FTC announces "click-to-cancel" rule making it easier to cancel subscriptions

What I have noticed companies do is resume emails after a year or so. They probably think people would forget about unsubscribing them after a year, and for the most part they are right.

If I catch any of these email lists not respecting my unsubscribing, I immediately mark them as "spam".

Gmail then doesn't send them to my inbox anymore. I don't think just one person marking them as spam hurts them, but at least I feel gratified and my ego is satisfied.

> I immediately mark them as "spam".

Ahh yes, the feel-good response that Google gives you without doing anything substantial to prevent spam from reaching you in the future.

If you were using self-hosted e-mail everywhere, then it would be quite obvious that large providers like Google do massively benefit from those user reports when filtering spam.

What makes you say that? In my experience, the spam button works fantastically. There is a gym of some kind that has me on their mailing list, refuses to honor unsubscribe, and sends me probably 2-6 emails a month. They've been doing this for years, but Google correctly gets every single one into spam because I marked one (several?) as spam years ago.

Most, if not all, political junk email also ends up in my spam folder after judicious use of the spam button a few years ago.

My experience with the spam button is 1) they never ever go into my inbox again if they do keep sending, and 2) as someone who has had emails marked as spam (from people who actively clicked the sign up to my newsletter button) your ability to send email gets neutered pretty quickly.

What is your experience?

> What is your experience?

Reporting spam does not block the email from being received by my client -- it only blocks the mail from being seen in the inbox, but it still shows up in the spam box.

I don't send mail that gets reported as spam in the first place. Or, if it does, then I haven't been meaningfully affected because I can still send and receive the email I want to.

> They've been doing this for years, but Google correctly gets every single one into spam because I marked one (several?) as spam years ago.

I've had numerous "businesses" that I've reported spam end up back in my gmail inbox after years.

I've stopped using gmail because of it not iterating on spam blocking capabilities.

I’m not sure what you expect to happen?

> I don't send mail that gets reported as spam in the first place.

I ran a newsletter where people had to opt in to receiving it. It was announce news for a video game. You only ended up on this list if you entered your email, clicked join list, and then clicked the link in the email we sent to you to confirm subscription. We had a big unsubscribe button at the very top of the email. We still regularly got people who hit report spam on us, presumably as a way of saying g they didn’t want the email anymore.

Or they interpret any kind of interaction after a while of inactivity as "yes please sign me up for all your newsletters, even though I previously explicitly told you to unsubscribe me"

I use my own domain so I can return mails as bounced, which mail providers don't like, since it may indicate attempting to send unsolicited mail to loads of addresses.

it's not me, it's you. Screw you if you send me mail I don't want!

One thing that probably happens, as some who attends a lot of events or at least used to, is that you end up getting repopulated in a lot of mailings through purchased lists or badge scans.

The worst for this is Shopify. If you've ever given your email to shopify, they will absolutely share it to a page you visit, even if you don't check out.

Throw something in the cart at a random website? Now you're on their mailing list and get reminders to finish checking out. Doesn't matter that you never consented. I don't know how this isn't a violate of the CAN-SPAM act

Now is a good time to mention SimpleLogin. So... yeah. SimpleLogin.

> I’m not sure what you expect to happen?

They're probably expecting their email provider to take that info and use it somewhere upstream of their own individual account. Which, as you've pointed out, does happen.

Maybe they don't believe that it happens often enough or something, but the thresholds do need to be reasonably high since, as you pointed out, some people hit the button whether it's justified or not. If the threshold for email provider action was too low, you'd end up not being able to send to anyone with Gmail because one guy forgot he signed up to a list (or signed up and immediately reported it as spam to spite the sender).

The person you replied to also sounds like they may be using an offline or third-party email client, though. There's a difference between a "Report Spam" button somewhere your email provider controls, and a "Mark as Spam" button in your third-party email client. I'd assume there's some kind of protocol that could potentially allow third-party clients to report it back to the email provider, but would also assume it may not be as reliable as first-party interfaces.

User-reported spam in gmail is actually very efficacious. Aside from the logic gmail applies to your inbox specifically, Google's current violation threshold for those reports is .03%. Beyond that, those reports start to pull down sender IP and domain reputation, which impacts overall deliverablity to anyone's gmail inbox.

I go one step further and for the lists which I don't remember subscribing to, I never click "Unsubscribe" - it's "Spam" right away.

Same for me. Spam or phishing, depending on how annoyed I am.

Some site I haven't used in 5 years reminding me to login and check out their deals? Sounds like a phishing trap to me.

This is where we need something like GDPR, which makes it so that they can't auto subscribe you to a new list whenever they feel like resubscribing you.

If you actually want to block emails, you need an email security gateway or some control over inbound anti-spam policies (ie pay for Google Workspace or another email service). Consumer email is not intended to give you full control.

> They're probably expecting their email provider to take that info and use it somewhere upstream of their own individual account.

Report spam, as a generic feature? It's an okay starting point "as-is" but useless for preventing malicious use and it hasn't meaningfully improved since launch.

Specifically for google: allow users to block whole domains; I can already do that on my own mailserver, why can't I do that on Google's? Then, block mail from foreign countries -- or at least countries that I don't care about; I can block whole ASNs on my mailserver, why can't I on Google's? That then leaves only mail that I can bring legal action to.

Another iteration: when you "unsubscribe", then keep a record of it, and also show the history of emails that you've received from them on a confirmation dialog. Show me anything interesting like purchases, warranties, appointments, etc. When confirmed, keep a record of it. Show me a list of _all_ of the things I've unsubscribed from. If email is still received, automatic report spam and block the domain. Oh, that means that mailing lists must come from the same domain that sales are made on.

