←back to thread

FTC announces "click-to-cancel" rule making it easier to cancel subscriptions

(www.ftc.gov)
1737 points pseudolus | 9 comments | 16 Oct 24 13:09 UTC | HN request time: 0.001s | source | bottom
Show context
Uehreka ◴[16 Oct 24 15:57 UTC] No.41860626[source]
When people try and say that regulating stuff like this is impossible, I often think about how unreasonably great the regulations around “Unsubscribe” links in emails are.

There really seems to be no loophole or workaround despite there being huge incentive for there to be one. Every time I click an “Unsubscribe” link in an email (it seems like they’re forced to say “Unsubscribe” and not use weasel words to hide the link) I’m either immediately unsubscribed from the person who sent me the email, or I’m taken to a page which seemingly MUST have a “remove me from all emails” option.

The level of compliance (and they can’t even do malicious compliance!) with this is absurd. If these new rules work anything like that, they’ll be awesome. Clearly regulating behavior like this is indeed possible.

replies(46): >>41860684 #>>41860824 #>>41860883 #>>41861066 #>>41861129 #>>41861436 #>>41861512 #>>41861678 #>>41861722 #>>41861736 #>>41861811 #>>41861814 #>>41861817 #>>41862226 #>>41862350 #>>41862375 #>>41862533 #>>41862548 #>>41862583 #>>41863105 #>>41863467 #>>41863955 #>>41863981 #>>41864245 #>>41864326 #>>41864554 #>>41864607 #>>41864815 #>>41865404 #>>41865413 #>>41865616 #>>41866082 #>>41866103 #>>41866240 #>>41866351 #>>41866850 #>>41866986 #>>41869062 #>>41869290 #>>41869894 #>>41870054 #>>41870127 #>>41870425 #>>41870478 #>>41871231 #>>41873677 #
justinpombrio ◴[16 Oct 24 16:43 UTC] No.41861129[source]
Unsubscribe links are a fantastic regulation, but there is a workaround. I must have received at least a dozen emails from Brown after graduating despite unsubscribing to every email they sent.

The trouble is they're endlessly creative about the lists they put you on. I'd get one email from "Alumni Connections" and then another from "Faculty Spotlight" and then another from "Global Outreach" and then another from "Event Invitations, 2023 series". I'm making those names up because I forget exactly what they were called, but you get the idea. I hope this was in violation of the regulation: surely you can't invent a new mailing list that didn't used to exist, add me to it, and require me to unsubscribe from it individually.

They finally stopped after I sent them an angry email.

replies(20): >>41861495 #>>41861822 #>>41861841 #>>41862170 #>>41862481 #>>41862648 #>>41862820 #>>41862999 #>>41863186 #>>41863220 #>>41863555 #>>41863933 #>>41864179 #>>41864270 #>>41865514 #>>41865698 #>>41867204 #>>41867673 #>>41867742 #>>41868957 #
ksd482 ◴[16 Oct 24 17:21 UTC] No.41861495[source]
What I have noticed companies do is resume emails after a year or so. They probably think people would forget about unsubscribing them after a year, and for the most part they are right.

If I catch any of these email lists not respecting my unsubscribing, I immediately mark them as "spam".

Gmail then doesn't send them to my inbox anymore. I don't think just one person marking them as spam hurts them, but at least I feel gratified and my ego is satisfied.

replies(9): >>41861762 #>>41862632 #>>41863071 #>>41864902 #>>41865583 #>>41866898 #>>41867213 #>>41868242 #>>41881805 #
inetknght ◴[16 Oct 24 17:49 UTC] No.41861762[source]
> I immediately mark them as "spam".

Ahh yes, the feel-good response that Google gives you without doing anything substantial to prevent spam from reaching you in the future.

replies(4): >>41861863 #>>41861876 #>>41861986 #>>41864388 #
1. maccard ◴[16 Oct 24 18:13 UTC] No.41861986[source]
My experience with the spam button is 1) they never ever go into my inbox again if they do keep sending, and 2) as someone who has had emails marked as spam (from people who actively clicked the sign up to my newsletter button) your ability to send email gets neutered pretty quickly.

What is your experience?

replies(2): >>41862212 #>>41862765 #
2. inetknght ◴[16 Oct 24 18:33 UTC] No.41862212[source]
> What is your experience?

Reporting spam does not block the email from being received by my client -- it only blocks the mail from being seen in the inbox, but it still shows up in the spam box.

