Home  |  About Us  |  Press Room  |  2000  |  Unsolicited email

Press release

Last autumn the Government published their proposals for Regulations to implement the European Union "Distance Selling Directive".

http://www.dti.gov.uk/access/ria/consumer_pro.htm

These regulations will affect not only mail order companies but many other businesses which sell things to people who do not actually visit their premises.

One of issues that the Government must decide about is the sending of unsolicited commercial email. They consulted as to whether it would be better to ban it outright, or whether it should be subject to an "email preference service" where people could opt out of receiving it.

Thus believes very strongly that their customers (using Demon Internet, In2Home or a "virtual ISP" such as FreeBeeb) do not wish to receive unsolicited commercial email and that the best way forward will be for the Government to ban it.

Below is the consultation response submitted just before Christmas 1999 setting out Thus's advice:

Response to "Distance Selling" consultation paper: November 1999 (Email provisions)
written by: Richard Clayton, Internet Expert
sponsored by: Keith Monserrat, Director of Strategy
Thus plc, 23rd December 1999

Thus plc and Demon

Thus plc (formerly ScottishTelecom) is a leading provider of Internet and interactive services, as well as providing call centre, data and telecoms services in the United Kingdom. Our Internet services are principally offered under the 'Demon' brand, following the acquisition in 1998 of Demon Internet.

Founded in June 1992, Demon Internet was the pioneer of low-cost flat rate Internet connectivity in the UK for both business and home users, and remains one of the largest dial-up Internet Service Providers (ISPs) in the UK with about 250,000 customers. Thus also provides free Internet access under its 'In2Home' brand, which has approximately 65,000 users, and provides Virtual ISP (VISP) services to a number of 'free' ISPs, including the BBC's freebeeb.net service.

Our customers' view of unsolicited email

Email is by far the most important service that we offer to our customers. Up to one million items of email a day flow across our systems. We estimate that about 5% to 10% of this mail is currently unsolicited commercial email, and the overwhelming majority of that currently has its origin in the USA.

Our customers are continually raising the issue of unsolicited email with us. They usually regard the arrival of such email as anything from a minor nuisance to a personal affront. They cite the cost of receiving it, the inconvenience of discarding it, and the inappropriateness of some of the content. We believe that the overwhelming majority of them do not wish to receive such email.

Some of the unsolicited email is originated in the UK and we find that, if anything, this annoys our customers even more. In a recent incident someone at another UK based ISP sent an unsolicited email to a large number of our customers. Some 200 customers went to the trouble of raising this complaint with us - many enquiring if we had sold on their email addresses to this third party. It tied up one person for over a day to send out responses to assure our customers that we do not pass their details to anyone else. Thus we incurred a significant cost from just one single rogue marketing exercise by someone who was not associated with us at all.

If the law is changed in a manner that gives any unsolicited email some aura of respectability then we would expect to see a lot more companies being tempted into using it - whether or not they understand or comply with new regulations. We would therefore expect that a change to an opt-out scheme - which would appear to make the sending of unsolicited email "OK" - would significantly increase the number of complaints we receive and would significantly affect our costs and the level of service that we can provide to our customers.

The flawed economic model of unsolicited email

No legitimate form of advertising forces the recipient to pay to receive messages they did not ask for and invariably do not want. No legitimate form of advertising forces the deliverer to bear substantial out of pocket costs for processing, storing and delivering unsolicited advertising messages. Unsolicited email does both by imposing costs upon the receiver and the ISP that must store and forward it.

By contrast, every form of legitimate advertising places some kind of marginal cost per message on the advertiser, which limits the number and frequency of messages and puts pressure on the sender to target people who might have at least a passing interest in receiving the messages. This has the side-effect that every form of advertising supports the media in which it is transmitted, thereby rendering the medium cheaper for all to use. Without junk mail, stamps for traditional letters would be more expensive; without television advertisements, home entertainment would be much restricted.

