
Company hit with $1.1M penalty under Canadian anti-spam rules - wellokthen
http://www.canadianlawyermag.com/5499/Quebec-company-hit-with-$1.1-million-penalty-under-CASL.html
======
antr
I've filled two formal complaints to an EU regulator regarding spam (one is a
company, another an individual). The first complaint was made back in early
2014, and a few weeks ago I got a response from the competent authority. They
fined the company with just over €30,000. I'm still waiting on the second
complaint.

On both occasions I was receiving emails/spam I never signup for, and on both
occasion I tried (several times) to contact the sender directly asking to be
unsubscribed. Neither responded to my emails (and I've tried various different
email addresses).

When the path of least resistance is filling a complaint, senders should
expect no less. And if you decide to spam people, make it easy to unsubscribe,
because the next fastest option is to file a complaint, and fines don't come
cheap.

~~~
Aardwolf
How do you file that? I could use that as well...

~~~
antr
For the UK, ICO: [https://ico.org.uk/media/report-a-concern/forms/1479/spam-
em...](https://ico.org.uk/media/report-a-concern/forms/1479/spam-email-or-fax-
concerns-form.pdf)

They ask to send them the spam emails (with headers) to them, all
communication from and to. I guess it's the same around the EU, just the
relevant national agency.

------
graeme
I'm seeing a lot of spam by companies that purport to be legit startups.

1\. I make an account on their service, or buy something. 2\. There is no
newsletter signup box. 3\. They send me lots of newsletter emails. 4\. They
often keep coming after unsubscribes.

I consent to transactional emails, but I'm not consenting to newsletter and
marketing emails. It's spam. I hope laws like this help deter such behavior.

Meanwhile, I've been marking non-consented emails as "spam" in gmail. If
enough people do this, the companies will get blacklisted, which is another
form of deterrence.

~~~
puranjay
I wonder when, if ever, they'll dock LinkedIn for this. Easily the worst
offender in my inbox as far as legitimate companies are concerned.

~~~
click170
At this point, I'm convinced LinkedIn is literally paying Google to whitelist
their spam.

I have yet to find a single person who actually appreciates the emails
LinkedIn sends them. That includes business people who got their job through
LinkedIn, and the recruiters who use it.

When it gets to the point when TV shows are casually taking jabs at LinkedIn
for their abusive email policy, I think that's a sign that they're not wanted.
Anywhere.

Edit: To clarify, the recently released Simpsons episode poked fun at
LinkedIn, as has John Stewart (multiple times), and John Oliver.

~~~
puranjay
I definitely think there are some backroom deals.

Usually, emails I don't ever click on or explicitly mark as spam end up in my
spam box automatically. Gmail is smart enough to do that. Even Quora emails
land directly in the spam box.

Not so for LinkedIn. I've never clicked through on an email from LinkedIn. I
don't even have a profile on the site - just an account that's sitting empty.

Yet, all emails still land in my inbox.

I wonder why...

~~~
click170
One of the benefits of running your own email server: You can block all
LinkedIn spam at the gateway.

All LinkedIn email is banned at my gateway. As is any vendor who considers me
purchasing from them to be an agreement whereby they can send me unsolicited
email. 0 tolerance.

------
huhtenberg
This likely means that the spamming will now become a dedicated off-shore
service in Canada.

Meaning that the next time Compu-Finder will quietly hire a one-man shop in
some other country and it will just spam on their behalf. It will be nearly
impossible to (legally) pin this on them, because of the possibility that it
was a hostile move on part of their competitors. Spammers gonna spam, just
from a non-Canadian IP.

~~~
antr
I don't think it works that way. One might be sending emails from abroad, but
if you sell a product/service where you are suing, the company can still be
liable, regardless of the geographical origin of the email.

~~~
biot
GP is suggesting that the spam might be a joe job[0]. Don't like your upcoming
competition? Work with some foreign spamming company to send emails looking
like legit emails from them in the hopes that their real emails are penalized.

[0]
[http://en.wikipedia.org/wiki/Joe_job](http://en.wikipedia.org/wiki/Joe_job)

------
kl4m
This company was in flagrant violation of the law indeed. I was receving 2
e-mails from them every single weekday, at multiple jobs over the years,
advertising their training courses. Unsubscribing did nothing. Every mail had
a different sender, with one of a large collection of garbage domains (Today
it was acfcursus.ca, promotionacf.com and capsulesacf.ca). The justification
footer was a joke: "You are receiving this mail because of your function in
the company". -- You're supposed to tell that the mail is opt-in, jackasses.

Most office workers know about "ACF Management" in Quebec because of the
relentless spam and I'm not surprised they're the first hit by CASL. It's like
the law was made for them.

------
civilian
The company I work for just got hit with an Amazon SES probation for having
too high of a bounce rate.

Investigating into this, I learned that you can set up SQS queues for SES
bounces or complaints. Complaints? Yeah, SES somehow gets information back
when you hit the "Spam" button in gmail. An acceptable complaint rate is below
0.1%, and if you go above it you can get banned from SES, from other emailing
services like Mandrill, or if you're emailing directly to ISPs they can block
you at their level.

So hit those spam buttons! Make email senders pay for bad email!

(My story had a happy ending-- I cleaned up what segment of users my company
is sending service emails to and now our bounce rate is below 5% like it
should be.)

~~~
zrail
> Yeah, SES somehow gets information back when you hit the "Spam" button in
> gmail.

This is called FBL (feedback loop)[1]. It's a standard[2] adhered to by all of
the bulk message senders (SES, Mandrill, marketing providers like Mailchimp,
Emma, etc) and the big account providers like Gmail, Yahoo, etc. When you hit
the "report spam" button that triggers an FBL message back to the Return-Path
address in the message. Complying with FBL reports is _super important_ to
staying on the account providers' good sides.

[1]:
[http://en.wikipedia.org/wiki/Feedback_loop_(email)](http://en.wikipedia.org/wiki/Feedback_loop_\(email\))

[2]: [http://tools.ietf.org/html/rfc5965](http://tools.ietf.org/html/rfc5965)

~~~
click170
Does anyone know how to manually send these complaints to Google? Eg if you
run your own mailserver and some Gmail account is spamming you?

Thank you for the link to the wikipage, I didn't know about FBL. It's
disappointing that the page can't provide more information on how feedback
loops are established between mailbox providers though.

~~~
martey
Based on the links zrail mentioned, it looks like it is just a standard for
sending abuse reports. The RFC looks pretty comprehensive, but there is also
more information at
[https://en.wikipedia.org/wiki/Abuse_Reporting_Format](https://en.wikipedia.org/wiki/Abuse_Reporting_Format).

------
axyjo
When CASL was first passed, I was worried about it being toothless. Glad to
see I'm wrong.

~~~
number_six
It is a huge headache at our company but I am glad to see this penalty handed
down because it means all the work we are doing on it is worthwhile.

