Advertise on Bizcommunity

Subscribe to industry newsletters

Spam opt-out the way we want it

If there were to be a national opt-out registry to fight back against the tide of spam, what should it look like? How about we consumers set the ground rules?
click to enlarge
The National Consumer Commission put out a request for comment a few weeks back for proposals for someone to operate the opt-out registry it has to provide as part of its duties under the new Consumer Protection Act (CPA).

Storm of angry ink

A number of interested parties responded, and a storm of angry ink was spilled - one organisation that is going for it is the Direct Marketing Association of South Africa (DMASA). Yes, the very people that exist to further the aims of companies that fill your inbox with rubbish want to be in charge of keeping your inbox clear.

The bun fight has got very heated, but the voice of the consumer is not being heard in the points scoring (and vote rigging).

So how about we look at what you and me, Mr and Ms Consumer that has to delete the bloody stuff, want from this opt-out registry?
  • It's a registry, not a database

    A registry is a simple list. A database is that, but generally more. The opt-out registry must not become a source of information for marketers, or a way to link records. To make the registry any more complicated than a simple list of email addresses is to invite problems.

    The only entry that is required in the registry is an email address that someone wants permanently off marketers' databases. Period.

  • No ID numbers, no personal information

    As a rider on this: many companies that spam require you to reconfirm your email address, and even to provide your ID number to opt out. This is unacceptable - an email address is a unique record (an email address that was not unique would not be terribly much use, would it?); no other information is needed to opt you out.

  • No information leaves the registry

    There is no question that this kind of registry is gold to direct marketers - and to spammers and assorted criminals. The DMA has already had the embarrassing incident of its (unencrypted!) opt-out database being leaked and then plundered by spammers.

    The entries in the opt-out registry must not leave the servers of the registrar, and they don't need to.

    A marketing organisation would periodically review their database against the registry by submitting their email records (only) via a secure connection. These are checked against the registrars', and the system returns an "ok" or "remove". This is technically trivial to implement.

  • It must be ridiculously easy to use

    No sign-up, no sign-in, no account. There must be no drama attached to opting out. Go to the website, enter your email address in the "opt out" box, the system mails you on that address to confirm you have opted out, finished.

    If you want to opt back in to direct email marketing (sure, that'll happen), you just do the reverse.

  • Add extra services as a value-add

    Once the basics are in place, you could add value-added services such as identity management - a single unified contact information source with selectable permissions, managed by consumers themselves.
Keep it simple. Keep it easy. Don't allow conflicts of interest.

About Roger Hislop

Roger Hislop is an engineer and strategist at Internet Solutions (IS), driving business innovation through the smart application of new technologies. Contact Roger on and follow @d0dja on Twitter.
Joe Botha
See the recent ITWeb poll:
Posted on 11 Aug 2011 13:39
Roger Hislop
A smarter man than me pointed out that the registry should not even store the email addresses, but hashes of them, so that if it is compromised nothing gets lost (and you can bet some pretty smart hackers are going to have a go at it...).The marketers that want to clean their databases can also submit their lists as hashes.
Posted on 11 Aug 2011 14:04
Kevin Bassett
great idea, i think WASPA has something similar for SMS. what would be cool is if a pvt individual could enter his email addy and see all the bulk email lists he was on and delete those he didn't want. the requirement would be for people to register the bulk email lists with a central regulator. unfrotunate thing is that unlike WASPA there isn't a central regulator .... or could the DMASA be appointed?
Posted on 11 Aug 2011 16:04
Joe Botha
Hi KevinHave a look at:
Posted on 11 Aug 2011 16:30
Brehndan Botha
I have no confidence in DMASA managing this. They have huge issues in managing their own members' activities against their current Do Not Contact Database / Opt-Out Registry; I don't see how they could have the muscle to manage a non-members' database, as well. Anti-Spam opt-out should, however, also extend to phone calls and text messages.
Posted on 12 Aug 2011 09:14