one mikro2nd: spam

Showing posts with label spam. Show all posts

19 July 2008

Datapro/Vox Spam Wrapup

Its been a long, long time... way too long... since I promised to report back on my complaint to the ISPA in which I accused Datapro/Vox Telecom of being spammers.

The first part of the ISPA's complaint-handling procedure is to have the parties try and resolve matters between them. Datapro's attempt to brush me off was a laugh:

So eventually, somewhere around March, the event wound its way to the ISPA's Complaints Committee who deliberated, and some weeks later, sent me a formal Ruling:

Datapro/Vox Telecom were found guilty of spamming, and fined R100 000 (about EUR10 000 at the time.)

Naturally Datapro appealed this decision, as was their right. Unfortunately the appeals process is quite a slow one, so it was only about 9 June that I was informed of the outcome of the appeals process:

On appeal it was found that Datapro/Vox Telecom were confirmed as being guilty of spamming (through address repurposing.) The fines were, however, reduced to R45 000, most of which has been suspended for 12 months, provided that Datapro/Vox do not spam again within that period of time. Effectively Datapro/Vox have had to pay a paltry R7 500 in fines. Their guilt remains undisputed.

This strikes me as the ISPA having no balls.

The Appeals Committee recomended that Datapro/Vox

...ensure that a working opt-out facility is provided on all marketing emails and to report back to the ISPA complaints administrator within 1 (one) calendar month of receipt of this report on remedial action taken by it. The Appeals Panel recommended (which recommendation is not binding) that such remedial action should also include cleaning its email marketing lists to avoid a repetition of this complaint. This could be achieved by way of a reminder email requesting recipients to confirm their desire to continue receiving such emails (opt in), which is preferable, or by requesting them to indicate their preference not to receive such communications (opt out), which is adequate and then abiding by the indicated preference.

To my knowledge none of this has happened. I have received neither an opt-in request, nor any opportunity to op-out.

The only communication I have had was on 3 June -- 8 days after the Appeal Ruling -- I received yet another marketing spam from Datapro/Vox... still no opt-out link, still no confirmed opt-in. I just have not had the time or energy to follow-up with another complaint of this violation of the suspension conditions imposed by the ISPA on Datapro/Vox.

Further, the ISPA's documentation carries a notice stating

PRIVATE AND CONFIDENTIAL:
All communication is confidential and may not be distributed.
See http://www.ispa.org.za/commsrules for more info.

so I am effectively barred from making the original PDFs available, despite (or perhaps because of) my having made it clear to the ISPA that it was my firm intention to publish the course of events and all documents.

I am also unable to find any notice, link or reference to this ruling on the ISPA website. Are they too afraid of the potential income-loss should one of their largest spammers members get pissed-off enough to depart the Association?

A pretty sorry indication of the general state of the local ISP industry, I'm afraid.

22 February 2008

Taking on the Spammers: Datapro/Vox Telecom - Part 4

Mr Douglas Reed, CEO of Vox Spamacom Telecom, parent company to Datapro, replies:

We run an ISP with over 18,000 corporate customers and 180,000 SME's and
we have customers who utilise various services. These include list
servers where customers use their own databases and we don't have full
control. The DataPro and Vox databases are within our control and
consist of individuals and organisations who have provided their details
to us. The reason we have you on our Company database is because you are
obviously listed as a technical contact for some of our customers. We
cannot offer opt in opt out facilities for our communication to our base
because the news letters communicate important information that the
technical contacts need to be aware of. However if you want to be
excluded please give us the details and provide us with new technical
contact details.

The other choice is do what the rest of us do and add the user to your
junk mail list.

Interestingly enough this mail ended up in my junk mail folder which
basically means that I received unsolicited mail from this in the past
or you cc'd thousands of people.

Is it just me, or does this sound just a tad arrogant? What I am hearing: "We're big; that means we can spam with impunity, since we're too big to get blocked." and "Shut up and eat your spam!"

My response:

Dear Mr Reed, On 18/02/2008, Douglas Reed <douglasr@datapro.co.za> wrote:

> The DataPro and Vox databases are within our control and
> consist of individuals and organisations who have provided their details
> to us. The reason we have you on our Company database is because you are
> obviously listed as a technical contact for some of our customers.

The (many) spam emails that form the basis of my complaint to ISPA are directly from Datapro and Vox Telecom; this is not about spam from your customers. One spam message bears your name as "signatory".

