Re: semi-OT - reporting an organization that ignores unsubscribe requests
> > I don't want to weigh in on the perceived worth of your signature, but > are you aware of the signature convention that has been around for > decades? It is mentioned in RFC 3676 and many other places: > > There is a long-standing convention in Usenet news which also commonly > appears in Internet mail of using "-- " as the separator line between > the body and the signature of a message. > > (https://tools.ietf.org/html/rfc3676#section-4.3) > > If you prefix your signature with DASH DASH SPACE, smart MUAs will > either show the signature in muted colours, in a collapsed state, or by > other means of making it less intrusive. That's odd...until you mentioned it I wasn't aware that my MUA was *not* including that!...let me see if I can figure out why it isn't. Thank you! Anne (suppressing .sig for now)
Re: semi-OT - reporting an organization that ignores unsubscribe requests
* Anne P. Mitchell: > I have found that establishing my expertise and authority up front > tends to ward off lengthy discussions that take up way more mailing > list bandwidth than the signature. I don't want to weigh in on the perceived worth of your signature, but are you aware of the signature convention that has been around for decades? It is mentioned in RFC 3676 and many other places: There is a long-standing convention in Usenet news which also commonly appears in Internet mail of using "-- " as the separator line between the body and the signature of a message. (https://tools.ietf.org/html/rfc3676#section-4.3) If you prefix your signature with DASH DASH SPACE, smart MUAs will either show the signature in muted colours, in a collapsed state, or by other means of making it less intrusive. -Ralph
Re: semi-OT - reporting an organization that ignores unsubscribe requests
> On Nov 24, 2018, at 4:25 PM, @lbutlr wrote: > > This is a very excessive signature block. I’m glad your proud of your resume, > but inflicting itnon a mailing list with every post is a bit much. It's not a matter of pride, and I generally don't disagree with you...however when discussing things actually having to do with the law, I have found that establishing my expertise and authority up front tends to ward off lengthy discussions that take up way more mailing list bandwidth than the signature. Much like this email, really. Anne Anne P. Mitchell, Attorney at Law GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant CEO/President, Institute for Social Internet Public Policy Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law Center California Bar Association Cal. Bar Cyberspace Law Committee Colorado Cyber Committee Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
This is a very excessive signature block. I’m glad your proud of your resume, but inflicting itnon a mailing list with every post is a bit much. On Nov 21, 2018, at 12:39, Anne P. Mitchell, Esq. wrote: > Anne P. Mitchell, > Attorney at Law > GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant > Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) > Legislative Consultant > CEO/President, Institute for Social Internet Public Policy > Board of Directors, Denver Internet Exchange > Board of Directors, Asilomar Microcomputer Workshop > Legal Counsel: The CyberGreen Institute > Legal Counsel: The Earth Law Center > California Bar Association > Cal. Bar Cyberspace Law Committee > Colorado Cyber Committee > Ret. Professor of Law, Lincoln Law School of San Jose > Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
The "right to be forgotten" is the natural outcome of three decades of self-inflicted pain. Some argue that deleting old e-mails is like re-writing history. Other, like me, argue that e-mail was born as an informal medium, different than, for example, a published book or factual evidence of a genocide. I contend that e-mail can only be included as evidence in court if the forensics are both sound and complete, because (most) e-mails can be easily fabricated. Would you like to be convicted by a fake e-mail? I guess not. Also, many of those "archives" have no legal or commercial value. They are not a book you can re-sell. Granted that, there are people who committed suicide out of shame, because they were the object of defamation or cyberbullying, things that move almost no one, until it happens to their children. A number of lawyers in the EU just couldn't pass by without taking notice. Both the US and the UN at some point will follow up, and make the world a better place. On Wed, Nov 21, 2018 at 20:39, Anne P. Mitchell, Esq. wrote >> On Nov 21, 2018, at 12:03 PM, Bill Cole >> wrote: >> >> On 21 Nov 2018, at 13:03, Anne P. Mitchell, Esq. wrote: >> >>> Except for the private right of action provided in GDPR, and small claims >>> court in the U.S. >> >> Are you saying an EU law can create an actionable civil tort claim in a US >> state small claims court for actions which are not illegal under any US >> state or federal law? > > No, I'm saying that anybody can sue anybody for anything in the U.S., and > it's extremely easy to file an action in small claims court. It wouldn't even > have to be, technically, 'under' GDPR (as you mention, there is always tort) > - but GDPR would be the hook that they would use, and the authority (note I > said authority, not law) they would cite. > > That said, I think it's much more likely that the lawsuits already filed > against Google and Facebook by Max Schrems will be ones to test the > jurisdiction/enforcement issues. > > Anne > > Anne P. Mitchell, > Attorney at Law > GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant > Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) > Legislative Consultant > CEO/President, Institute for Social Internet Public Policy > Board of Directors, Denver Internet Exchange > Board of Directors, Asilomar Microcomputer Workshop > Legal Counsel: The CyberGreen Institute > Legal Counsel: The Earth Law Center > California Bar Association > Cal. Bar Cyberspace Law Committee > Colorado Cyber Committee > Ret. Professor of Law, Lincoln Law School of San Jose > Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
> On Nov 21, 2018, at 12:03 PM, Bill Cole > wrote: > > On 21 Nov 2018, at 13:03, Anne P. Mitchell, Esq. wrote: > >> Except for the private right of action provided in GDPR, and small claims >> court in the U.S. > > Are you saying an EU law can create an actionable civil tort claim in a US > state small claims court for actions which are not illegal under any US state > or federal law? No, I'm saying that anybody can sue anybody for anything in the U.S., and it's extremely easy to file an action in small claims court. It wouldn't even have to be, technically, 'under' GDPR (as you mention, there is always tort) - but GDPR would be the hook that they would use, and the authority (note I said authority, not law) they would cite. That said, I think it's much more likely that the lawsuits already filed against Google and Facebook by Max Schrems will be ones to test the jurisdiction/enforcement issues. Anne Anne P. Mitchell, Attorney at Law GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant CEO/President, Institute for Social Internet Public Policy Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law Center California Bar Association Cal. Bar Cyberspace Law Committee Colorado Cyber Committee Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Benny Pedersen wrote: > Kevin Miller wrote: > > My particular favorite fix is, if the mail list has a web preferences > > page, to go to there and edit the preferences then set the email address > > to postmaster@localhost. Now it's their problem. > > If thay test fqdn it Will be your problem > :) I have often done similar by sending the email to nobody@theirdomain where theirdomain is the sites fqdn. I am often surprised at how often it is rejected as already in use by another account! Someone else has beat me to it! Bob
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On 21 Nov 2018, at 13:03, Anne P. Mitchell, Esq. wrote: Except for the private right of action provided in GDPR, and small claims court in the U.S. Are you saying an EU law can create an actionable civil tort claim in a US state small claims court for actions which are not illegal under any US state or federal law? That would be novel... have there actually been successful cases? -- Bill Cole
Re: semi-OT - reporting an organization that ignores unsubscribe requests
P.S. I should have added: the whole jurisdiction issue is, clinically speaking, one of the most interesting parts of GDPR. I've never seen a law that so broadly asserted that the country or union from which the law was promulgated will enforce it anywhere and everywhere - it's pretty damned gutsy. It will almost certainly be sorted out through lawsuits, and that will definitely be popcorn time. > On Nov 21, 2018, at 11:03 AM, Anne P. Mitchell, Esq. > wrote: > > > >> On Nov 21, 2018, at 8:48 AM, Bill Cole >> wrote: >> >> There is no reason for anyone without a commercial presence in the EU or CH >> to be concerned with GDPR. > > Except for the private right of action provided in GDPR, and small claims > court in the U.S. > > And, for entities that spam enough people "in the EU" (for our > analysis/explanation of that, along with why U.S. companies should comply > with GDPR, see here: > https://www.isipp.com/resources/how-email-marketing-must-comply-with-the-eu-general-data-protection-regulation-gdpr/ > NB: GDPR does not state anywhere that it applies to EU residents or > citizens, only the vague and ambiguous "in the EU") the language in GDPR that > states they will go after anyone, anywhere in the world. > > Anne > > Anne P. Mitchell, > Attorney at Law > GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant > Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) > Legislative Consultant > CEO/President, Institute for Social Internet Public Policy > Board of Directors, Denver Internet Exchange > Board of Directors, Asilomar Microcomputer Workshop > Legal Counsel: The CyberGreen Institute > Legal Counsel: The Earth Law Center > California Bar Association > Cal. Bar Cyberspace Law Committee > Colorado Cyber Committee > Ret. Professor of Law, Lincoln Law School of San Jose > Ret. Chair, Asilomar Microcomputer Workshop > > > >