I don't send mail that gets reported as spam in the first place. Or, if it does, then I haven't been meaningfully affected because I can still send and receive the email I want to.

replies(3): >>41862562 #>>41865714 #>>41866652 #
3. maccard ◴[16 Oct 24 18:59 UTC] No.41862562[source]
I’m not sure what you expect to happen?

> I don't send mail that gets reported as spam in the first place.

I ran a newsletter where people had to opt in to receiving it. It was announce news for a video game. You only ended up on this list if you entered your email, clicked join list, and then clicked the link in the email we sent to you to confirm subscription. We had a big unsubscribe button at the very top of the email. We still regularly got people who hit report spam on us, presumably as a way of saying g they didn’t want the email anymore.

replies(2): >>41864038 #>>41868413 #
4. compootr ◴[16 Oct 24 19:18 UTC] No.41862765[source]
I use my own domain so I can return mails as bounced, which mail providers don't like, since it may indicate attempting to send unsolicited mail to loads of addresses.

it's not me, it's you. Screw you if you send me mail I don't want!

5. jacobgkau ◴[16 Oct 24 21:30 UTC] No.41864038{3}[source]
> I’m not sure what you expect to happen?

They're probably expecting their email provider to take that info and use it somewhere upstream of their own individual account. Which, as you've pointed out, does happen.

Maybe they don't believe that it happens often enough or something, but the thresholds do need to be reasonably high since, as you pointed out, some people hit the button whether it's justified or not. If the threshold for email provider action was too low, you'd end up not being able to send to anyone with Gmail because one guy forgot he signed up to a list (or signed up and immediately reported it as spam to spite the sender).

The person you replied to also sounds like they may be using an offline or third-party email client, though. There's a difference between a "Report Spam" button somewhere your email provider controls, and a "Mark as Spam" button in your third-party email client. I'd assume there's some kind of protocol that could potentially allow third-party clients to report it back to the email provider, but would also assume it may not be as reliable as first-party interfaces.

replies(1): >>41865835 #
6. mcmcmc ◴[17 Oct 24 01:54 UTC] No.41865714[source]
If you actually want to block emails, you need an email security gateway or some control over inbound anti-spam policies (ie pay for Google Workspace or another email service). Consumer email is not intended to give you full control.
7. inetknght ◴[17 Oct 24 02:21 UTC] No.41865835{4}[source]
> They're probably expecting their email provider to take that info and use it somewhere upstream of their own individual account.

Report spam, as a generic feature? It's an okay starting point "as-is" but useless for preventing malicious use and it hasn't meaningfully improved since launch.

Specifically for google: allow users to block whole domains; I can already do that on my own mailserver, why can't I do that on Google's? Then, block mail from foreign countries -- or at least countries that I don't care about; I can block whole ASNs on my mailserver, why can't I on Google's? That then leaves only mail that I can bring legal action to.

Another iteration: when you "unsubscribe", then keep a record of it, and also show the history of emails that you've received from them on a confirmation dialog. Show me anything interesting like purchases, warranties, appointments, etc. When confirmed, keep a record of it. Show me a list of _all_ of the things I've unsubscribed from. If email is still received, automatic report spam and block the domain. Oh, that means that mailing lists must come from the same domain that sales are made on.

Another iteration: a subscription should require a confirmation. Let the email server recognize the confirmation, and block emails whose unsubscribe links aren't in the list of confirmations. That means an unsubscription link should go to the same domain that a subscription was confirmed on.

That's just a few spitballed ideas. Spam reporting functionality is clearly iterable, but it hasn't meaningfully changed for decades. It's still primarily done through opaque "reputation" scores and little else.

I don't want "report spam" which doesn't give me feedback and continues to let spam onto the wire to my client, and isn't powerful enough to use to block bad actors from trivially getting to my inbox. I don't want to be expected to (and trained to) click on unverified links which take me to somewhere I don't recognize, and could take me somewhere malicious. I expect more from the largest email provider(s) in the world.

8. EVa5I7bHFq9mnYK ◴[17 Oct 24 05:21 UTC] No.41866652[source]
And we all know that Inbox and Spam are one and the same these days - if you are expecting an email, you must check both.
9. everforward ◴[17 Oct 24 11:06 UTC] No.41868413{3}[source]
I’m not accusing you of this, but I will mark things as spam even if I signed myself up if what they’re delivering is just garbage.

It’s usually not newsletters for me, but small niche companies who sell very specific things and feel a weird urge to have a weekly newsletter. It’s like all they sell is 2 models of guitar capo, but they still feel the need to send me weekly updates on I don’t even know what.

The kind of things where I not only don’t want the emails, but I want to register that I feel I was misled when I signed up.