You will note from my earlier correspondence with Maggie Cubitt that I have tried repeatedly, using numerous channels, to "opt out" of these mailing lists, without any success.

Why don't your opt-out procedures work? (As required by the ECT Act.)

Although some of your technical staff are certainly in possession of my email address as "technical contact" for some of our mutual customers, this does NOT extend a license to your companies to send me unsolicited bulk email on ANY subject.

Further, I will note that I have never -- not even once -- receive a bulk message on any technical subject. The emails forming the basis of my complaint have ALL been of a nature that can only be characterised as "marketing crap". I did not, ever, at any stage, give any person or system representing your companies, permission to send me marketing crap. The fact the your companies have done so is known in the email management industry as "address repurposing" and is considered a sure sign of "spam spoor".

> The other choice is do what the rest of us do and add the user to your
> junk mail list. I will repeat what I wrote to Ms Cubbit:

<quote>
having my own email address removed from your mailing lists is of only limited interest to me in this matter. The larger issue, which it is my main purpose to tackle, is that of Datapro and Vox Telecom blithely spamming, over an extended period of time, continuing in the face of numerous good-faith attempts to unsubscribe, and in direct violation of

1) their own Terms of Service,

2) the email provisions of the ECT Act, and

3) the ISPA's Code of Conduct.
</quote>

The point this: "adding Datapro/Vox Telecom" to my "junk mail list," as you suggest, fails to eliminate or mitigate the primary complaint against spam: the receiver has to pay for it. Putting Datapro/Vox Telecom into my "junk mail list" does not mean that Datapro/Vox Telecom cease being spammers.

To (attempt to) be completely clear on this: since you seem to have overlooked the point:

* This is not about Datapro and Vox Telecom spamming ME.

* This IS about Datapro/Vox Telecom spamming AT ALL.

> Interestingly enough this mail ended up in my junk mail folder which
> basically means that I received unsolicited mail from this in the past
> or you cc'd thousands of people.

Nonsense.

No such conclusion can be inferred.

Having personally administered email and spam-filtering systems, I can tell you that you cannot draw any such conclusion; thogh it /may/ call into question the competence of the people managing your spam-filtering systems.

> We run an ISP with over 18,000 corporate customers and 180,000 SME's and
> we have customers who utilise various services. These include list
> servers where customers use their own databases and we don't have full
> control.

What I read into this is that you believe that your organisations are "too large for the rules to apply". I have some bad news... There are other organisations far, FAR larger that manage to adequately, and to the full satisfaction of the anti-spam community, police their customers' mailing lists and email activities. I am pretty sure that both Outblaze and AOL are larger than your operations; both manage to maintain an impeccable reputation for managing the spam problem and speedily terminating spammy customers.

Of course, neither one spams their customers directly, as your organisations have done.

Part of your (companies') responsibility to the Internet community is to police your customers and their mailing lists. Ways to do this include monitoring their behaviour, and maintaining and ENFORCING uncompromising Terms of Service. Your response suggest an unwillingness to do so. This is a slippery slope. Next your sales-staff will be writing "pink contracts". (Google for it!) Should you require access to better expertise than your organisations evidently possess, I shall be glad to forward my consulting rates.

All of this remains (largely) irrelevant. The numerous spam messages I have received are from your organisations; not from your customers. Your unwillingness to eliminate spam from /within/ is, perhaps, indicative of your willingness to tolerate/profit-from spammy customers from without.

Here is the response I expect: As I see it (prove me wrong?), you have two choices:

1. Throw away all mailing lists under your control, and start from scratch to build new mailing lists. Of course you WILL follow established Internet procedures for building permission-base email lists. (Somehow, I doubt this one...)

OR

2. Send a ONE TIME email to all addresses on your mailing lists, explaining (in full) the situation, expressing your companies' regret that such an unacceptable and untenable situation has come about through the action of a few misguided individuals, and asking the recipients to confirm that they WISH to be subscribed to the relevant mailing list. Should recipients so confirm their desire to participate, your staff should proceed in the full confidence that those persons have positively opted-IN. Any email address that fails to reply, or that expresses a desire to opt-OUT must be removed from your databases.

This (second) option should be followed-up with a comprehensive on-going (so that new-hi[r]es get the message, too) educational message from the organisation: "We don't tolerate spam in any shape, manner or form." (together with a detailed explanation of just what that means.) Your marketing and sales staff may require particularly persistent education.

Forgive my lack of optimism.