Re: semi-OT - reporting an organization that ignores unsubscribe requests
> On Nov 21, 2018, at 8:48 AM, Bill Cole > wrote: > > There is no reason for anyone without a commercial presence in the EU or CH > to be concerned with GDPR. Except for the private right of action provided in GDPR, and small claims court in the U.S. And, for entities that spam enough people "in the EU" (for our analysis/explanation of that, along with why U.S. companies should comply with GDPR, see here: https://www.isipp.com/resources/how-email-marketing-must-comply-with-the-eu-general-data-protection-regulation-gdpr/ NB: GDPR does not state anywhere that it applies to EU residents or citizens, only the vague and ambiguous "in the EU") the language in GDPR that states they will go after anyone, anywhere in the world. Anne Anne P. Mitchell, Attorney at Law GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant CEO/President, Institute for Social Internet Public Policy Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law Center California Bar Association Cal. Bar Cyberspace Law Committee Colorado Cyber Committee Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On Wed, 21 Nov 2018, Rupert Gallagher wrote: On Wed, Nov 21, 2018 at 03:41, John Hardin wrote: On Tue, 20 Nov 2018, Rupert Gallagher wrote: The email address is an address, part of your personally identifiable data. I'm not disputing that. I write software that deals with PII in my day job. If an identifiable entity in the US sends mass mail to European addresses, then they must have a representative in Europe and comply with the GDPR. (1) how do you *force* someone in the US to have a representative in Europe? You file a complaint with your national ombudsman. In your case, stress the fact that they are processing political data in addition to common data. Do not expect immediate termination of spam. The ombudsman will proceed to verify the facts, identify the parties involved, check compliance claims, and enforce the EU-US bilateral agreement. see the discussion of the bilateral agreement below. In the end, the spammers Point of order: we're not talking about spammers per se, we're talking about a legitimate US-only organization (NOT necessarily a business) that is sending email to an EU correspondant, possibly at that person's automatically-processed request (e.g. by subscribing to a mailing list). will most likely refuse to appoint an EU representative, Why would the organization do so, if their only interest is in the US? and the EU will shut down their website. If the organization has no presence in the EU, and the website is not hosted in the EU, *how*? The EU is *not* the World Government and Ultimate Internet Regulatory Authority. (2) if they do no business in the EU, and do not have any presence in the EU (sending email to addresses in the EU is not "having a presence in the EU"), how are they subject to fines for violating the law in the EU? If, for example, I - a private, non-commercial entity - hosted a mailing list on my private server (which I have done in the past), and someone in the EU subscribed and posted to that list and their email address was captured in the list archives, and they later unsubscribed and asked for their email address to be removed from the list archives, and I (for whatever reason) did not do so, *how* would an EU court levy fines against me? The US is not a signatory to the GDPR as far as I am aware, and I have *no* legal presence outside the US. The US signed a bilateral agreement with the EU: https://www.privacyshield.gov/ By my quick reading: (1) that only applies to businesses and (apparently) common carriers - I don't see any suggestion that something like a domestic political advocacy group would be affected (I'm presuming that since such is not a commercial entity or common carrier they are not subject to the jurisdiction of the FTC or DOT), and certainly not a private citizen acting on their own behalf (like in my mailing list hypothetical above). (2) it is a *voluntary* framework for assuring your customers you abide by requirements aligned with the GDPR, with certification by a third party that you do so. (3) it only provides for punishment of companies that have *voluntarily* enrolled and don't actually implement the required controls, which is punished as "deceptive advertising" (i.e. claiming to protect your privacy but not actually doing so); there are fines, but apparently there is no provision for the *huge* fines that GDPR threatens, and I see no provision for "shutting down a website" (though that may be dragged in via other FTC regulations related to deceptive advertising). If a company persistently violates the terms of their enrollment they will be removed from the program. So: that does not appear to apply at all to me as a private citizen running a mailing list, and *probably* does not apply to purely-US non-business entities (e.g. a political advocacy organization) that have not applied for membership in the program so that they can publicly claim to be protecting your privacy under a framework similar to the GDPR. On Tue, Nov 20, 2018 at 17:03, John Hardin wrote: On Tue, 20 Nov 2018, Rupert Gallagher wrote: Yes, if you are European, and might get some money as compensation. From a US political advocacy group which has no commercial presence in EU? How does GDPR apply in that situation? On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 wrote: Gents, I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization. Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well. While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off. So, is there some "authority" to which I can report these a**holes? that might have an effect? -- John Hardin KA7OHZ
