email services.

Proof of org spamming:

Authentication-Results: mx.google.com; dkim=pass header.i=@e.kamalaharris.com header.s=ak01 header.b=kJamWIyP; spf=pass (google.com: domain of bounces@bounces.e.kamalaharris.com designates 168.203.32.245 as permitted sender) smtp.mailfrom=bounces@bounces.e.kamalaharris.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=e.kamalaharris.com

There's technical workarounds, too. Like unique emails for each and every service.

Meanwhile he gets a text asking for a blood donation more or less every week.

Now, actually important emails about my order or account, those I have no problem with.

What is the specific nature of the "deception" -- what claim was made, and how is it not being honored?

Don't get me wrong -- I've been bit by this and I hate it and I think Lina Khan has done wonders for antitrust enforcement and I wish that she would take it even further, but the proper body to address this is Congress, through legislation rather than regulation.

Throw something in the cart at a random website? Now you're on their mailing list and get reminders to finish checking out. Doesn't matter that you never consented. I don't know how this isn't a violate of the CAN-SPAM act

The key insight here was making it expensive for spammers, but cheap for everyone else.

An elegant weapon of a more civilized age (the early internet): if they're pushy in requiring one -- just lie.

I instead used GDPR to request a removal of all my data. That worked.

This would pair nicely with a progressive fine structure based on the income/assets of the offender that grows exponentially after every offense.

> Because you're a valued Vanguard client, we thought you'd be interested in this information. If you prefer not to receive emails of this type, simply email us. Please do not reply to this message to opt out.

> The material in this message is promotional in nature.

No unsubscribe link.

I would get two or three emails a month from them, and I would click unsubscribe every time. The emails would continue. Finally, in 2018, I got the "We're sorry to see you go" unsubscribe confirmation email.

Then about three months ago, I started getting emails from the Rensselaer Office of Annual Giving. But this time it was to my work email, not my personal email. How would they get my work email address?

I have no idea how this happened, but I suspect universities play fast and loose with their mailing lists for exactly the reason you said. It's obnoxious.

Then you hovering over topics you might be interested before unsubscribng gives away preferences.

They're probably expecting their email provider to take that info and use it somewhere upstream of their own individual account. Which, as you've pointed out, does happen.

Maybe they don't believe that it happens often enough or something, but the thresholds do need to be reasonably high since, as you pointed out, some people hit the button whether it's justified or not. If the threshold for email provider action was too low, you'd end up not being able to send to anyone with Gmail because one guy forgot he signed up to a list (or signed up and immediately reported it as spam to spite the sender).

The person you replied to also sounds like they may be using an offline or third-party email client, though. There's a difference between a "Report Spam" button somewhere your email provider controls, and a "Mark as Spam" button in your third-party email client. I'd assume there's some kind of protocol that could potentially allow third-party clients to report it back to the email provider, but would also assume it may not be as reliable as first-party interfaces.

Later they create another list and you end up subscribed to just that new one, even though the unsubscribe from all option is still selected.

Edit: Another pet peeve is when you click the link to unsubscribe, and they want you to enter your email address. Bonus points are awarded when your email is in the querystring, but they fail to populate it.

Also, as a general rule politicians will carve themselves an exemption to any rules they put on everyone else. For example, CAN SPAM applies to commercial email.

Can spam provides for up to $50k PER EMAIL in civil penalties.

If you make 1 cent or $10 per email, doesn’t matter. It’s no where close to that level of penalty. So you make damn sure you don’t ruin yourself.

Now we just need that kind on text messaging - it’s a Wild West these days

I’ve unsubscribed from at least 3-4 different types of emails from them already.

https://www.nytimes.com/2021/06/26/us/politics/recurring-don...

The general problem is that the government is miserable at drafting things. Even take the regulation you like:

https://www.ftc.gov/business-guidance/resources/can-spam-act...

> "Your message must include your valid physical postal address."

WTF? They can't just pass a simple rule that says you need a working unsubscribe link, they have to include some arduous nonsense that requires small businesses to pay for a PO box so they don't have to publish their home address in every email.

Nobody wants to unsubscribe by postal mail. But decades later the requirement is still there. So then businesses oppose every new rule because the government can't refrain from making them pointlessly onerous.

I've started blocking all of them and sending straight to spam.