Since you (read: your organisations) do not know the email address(es) being spammed, you may be sure that I am in a position to monitor your organisations' actions on this, and will report accordingly.

PS: You, Mr Reed, might wish to consider that a small one-man consultancy such as myself, may frequently be in a position to make recommendations to customers concerning their choice of service providers in the Internet Services industry. Either to recommend providers, or, alternatively, to discourage use of any particular provider. Your call...

If anybody out there thinks I am being irresponsible or unreasonable (obviously with the exception of any Datapro or Vox Telecom employees or agents!) please, please say so by leaving a comment on this blog. I promise not to delete any relevant comments...

Let's just note for the record that he failed, completely, to address any single point of substance or question in my response...

16 February 2008

Taking on the Spammers: Datapro/Vox Telecom - Part 3 - email Ping Pong

Obviously the spammers thought they could just listwash me and be done. Here's Datapro's latest response:

Subject: RE: Response to ISPA complaint
Date: Fri, 15 Feb 2008 12:55:45 +0200
From: "Maggie Cubitt" <maggiec@voxtelecom.co.za>
To: "Mike Morris" <me>

Hi Mike Apologies, as I can fully understand your frustration, which is why I am attempting to resolve it comprehensively and finally. I am unable to find the e-mail address mikro2nd@gmail.com on the Contacts database from the DataPro CRM.. and you have extracted the delivery address from your notepad doc. Can I please just confirm that the Newsletter was delivered to the e-mail address mikro2nd@gmail.com?

My response to them:

Maggie Cubitt wrote:

> Apologies, as I can fully understand your frustration, which is why I
> am attempting to resolve it comprehensively and finally.

Please understand that having my own email address removed from your mailing lists is of only limited interest to me in this matter.  The larger issue, which it is my main purpose to tackle, is that of Datapro and Vox Telecom blithely spamming, over an extended period of time, continuing in the face of numerous good-faith attempts to unsubscribe, and in direct violation of

  1) their own Terms of Service,
  2) the email provisions of the ECT Act, and
  3) the ISPA's Code of Conduct.

> I am unable to find the e-mail address mikro2nd@gmail.com on the
> Contacts database from the DataPro CRM.. and you have extracted the
> delivery address from your notepad doc. Can I please just confirm that
> the Newsletter was delivered to the e-mail address mikro2nd@gmail.com?

The spam was not delivered to that email address, but another one.

I am not willing to assist you in listwashing -- the much-loathed practise whereby spammers remove the addresses of the whiners, but continue to blast their unwanted spew out to the Silent Majority Who Just Hit Delete.

I never opted-in to any mailing list belonging to Datapro or Vox Telecom, but was placed on it without my knowledge or consent via person(s) with whom I had contact for purely technical purposes on behalf of my own clients.  This, in turn, means that my email address was repurposed for marketing spam.  In turn Datapro's mailing list was repurposed by Vox Telecom, a company with which I have certainly never had any business relationship.  (Yes, I do understand the relationship between the companies.  No explanation needed.)  Please take note that this is NOT the only list from which I get spammed by Datapro, so your problems are deeper and wider than listwashing a single whiny anti-spam "activist" from a single ill-constructed mailing list or database.

If your lists are NOT fully confirmed-opt-in (and clearly they are not,otherwise I wouldn't be bothering you), then they're spammy lists until you can verify, with a full audit trail, that each and every recipient has positively confirmed their wish to opt in.  Any addresses that cannot be so confirmed must be removed from your databases.  All databases.

The procedure for confirming mailing-list opt-in has been well-established, well-understood, standard practise in legitimate email management for at least the last 30 years, and is correctly implemented by every respectable mailing-list management system.  I would expect an ISP as large as Datapro to be conversant with such established, accepted, and widely-implemented industry-standard, and to have the resources to ensure compliance.  I realise that these practices are somewhat more stringent than required by SA law, but will point out that the ISPA Code of Conduct (para 28) mandates that "ISPA members must operate with due regard for established Internet best practices, as set out in the various request for comment (RFC) documents and as mandated from time to time by established and respected Internet governance structures."  That reads: "established Internet best practices", not "ineffective South African law".  I believe that mailing list operation is covered by RFC-3098 among other resources.

Furthermore, you will, no doubt, have noted that the sample email sent to you is in violation of even the very modest requirements of the ECT Act.  Not to mention the long-term on-going failure to heed good-faith removal instructions as required by the Act.

