Spot the CAN SPAM violations

I received this piece of unsolicited email today, to an address harvested off a website. How many CAN SPAM violations can you count?

Return-Path:
Received: by m.wordtothewise.com (Postfix, from userid 1003)
  id 166562E196; Wed,  5 Oct 2011 13:50:25 -0700 (PDT)
Received: from [164.193.177.203] (86.sub-75-248-121.myvzw.com
  [75.248.121.86]) by m.wordtothewise.com (Postfix) with SMTP id
  850862E185 for <MUNGED>; Wed,  5 Oct 2011 13:50:23 -0700 (PDT)
Received: from [164.193.177.203][127.0.0.1] by [164.193.177.203]
  [127.0.0.1] (SMTPD32); Wed, 5 Oct 2011 13:49:44 -0700
  Message-ID: <275a6de8fff734e0abd353db00143bb7@g2gm.com>
From: "Ashley Anderson"
To: <MUNGE>
Subject: Do You Want Access to NEW Customers?
Date: Wed, 5 Oct 2011 13:49:42 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Hello,
Does you company need access to fresh databases that can be used
for E-mail Marketing, Direct Mail & Telemarketing?
We have access to 200 Million Consumers & 45 Million
Businesses.=09
Some of our most popular lists are:
> U.S. Realtors - 1,281,916 Full Records=09
> U.S. Lawyers - 269,787 Full Records=09
> U.S. Financial Planners - 265,425 Full Records=09
> U.S. Businesses - 4.8 Million Full Records=09
> U.S. Manufacturers - 1,057,119 Full Records=09
> U.S. Homeowners - 1,326,620 Full Records=09
> U.S. Physicians - 741,809 Full Records=09
> Worldwide Investors - 8,562,140 Emails Only=09
*Much More Available Upon Request=2E
Call us to get a FREE quote!
Thank You,
Ashley Anderson
Data Specialist
Business Networking Services
1 (800) 841-5070

I’m counting at 4 violations, plus aggravated damages because the address was harvested.
How many violations can you find?
Would you trust this company to sell you actual opt-in addresses?

Related Posts

TWSD: breaking the law

I tell my clients that they should comply with CAN SPAM (physical postal address and unsubscribe option) even if the mail they are sending is technically exempt. The bar for legality is so low, there is no reason not to.
Sure, there is a lot of spam out there that does not comply with CAN SPAM. Everything you see from botnets and proxies is in violation, although many of those mails do actually meet the postal address and unsubscribe requirements.
One of my spams recently caught my eye today with their disclaimer on the bottom: “This email message is CAN SPAM ACT of 2003 Compliant.” The really funny bit is that it does not actually comply with the law. Even better, the address it was sent to is not published anywhere, so the company could also be nailed for a dictionary attack and face enhanced penalties.
It reminds me of the old spams that claimed they complied with S.1618.

Read More

CAN SPAM and the first amendement

From Venkat at Eric Goldman’s blog we find the federal court has rejected an attempt to claim spam was “protected anonymous speech.”
 
 

Read More

What Happens Next…

or Why All Of This Is Meaningless:
Guest post by Huey Callison
The analysis of the AARP spam was nice, but looking at the Mainsleaze Spammer Playbook, I can make a few educated guesses at what happens next: absolutely nothing of consequence.
AARP, if they acknowledge this publicly (I bet not) has plausible deniability and can say “It wasn’t us, it was an unscrupulous lead-gen contractor”. They probably send a strongly-worded letter to SureClick that says “Don’t do that again”.
SureClick, if they acknowledge this publicly (I bet not) has plausible deniability and can say ‘It wasn’t us, it was an unscrupulous affiliate”. They probably send a strongly-worded letter to OfferWeb that says “Don’t do that again”.
OfferWeb, if they acknowledge this publicly (I bet not) has plausible deniability and can say ‘It wasn’t us, it was an unscrupulous affiliate”. And maybe they DO fire ‘Andrew Talbot’, but that’s not any kind of victory, because he probably already has accounts with OTHER lead-gen outfits, which might even include those who also have AARP as
a client, or a client-of-a-client.
So the best-case result of this analysis being made public is that two strongly-worded letters get sent, the URLs in the spam and the trail of redirects change slightly, but the spam continues at the same volume and with the same results, and AARP continues to benefit from the millions of spams sent on their behalf.
I’m not a lawyer, but I was under the impression that CAN-SPAM imposed liability on the organization that was ultimately responsible for the spam being sent, but until the FTC pursues action against someone like this, or Gevalia, corporations and organizations will continue to get away with supporting, and benefiting from, millions and millions of spams.
As JD pointed out in a comment to a previous post: sorry, AARP, but none of us are going to be able to retire any time soon.

Read More