Trump and Biden both spammed my physical mailbox with the usual slick mailers, though the Biden campaign had an interesting twist in that I kept getting what appeared to be hand written postcards from people in metro Atlanta where I lived but every single one of those post cards was postmarked San Francisco. I'm giving them the benefit of the doubt and think maybe the postcards were written in bulk by the actual people in the Atlanta area and then sent to some Biden associated organization in SF, who then paid the postage for all the individual postcards to go out.

It's the knowledge that users will mark your messages as junk if there's no easy unsubscribe button.

With the re-centralization of email, reputation score in Outlook/Gmail is critical.

Consequently, where X < Y.

https://www.nytimes.com/2024/02/26/nyregion/redistricting-ma...

https://apnews.com/article/redistricting-california-gerryman...

There is three times as much outside money going to the Democratic candidate for the Presidency as the Republican one:

https://www.opensecrets.org/outside-spending/by_candidate

And I have to disagree with the OP, though, because the only people who obey CAN-SPAM are the people who are generally not actually real spammers.

CAN-SPAM really only helps you get unsubscribed from marketing emails, not actually spam at all. As with all laws, outlaws will ignore them while law-abiding citizens get caught by them. Real spammers don't care and casually flout laws until, finally, they get caught by technological means.

As usual, the regulations are too little, too late, and apply to a completely different group of people than is even named in the title.

Some site I haven't used in 5 years reminding me to login and check out their deals? Sounds like a phishing trap to me.

For Super PACs: again this is from Citizens United which was pushed by Republicans and confirmed by an activist Republican Supreme Court. They own that 100 percent now and forevermore.

Sorry, again I know people want to be "ackshually bothsides" but it doesn't apply here.

To the extent that I see anything other than spam email it’s just because of spam filters not anything regulatory. If you don’t believe me just run an email server with no spam filter.

This regulation might actually be better though because it applies to only services users have given a credit card to. Those services are thus 100% dependent on access to the federal banking system, which can easily be revoked.

Exactly, this is the core of the problem. Thought I am grateful for the "unsubscribe" option... I am putridly disgusted by the humiliation of unsubscribing to something I never subscribed to in the first place. It's just awkward and sleazy all around. Put simply : if a name is to be added to such a list, it shall require the consent of said person a priori, a new consent must be made per each list, with blanket future consent strictly banned, and secondly mass solicitations for consent also banned.

To those of you who live in California, I expect many, I would advise in these cases to invoke the CCPA act i.e. (a) "give me all the data you have on me" (b) "delete all the data you have on me". You need to ask (a) first, then given that, then ask (b). If you imply you want the data deleted, they will just delete it and say "oopsie we can't provide you the data", so it's important to perform this sequential order. If Californians did this at mass scale I would imagine there would be a lot of positive bleedover to other states in limiting this behavior.

Report spam, as a generic feature? It's an okay starting point "as-is" but useless for preventing malicious use and it hasn't meaningfully improved since launch.

Specifically for google: allow users to block whole domains; I can already do that on my own mailserver, why can't I do that on Google's? Then, block mail from foreign countries -- or at least countries that I don't care about; I can block whole ASNs on my mailserver, why can't I on Google's? That then leaves only mail that I can bring legal action to.

Another iteration: when you "unsubscribe", then keep a record of it, and also show the history of emails that you've received from them on a confirmation dialog. Show me anything interesting like purchases, warranties, appointments, etc. When confirmed, keep a record of it. Show me a list of _all_ of the things I've unsubscribed from. If email is still received, automatic report spam and block the domain. Oh, that means that mailing lists must come from the same domain that sales are made on.

Another iteration: a subscription should require a confirmation. Let the email server recognize the confirmation, and block emails whose unsubscribe links aren't in the list of confirmations. That means an unsubscription link should go to the same domain that a subscription was confirmed on.

That's just a few spitballed ideas. Spam reporting functionality is clearly iterable, but it hasn't meaningfully changed for decades. It's still primarily done through opaque "reputation" scores and little else.

I don't want "report spam" which doesn't give me feedback and continues to let spam onto the wire to my client, and isn't powerful enough to use to block bad actors from trivially getting to my inbox. I don't want to be expected to (and trained to) click on unverified links which take me to somewhere I don't recognize, and could take me somewhere malicious. I expect more from the largest email provider(s) in the world.

Can you walk me through the steps? Gmail doesn't let you create a filter which sends to the spam box. There used to be, but it was taken away. I know because I used it a lot.

Even if the feature was still there, it was still received instead of rejected, and it only moves the offending mail to the spam box instead of deleting it.

> There really seems to be no loophole or workaround despite there being huge incentive for there to be one.