Another iteration: a subscription should require a confirmation. Let the email server recognize the confirmation, and block emails whose unsubscribe links aren't in the list of confirmations. That means an unsubscription link should go to the same domain that a subscription was confirmed on.

That's just a few spitballed ideas. Spam reporting functionality is clearly iterable, but it hasn't meaningfully changed for decades. It's still primarily done through opaque "reputation" scores and little else.

I don't want "report spam" which doesn't give me feedback and continues to let spam onto the wire to my client, and isn't powerful enough to use to block bad actors from trivially getting to my inbox. I don't want to be expected to (and trained to) click on unverified links which take me to somewhere I don't recognize, and could take me somewhere malicious. I expect more from the largest email provider(s) in the world.

This is the way. Often times clicking unsubscribe is just sending them a notice that your address is an active inbox. They can abuse that knowledge or resell it. Better to mark as spam.

I’ve looked into this a bit- I believe it’s related to the checkout page loading with a default of “Agrees to Marketing”.

What happens- at scale and I have to believe deliberately- is the “checkout created” event with that flag set to true is considered as “opted-in” by the marketing automation platforms everyone uses, like Klayvio.

Even if you immediately un-check it, un-checking doesn’t trigger an unsubscribe event, since you never submitted the form in the first place.

And because your Shopify session is now shared across stores, your email address gets opted-into marketing just visiting a checkout page.

Works great except for the gas company, electric and water company, phone company, airlines, cloud provider, os provider, and everyone else that mixes the 5% of legit business that you can’t afford to ignore or miss with the 95% of marketing content that you want to get rid of.

Since it’s usually opaque how “mark as spam” and “block” actually works, and since the origin of the mailing lists can be reconfigured any time.. I still feel like I’m endlessly spammed by all the assholes I have to do business with, or else I’m going to miss a bill or a flight.

And we all know that Inbox and Spam are one and the same these days - if you are expecting an email, you must check both.

It does work, because the companies will realize that gmail no longer delivers their emails and that they need to change their behavior. Also for example AWS SES (Simple Email Service) will give you clear warnings if it detects that recipients mark their email as spam (it seems that for example gmail delivers this information somehow to SES).

I've started replying to the emails when I unsubscribe. Just gibberish or the word "unsubscribe" or something. That way if they email me again I can complain to them with the exact date that I unsubscribed. I feel like I'm turning into a grouchy old man, but I've caught more than a few companies this way over the years and it brings me joy when I do.

What do you do after you catch them?

In eurolandia one usually sicks GDPR on their behinds. Low level scum may ignore it at their peril and companies with high exposure will comply really fast.

Many mailing list SaaS in India use http urls for unsubscribe, and submitting again, including (otherwise) technically excellent apps. Somehow Gmail devs chose to show http urls as valid.

Few companies are stupid enough to use the same sender or even domain for marketing and important transactional mail.

I really like the hide my email feature in iCloud for this reason. I’ve had to burn an email after making a campaign donation this year. They email you and put you on a million lists but then they also share your email with every other campaign in the ticket. It’s obscene.

I’m not accusing you of this, but I will mark things as spam even if I signed myself up if what they’re delivering is just garbage.

It’s usually not newsletters for me, but small niche companies who sell very specific things and feel a weird urge to have a weekly newsletter. It’s like all they sell is 2 models of guitar capo, but they still feel the need to send me weekly updates on I don’t even know what.

The kind of things where I not only don’t want the emails, but I want to register that I feel I was misled when I signed up.

Utility companies are unfortunately exactly that kind of stupid though.

My utility doesn't seem to market to me. What the heck are they sending email to you for? "Use more electricity!" "Build a new house!" "Get a hot tub?"

Shit, that's devious. Thanks for mentioning that.

I'm not sure if it would be called "marketing" but my power company would send "you're using more energy than your neighbors" (I worked from home) and "think about why you use the most energy at night" (in the winter) emails which were no better than spam.

Also ‘free energy audit!’, ‘sign up for our peak-load-and-we’ll shut off your AC program’, and ‘we’re good people, honest!’ promotions.

It's up to the store owner to actually default to "agrees to marketing". I'm not sure if Shopify is to blame when it's the owner that used an illegitimate opt-out for that setting instead of an opt-in.

And of course, follow-up mails for abandoned carts are an optional setting too.

The default for “Agrees to marketing” controls if the box defaults to checked on checkout, so I do think if the store disabled that you wouldn’t be subscribed.

My theory is it started by accident- if you get a notification that says, “this checkout, this email, agrees to marketing: true”, it sure reads like an opt-in, and it used to be reliable. But it’s not anymore, because your email is already attached to the checkout when its created.

“Agrees to Marketing” pre-dates the global Shop session by years, it’s plausibly an ecosystem bug; one with no real motivation to solve until customers start talking (more)

My gas company has the equivalent of a mileage program. You earn points per cubic meter of gas you consume, that can then be redeemed for expensive meals at restaurants and stuff.

Yes it's very stupid.

My telco does as well, and I got a free Nintendo Switch from them for just having fiber internet that I would need anyway (the telco just owns the fiber, the ISP then goes over that open fiber, so I pay two different companies, it's the former that has the point program despite being the definition of a dumb pipe)

This is why I am quick to report spam, even if they are a "legitimate" business. Utility company / paypal / whoever wants to send me spam? I sincerely hope they are impeded from sending email to anybody.

From my small company experience, this is more likely incompetence than maliciousness. Spreadsheets get passed around and remerged back into the blob. Mind you, I don't mean to excuse this behavior. Just to understand it. And of course, unsubscribe processes will be near the bottom of anyone's priority list until the complaints and threats begin to mount.