You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request
OP could probably threaten a lawsuit and their practices will change quickly. That's assuming the company does business in the US...
edit: just realized this is stubhub. this smells like a lawsuit waiting to happen
There you have it.
When I’ve been in OP’s situation, I filed a complaint with the FCC, performed a whois lookup on their site to send emails to the abuse/spam emails of their DNS registrar and host and inspected the email headers to email their email provider’s abuse/spam account(s). I’ve not yet had cause to reach out to my attorney general’s office when I’ve had a company violate CAN-SPAM, but it’s an option.
I also make sure each company knows there’s a pending CAN-SPAM complaint. I keep it convivial, but serious. “Hey, just letting you know that one of your clients is violating your terms of service and the law! A complaint has already been lodged with the FCC. Toodeloo!”
That bit of knowledge tends to shift the interpretation of your complaint from “annoyed nerd” to “someone politely informing you that you’re going to get skull fucked by the long dick of the law if you don’t fix this ASAP”
It may sound sort of excessive, but I’m a bit of a consumer rights absolutist.
That last paragraph is art
I’m currently fairly ill (likely RSV, if the expired COVID tests are to be believed) and this is day 6 of moderate to severe insomnia.
A state of semi-delirium must be a good look for me, because I have received more complements on my writing in the last 3 days than I have in the last several years.
Get well soon!
A state of semi-delirium has given us some of the greatest artists the world has ever seen. Just look at Stephen King. Or Picasso.
Stop licking public restrooms, it's not worth it!!!
The registrar can't really do anything, and the service they use to receive email (what you'd see in the DNS MX record) is often totally different to the service used to send marketing emails. You'd need to look at the Received headers of the email to figure out where it was sent from. For example, a lot of companies use Office 365 or G Suite for corporate emails, but something like Mailchimp or ConstantContact for marketing emails.
So, here’s my reasoning -
Inspecting the headers will let you see where the email came from - if it came from MailChimp, then you email the MailChimp abuse folks, who can apply their abuse policies.
And the DNS registrar has the keys to the kingdom. Many registrars have terms of service that forbid using their service for spamming. That ought to include emails associated with the domain, no?
In the end, there’s a high likelihood of no real action being taken (not without a volume of complaints), but if the righteous wrath feels righteous, do its outcomes have to be righteous?
You must honor a recipient’s opt-out request within 10 business days.
Oh, this explain why they say "may take up to 10 business days." Why do they have two weeks to remove a name when it can be done near-instantly? It's not like a person is manually removing every single name that opts out.
Are single page apps considered one page?
I'd say no since it is how pages are loaded and those likely interpreting the law including the user see a visual page change / transition it it would be considered another page since they'd likely not understand what SPA is.
More generally, are single page apps legal? And if yes, why?
Because they are useful and provide a good experience to most users
This is also why companies include their mailing address in the footer of emails - it's one of the other requirements.
I've been wondering this myself so I just went ahead and read the FCCs CAN-SPAM business compliance guide.
This is 100% a violation. As per section 7:
You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request
OP could probably threaten a lawsuit and their practices will change quickly. That's assuming the company does business in the US...
edit: just realized this is stubhub. this smells like a lawsuit waiting to happen
There you have it.
When I’ve been in OP’s situation, I filed a complaint with the FCC, performed a whois lookup on their site to send emails to the abuse/spam emails of their DNS registrar and host and inspected the email headers to email their email provider’s abuse/spam account(s). I’ve not yet had cause to reach out to my attorney general’s office when I’ve had a company violate CAN-SPAM, but it’s an option.
I also make sure each company knows there’s a pending CAN-SPAM complaint. I keep it convivial, but serious. “Hey, just letting you know that one of your clients is violating your terms of service and the law! A complaint has already been lodged with the FCC. Toodeloo!”
That bit of knowledge tends to shift the interpretation of your complaint from “annoyed nerd” to “someone politely informing you that you’re going to get skull fucked by the long dick of the law if you don’t fix this ASAP”
It may sound sort of excessive, but I’m a bit of a consumer rights absolutist.
That last paragraph is art
I’m currently fairly ill (likely RSV, if the expired COVID tests are to be believed) and this is day 6 of moderate to severe insomnia.
A state of semi-delirium must be a good look for me, because I have received more complements on my writing in the last 3 days than I have in the last several years.
Get well soon!
A state of semi-delirium has given us some of the greatest artists the world has ever seen. Just look at Stephen King. Or Picasso.
Stop licking public restrooms, it's not worth it!!!
Seriously though, I hope you feel better soon...
The registrar can't really do anything, and the service they use to receive email (what you'd see in the DNS MX record) is often totally different to the service used to send marketing emails. You'd need to look at the
Received
headers of the email to figure out where it was sent from. For example, a lot of companies use Office 365 or G Suite for corporate emails, but something like Mailchimp or ConstantContact for marketing emails.So, here’s my reasoning -
Inspecting the headers will let you see where the email came from - if it came from MailChimp, then you email the MailChimp abuse folks, who can apply their abuse policies. And the DNS registrar has the keys to the kingdom. Many registrars have terms of service that forbid using their service for spamming. That ought to include emails associated with the domain, no?
In the end, there’s a high likelihood of no real action being taken (not without a volume of complaints), but if the righteous wrath feels righteous, do its outcomes have to be righteous?
This made me happy. Thanks!
Oh, this explain why they say "may take up to 10 business days." Why do they have two weeks to remove a name when it can be done near-instantly? It's not like a person is manually removing every single name that opts out.
Are single page apps considered one page?
I'd say no since it is how pages are loaded and those likely interpreting the law including the user see a visual page change / transition it it would be considered another page since they'd likely not understand what SPA is.
More generally, are single page apps legal? And if yes, why?
Because they are useful and provide a good experience to most users
This is also why companies include their mailing address in the footer of emails - it's one of the other requirements.