My spam folder constantly receiving new messages from political campaigns under new lists and org names begs to disagree. One donation in 2008 and I'm simply trapped in the system with no recourse.

Seems like the rules selectively don't apply to certain classes.

What happens- at scale and I have to believe deliberately- is the “checkout created” event with that flag set to true is considered as “opted-in” by the marketing automation platforms everyone uses, like Klayvio.

Even if you immediately un-check it, un-checking doesn’t trigger an unsubscribe event, since you never submitted the form in the first place.

And because your Shopify session is now shared across stores, your email address gets opted-into marketing just visiting a checkout page.

``` var threads = GmailApp.search("[your search criteria] -is:spam"); for (var iThread = 0; iThread < threads.length; iThread++) { GmailApp.moveThreadToSpam(threads[iThread]); } ```

[0]: https://webapps.stackexchange.com/a/120534

Same with Resend. Start at home before blaming others or screaming at the sky.

Since it’s usually opaque how “mark as spam” and “block” actually works, and since the origin of the mailing lists can be reconfigured any time.. I still feel like I’m endlessly spammed by all the assholes I have to do business with, or else I’m going to miss a bill or a flight.

Exactly! Total scumbags. The way I would frame the feeling for people who don't get it - Imagine coming home from a walk. Your car is gone. Someone left a note on your front door. "Hi, thanks so much for letting me borrow your car! Call me at this number when you want it back!". The manipulative car thief in this example would deny stealing - pointing out they would return the car whenever asked. So you call them and ask for it back, but a bit of your soul dies - to ask for it back is to play along with the ruse that this is what you consented to in the first place. Or at least "would definitely have consented to if available which you weren't". And the loss of control over consent leaves a persistent sense of violation, after all, someone just stole from you and then has the gall to pretend you consented, to your face (or front door).

Perhaps the car borrower-without-permission should have owed up to being a car thief. Perhaps the subscribe-without-permission thieves should own up to being just spammers. The insult of it all is not so much from the random spam, but this manipulative pretend game where we have some spam shitelist LARPing as a reputed newsletter of great public interest - the gall of the spammer to make-believe that you subscribed.

It would all be easily solved if there were civil penalties for it. I'd gladly go after anyone and everyone who pulled this shit as a public service.

Further, often I get the "okay, we'll remove you within 30 days" bs

I had to call them (!) since they didn’t even include an unsubscribe option as I was a customer (!!) and have the CSR delete my email address from their records — because apparently this happens routinely.

Companies routinely break the law in small ways at scale — and they should get the RICO hammer dropped on them for doing so.

California by itself accounts for more than 10% of the electorate and it's not a cherry picked example, it's what generally happens when a state is under one-party control. I provided links for California and New York because they're the two largest blue states by population.

> overrepresention of Republicans

That is what tends to happen in ungerrymandered districts because of the population distribution. Urban areas lean heavily for Democrats whereas suburban areas have a small Republican advantage, so if you draw ordinary natural district boundaries you end up with a smaller number of safe Democratic urban districts and a larger number of tight suburban districts that lean slightly red. To get something else you have to draw meandering lines that try to rope slices of the urban population into the same districts as the suburbs.

And yet, in the last decade no party has had more seats in Congress without getting more of the vote.

> this is from Citizens United

That was just the case that made it to the court, and it was pretty clearly correctly decided. The alternative is the government can prohibit you from distributing political speech because it costs money to do it, which would imply that they could ban all private mass media under the argument that there are some people who can't afford a printing press or a radio tower.

Or worse, tolerate corporate mass media and prohibit anything else, which was effectively the status quo before and the reason you see so much criticism of Citizens United from the legacy media.

Previously if you wanted to convince people of something you had to buy product advertising from a legacy media company to get enough financial leverage to pressure them to emit favorable media coverage, or buy them outright like with Comcast and MSNBC. Now that anyone can buy political advertising directly they have less need to indirectly bribe those media companies anymore and the media companies hate it. Meanwhile the actual effect is that you can now buy a political ad without having enough money to buy the network itself.

As usual, I know it's trendy to say on HN the EU is killing innovation with all the regulations, and there is truth to that, but there is also great customer protection, which seems constantly violated in the US.

So yes, in the US, companies can flourish, but it seems the consumers are second-class citizens compared to companies.

That's why it's nice to have both: eventually, EU regulations leak out to the rest of the world, and the US innovations reach us.

We pay the price by having a weaker economy, they pay the price by having less dignity in their life, but there is eventually balance.