I trust that Datapro's forthcoming response to this will measure up to the full scope of the organisation's evident ignorance of, or unwillingness to implement, Internet standards and best practise.

Forgive me my skepticism... ;-)

Taking on the Spammers: Datapro/Vox Telecom - Part 2

Yesterday, 14 Feb, the following response to my complaint to the Internet Service Providers' Association about one of their member's spamming activities:

FYI: Mr Reed is the CEO of Vox Telecom (the parent company), so hopefully we've got the attention of a Big Shot.


From: "Maggie Cubitt" <maggiec@voxtelecom.co.za>

To: <me>

Cc: "Douglas Reed" <douglasr@datapro.co.za>



Hi Mike As a listed Telecommunications Company we do take any reports of this

nature extremely seriously. We were very concerned to receive the

notification of your complaint to ISPA, and are obviously anxious to get

this resolved as a matter of urgency.



As there are many companies in the Vox Telecom Group and as DataPro, as

an ISP, does provide a bulk mailing service to customers as well, there

is a possibility that you are on one of our customer's databases.



In order to investigate this properly I would really appreciate if you

could forward me the "February newletter" to which you refer so that I

can investigate this thoroughly for you.



I look forward to your response.



Regards,

Maggie

I have forwarded the most-recent offending email -- "signed" at the bottom by a Mr Gary Sweidan, Datapro's Managing Director, I am sure he is blissfully unaware of the content, or that it is being blasted to a who-knows-how-large list of unwilling , unconfirmed, not-opted-in recipients.

Sadly for them, I redacted out all the recipient email address details and message UUIDS that might server to identify the address it was sent to ;-)

One of the few spammer activities more loathsome than "address repurposing" is listwashing -- removing the whiners from your list whilst blithely continuing to spam the quite ones who Just Hit Delete.

15 February 2008

Taking on the Spammers: Datapro/Vox Telecom - Part 1

For well over a year now I've been getting spammed by Datapro (a Vox Telecom subsidiary) with sundry Friendly Newsletters, Product Offers and Special Crap We're Sure Will Interest You. Now we're in a fight argument complaint-resolution discussion.

Background

Datapro is a fairly large supplier in SA of web and email hosting, ISP services, and all the myriad little bitty services around that. They're also one of only 15 "Large" members of the Internet Service Providers' Association -- the industry's self-regulation watchdog in SA -- and hence a signatory to ISPA's Code of Conduct, which includes a clause saying, in effect, "members won't support spam or spamming."

I have never been one of Datapro's customers because I think their technical standards are... dodgy... to say the least. But, I have had contact with some of their technical staff in the course making changes to email, web-hosting and DNS on behalf of some of my clients who do use Datapro as their service provider. For whatever misguided reasons. Evidently, some of Datapro's tech staff have had their email address-books "harvested" by The Marketroid Department. Or Something. How ever it happened, my email address got repurposed without my knowledge or prior consent. A major point, here, is that I have never been in a business relationship with this company.

In the anti-spam world "repurposing" is considered a Very Bad Thing, and will result in instant and permanent blacklisting on some aggressively well-run mail servers.

I've lost count of the number of times I have emailed the sender asking, demanding, pleading or threatening legal action, in the interests of getting off their mailing lists. Countless times I've clicked on the (rarely present) "unsubscribe" links and jumped through web-page hoops to get unsubscribed. Nary a confirmation have I received. Nor has any of this actually diminished the volume of crap I get from them.

To add insult to injury, Vox Telecom, the parent company, have in turn taken to spamming their subsidiary's lists.

A Lightbulb Moment

A short while ago, a contact on one of the local Internet-industry mailing lists I haunt, suggested that I lodge a complaint with ISPA. I must confess that I had never seriously thought about it, but maybe worth a try...

I waited. Made sure I gathered and archived the evidence. Then, last Tuesday, I struck: lodged a complaint via the ISPA's webform:

Action The First: The Complaint

NameISP: Datapro/Vox Telecom
name: <redacted>
email: <redacted>
Address: <redacted>
Telephone: <redacted>
Cellphone: <redacted>
SectionCoC: E. Unsolicited bulk mail (spam)
Details:

I have never been a customer of Datapro.  My only interactions with them have been on behalf of my clients, in the course of managing clients' DNS, email, hosting, etc. technical requirements where those services have been provided (at the clients' choice) by Datapro.  As such my interactions have been with technical service personnel only.

During the course of such interactions Datapro staff have, without my consent or prior knowledge, added my email address to various mailing lists that they use to send marketing "newsletters" and advertisements (a.k.a. address repurposing.)

