Dutch Court Okays Bulk Mail by Ab.Fab

by Brenno Winter

In appeal, Dutch internet provider XS4ALL lost a case requesting an injunction against direct marketing company Ab.Fab to stop bothering the ISP's customers. The main discussion centered on opt-in (ISP) or opt-out (spammer or e-marketer) mail and the related issue of privacy. From the court's perspective, opt-out is good enough for ISP customers, and the disturbance from spammers is relatively low. Additionally, the court states that if the spam becomes too high in volume, you simply can obtain a new e-mail address.

Everybody recognizes the never-requested e-mails that keep filling their e-mail boxes. When I recently flew to the US and didn't check my e-mail for one day, I had to browse the next day through more than 800 e-mails in order to pick up my four private messagess and 17 mailing list e-mails. At that point, I decided a spam filter was necessary. According to the father of the Internet, Vint Cerf, "spammers are, in effect, taking resources away from users and service suppliers without compensation and without authorization".

The problem forced XS4ALL to set up an abuse department that currently employs five people. In an effort to have a legal basis to forbid junk mail, they took one regular mailer, a company called Ab.Fab, to court. The basis of the case was that the direct mailers were violating telecom and privacy laws that went into effect September 1, 2001. It seemed to be an open-and-shut case when the court sentenced Ab.Fab to stop spamming.

If Spam Bothers You, Simply Get a New E-mail Address

On appeal, though, the verdict was completely different. This time judges found that the telecommunications law didn't apply because that law is mainly aimed at the disturbance caused by outbound call centers, which uses a different type of technology. The cost of the e-mail that users or ISPs receive can be overlooked by the fact that a typical e-mail is only 20-25Kb.

The privacy law, however, did apply. Users can expect that their e-mail addresses will be treated as confidential, similar to a physical address. But the court determined that an e-mail address is not as sensitive as a physical address when it's discovered. If spam mail really bothers a customer, the court states that it is easy for the individual to get a new e-mail address without too much cost or hassle.

The core of the matter is opt-in vs. opt-out mail. Sjoera Nas from XS4ALL believes people should have a chance to indicate whether they want to receive advertisements. By opting in, people will be aware they are on a list. "Opt-out simply won't work. There is a guideline in electronic trade, but nobody is actually monitoring to see if people stick to the rules."

The DMSA, the association of direct marketers in the Netherlands, doesn't agree. They supported Ab.Fab during the case and deny that opt-out won't work. Mr. Reuderink explains that his organization stands behind the spammers or e-Direct Marketers, as they tend to call it (they have their own definition of spam that differs from the definition provided in RFC 2505). But by "support", the DMSA doesn't mean that anything is allowed; they have rules of behavior that must be followed. Their Advertising Code Committee makes sure that everything is done correctly. Sometimes a corrective measure may have consequences, but he adds, "We learned the hard way that we risk losing members by addressing inappropriate behavior. We're in favor of self-regulation."

Opt-Out Not as Easy as It Seems

By self-regulation, the DMSA means the stickers available at all city halls that are meant to be stuck on physical mailboxwa (see Figure 1). The stickera indicate YES or NO for flyers and YES or NO for free newspapers. We've had theaw stickers for years, and in general, they work well. Reuderink sees the opt-out option available on their web site (after three clicks it refers to respons.data-company.nl/dmsa/E-mail.cfm) as a good way for e-mail users to self-regulate.

Dutch Court Okays Bulk Mail by Ab.Fab

Figure 1. JA/NEE Stickers on Private Mailboxes. Translated, the first JA (Yes) or NEE (No) indicates the person's preference for receiving unaddressed, flyer-type advertisements. The second JA or NEE is the preference for receiving free publications. Stickers in all combinations of yes/no are available.

The opt-out option on their site, however, only accepts three e-mail addresses. After that, a confirmation mail is sent to the user, who has to verify that e-mail by going to the site again. In addition, this procedure is not valid for excluding mailing lists. Finally, the addresses that users select as opt outs are maintained for only one year. After that time, the delisting is over. The reason given for this time limit is to help keep correct records because e-mail addresses tend to change.

Reuderink assures users that their e-mail addresses are hard to steal and that many security precautions are in place. (Maybe that's why respons.data-company.nl is running an outdated Microsoft IIS 4.0, according to Netcraft). If people don't trust this web-based method, there's also a 900 number that people can use to delist themselves for a cost of EUR. 0,25 per minute. "Opt-out doesn't work. We tried to opt-out our 150,000 customers and the DMSA rejected that", says Nas. "Pure logic", says Reuderink, "people need to make that decision themselves and XS4ALL cannot do that for them".

But that's not the only thing about opt-out the DMSA refuses to acknowledge; they also reject the setting on mail servers to exclude UCE (RFC 822 August 13th 1982). "We were not involved when the RFC was written", explains Reuderink. Nas disagrees and says, "They were also not involved when our constitution was written and still they have to live by it. RFC's are the basis for how we work on the Internet."

Reuderink does acknowledge that to get rid of spammers who stick to the rules, you have to unlist yourself in 183 countries worldwide, assuming each country has only one marketing association. Given the fact that unlisting one address cost me two minutes, you will lose more than one working day to deal with spam (because you still have to look up which organization should delist you), not to mention the currency involved.

If You Don't Like the Way I Drive, Get Off the Sidewalk

Nas totally disagrees with the court's statement that if junk mail keeps bothering you, the cost of obtaining a new e-mail address is marginal. She points out that many people would have to change their ADSL provider, which is quite expensive. She also points out that many people have e-mail addresses printed on their business cards and letterheads. Sjoera asks, "Do you remember who in the world has your card?" All those costs added together can be fairly substantial.

The DMSA points out that XS4ALL allows each user to set up 50 e-mail addresses on their accounts and that you should be careful when you leave your personal information on a web site, perhaps using a second e-mail address for that purpose. It is not the aim of the marketers to make people change e-mail addresses, Reuderink says."The real problem is that many companies don't respect the law. We do!"

That opt-in method can be successful, as has been proven by Euroclix. That company pays users to receive e-mail, but it limits the numbers of e-mails sent out. For the DMSA, paying for the costs would be acceptable as well (something like an e-stamp). And costs can rise quickly: a 20-25Kb e-mail easily can cost you EUR. 0,20 if you're using new technologies like GPRS, which are substantially more expensive than ADSL.

For XS4ALL enough is enough. They hacked a spam filter that people can switch on for free. Rejected mail is delivered to a second mailbox that users can check for over filtering. Together with a free virus scanner and PGP, they want to make e-mail secure again. A new guideline by the EU will make UCE illegal by the end of 2003 in the entire EU, reducing the problem somewhat. Furthermore, people need to configure their procmail properly. There are plenty of examples on Freshmeat on how to do that.

Epilogue

That the privacy law couldn't protect XS4ALL members from receiving unsolicited e-mail might have a good side-effect after all. There is a clause in article 35 that gives people the right to inquire about saved data. Per article 36, a company has to answer in writing within four weeks. A member of XS4ALL posted an example of how to do this on his web site. Several news outlets have posted the URL on their sites, and if many people take up the effort, Ab.Fab may find themselves confronted with an administrative nightmare.

Brenno J.S.A.A.F. de Winter is president of De Winter Information Solutions in the Netherlands.

Load Disqus comments

Firstwave Cloud