Providers, please stop engaging in spam. Newsletters should be opt-in with opt-out. (Prometeus)
TL;DR: See ticket4 and make your assumptions. Providers, please make sure your clients have solicited to receiving newsletters like the VENOM vulnerability notice for reboots and can still opt-out of the notices.
Most often I see low-end VPS providers send newsletters to their clients, even if the client has never solicited to receive them. Most service providers do not even mention in their Terms of Service that they are allowed to send newsletters to clients, but some of them do and offer opt-out.
But what worth is an opt-out in terms if that option is not reasonably offered or inexistent? Meet Prometeus, one of LowEndBox community's preferred hosts.
About myself personally, I've been Prometeus' client for more than two years.1 I don't want to go badmouth providers on LET like this, I really hate to do so. They've provided a good service for the years I've been their customer. I've recommended Prometeus to friends before.
If we look at Prometeus' Terms of Service2, we can read:
The client’s Email address will only be used for information on orders, for invoices and – provided that the client does not object – for customer care as well as for our newsletter, if the client so wishes.
The newsletter3 in this scenario was related to the VENOM vulnerability, and I object to receiving these newsletters. Cool, there should be no issue because I do not wish to receive the newsletter. Let's just contact Prometeus' support.
Surprisingly, my support ticket is closed by Prometeus staff in few minutes. Then I am asked to stop, told they are not sending newsletters and reluctant of admitting making what seems like a mistake to me. See the ticket yourself.4
Spamhaus defines spam as unsolicited bulk email like so:5
An electronic message is "spam" if (A) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (B) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.
I do hope the best for Prometeus and people using them. Personally, I will be likely switching providers because I can't tolerate receiving spam. Prometeus has not yet admitted what I consider a mistake and misunderstanding, and they make no word on improving themselves.
The sad thing about this is that by offering to get rid of the complainer - myself - Prometeus doesn't treat this as a problem and will continue this abusive practice to their existing clients who do not complain.
See also: "What is Mainsleaze Spam?"6 and "Spam is That Which We Don't Do"7. Most people are probably unfamiliar with mainsleaze spam like in this scenario.
Question is, do you see providers do anything wrong here?
If you are a customer of Prometeus with a live service then of course they should send you operational / security affecting notices. Kudos to them for sending out a notice to their customer to tell them that there is an issue and that pre-emptively they will be (important next word) disrupting your service whilst they make the relevant fixes.
This absolutely cannot be consider spam. Just like if your bank sent you an email to say your credit card may have been compromised. Its clearly a critical email relating to a contracted service.
Personally and I expect almost 100% of people on here would expect a notice from their provider of an upcoming disruption.
Cancel half your servers, spend the money to get laid, problem solved, the sun is shining.
The question here is not to differ banks versus service providers, it's more about the terms of service. At least I've heard banks are obligated to notify their customers in certain cases by law at least in United States, but I can't remember which law so I can't reference you with that. If I had agreed to receiving newsletters like this with opt-out, then I couldn't complain.
In example, the CAN-SPAM Act of 2003 law's definition of spam in United States is very different than what most anti-spam organizations categorize as spam. Any unsolicited bulk email is spam, and the people who keep your email clean of spam are acting accordingly to that fact.
I'm all in for receiving notices that I have solicited, but again I can't tolerate unsolicited emails that I cannot opt-out of. I would be happy to subscribe to a security announcement mailing list if Prometeus had one, provided that I can also easily unsubscribe and not necessarily have to be their customer to do so.
So yes, thanks to Prometeus for sending these emails. The point here is though that the receiver should still agree to receiving one.
Better then AquaNX who handed over all their customers information (no questions asked) to some other provider that's now using that information to spam them and you can't even opt-out of the e-mails.
I should emphasize that this thread is not about Prometeus, but plenty of other hosting providers on LEB too. Prometeus is given here as an example.
There is a difference between newsletters and information that pertains to your service. I don't believe you understand it.
You gave permission to receive those emails when you signed up for your service.
I'm sorry, you're complaining about receiving RFOs for an active service you have?
Am I missing something here?
Sorry, I don't think you've understood my side here. I believe I did not give permission to this, my consent goes as far as receiving newsletters that I can opt-out as per terms of service and the general assumption that my email address will be only used for billing and support.
Even if I did give my permission, then the service provider should be able to clearly verify that I gave my deliberate and explicit for the purpose. How this works is that I opt-in for a mailing list, receive a confirmation, reply back to the confirmation and I am subscribed. Most providers don't do this, although I'm very glad for the few that do.
If I downloaded some distribution like Debian from the internet, that does not mean I solicited to receive newsletters for Debian releases or security announcements. But I did later voluntarily and explicitly subscribe to their mailing lists for this.
I believe most people are confused by the difference of spam and unsolicited bulk email. There is none. Spam does not have to be commercial.
Maybe "M3AAWG Sender Best Common Practices"1 will clear up the confusion.
A service announcement doesn't count as a newsletter... The service announcement would be directly related to the support of the service you ordered and paid for.
We can then agree to disagree. I am okay with reading service announcements on some webpage and service announcements that I have solicited to receive to my email, but there's a difference between implied consent and explicit consent.
Respectful providers should ask for explicit permission to receive service announcement electronic mails during signup. It should not be implied or default however.
I would have closed your account for you to fix the problem. Props to them for not doing so.