In contrast, promotional email can be moved around on the Internet and on other connected systems, without any kind of financial contribution from the advertisers. Furthermore, unsolicited email imposes an almost zero marginal cost per message, so there is no incentive whatsoever to spend any effort at all on targeting the messages. Thus, rather than supporting the Internet infrastructure, the mass nature of unsolicited email produces an extra burden, creating unexpected costs and sometimes causing, by its sheer volume, failures of service

In this respect there is an extremely clear analogy between unsolicited email and unsolicited faxes. We note that unsolicited faxes are banned by both the Distance Selling directive and also the Telecoms Privacy Directive. We consider the case for treating email the same way to be absolutely overwhelming.

Opt-in versus Opt-out

We believe that an "opt-out" scheme would be incredibly inefficient, because our experience is that almost no-one wishes to receive unsolicited email and so everyone, once they learn of the scheme, will be put to the inconvenience of opting out. Therefore we believe that the only sensible choice will be an "opt-in" scheme.

We cannot see any necessity to distinguish between unsolicited bulk email sent to individuals and that sent to companies. Both types of email create costs and difficulties for both ourselves as an ISP and also for our customers.

In practice most business mail is to named individuals so the distinction will be extremely hard to make in practice, requiring one to look at the content of the email to decide if it is business-to-business email or business-to-consumer email. This will lead to considerable confusion and a lack of consistency of treatment. It is also necessary (see the IETF document RFC2142 for companies connected to the Internet to provide standard contact addresses. It is counterproductive if these non-personal addresses, that exist to ensure that the Internet can be efficiently administrated, become legitimate destinations for unsolicited bulk email.

We appreciate that the Directive applies to consumers and that this means that regulations that apply to consumers have a simpler legislative process to go through. However, we feel that having different rules depending upon the recipient of an email will cause uncertainty for all concerned and we therefore strongly recommend that the Government bring forward regulations that will apply to everyone, even if this requires more parliamentary time than would otherwise be the case.

As an ISP we do not wish to have to provide capacity to cope with unsolicited email which will merely be deleted by those who have not yet managed to opt out. We provide, in common with almost all of the industry, a flat rate service, and we all wish to minimise costs wherever possible. Processing unwanted unsolicited email is a cost we wish to avoid.

The viability of an opt-out email preference scheme

We note that the Direct Marketing Association has attempted over the past few years to construct several universal opt-out "email preference schemes". These have all foundered because it has been impossible to find a way of funding them, and it has proved to be impossible to find organisations within the Internet industry who are willing to endorse the proposals.

We note that the Government are themselves concerned that an email preference scheme may be harder to fund than equivalent preference schemes for other media. We think that this concern is justified.

• Our discussions with the DMA in the past have shown us that very few legitimate businesses are interested in using unsolicited email because it is more likely to drive away customers than entice them to purchase. This will make the likely inflow of funds extremely limited.
• We also note that the preference scheme is likely to have to deal with a very large number of email addresses, because of the significant interest in opting out. The telephone preference scheme may have relatively few users, but that will be because large numbers of people (some say 50% in London) have chosen to become ex-directory. There is no Internet equivalent to ex-directory so usage of a preference scheme would automatically be higher than other schemes, and the personal nature of email will generate the same sort of antagonisms as unsolicited telephone calls.
• Finally, we note that the publishing of a list of opted-out email addresses would be a huge mistake since the unscrupulous, and those in foreign lands beyond the reach of our judicial system, would immediately use the list for the sending of their own email. This means that the list would have to be kept secure and proposed distribution lists would have to be submitted to the list keeper and the opted out addresses removed. This will make the scheme expensive to run.

Besides the universal list, the Government proposes that opt-out should be enforceable on a sender by sender basis. This is fine, but we caution that it should in no way be seen as a possible replacement for a universal list.

In the jargon of the Internet, individual opt-out schemes on a per sender basis "fail to scale". It is so easy to send bulk email and so cheap, that targeting the email is more expensive than just sending it, so senders may just write to everyone they possibly can. It is easy to imagine a world in which one receives 1.2 million pieces of email from the 1.2 million businesses in the UK, and everyone is put to the expense of opting-out of them all individually.