I have on numerous occasions requested that my details be removed from all mailing lists and databases under Datapro's control to no avail.  I have made such requests telphonically, by email, and by clicking through the (rare) unsubscribe links that some of this spam contains.

Finally I have records good enough to prove my point.  Their latest "February newletter", sent in duplicate today, 9 February 2008, is in clear violation of

1) my past instruction to them of 2 August 2007 (and subsequent, evidence-free removal-link-clicking)

2) the ECT Act itself, in failing to meet the information provision and opt-out requirements of the Act, and

3) the ISPA Code of ConductCopies of all relevant emails are available from myself.

Let's see what results...

06 November 2007

Scam, scam, scam, scam, scam!

You must have heard it before: "Is this Mike? You have won a Holiday In Florida!"

We've all had the emails. This evening was, I admit, The first time I got the Phone Call. Very American accented young lady. Fortunately my highly tuned sense of paranoia kicked in, perhaps aided by the fact that they quoted my using an email address not used in over ten years, and I simply put the young lady on hold for several minutes while pouring myself a small drop of a certain Scottish libation. After a couple of minutes I asked her to hold while I considered the situation.

How did these scammers get my phone number?

The thing is, my phone number is unlisted, and I am certain I have never, ever typed it into any web form. Ever. Trust me on this. I treat all forms with the abuse, hostility and contempt they deserve (thanks to a old boss I had, John Merry, who taught me The Fine Art of Form Contempt.)

A fairly obvious advance-fee fraud. But how many people would fall for it? A few weeks ago, an acquaintance called me, filled with jubilation: He had Won The Lottery! An email said so!

I sadly had to puncture his bubble, and enlightened him as to how these things work. This is a man who worked in the IT industry as a senior manager for many years. He is far from a fool; indeed he is a highly talented and intelligent individual. But he fell for the scam and was about to (snail-)mail them a cheque! I can only shudder at the thought of the outcome if they had called my Dear Old Dad with the same line of bullshit.

After about ten minutes of playing silly-buggers with the caller - mainly to cost them money - I asked the lady where they had obtained my phone number.

*click* (The sound of the phone being put down.)

A couple of minutes later, the phone goes again. This time a (very American accented) man, with the same line of bullshit. "You filled in a form on the computer. The Com-Pu-Ter!" (Like we Africans have never seen a computer before.) "Using the

. You've won a Holiday In Florida."

I repeated my question: "Where did you get this phone numer?"

"Off the Web Form you filled in."

"No. Really, where did you get this unlisted phone number never before typed into a web form in any shape manner or form?"

*click*

The only company who have somehow managed to get my unlisted phone number into a database somewhere were Standard Chartered Bank, with their spam phone calls. Perhaps they're exacting a revenge now for all the pain I caused them over that.

The Unterste Schurrer (Non-Yiddish Readers: "The Bottom Line")
Who the fuck would want to holiday in Florida, anyway?

01 November 2006

Spam, Spam, Spam, Spam, Spam!

Far too long away from this blog, but its Spring, and matters non-technical have had my attention for some time.

Received a spam this morning (not unusual, in itself) from Computicket (no link, google for it - fuck them - why should I help spammers gain pagerank?) - a local company who do movie, theatre and event bookings. I didn't even really look at what they were advertising. Besides, most of it was in images, blocked by my mail client.

In response I dropped a BLOCK message onto the Spam-L mailing list - one of the most respected anti-spam resources in the 'net (also all relevant abuse addresses):

Spam from computicket.com to an address never given to them. Spam is
also in violation of locally applicable spam law (ECT Act requirements) (such as it is):

(Notice the "Urgent" priority on what is really "Bulk")
Delivered-To: <x>
Received: by 10.67.26.19 with SMTP id d19cs590002ugj;
Mon, 30 Oct 2006 09:22:35 -0800 (PST)
Received: by 10.66.242.20 with SMTP id p20mr4513321ugh;
Mon, 30 Oct 2006 09:22:35 -0800 (PST)
Return-Path: <info@mcentre.computicket.com>
Received: from smtp.mcentre.co.za (pdpapp3.mwebhosting.net1[96.2.145.115])
by mx.google.com with ESMTP id 53si3074470ugd.2006.10.30.09.22.31;