Either way this thread would have been here with the mindset the OP has.
Get sent an email about an outage, BETTER RAGE ON LET.
Don't get sent an email about an outage, OMG WORST PROVIDER EVER RANDOMLY RESTARTED MY VM WTF.
My suggestion to you, OP: Go find the nearest lego and step on it.
I see absolutely no problem with receiving non-opt-out emails about my active services with a company, I'd be more annoyed being told nothing than with the 5 seconds it takes me to glance at the email and then delete / archive it.
IMO you're flying off the rails at a provider trying to be helpful and communicating with their customers.
Nick_A already did so at RamNode, which was not very respectful. Profits go above respect for customers, is that your argument? Sorry, that's a lot implied. You can likely reason yourself too.
I'm not worried about downtime. You're probably missing the point here.
You're right, fishing for acceptance on a public forum is the worst you can do and I'm not really wise for doing so. Never in my messages I said [provider name] isn't a good provider for the service they offer.
The proposed solution of explicit consent seems to be difficult for many to understand, and the difference of that and implied consent.
You've given your implied consent and you're satisfied with it. Good for you.
I'd also be annoyed if I was told nothing about upcoming changes, but if the problem was in me that I had not subscribed to a mailing list for receiving notices then I couldn't complain. That would have been my mistake for not giving explicit consent.
EDIT: Also known as "just hit delete, we don't send spam."1
This is the new low.
Fuck you LET, I'm done.
What, you didn't call Uncle Sal a criminal?
Correct, should I? This is not a good place to do so however, and unrelated to the topic. (Calling you a jew was maybe too far, so sorry about that.) I still stand by that post, no matter how politically incorrect it may be.
I'd be more interested to also know from you what happened to my WHMCS account at RamNode, and if you still have my data. You've decided to ignore this privately in emails I've sent to [email protected]
EDIT: Same for abusing a client at RamNode. https://8ch.net/fuck_ramnode.txt
I've seen the email from Prometeus and I'd say it's absolutely valid and justified, A newsletter would be considered as something to inform you about new products services/features and general information about what's going on with the provider.
This email was a security announcement relating to services provided to inform people that they needed to perform emergency maintenance, I'd completely expect these to be sent regardless of the clients mailing preference.
I suppose you get upset when they send you your invoice as well then?
Has it occurred to you, after a number of hosting companies decided not to take you seriously, and after getting incredulous responses from basically everyone in this thread, that maybe... just maybe...
... you may be in the wrong here?
Right. You had an order with them. They notified you about a security issue with your order with them, thus providing you information about your order. I'm not sure why you're having trouble understanding this.
So RamNode doesn't want content that generates a lot of abuse reports. How is that a bad thing? Go use some shady offshore provider if you want to host offensive/abuse generating content.
How anti-spam organizations and I understand can be debated, and I can understand it that you'd like to receive unsolicited bulk emails too. "I'd expect to receive some abusive spam from spammers too regardless of my mailing preferences", is that what you're saying? Probably not, so I don't understand this argument very well and it's probably only your own preference.
An invoice is not necessarily bulk, I am the only recipient for that invoice. I have also given my implied/semi-explicit consent to that in terms of service and have agreed to it by signing up. It's also a general assumption that an email address in this scenario will be used for the purchase and not for newsletters.
Read M3AAWG's Sender BCP, especially the points about Single Opt-in, Single Opt-in with Notification and Confirmed Opt-in. The latter is the best one:
With this thread, I am hoping that providers will implement confirmed opt-in to avoid issues.
You're dreaming too big buddy. The best you'll get is a bunch of laughs and maybe a couple of account terminations at whatever host you're trolling next.
@Jonchun The content in question was not illegal to host, so providers often try to censor content they do not like including political speech. See EFF on the issue.1 It's a different issue, but also an important one. Spam is also an issue, although legal in many countries it is a good reason for termination. My view on the case is obviously different as I'm pro-freedom of expression.
I would like to agree with logic and tell you sir. To fuck off. You have been highlighted of a security issue and guess what your complaining about knowing about.it? Your just a moron.
Please see below
RamNode reserves the right to prohibit activities (whether they be legal or not) if they believe it will damage their reputation/goodwill. Hate sites aren't illegal, but many hosts won't allow some KKK website to be hosted with them, simply because it's controversial and damages a provider's reputation. As I stated before, if you're looking to host controversial content, a standard host won't cut it for you. Shell out a couple more bucks and go with some shady offshore company in russia where no one gives a flying ____ what you're hosting.
As for your spam issue, I've already answered it for you. Please make a direct response trying to argue against this statement.
As long as the stuff being expressed is shitposting, rather than important information about a service you're subscribed to, right?
But that's spam!!!1!1!!
Spamhaus also engages in questionable, almost criminal behavior.
Disagreed. It shows respect for one's rights, and while unrelated providers also have legal protection for the controversial content hosted. You don't need a shady offshore provider for that. But you're right, RamNode followed their TOS and did what the client had agreed to during signup. Not that I agree the decision was right anyway.
In similar topic, it's very clear for everyone that physical mail carries secrecy of correspondence, but when you go to the internet it's not so obvious anymore with email communication or privacy.
The poor communication and timing for this thread. My suggestion to the issue is to have explicit consent, and this can be done with mailing lists you subscribe to. It is not related to the order or Prometeus' TOS, as this applies to multiple providers on LEB.