The likely impact of an opt-out email preference scheme

The average email is a mere 3K or so in size. The arrival of legitimate unsolicited email costing the sender actual money to send (because they need to process their list against an Email Preference Scheme) is likely to mark the arrival of designers and advertising agencies to produce this email. They will not be content with simple text, but will be adding extra content transferred with the email - applets, programs, pictures - anything to make the email more exciting and keep the customer interested long enough to justify the cost. This will tend to increase the size of the email considerably. A picture of a product and a "free" screensaver could easily cause an email to become 300K long.

In this scenario we would project that the increase of a mere 1% in email volume due to unsolicited email would translate to a 100% increase in load, leading us to have to change to new generations of email handling systems far earlier than would be otherwise necessary.

It is perfectly true that email is generally cheap to process. But only a small part of our costs are in the day to day running of the systems, keeping them powered and watched over 24 hours a day. The major expense is in providing the hardware itself and in particular in the development costs of creating ever more powerful systems to deal with a slowly increasing email load per customer, the growth of the number of customers and of course increases in the average size of emails.

An increase in bulk unsolicited email is an extra load that will give us extra problems in meeting the quality of service our customers demand. Increases in unsolicited email will shorten the time until our next major upgrade, precipitating a major leap in our cost base.

We are also worried that the arrival of Official Unsolicited Email, sent through an Email Preference Scheme, will give entirely the wrong message to the huge numbers of small businesses who are now using the Internet. They will conclude (quite wrongly in our view) that unsolicited email is acceptable and does not act as negative advertising. These businesses will then start to send such mail of their own, bypassing the Preference system because of ignorance or an inability to pay the price demanded.

Although such a situation can in principle be policed by prosecuting the miscreants, we would get the same situation we have today, with many small senders of mail who are hard to detect, filter and stop, but the whole problem will have been ratcheted up to a higher level.

The sending of bulk unsolicited email by our customers

Like most ISPs we operate an "Acceptable Use Policy" for our services. This AUP clearly states that it is forbidden to send unsolicited email of a commercial nature, or indeed to send bulk unsolicited email of any kind.

If we receive substantiated complaints that one of our customers has been sending bulk unsolicited email we suspend their account. We will reopen it once an apology has been received, but will terminate it for a second infringement. We find that less than one customer a day infringes the AUP, usually through ignorance of what is acceptable behaviour. Second offences are extremely rare.

The London Internet Exchange (LINX) has produced a "Best Current Practice" (BCP) document for dealing with the problem of unsolicited bulk email. The LINX runs the major UK neutral interconnect point for the Internet industry, and has a membership of 80 or so of the largest ISPs and Telcos. It has pooled the expertise of these companies to describe the best possible ways to tackle the problems surrounding unsolicited bulk email.

The LINX BCP document makes it crystal clear that the sending of unsolicited bulk email is unacceptable and requires ISPs to terminate the Internet access accounts of repeat offenders. What this will mean in practice is that whatever strict legal rights to send unsolicited email may exist, it will continue to be extremely hard to find a provider in the UK who is prepared to sell you a service which will allow you to send it in bulk.

Because there is an industry-wide refusal to allow the sending of bulk unsolicited email, those who do try and send it from within the UK will be people who are deliberately defrauding the ISPs by breaking their terms of service. Such people will often give false details when registering accounts and may not bother to provide valid payment details since their accounts are likely to be terminated as soon as their abuse is noticed. This all leads to inevitable extra costs, as ISPs find it necessary to carry out further and more detailed verification checks on new customer accounts.

It should be particularly noted that Internet email flows because people co-operate to allow it to flow. There is no "right" to have your email traverse someone else's network. This means that there is a significant risk for ISPs that do not comply with community behaviour that they will become ostracised and they will have difficulty in obtaining universal connectivity for their customers.

Some of our contracts for "peering" and "transit" connectivity to the rest of the Internet explicitly mention bulk unsolicited email and explicitly require us to act to disconnect any customers who send it. We do not believe that these terms would be negotiable. Therefore it would be commercial suicide if we were to endorse the sending of bulk unsolicited email by our own customers in any way.

