What I don't understand (possibly noob question), is the scenario where I get spam and I click on "Report spam" to be prompted with "Unsubscribe and report spam".
I'd never subscribed to it so why am I asked whether I would like to "Unsubscribe". Is it that the spammers got hold of my email from somewhere and "Subscribed" me automatically?
Shouldn't "Report spam" implicitly imply that it's not a subscription?
People use the Report Spam button on things that they explicitly signed up for all the time, and Gmail has adjusted its behavior to match how users use it rather than try to persuade them to instead do the right thing.
A checkbox hidden somewhere that's enabled by default doesn't mean that "I have subscribed" to the mailing list, both in the common sense and also is prohibited in many legal jurisdictions (not USA, AFAIK), leaving a default checkbox simply doesn't count as obtaining consent, it is a well known 'dark UI pattern' that even the consumer protection laws have understood and explicitly implemented.
Such messages are just another kind of spam, and the right thing to prevent this, naturally, is to block the sender as a spammer. Underneath there is somewhat proper a mailing list that supports unsubscription, so an unsubscribe message can and should also be sent, but it doesn't change the fact that all the subscribers were added without their informed consent - if you built a system with opt-in by default, then you yourself built a system where it is impossible to say that you actually want to subscribe, the only provided checkbox then represents a choice between the default (no informed consent) and an explicit refusal of consent.
I'm the author of a product and in some situation I have subscribed former users to a one-off email. It's gray area since it was to notify them about a major release/change, it was written in my T&C and sign up form, but honestly it would feel legitimate if they marked my email as undesired/spam.
Out of 900 recipients, 1 marked it as spam, 18 unsubscribed. I believe people are very tolerant and they could use "spam & blame" a lot more.
I think your situation is different; you're not subscribing them to a newsletter. Your communication is reasonable for a typical business relationship. (and is protected under CAN-SPAM)
That's right. All too often I've subscribed to a mailing list expecting the odd email now and again only to suffer a deluge of totally irrelevant and annoying 'updates' on an almost daily basis.
The worst offenders also make it difficult to unsubscribe. Hence, the report spam option.
Yes. I end up with loads of useful emails in the Spam folder. Mostly it's stuff like shipping and billing notifications. I check the Spam folder daily, now, since so much useful mail ends up there.
The right thing is to not register me to these spam mailing lists in the first place. I did not register, ergo they are spam, and should be blocked from spamming other people. "Report spam" is exactly the correct behavior I intended when I clicked on it.
I'd assume so. The CAN-SPAM[0] act mandates that the unsubscribe link must not contain any authorization, e.g., you click the link and you're immediately unsubscribed. This is just trading a click in one location for a click in another, but it's a neat feature to not search through the entire email to try to find the unsubscribe link.
CAN-SPAM does not actually require one-click unsubscribe, but many senders include it anyway.
From the primary source: "Give a return email address or another easy Internet-based way to allow people to communicate their choice [to opt-out] to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. "
You're both kind of right. A one-click unsubscribe is not required, but if you do use a web link for unsubscribe, the form can't require the user to enter any information beyond their email address. (Unsubscribe forms that require you to login are probably violating this law.)
"Reply with the word REMOVE in the subject" is also a CAN-SPAM complaint unsubscribe method, though.
It's actually surprisingly difficult to find original, authoritative sources on what the law requires. You linked to the full text of the bill Congress passed, but that left all the implementation details up to the FTC. The rule I'm talking about was not in the original bill or in the original set of FTC rules, but was added later by the FTC in 2008.
From 16 CFR 316.5:
> Neither a sender nor any person act-
> ing on behalf of a sender may require
> that any recipient pay any fee, provide
> any information other than the recipi-
> ent’s electronic mail address and opt-
> out preferences, or take any other
> steps except sending a reply electronic
> mail message or visiting a single Inter-
> net Web page, in order to [...]
It's worth noting on top of what others have said, Gmail (and assume most others too) will only display the unsubscribe button from whitelisted mail servers, as far as I'm aware.
The reasoning being that it could be used by spammers to confirm an email address is real/valid after a user attempts to unsubscribe at which point they could sign them up to more spam. So don't expect your own emails to show the button by just adding the List-Unsubscribe header, unless you're using something like Amazon SES.
That's where it started. Open a marketing message, look at the from line. If they're implementing it, you'll see "Marketer name" <marketer@emailaddress.com> Unsubscribe
