Dutch Court Okays Bulk Mail by Ab.Fab

In appeal, Dutch internet provider
XS4ALL lost a case
requesting an injunction against direct marketing company
Ab.Fab to stop bothering
the ISP's customers. The main discussion centered on opt-in (ISP)
or opt-out (spammer or e-marketer) mail and the related issue of
privacy. From the court's perspective, opt-out is good enough for
ISP customers, and the disturbance from spammers is relatively low.
Additionally, the court states that if the spam becomes too high in
volume, you simply can obtain a new e-mail address.
Everybody recognizes the never-requested e-mails that keep
filling their e-mail boxes. When I recently flew to the US and
didn't check my e-mail for one day, I had to browse the next day
through more than 800 e-mails in order to pick up my four private
messagess and 17 mailing list e-mails. At that point, I decided a
spam filter was necessary. According to the father of the Internet,
Vint Cerf, "spammers are, in effect, taking resources away from
users and service suppliers without compensation and without
authorization".The problem forced XS4ALL to set up an abuse department that
currently employs five people. In an effort to have a legal basis
to forbid junk mail, they took one regular mailer, a company called
Ab.Fab, to court. The basis of the case was that the direct mailers
were violating telecom and privacy laws that went into effect
September 1, 2001. It seemed to be an open-and-shut case when the
court sentenced Ab.Fab to stop spamming.If Spam Bothers You, Simply Get a New E-mail
AddressOn appeal, though, the verdict was completely different. This
time judges found that the telecommunications law didn't apply
because that law is mainly aimed at the disturbance caused by
outbound call centers, which uses a different type of technology.
The cost of the e-mail that users or ISPs receive can be overlooked
by the fact that a typical e-mail is only 20-25Kb.The privacy law, however, did apply. Users can expect that
their e-mail addresses will be treated as confidential, similar to
a physical address. But the court determined that an e-mail address
is not as sensitive as a physical address when it's discovered. If
spam mail really bothers a customer, the court states that it is
easy for the individual to get a new e-mail address without too
much cost or hassle.The core of the matter is opt-in vs. opt-out mail. Sjoera Nas
from XS4ALL believes people should have a chance to indicate
whether they want to receive advertisements. By opting in, people
will be aware they are on a list. "Opt-out simply won't work. There
is a guideline in electronic trade, but nobody is actually
monitoring to see if people stick to the rules."The DMSA, the
association of direct marketers in the Netherlands, doesn't agree.
They supported Ab.Fab during the case and deny that opt-out won't
work. Mr. Reuderink explains that his organization stands behind
the spammers or e-Direct Marketers, as they tend to call it (they
have their own definition of spam that differs from the definition
provided in RFC 2505). But by "support", the DMSA doesn't mean that
anything is allowed; they have rules of behavior that must be
followed. Their Advertising Code Committee makes sure that
everything is done correctly. Sometimes a corrective measure may
have consequences, but he adds, "We learned the hard way that we
risk losing members by addressing inappropriate behavior. We're in
favor of self-regulation."Opt-Out Not as Easy as It SeemsBy self-regulation, the DMSA means the stickers available at
all city halls that are meant to be stuck on physical mailboxwa
(see Figure 1). The stickera indicate YES or NO for flyers and YES
or NO for free newspapers. We've had theaw stickers for years, and
in general, they work well. Reuderink sees the opt-out option
available on their web site (after three clicks it refers to
respons.data-company.nl/dmsa/E-mail.cfm)
as a good way for e-mail users to self-regulate.
Figure 1. JA/NEE Stickers on Private Mailboxes. Translated, the
first JA (Yes) or NEE (No) indicates the person's preference for
receiving unaddressed, flyer-type advertisements. The second JA or
NEE is the preference for receiving free publications. Stickers in
all combinations of yes/no are available.
The opt-out option on their site, however, only accepts three
e-mail addresses. After that, a confirmation mail is sent to the
user, who has to verify that e-mail by going to the site again. In
addition, this procedure is not valid for excluding mailing lists.
Finally, the addresses that users select as opt outs are maintained
for only one year. After that time, the delisting is over. The
reason given for this time limit is to help keep correct records
because e-mail addresses tend to change.Reuderink assures users that their e-mail addresses are hard
to steal and that many security precautions are in place. (Maybe
that's why respons.data-company.nl is running an outdated Microsoft
IIS 4.0, according to Netcraft). If people don't trust this
web-based method, there's also a 900 number that people can use to
delist themselves for a cost of EUR. 0,25 per minute. "Opt-out
doesn't work. We tried to opt-out our 150,000 customers and the
DMSA rejected that", says Nas. "Pure logic", says Reuderink,
"people need to make that decision themselves and XS4ALL cannot do
that for them".But that's not the only thing about opt-out the DMSA refuses
to acknowledge; they also reject the setting on mail servers to
exclude UCE (RFC 822 August 13th 1982). "We were not involved when
the RFC was written", explains Reuderink. Nas disagrees and says,
"They were also not involved when our constitution was written and
still they have to live by it. RFC's are the basis for how we work
on the Internet."Reuderink does acknowledge that to get rid of spammers who
stick to the rules, you have to unlist yourself in 183 countries
worldwide, assuming each country has only one marketing
association. Given the fact that unlisting one address cost me two
minutes, you will lose more than one working day to deal with spam
(because you still have to look up which organization should delist
you), not to mention the currency involved.If You Don't Like the Way I Drive, Get Off the
SidewalkNas totally disagrees with the court's statement that if junk
mail keeps bothering you, the cost of obtaining a new e-mail
address is marginal. She points out that many people would have to
change their ADSL provider, which is quite expensive. She also
points out that many people have e-mail addresses printed on their
business cards and letterheads. Sjoera asks, "Do you remember who
in the world has your card?" All those costs added together can be
fairly substantial.The DMSA points out that XS4ALL allows each user to set up 50
e-mail addresses on their accounts and that you should be careful
when you leave your personal information on a web site, perhaps
using a second e-mail address for that purpose. It is not the aim
of the marketers to make people change e-mail addresses, Reuderink
says."The real problem is that many companies don't respect the
law. We do!"That opt-in method can be successful, as has been proven by
Euroclix. That company
pays users to receive e-mail, but it limits the numbers of e-mails
sent out. For the DMSA, paying for the costs would be acceptable as
well (something like an e-stamp). And costs can rise quickly: a
20-25Kb e-mail easily can cost you EUR. 0,20 if you're using new
technologies like GPRS, which are substantially more expensive than
ADSL.For XS4ALL enough is enough. They hacked a spam filter that
people can switch on for free. Rejected mail is delivered to a
second mailbox that users can check for over filtering. Together
with a free virus scanner and PGP, they want to make e-mail secure
again. A new guideline by the EU will make UCE illegal by the end
of 2003 in the entire EU, reducing the problem somewhat.
Furthermore, people need to configure their procmail properly.
There are plenty of examples on Freshmeat on how to do that.EpilogueThat the privacy law couldn't protect XS4ALL members from
receiving unsolicited e-mail might have a good side-effect after
all. There is a clause in article 35 that gives people the right to
inquire about saved data. Per article 36, a company has to answer
in writing within four weeks. A member of XS4ALL posted
an
example of how to do this on his web site. Several news
outlets have posted the URL on their sites, and if many people take
up the effort, Ab.Fab may find themselves confronted with an
administrative nightmare.Brenno J.S.A.A.F. de Winter
is president of De Winter
Information Solutions in the Netherlands.

email: brenno@dewinter.com