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On 21 Nov 2018, at 9:03, Rupert Gallagher wrote: On Wed, Nov 21, 2018 at 03:41, John Hardin wrote: [...] The US is not a signatory to the GDPR as far as I am aware, and I have *no* legal presence outside the US. The US signed a bilateral agreement with the EU: https://www.privacyshield.gov/ It's widely misunderstood how hard it is for the US government to enforce the laws of other countries on US people and companies. Participation in Privacy Shield is an entirely voluntary program and the only punishment for a self-certifying entity that claims to be complying is that if the FTC determines that they persist in non-compliance, they are removed from the list of complying entities and added to a list of persistent non-compliers. Beyond that, the only punishment would be if they continue to claim participation in Privacy Shield (i.e. simple fraud.) There is no reason for anyone without a commercial presence in the EU or CH to be concerned with GDPR.
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On Wed, Nov 21, 2018 at 03:41, John Hardin wrote: > On Tue, 20 Nov 2018, Rupert Gallagher wrote: > >> The email address is an address, part of your personally identifiable >> data. > > I'm not disputing that. I write software that deals with PII in my day job. > >> If an identifiable entity in the US sends mass mail to European >> addresses, then they must have a representative in Europe and comply >> with the GDPR. > > (1) how do you *force* someone in the US to have a representative in > Europe? > You file a complaint with your national ombudsman. In your case, stress the > fact that they are processing political data in addition to common data. Do > not expect immediate termination of spam. The ombudsman will proceed to > verify the facts, identify the parties involved, check compliance claims, and > enforce the EU-US bilateral agreement. In the end, the spammers will most > likely refuse to appoint an EU representative, and the EU will shut down > their website. > (2) if they do no business in the EU, and do not have any presence in the > EU (sending email to addresses in the EU is not "having a presence in the > EU"), how are they subject to fines for violating the law in the EU? > > If, for example, I - a private, non-commercial entity - hosted a mailing > list on my private server (which I have done in the past), and someone in > the EU subscribed and posted to that list and their email address was > captured in the list archives, and they later unsubscribed and asked for > their email address to be removed from the list archives, and I (for > whatever reason) did not do so, *how* would an EU court levy fines against > me? > > The US is not a signatory to the GDPR as far as I am aware, and I have > *no* legal presence outside the US. > The US signed a bilateral agreement with the EU: https://www.privacyshield.gov/ > >> On Tue, Nov 20, 2018 at 17:03, John Hardin wrote: >> >>> On Tue, 20 Nov 2018, Rupert Gallagher wrote: >>> Yes, if you are European, and might get some money as compensation. >>> >>> From a US political advocacy group which has no commercial presence in EU? >>> How does GDPR apply in that situation? >>> On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 wrote: > Gents, > > I somehow became subscribed to a list, political in nature, in whose mail > I have no interest. This is a legitimate AFAIK, US organization. > > Thus far, several uses of their unsubscribe link had not provided relief. > Direct email to the founder and operations manager seem to have been > ignored as well. > > While I can just dump their mail, it offends my finely hones sense of > propriety, justice and my all around good nature. Besides, it hoses me > off. > > So, is there some "authority" to which I can report these a**holes? that > might have an effect? > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > The question of whether people should be allowed to harm themselves > is simple. They *must*. -- Charles Murray > --- > 600 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On Tue, 20 Nov 2018, Rupert Gallagher wrote: The email address is an address, part of your personally identifiable data. I'm not disputing that. I write software that deals with PII in my day job. If an identifiable entity in the US sends mass mail to European addresses, then they must have a representative in Europe and comply with the GDPR. (1) how do you *force* someone in the US to have a representative in Europe? (2) if they do no business in the EU, and