Mon, 30 Oct 2006 09:22:35 -0800 (PST)
Received-SPF: neutral (google.com: 196.2.145.115 is neither permitted
nor denied by best guess record for domain of
info@mcentre.computicket.com)
Received: from mail pickup service by smtp.mcentre.co.za with Microsoft SMTPSVC;
Mon, 30 Oct 2006 19:16:49 +0200
X-Abuse-Contact-Mail: abuse@mcentre.co.za
X-Abuse-Contact-Tel: 27860 200 121
MWEB-Business-BatchID: 59867
MWEB-Business-ClientID: 177
MWEB-Business-MessageType: H
MWEB-Business-MessageID: <x>
MWEB-Business-SequenceNo: 26946
From: Computicket <info@mcentre.computicket.com>
Reply-To: info@computicket.com
To: <x>
Date: Mon, 30 Oct 2006 16:11:37 GMT
Subject: Special Newsflash
Priority: Urgent

Recevied a reply from an MWeb droid. MWeb are the spamhaus who actually did the wetwork on behalf of Computicket. I won't bore you with the full (lengthy) reply. The summary reads:

Dear Mike Morris,

Thank you for making use of the MWEB Business Technical support mail service.

You received this mail sent as a solicited mail from Computicket, in accordance with The Electronic Communications and Transactions Act. 2002 Chapter VII - Consumer Protection

[ i.e. Fuck you. It's legal.]

Disclaimer: This email is considered a business record and is therefore property of MWEB. This email, and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of MWEB. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify asptac@mweb.com

Included were lengthy quotes of semi-relevant sections of the Electronic Commerce and Transactions Act. Sections I could probably recite by heart.

On principle, and basically because of their crass "legal disclaimer", here is my reply to them in full. We'll see how this one plays out... But for now, caveat emptor: MWeb have taken a business decision to become a spamhaus. If you run a mail server, please add the following domains to your blacklists:

mweb.com
mweb.co.za
mwehosting.co.za
mcentre.co.za

My reply to them (spelling errors and all, in the interests of full disclosure):

Dear Phillip Bresler

On 31/10/06, MWEB <asptac@mweb.com> wrote:

> You received this mail sent as a solicited mail from Computicket, in accordance with The Electronic Communications and Transactions Act. 2002 Chapter VII - Consumer Protection

You may wish to fool yourself that it was solicited. Given the dismal
state of SA email legislation and regulation you may even be able to
claim that it was "legally" solicited in some narrow legalistic sense.

However, as an employee of a large ISP and email service provider, you
surely cannot be so ignorant of universally-accepted Internet "best
practise" with regard to email solicitation, mailing lists and bulk
email. If this is, indeed, the case, I will be happy to assist you in
this matter. My normal consulting rates will apply. As an Internet
user and mail system administrator since 1989, I can assure you that,
though you might not, I DO understand best practice and how to
implement it. This spam from Computicket, spewed directly from MWeb's
servers, using a wholly inappropriate routing priority, follows
anything BUT best practice. Its was:
1. Unsolicited. I have never given permission to Computicket or
MWeb to contact me with marketing email.
2. Bulk.
3. Email.

In short: UBE, or spam.

Furthermore your usage of the word "solicited" falls so far outside
the dictionary definition, as well as the common person's
understanding of the term, as to be laughable.

> The act states:
> Electronic Communications and Transactions Act. 2002 Chapter VII - Consumer Protection 45. Unsolicited goods, services or communications
>
> 1) Any person who sends unsolicited commercial communications to
> consumers, must provide the consumer
>
> a) with the option to cancel his or her subscription to the mailing
> list of that person; and

No such option was supplied, which is precisely why I mentioned that
it is not in compliance with the ECT Act. Strike one.

Perhaps the "opt out" details were in a picture - blocked in my email
client and unavailable to visually-impaired users, and hence
discriminatory in terms of the constitution.

> b) with the identifying particulars of the source from which that
> person obtained the consumer's personal information, on request of the consumer.

No such particulars were provided. Strike two.

> 4) Any person who sends unsolicited commercial communications to a
> person who has advised the sender that such communications are unwelcome, is guilty of an offence and liable, on conviction, to the penalties prescribed in section 89(1).
You are hereby advised that ALL commercial communications from MWeb's
servers to me are unwelcome, whether originating from MWeb or any
other party using MWeb as a spam service. All such communications
will, without exception be listed on various anti-spam activism sites.
Hopefully in time this will lead to the widespread blacklisting of
MWeb's mail servers, since it is obvious that MWeb has decided to
become a spamhaus.