An accountant would just look at that, figure out the click-through rate and plug it in to weigh it up against the CPM/CTR of equivalent advertising.

And you'd lose any "ethical" arguments against spam. You'd unlock a tidal wave of companies who would now feel justified in spamming because they're paying to do so.

Just as companies don't feel ashamed to bleed adverts into every other waking space.

My friend group has mostly moved to texting or other messaging apps. Email is kind of like letters in the 90's..

Quickly going through their own documentation I found out that this is not true: Substack allows you to import CSV subscriber lists without the consent of each subscriber, ostensibly to allow painless migration of old mailing lists. That feature is of course abused, and they did nothing when I reported the abuse, presumably because spammers represent a large part of their business.

What a piece of shit company.

It’s usually not newsletters for me, but small niche companies who sell very specific things and feel a weird urge to have a weekly newsletter. It’s like all they sell is 2 models of guitar capo, but they still feel the need to send me weekly updates on I don’t even know what.

The kind of things where I not only don’t want the emails, but I want to register that I feel I was misled when I signed up.

"Nationally, extreme partisan bias in congressional maps gave Republicans a net 16 to 17 seat advantage for most of last decade. Michigan, North Carolina, and Pennsylvania alone — the three states with the worst gerrymanders in the last redistricting cycle — accounted for 7 to 10 extra Republican seats in the House."

Re: Citizens... I don't even know where to start. Read about the McCain-Feingold Act. It was in place for a decade when Citizens was decided and the only thing it prevented was billionaires and corporations spending unlimited amounts of money on electioneering. (Media companies love it: they get more spending on ads).

Before and after McCain-Feingold media companies by law aren't allowed to refuse any political ad - in fact, they have to offer them a slightly _below commercial market rate_! Weirdly, though, they are responsible for the _factual content_ of any ad they run. Election law is really interesting.

I suspect that people who say this have no experience of European-like systems which work on the basis of regulating things to prevent them from becoming an issue.

A huge part of this is to make sure the regulators have clear guidance and the teeth to enforce regulation. Take, for example, the UK's Health and Hygiene regulator. They have the power to inspect premises and processes and force proprietors to make their ratings visible. In extreme cases, they can shut down an establishment for non-compliance.

Is it 100% perfect? Obviously not, people still get food poisoning or swallow glass in their food. That said, it's not common, and you can easily avoid 1* establishments. If someone isn't displaying their star rating, it's obvious why and you can easily avoid them, too.

This about auto renewal not contracts.

And of course, follow-up mails for abandoned carts are an optional setting too.

Sometimes an innovation needs critical mass to work - social networks for example. LinkedIn famously got big by being extremely aggressive on how they mined your contacts. You'd get sued to the moon and back in the EU for this behaviour.

LinkedIn is big now, it has established itself and no longer needs to be that aggressive. Any European player that tried to enter the market with a less aggressive stance had no chance - they never reached that critical mass.

A major reason for the mass adoption is that most companies use email services because running your own marketing email servers are extremely difficult. And those companies don't allow you to send emails without one to protect their own email servers in addition to following the various laws in different countries. It's easier to get compliance via these larger companies, particularly when it naturally aligns with market incentives.

Regulating a million niche SaaS sites each with an individual custom payments page may be quite a bit harder. But maybe stuff like Stripe will make it easier as a proxy for this regulation.

Now if we could only have the same level of control over the junk mail in our physical mail boxes.

My theory is it started by accident- if you get a notification that says, “this checkout, this email, agrees to marketing: true”, it sure reads like an opt-in, and it used to be reliable. But it’s not anymore, because your email is already attached to the checkout when its created.

“Agrees to Marketing” pre-dates the global Shop session by years, it’s plausibly an ecosystem bug; one with no real motivation to solve until customers start talking (more)

The one great thing about email is that your email provider isn't paid for delivering spam to your inbox unlike the USPS. There's zero incentive for Gmail to deliver anything but legitimate emails from responsible senders whereas the USPS will gladly deliver presorted mail because they've been paid to do so. I kind of wish I could pay USPS to not deliver junk mail.

Some of us consider ALL marketing emails to be "spam", with the sole carve out being if the user consciously and actively opted in.

I have no problem with marketing newsletters existing if people enjoy receiving and reading them. But if you email me without my active solicitation then it's no different than a door to door salesman physically knocking on your door when you don't expect it and don't welcome the interruption.

I will happily concede that legal definitions may differ from my own. But on a personal level, I apply the "Hollywood principle": "Don't call me, I'll call you." If you call me (or email, or knock on my door, or mail me a physical snail-mail letter) and I'm not expecting it, and it is of a commercial nature, it's my definition of spam.