The same threat hangs over "Britain plc" if the UK legislates in favour of the sending of bulk unsolicited email and the ISPs allow their customers to send it. If this happens, then we may find that sending email to other parts of the world becomes problematic as other countries take steps to force us to fall in line with what they consider to be proper practice.

The operation of an opt-in scheme

We have noted that the proposed Regulations (and the consultation as a whole) gives a fair amount of detail on how an "opt-out" scheme would operate and "opt-in" is hardly described. In many ways, this is not surprising. The principle of an "opt-in" scheme is extremely simple - the sender will just need to demonstrate that they have implicit, or preferably explicit, permission to send their email.

We, along with the rest of the UK ISP industry, have been operating in a de facto "opt-in" environment for many years. When we receive complaints we investigate in order to determine whether the email has been sent in bulk (this is usually extremely obvious because we receive many complaints about the same item), and then we ask the sender to demonstrate that they do indeed have permission to send the message.

In a number of cases the sender does indeed have permission. People seem to be capable of signing up to mailing lists and promptly forgetting that they have done so. In other cases the sender argues that there is a relationship that entitles them to send email and the receiver disagrees. Our experience is that these apparently "hard" cases are in fact usually very straightforward to mediate. It is invariably abundantly clear if the sender is cynically bulk emailing everyone in sight or whether it is merely a case of improving their documentation or web site to make it clearer to visitors what they are committing themselves to.

It is clear to us that the industry could do more to document Best Practice with regard to the generating of "opt-in" lists. It would also be valuable to ensure that people can change their mind and have themselves removed from these lists (as is enshrined in the Data Protection Act 1998, s11). We are currently actively working within the LINX on a new Best Practice document to cover these issues.

Therefore we are not too deeply concerned that the Regulations stick to simple principle rather than prescribing the detail. A co-regulatory approach with the law stating the "basic design" and the industry documenting the "implementation details", seems a flexible way to move forward in a fast-changing industry.

The Questions

We would prefer that the whole of our submission be considered rather than just the answers to the questions we are asked. Therefore some of the answers are considerably more brief than would otherwise be the case.

1. Please state where your primary interest lies in this area, whether you are a consumer, or you represent an ISP or other business

Demon Internet is an ISP

2. Please indicate whether you use or are intending to use e-mail as a marketing tool. If so, please indicate whether you have any plans to use unsolicited e-mail or if you send e-mail only to consumers who have registered an interest.

Demon Internet does send email to its customers, though mainly for operational reasons and not for marketing per se. We find that where these issues blur (for example when we wish to tell our customers of a new service and give changed telephone contact details) a number of people complain bitterly about the content of what they have received.

This makes us consider every communication we make extremely carefully, and we encourage customers to explicitly opt-in to receiving our email wherever we can.

3. Please give an estimation of the volume of unsolicited e-mail received and processed and the cost incurred to yourself or your company.

As stated in the main text, we believe that around 10% of the email we handle consists of bulk unsolicited messages.

It should be noted that about 50% of the email is bulk solicited email, viz: customers have signed up to "mailing lists".

When individuals quote how much "junk" they are receiving they usually ignore these mailing lists. Therefore we would expect them to say that about one email in five is "junk" rather than one in ten. Personal experiences within the company would suggest that this is pretty much what individuals experience at present - although there are huge variations from person to person depending upon how well known their email address has become.

4. Please give an indication of the volume of e-mail sent by particular companies (in so far as you are aware of the originator).

We have no appropriate figures to give, since the collection of email statistics in anything but the most general way is extremely sensitive from a privacy perspective.

That said, one day in January 1999, a customer generated approximately 300,000 unsolicited emails through our systems in the short period of time before we were able to close their accounts. It is commonplace to hear of millions of emails being sent per day, and bulk emailing software is sold on the basis that it is capable of this performance (which is true) and capable of avoiding detection (which is not true in practice).

5. Please indicate if you know where most of your unsolicited e-mails originate from, and if so, state where.

We believe that the majority of unsolicited email originates in the USA, though we have seen a rise of unsolicited email coming from countries such as Malaysia and Japan.

When unsolicited email does originate in the UK it is very rare that any more is received from the same source.