do not have any presence in the EU (sending email to addresses in the EU is not "having a presence in the EU"), how are they subject to fines for violating the law in the EU? If, for example, I - a private, non-commercial entity - hosted a mailing list on my private server (which I have done in the past), and someone in the EU subscribed and posted to that list and their email address was captured in the list archives, and they later unsubscribed and asked for their email address to be removed from the list archives, and I (for whatever reason) did not do so, *how* would an EU court levy fines against me? The US is not a signatory to the GDPR as far as I am aware, and I have *no* legal presence outside the US. On Tue, Nov 20, 2018 at 17:03, John Hardin wrote: On Tue, 20 Nov 2018, Rupert Gallagher wrote: Yes, if you are European, and might get some money as compensation. From a US political advocacy group which has no commercial presence in EU? How does GDPR apply in that situation? On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 wrote: Gents, I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization. Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well. While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off. So, is there some "authority" to which I can report these a**holes? that might have an effect? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The question of whether people should be allowed to harm themselves is simple. They *must*. -- Charles Murray --- 600 days since the first commercial re-flight of an orbital booster (SpaceX)
RE: semi-OT - reporting an organization that ignores unsubscribe requests
On 21. november 2018 01.32.37 Kevin Miller My particular favorite fix is, if the mail list has a web preferences page, to go to there and edit the preferences then set the email address to postmaster@localhost. Now it's their problem. If thay test fqdn it Will be your problem :)
RE: semi-OT - reporting an organization that ignores unsubscribe requests
No worries. Someone with a similar issue will search for a solution someday, and have one at hand. :-) My particular favorite fix is, if the mail list has a web preferences page, to go to there and edit the preferences then set the email address to postmaster@localhost. Now it's their problem. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 -Original Message- From: Joe Acquisto-j4 [mailto:j...@j4computers.com] Sent: Tuesday, November 20, 2018 10:43 AM To: users@spamassassin.apache.org Subject: Re: semi-OT - reporting an organization that ignores unsubscribe requests >>> On 11/19/2018 at 4:35 PM, in message , "Kevin A. McGrail" wrote: > On 11/18/2018 10:19 PM, Joe Acquisto-j4 wrote: >> So, is there some "authority" to which I can report these a**holes? that > might have an effect? > I would say some blacklists might be interested. I certainly list > emails based on consent. Ever have one of those days where you wish you had never raised your hand in class? Seems I may have maligned this un named organization. For legacy reasons I have two email accounts with similar domains aggregated into one. Short story, I was un-subscribing the wrong one. Still, they could, perhaps, have done a quick check against their subscriber list, instead of reporting it as successfully unsubscribed. See, there is always a way to make it someone else's fault. Sorry for the wasted time.
Re: semi-OT - reporting an organization that ignores unsubscribe requests
> The email address is an address, part of your personally identifiable data.
> If an identifiable entity in the US sends mass mail to European addresses,
> then they must have a representative in Europe and comply with the GDPR.
I somehow missed that John is in the U.K., and actually re-reading his email
suggests that he may be in Canada ("hoses me off" ;-) )... John, if you are in
Canada than this may fall under CASL, in which case you can report the email
here:
http://fightspam.gc.ca/eic/site/030.nsf/eng/h_00017.html
If you are, in fact, in the EU, then by all means I'd go the route of invoking
GDPR. Many (if not most..sigh) entities in the U.S. believe that they don't
have to worry or care about GDPR..however the language in GDPR that says, in
essence, "we will go after anybody anywhere in the world who violates GDPR"
coupled with the private right of action suggests that you'd at least have a
shot. The reason that political spam is exempted in the U.S. is because of the
1st Amendment..which of course does not apply outside the U.S.. ;-)
Anne
Anne P. Mitchell,
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop
>
>
> On Tue, Nov 20, 2018 at 17:03, John Hardin wrote:
>> On Tue, 20 Nov 2018, Rupert Gallagher wrote:
>>
>> > Yes, if you are European, and might get some money as compensation.
>>
>> From a US political advocacy group which has no commercial presence in EU?
>> How does GDPR apply in that situation?
>>
>> > On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4
>> > wrote:
>> >
>> >> Gents,
>> >>
>> >> I somehow became subscribed to a list, political in nature, in whose mail
>> >> I have no interest. This is a legitimate AFAIK, US organization.
