The other day, I was unpleasantly suprised by this email in my inbox:
Spam, spam, spam and spam
Most spam is pretty generic, and gets culled by Spamassassin without me ever seeing it, but this one stood out as it didn’t hit the filter (sneaking under the radar with 3.9 points of spamminess), and it had an attachment that wasn’t a zip file containing a virus.
As you can see, it’s from Pat Jewitt, whose email address is email@example.com, for all you hungry spambots out there.
Pat seems to be registrar of Queen Ethelburga’s School, who are busy promoting their expensive service by spamming me. I took exception to this,
as I have no prior relationship with them: for a start, I have no children.
No answer for several days, so I kept trying. Then tried again:
Not Giving Up
This was a reference to my UCE policy here.
The mail originated from a netblock goegraphically right for the school, and appeared to be from a legitimate email server for the school too:
Received: from mta3.mail-qe.org ([18.104.22.168])
So this seems to be a fairly blatant bit of spamming from the school itself that they’ve done fairly decisively, rather than handing off to a third party. The links were all correct, not passing thorugh a linkbait or click-thorugh referrer too.
I eventually got a response to my question as to if I should send a bill:
Charmed. I’m sure. Do they have a vacancy for a PR officer?
After a few questions (read from the bottom):
They changed tack. You’ll note my questions, and the link I posted, refer to this legislation and indeed this definition.
Now, in my opinion this sounds like a clear breach. I’ve had no prior contact with this organisation, they have bought my email address from some shady spam company, and are now spamming me with completely irrelevant mass-marketing junk.
At worst this may be illegal, though I should stress I’m not a lawyer. At best, it’s poor netiquette and a pretty unpleasant way to behave.
It’s quite telling that there’s a unsubscribe link, labelled “If you consider this email to be SPAM please report abuse click here” as well as an unsubscribe- this is almost as if they know they’re doing wrong. (The unsubscribe is required by law, I believe). Also, both links are a http request to the sending server- again this looks like they have gone out of their way to set this up themselves.
The school looks to be a well-funded, expensive organisation, just a pity they see fit to tarnish their reputation by buying email addresses. There are ways to market yourself without upsetting the nerds.
At this point, many of you might be thinking that there’s a quick fix: delete the damn email and forget it. I nearly did that, but here’s a thing: I spend my day job working with mail systems. Many of these would be simpler, and more reliable, were it not for all the kludges that we have to implement to stop this rubbish. DNSBLs, sender ID, authenticated SMTP, restricted relays, spam filters, and all the other bits that make mail harder and more complicated are all because of this.
The next time you go onto a wifi hotspot and can’t SMTP mail, or you get an email bounce with a 550 error, or dissapear with no non-delivery report, that’ll be why. Spam is delivered partly at cost to you: using your bandwidth, your disk space, and your time.
If you have a company email server, you pay someone to guard you against this shit. Your ISP and mobile phone provider pay people to do the same. Commercial spam filters cost thousands of pounds to run.
Question is, do I inform the ICO?