This is true, and something that we have considered. However, in our experience this really hasn't happened much (I can think of only one single confirmed case, actually), and due to the nature of the way the system works it's much easier to identify what is happening and stop it before it happens.
If it becomes a greater problem, we'll probably enact even tougher restrictions. Hopefully that won't be necessary, though.
In any case, it's not a perfect system. However, it's far better in preventing abuse than allowing customers to use an "opt-out" based system. The amount of spam sent through our network has decreased, as has the time it takes us to get rid of spammers.
We're not against remove addresses at all - in fact, we require them. However, they solve a completely different problem than opt-in confirmation.
The main problem with 'remove' links is that they do absolutely nothing to ensure that the person who was subscribed did so on their own volition. It makes it easy for someone to spam a large number of people and - due to the lack of proof that they did so - it's hard for us to take action against them unless it's extremely obvious (ie. forged headers).
In our view, the onus should be on list administrators to prove that someone subscribed, not on the email recipient to prove they didn't.
Also, there's the issue of plausible deniability. In the past, we've had a lot of trouble with people who were almost certainly spammers, but we couldn't get rid of because we needed to rack up enough complaints to justify their removal first. Now, there should be no excuse for someone to be unable to account for even a single un-confirmed complaint. That means that it's much easier for us to tell a legitimate customer from a spammer, and it takes less time for us to get rid of the latter.
Also, we have long recommended to our customers to never click on a remove address unless they are absolutely sure that they subscribed to the list in the first place. The fact is, many spammers use what appear to be remove links to determine that an address has a human on the other end of it. Addresses that confirm may not only not be removed, but actually get more spam because their email address just became worth more on the open market.
The concern is that if we allow people to spam from our servers for too long without doing anything about it, people will use the remove links to get off the list. This is a bad thing, as it reinforces a bad habit that will just result in more spam.
Basically, our goal isn't just to lessen the number of spam complaints, but to lessen the amount of spam itself.
Finally, we actually did get a fair number complaints from people who almost certainly did subscribe themselves (maybe you've been lucky so far - we host a lot of mailing lists, though). Being able to tell them the date, time and IP address of when they signed up has been very helpful.
Well, most forms don't require rewrites at all - only those that handle bulk email (which we discourage in general for administrative reasons - they tend to overload mail servers). If it's just a form-to-email script or something, it's probably not going to require any changes at all.
Also, we're well aware that many other hosts don't require opt-in confirmation, though some are starting to go that route. In fact, even the policy as it appears on our site didn't become active until late last year. In hindsight, we probably should have enacted it in 2002.
In our view, spam is becoming an increasingly common form of Internet abuse. A rather large percentage of Internet/email traffic is spam, and the trend doesn't appear to be reversing any time soon. As the enacted legislation (ie. CAN-SPAM) is rather toothless against the problem, we feel it is our responsibility as good net "citizens" to minimize the amount of spam that originates from our network through technical and procedural means.
- Jeff @ DreamHost
- DH Discussion Forum Admin