>> >>
>> >> Thus far, several uses of their unsubscribe link had not provided relief.
>> >> Direct email to the founder and operations manager seem to have been
>> >> ignored as well.
>> >>
>> >> While I can just dump their mail, it offends my finely hones sense of
>> >> propriety, justice and my all around good nature. Besides, it hoses me
>> >> off.
>> >>
>> >> So, is there some "authority" to which I can report these a**holes? that
>> >> might have an effect?
>>
>> --
>> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
>> jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>> ---
>> The world has enough Mouse Clicking System Engineers.
>> -- Dave Pooser
>> ---
>> 600 days since the first commercial re-flight of an orbital booster (SpaceX)
>
>
Re: semi-OT - reporting an organization that ignores unsubscribe requests
The email address is an address, part of your personally identifiable data. If an identifiable entity in the US sends mass mail to European addresses, then they must have a representative in Europe and comply with the GDPR. On Tue, Nov 20, 2018 at 17:03, John Hardin wrote: > On Tue, 20 Nov 2018, Rupert Gallagher wrote: > >> Yes, if you are European, and might get some money as compensation. > > From a US political advocacy group which has no commercial presence in EU? > How does GDPR apply in that situation? > >> On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 wrote: >> >>> Gents, >>> >>> I somehow became subscribed to a list, political in nature, in whose mail I >>> have no interest. This is a legitimate AFAIK, US organization. >>> >>> Thus far, several uses of their unsubscribe link had not provided relief. >>> Direct email to the founder and operations manager seem to have been >>> ignored as well. >>> >>> While I can just dump their mail, it offends my finely hones sense of >>> propriety, justice and my all around good nature. Besides, it hoses me off. >>> >>> So, is there some "authority" to which I can report these a**holes? that >>> might have an effect? > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > The world has enough Mouse Clicking System Engineers. > -- Dave Pooser > --- > 600 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: semi-OT - reporting an organization that ignores unsubscribe requests
> > Gents, Ahem. ;-) > > I somehow became subscribed to a list, political in nature, in whose mail I > have no interest. This is a legitimate AFAIK, US organization. > > Thus far, several uses of their unsubscribe link had not provided relief. > Direct email to the founder and operations manager seem to have been ignored > as well. > > While I can just dump their mail, it offends my finely hones sense of > propriety, justice and my all around good nature. Besides, it hoses me off. > > So, is there some "authority" to which I can report these a**holes? that > might have an effect? Speaking as someone who actually wrote part of the U.S. anti-spam law (of which I'm the first to say that it is pathetic and anemic (except of course, the part that I wrote ;-) )...I can say categorically that political email is exempt from most Federal law relating to email, email marketing, etc.. But THAT said, a word to their provider can (and sometimes does) still have the desired (individual) effect, because providers care about their IP space reputation (more so than most political campaigns). Anne Anne P. Mitchell, Attorney at Law GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant CEO/President, Institute for Social Internet Public Policy Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law Center California Bar Association Cal. Bar Cyberspace Law Committee Colorado Cyber Committee Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Spam is income for those who sell it, a cost for those who buy it, and a liability for those who receive it. Thousands of junk and weaponized messages try their luck while wasting our resources. It is not by accident that we have anti-spam laws. Our unpaid job is to reject spam efficiently. Sometimes you cannot reject it, because sent properly, by someone you can identify, and it falls within your legal reach. That's when you file a complaint to the ombudsman and cash in a small reward for the inconvenience. Laws are there for us, not against us. On Tue, Nov 20, 2018 at 11:36, Martin Gregorie wrote: > On 18 Nov 2018, at 22:19, Joe Acquisto-j4 wrote: >> >> > Gents, >> > >> > I somehow became subscribed to a list, political in nature, in >> > whose mail I have no interest. This is a legitimate AFAIK, US >> > organization. >> > > I just auto-bin this stuff if their 'unsubscribe' link doesn't work. > Emirates, the well-known airline, is the latest outfit to get this > treatment here. > > However, given the recently mentioned US freedoms of political speech, > why can't you simply exercise your freedoms by reflecting it back to > the mailing list unseen but with a polite note added to the the body in > big caps saying something along the lines of: > > "I tried to unsubscribe from your list but that doesn't work, so here's > your unwanted mail back. Kindly take me off your list". > > I don't see how that could be twisted into offensive speech, but it > just might embarrass their mailadmin into taking you off the list. > > Martin
