Mattail,

Thanks for taking the time to read and respond to me on this thread, and I believe youknow your opinion is *always* valuable to me; I believeyou are an expert on many things.

In reply to:

---

Your client buys this list, and sends out the 'opt-in' E-mail. ...'if you want to get future mailings from us, just click this link!'...You get to send out the first E-mail with out any questions, but they have to opt into your list for anything else.*

* Above quote edited for brevity - omission indicated by "..."

---

Man, that would be completely acceptable to me and, given the circumstances I described, ought to be acceptable to my client. I'd go so far as to say that if I couldn't get him to go for that kind of an arrangement, maybe he has some *latent spammerish tendancies" and I really ought to just part ways with him now.

My problem with taking that approach is that I don't read the Dreamhost Spam Policy to allow even that "first" mailing. Granted, the construction of the policy leaves it a llittle unclear, but my take on it is that while paragraph ! under "subscriptions" *seems* to allow what you suggest:

In reply to:

---

Subscriptions

1. Mailing list subscribers must specifically opt-into the list they are subscribed to. This applies to both new subscriptions and the bulk addition of addresses already subscribed via other means. Confirmation is handled using a single confirmation message sent to the subscriber's email address. This mailing must contain a URL to the site's privacy policy, a brief description of the mailing list, and a URL that the user must follow to confirm the subscription.

-empasis is mine

---

it *seems* to proceed to contradict that in Paragraphs 2 and paragraph 4, subparagraph E:

In reply to:

---

2. Mailing list subscriber information must include the date and time that the subscription was confirmed, as well as the IP address of the subscriber at the time of the subscription. The user must be able to present this information at DreamHost's request.

3. The nature of email address use must be fully disclosed, either on the page the subscription is made from or with a prominent link to the site's Privacy Policy. It must be made reasonably clear how a user's email address will be used and in what circumstances it will be shared.

4. Lists cannot be procured from outside parties unless the email sender has procured a list from an organization that sells or otherwise shares email distribution lists, and all of the following conditions are met:

A. The selling organization maintains a publicly viewable privacy policy disclosing that such sales may occur.

B. The privacy policy is prominently linked to from the page the subscriber signed up from.

C. The privacy policy has not changed substantially since the user signed up.

D. Records are kept of the date, time, IP address, and form location where the subscribing user signed up from.

E. Lists procured from outside parties must have been consistently handled in a manner comparable to DreamHost policies.

F. Users cannot populate lists with addresses obtained for a substantially different purpose than was originally disclosed to the user.

G. All subscriptions must be re-confirmed in the manner described in Subscriptions (Section 1) before being sent bulk email messages.

-empasis is mine

---

The "sign-up", as it was done on paper, has no IP address or "time" associated with it, but *does* have a "date" and a "real signature" associated with it. I really think that the IP Address and the time would only show that "somebody" signed-up (easily enough spoofed for the "sign-up" component) while the paper form's signature ( which , given the context of the form - joining a trade association and spending significant money) would seem to me to be a much more reliable indicator of the person's identity.

Either way, the "first" email sent containg a confirming link should, when clicked by the user, should be sufficient to verify that the remaining list members are truly "opt-in".


So client sends that first email, possibly stating that the list was obtained from " (association name) who's records indicated you did not wish to be excluded from such mailings. This is the only such mail you will receive unless you specifically "opt-in" to receive future mailings from us by 'clicking here'<link to "opt-in.cgi"" Recipient cllcks link, the cgi collects the required data and tucks it away for safe keeping until such time user forgets he signed up and beefs client for spamming him) *or* user does not click the link, and email address is removed from list before any subsequent mailings.

Is this is pretty much what you are describing? I'd love to able to know that this scenario would leave us "good to go", as we have made significant, and IMO, sufficient effort to make a clean list, and I think we behaved responsibly in every way.

What I worry about is that, if beefed on the initial mailing (all the above notwithstanding, it could happen!), we have no IP address, date, time info available (since the form was not electronic) DH might just say, "Account terminated for violation of Dreamhost Spam Policy Paragraph 4, sub-paragraph D". End of story, begin major grief.

I suppose I could start a prolonged dialogue with Support over this, and I may, in fact, have to, as I am not about to risk my long association with Dreamhost over a misinterpretaion of a policy I, and my clients, have followed faithfully since joining in 1998.

Sorry for the "longish" response..I'm just worried. Thanks, Matt, for the suggestion and I would greatly appreciate reading any other comments on the above as I try to decide what to do. I don't really want to drop this on the tech-support desk given the current circumstances and all, but my client is becoming more and more demanding, and I can't play him off indefinately - something's gotta give.

--rlparker