Ultimately every regulation needs an uncaptured civil service regulator who can take offense at somebody trying to perform cheeky workarounds and impose disproportionate punitive measures & regulatory adjustments when the spirit of the law is violated. If you don't have that (and we don't, in many areas), then you don't have effective government.

This is why the Federalist Society going after Chevron deference is part of an attempt to overthrow the government; If the iterative regulatory loop demands a full appellate process followed by getting half the votes in the House, 60+ votes in the Senate, and one vote in the White House, then no regulation will be performed in practice. Virtually everything the FTC does is now subject to Federalist Society veto given sufficient time for the lawsuits to be filed & processed.

I'm working with a state lawmaker in my state to try to get a law to this effect passed, but I'm asking him to write into the law an individual cause of action. In other words, I don't want people to have to wait for the state attorney general to take notice and decide to act (or the FTC in the case of this article). I want the affected user to be able to go to small claims court and sue for $500 or $1000 or whatever. I believe this will be much more effective as it forces the abuser to have to defend themself in court all over the place (at significant cost) or lose all over the place (at significant cost) or stop abusing.

Yes it's very stupid.

My telco does as well, and I got a free Nintendo Switch from them for just having fiber internet that I would need anyway (the telco just owns the fiber, the ISP then goes over that open fiber, so I pay two different companies, it's the former that has the point program despite being the definition of a dumb pipe)

Presenting this controversial view that many knowledgeable and intelligent people would disagree with as "pretty clearly correct" and stating an alternative as if it is the only alternative, that is not what many people think the alternative would be, is only going to raise hackles. It's not going to spur any new thought or interesting dicussion.

https://en.wikipedia.org/wiki/Heroin#History

While I generally agree with your opinion, the case is that bad actors are using the unsubscribe link to identify real email addresses. The vast majority of people do not match what I imagine might be the average HN tech-savvy audience.

They get an email they don't want and click on "Unsubscribe" to get rid of it. What they don't know is that they have been added to a database of "live" emails to be sold and reused for all sorts of purposes from that point forward.

In other words, as is the case for many laws, they keep honest people honest. You do not control criminals with laws until the result of the law is that they end-up in prison (or whatever the appropriate punishment might be).

I ran an experiment during the last presidential election (US). I used two separate throw-away emails to subscribe to updates from both the Republican and Democratic parties. I used these emails directly on the main organization pages. I also setup filters to sort all incoming emails into two separate folders.

A year later I deleted both email accounts and the tens of thousands of messages on both folders. It was an interesting game of whack-a-mole. Clicking on "unsubscribe" had no real effect. Both parties passed this email to, it seemed, everyone except for the local school janitor. It was nothing less than insane. There was no effective way to make it stop. I unsubscribed from both main organizations. That did nothing at all.

My conclusion was that, while "Unsubscribe" sounds good and looks useful, it only works with non-criminal organizations (sorry, I consider political parties to be at the threshold of being criminal organizations). It's like a lock on a door, or, to use a more provocative example, a gun. The laws surrounding these things only get respect from honest law-abiding people. A criminal will gladly take a crowbar to your door-lock and break into your home, or use a gun to do the same or worse.

Going back to unsolicited emails (and by extension SMS), not sure how we fix this in real terms. It's a really difficult problem.

Which it is, but as the GP described, it's about a lot more than that.

I happen to think it was incorrectly decided - SCOTUS should have differentiated between different categories of corporation (using existing tax code distinctions), and prevented (at least) regular for-profit corporations (of any tax status) from political spending. It would have left the door open to not-for-profit corporations still being free to spend money on e.g. publishing a book about a candidate within some date of an election, which is precisely what we want not-for-profit civic organizations (which are, you may recall, also corporations).

However, it really is "pretty clearly correct" that had SCOTUS simply ruled that "no corporation can <X>" (for various values of X), we would be an extremely different and probably much worse situation than we were before CU. Whether it would be worse than the one we're in post-CU is hard to say.

And to be clear, when I say suboptimal results I mean misery and death in large quantities.

It doesn't need to be black or white.

A country can have decent consumer protections without e.g. a tax policy that is hostile to startups. But many EU countries are seemingly uninterested in the latter — presumably because there are no votes in it.

it technically applies to anyone resident in the EEA and UK, as well as citizens of the EEA and the UK abroad

Regulation are a necessary balance, otherwise the innovators become so powerful they eventually concentrate all the power and privilege and make weaker people pay for it.