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On 11/20/2018 2:43 PM, Joe Acquisto-j4 wrote: > Seems I may have maligned this un named organization. Other than maligning their cosmic karma, not really sure asking about how to gritch about them but not actually doing anything does any real harm :-) -- Kevin A. McGrail VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: semi-OT - reporting an organization that ignores unsubscribe requests
>>> On 11/19/2018 at 4:35 PM, in message , "Kevin A. McGrail" wrote: > On 11/18/2018 10:19 PM, Joe Acquisto-j4 wrote: >> So, is there some "authority" to which I can report these a**holes? that > might have an effect? > I would say some blacklists might be interested. I certainly list > emails based on consent. Ever have one of those days where you wish you had never raised your hand in class? Seems I may have maligned this un named organization. For legacy reasons I have two email accounts with similar domains aggregated into one. Short story, I was un-subscribing the wrong one. Still, they could, perhaps, have done a quick check against their subscriber list, instead of reporting it as successfully unsubscribed. See, there is always a way to make it someone else's fault. Sorry for the wasted time.
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On Tue, 20 Nov 2018, Rupert Gallagher wrote: Yes, if you are European, and might get some money as compensation. From a US political advocacy group which has no commercial presence in EU? How does GDPR apply in that situation? On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 wrote: Gents, I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization. Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well. While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off. So, is there some "authority" to which I can report these a**holes? that might have an effect? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The world has enough Mouse Clicking System Engineers. -- Dave Pooser --- 600 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On 18 Nov 2018, at 22:19, Joe Acquisto-j4 wrote: > > > Gents, > > > > I somehow became subscribed to a list, political in nature, in > > whose mail I have no interest. This is a legitimate AFAIK, US > > organization. > > I just auto-bin this stuff if their 'unsubscribe' link doesn't work. Emirates, the well-known airline, is the latest outfit to get this treatment here. However, given the recently mentioned US freedoms of political speech, why can't you simply exercise your freedoms by reflecting it back to the mailing list unseen but with a polite note added to the the body in big caps saying something along the lines of: "I tried to unsubscribe from your list but that doesn't work, so here's your unwanted mail back. Kindly take me off your list". I don't see how that could be twisted into offensive speech, but it just might embarrass their mailadmin into taking you off the list. Martin
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Yes, if you are European, and might get some money as compensation. On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 wrote: > Gents, > > I somehow became subscribed to a list, political in nature, in whose mail I > have no interest. This is a legitimate AFAIK, US organization. > > Thus far, several uses of their unsubscribe link had not provided relief. > Direct email to the founder and operations manager seem to have been ignored > as well. > > While I can just dump their mail, it offends my finely hones sense of > propriety, justice and my all around good nature. Besides, it hoses me off. > > So, is there some "authority" to which I can report these a**holes? that > might have an effect?
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On 11/18/2018 10:19 PM, Joe Acquisto-j4 wrote: > So, is there some "authority" to which I can report these a**holes? that > might have an effect? I would say some blacklists might be interested. I certainly list emails based on consent.
Re: semi-OT - reporting an organization that ignores unsubscribe requests
In Europe according to GDPR that would probably lead to an epic fine On Monday, November 19, 2018, 4:35:56 PM GMT+1, Bill Cole wrote: >Short answer: No. > >Political and charitable entities are not governed by the main anti-spam >law in the US (known as "CAN-SPAM") on the theory that if they were not, only governs *commercial* email, which has weaker legal protection from >government regulation than does political speech or straight >solicitations for charity. PedroD
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On 18 Nov 2018, at 22:19, Joe Acquisto-j4 wrote: Gents, I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization. Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well. While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off. So, is there some "authority" to which I can report these a**holes? that might have an effect? Short answer: No. Political and charitable entities are not governed by the main anti-spam law in the US (known as "CAN-SPAM") on the theory that if they were not, they could invalidate the whole law on constitutional grounds. CAN-SPAM only governs *commercial* email, which has weaker legal protection from government regulation than does political speech or straight solicitations for charity.