6. We would welcome views on whether the provision of article 10.2 in respect of e-mail should be implemented by means of opt-out or opt-in.

We believe that an "opt-out" scheme would be a complete disaster, for customers, for ourselves and for the UK as a whole.

7. We would welcome views on the benefits of your preferred option and disadvantages of the other option.

We have set out our views at length in the main body of this response.

8. We would welcome views on how your preferred option could be most effectively implemented.

Clear regulations are needed that state that the sending of bulk unsolicited email is an offence.

We think it unlikely that anyone would wish to fund (or anyone wish to join) a universal "opt-in" list, so we see little point in promoting one by regulation.

We believe that a co-regulation approach is the way forward. Simple regulations should be underpinned by industry Best Practice documentation, so that ISPs, and both senders and receivers of email can understand how they should be behaving.

9. We would welcome any assessment of the effect of your preferred option on the development of e-commerce.

The development of e-commerce depends critically upon customers using the Internet on a regular basis and in them trusting the companies they deal with to respect their privacy. The arrival of large amounts of unsolicited email is not likely to make the Internet attractive nor is it likely to make the senders of that email attractive either.

A certain proportion of unsolicited email is for adult material but it is sent indiscriminately. This leads to particular tensions between children and parents who do not understand that their offspring have done nothing whatsoever to encourage the arrival of this material.

The Government should also consider that their chosen action will educate many people about unsolicited email for the first time. Deciding to explicitly ban the sending of bulk unsolicited email will have the extremely positive effect of prevent some companies from making their first marketing exercise on the Internet an overwhelming fiasco, as more potential customers are put off than persuaded.

10. We would welcome views on whether the penalties described in paragraph 3.1 are sufficient.

There should be an explicit penalty for the sending of bulk unsolicited email. Relying on proving damages is likely to be far too complex to be effective and there is a risk of the law coming into disrepute.

11. We would welcome comments on how industry, direct marketers and/or ISPs could help to ensure that an opt-out or opt-in scheme introduced through the Distance Selling Directive was effective.

If there are clear regulations for an opt-in scheme we will go out of our way to promote this to our customers to warn them of the consequences of breaking the law.

If there is an opt-out scheme we will also promote this to our customers. We will also give them every assistance in ensuring that they are able to opt themselves out as quickly and efficiently as possible.

12. We would welcome information on what ISPs, direct marketers and other businesses are currently doing to control the problem eg. technically or through Codes of Practice.

We have already mentioned the LINX BCP, which we endorse.

We also have a clear AUP for the use of our email service and explanatory notes.

We know that some ISPs have implemented filters on their systems that attempt to detect bulk unsolicited email and prevent it being delivered to their customers. These filters are of many types - they may just bar particular sending systems. Others will spot technical flaws in the way the email is being sent, on the basis that the people who are sending the material are trying not to be traceable - and that means that their email fails to conform to all the standards. Some filters go further and attempt to decide from the content of the email whether or not it should be blocked.

We do not have such filters on our systems because our experience is that lists of "rogue" sites are inaccurate; even legitimate email can have technical flaws and content based decisions are poor at distinguishing the good from the bad. In other words, filters do not stop all unsolicited email and do stop legitimate messages.

We do not think that filtering on our email systems, given the current state-of-the-art, would be of any real value to our customers. We do not envisage this changing in the near future.

In other words, unwanted unsolicited bulk email is a political, legal and social problem and not one that is at all likely to be solved by technical measures.

13. We would welcome views on how the Regulations could be enforced against those sending unsolicited commercial e-mails from outside the EU.

We believe that the USA will legislate on bulk unsolicited email eventually. The initiatives that have been most successful so far in the Senate and Congress have concentrated on opt-out, but technical difficulties and consumer pressure from those wanting "opt-in" have caused the Bills to fail, so it is extremely unclear what the eventual outcome will be.

A clear lead from the UK (and other European countries such as Italy and Austria) in choosing opt-in will have a considerable impact on thinking in Washington.

14. We would welcome information on any new initiatives in this area that you are aware of.

As discussed above, we are also working within the LINX on furthering a Best Practice document describing "opt in" and associated issues.