Chlorofluorocarbons were an innovation for some times, then we needed regulation to save our ozone layer. Industrial wouldn't have stopped using it.

It's a fine line, constantly moving, an nobody will never be perfectly happy about it.

I've noticed that many email providers (e.g. GMail, Apple Mail) will actually show an "Unsubscribe" button for some emails, but not all. I wonder if it just heuristics, or there's actually some existing mechanism that is used to communicate it.

It's not obvious how that would have made any difference when a for-profit corporation could just give the money it wants to spend to an aligned non-profit to spend it in the same way. Unless you mean to prevent them from donating money to the non-profit, but then where is a non-profit supposed to derive funding? "All political speech can be funded only by government grants" has a pretty clear conflict of interest, and you would then somehow have to deal with for-profit entities that inherently engage in political speech like newspapers and cable news networks. Why should Comcast/MSNBC or Fox be able to dedicate unlimited airtime to political advocacy but not Intel or Ford?

The Brennan Center is a left-wing think tank. They're basically describing the thing I already mentioned in partisan terms:

> "Cracking and packing can often result in regularly shaped districts that look appealing to the eye but nonetheless skew heavily in favor of one party."

> "Because of residential segregation, it is much easier for map drawers to pack or crack communities of color to achieve maximum political advantage."

In other words, if the geography is such that there are areas where one party is highly dominant (i.e. urban areas) and other areas where the other party is slightly dominant (suburbs) then if you draw districts in a natural way the second party gets proportionally more seats because they win a larger number of districts by a smaller margin. They're essentially complaining that those states didn't gerrymander the districts to favor the Democrats to offset the natural advantage of Republicans in the existing geographic population distribution.

But Congress isn't intended to use proportional representation and gerrymandering to force the number of party seats to match the popular vote is just disenfranchising people in a different way by ignoring the effect that has on the behavior of individual representatives. For example, what they're proposing would be a de facto ban on majority-black districts because one district which is 60% black and votes 65% for Democrats and another that votes 55% for Republicans would result in fewer seats for Democrats than two districts that are 30% black and both vote 55% for Democrats. And both of the Democrats in the latter districts would have to move to the right because they'd otherwise both be at risk of a Republican picking off enough moderates to flip the district.

> It was in place for a decade when Citizens was decided and the only thing it prevented was billionaires and corporations spending unlimited amounts of money on electioneering.

It required them to spend the money in different ways, which mostly lock out smaller companies, meanwhile conglomerates buying news networks has been a thing the whole time.

> (Media companies love it: they get more spending on ads).

Political ads are ~1% of all ad spending and much of even that money goes to the likes of Google and Facebook. Meanwhile it means non-media companies that want to air a political message can do it directly instead of having to do so indirectly by allocating more of the other 99% of ad spending to traditional media companies to curry favor and provide leverage to get favorable coverage.

It also dilutes the power of media companies, because the media company is not going to air coverage contrary to their own political interests no matter how much you run non-political ads with them, whereas someone who has a contrary interest can now run ads on social media.

> Before and after McCain-Feingold media companies by law aren't allowed to refuse any political ad

But it prohibited most entities that wanted to run those ads from doing it.

Suppose Comcast and AT&T don't like network neutrality and Amazon does. So Comcast buys MSNBC and AT&T buys CNN, gears them even more to viewers in the party that had been advocating it, but suppresses advocacy of the issue they're on the other side of to shut off support. Should Amazon now buy their own network? Is that better than letting them run Facebook ads? What if the EFF or some non-teracorp like Digital Ocean support network neutrality, but can't afford to buy a major network?

Yes, because after a century of public relations and marketing you expect fine print to be in these locations because you have been marketed to from infancy, which has made you apparently, forget that today's dark pattern creators stand on the shoulders of the giants who came before them, and the fact that you expect that stuff to be there is because your worldview has been successfully engineered. Important links under the fold, aka the first page are there to be overlooked. What they want from YOU is top of the page.

>Most emails I get aren't long enough to scroll anyway.

Careful with that kind of thinking, marketing works on everybody. A seed is planted, by appealing to emotional arguments. If it takes root, then your worldview starts to change, via rationalization. The smarter you are, the better and more subtle your rationalizations and better it works.

This project of social engineering was given to a guy named Edwin Bernays, who wrote several very plain and easy to read books on how he was going to do this project. First one was "The Engineering of Consent."

I'll ponder them carefully, and may respond in a day or so.