Hello all, I could use your advice. On one of my websites, I have a modest amount of members and have collected their email addresses. I send them occasional announcements, newsletters, things like that. It's completely legit:
1) All my email addresses come from people who signed up.
2) I have a clear privacy policy defining what I will do with their addresses.
3) I give them several ways to opt out of receiving any future mailings.
4) Being most people don't bother to read privacy policies, I reiterate the uses of their addresses (and the fact that it won't be sold rented, etc) as they sign up.

What I am worried about is that some people will forget they signed up, or otherwise change their mind. Many providers now have that convenient "This Is Spam" button. If just a few people complained would that be enough land my IP/url on some ISPs blacklist?

Am I just being paranoid, or this this a real concern for legitimate businesses?

yes. this is one area that i am concerned abt too...

With SPAM laws coming around one of these days, I think it would be wise to collect IP and datestamp information with every email address that signs up anywhere. We built a site that sends out news alert emails and we capture IP/time when they sign up, then we send out a confirmation that the must click on, then we record the ip/time when they confirm. Only people who have jumped through the double opt-in hoop receive the alerts, but at least our client is protected against people claiming they did not sign up.

Am I just being paranoid, or this this a real concern for legitimate businesses? This is a very legitimate concern and it does happen quite often. For this reason, we require, and promote, Comfirmed Opt-In procedures for mailing lists as opposed to "Check to get in and Easy Opt-Out" procedures.

By using a Comfirmed Opt-In process you may still get a complaint, but you'll now have the proof that the owner of the address willfully opted in to receive the mailing, have helped their memory by requiring an extra step to do so, and coupled with the easy opt-out process the chances of a complaint are reduced GREATLY.

The following was snipped from one of our own tutorials explaining the process...and note that our mailing list software that's provided with each of the packages as well as the mailing list software of many other providers automatically include this feature to keep things extremely simple for both the list owner and the subscriber.

---- From our support site since linking to it here may be against the rules (e.g. please don't copy it for your own as opposed to researching and modifying the requirements for your own users ----


Confirmed Opt-In is a process by which email addresses are subscribed to a mailing list only after careful measures have been taken, to ensure that the owner of the email address wishes to be added to the mailing list. Confirmed Opt-In is sometimes also referred to by other names, such as Double-Opt-In and Verified-Opt-In.

Mailing List owners may collect email addresses of potential subscribers in a variety of ways. Some examples:

By email - someone may provide an email address by sending you an email.
By web form - a form on a website may be used to collect potential subscriber email addresses.
In writing - at face-to-face meetings or presentations, email addresses may be written on a list or form.
Printed materials - you may receive a business card or other printed publication with an email address printed on it.

Before adding the subscriber to the mailing list, regardless of the means by which the email address was obtained, it is important to verify that:

The email address has been provided with the consent of the actual owner of the email address.
The owner of the email address has explicitly requested to receive your mailings.
It is possible that a third party may have provided the email address without the permission or knowledge of the email address owner. This can be intentional and malicious, or completely unintentional. Therefore, the list owner must verify the request in order to prevent persons from being subscribed without their knowledge or permission. Additionally, one cannot assume that merely because a person purchased a product from your company, or provided their business card, that this indicates they would like to receive your mailings. It is important to obtain explicit permission to add the email address to the mailing list.

In order to meet both of these requirements, a Confirmed Opt-In process should be used.

The primary benefit of Confirmed Opt-In, is to protect your list and site against "spam" complaints, which can ultimately lead to account termination. As an added benefit of the Confirmed Opt-In process, only valid, functioning email addresses are added to the mailing list, foiling accidental typos by the submitter or listowner. By confirming that the address is valid and functioning, you ensure that your mailings reach your intended audience, and also protect against elevated loads from the mail server dealing with a large numbers of bounce messages.

...

The confirmation email must have the following characteristics:

Sent to the potential subscriber's email address.
Contains a unique, non-guessable token, which must be used in the reply to ensure that the response to the confirmation request does come from the owner of the email address.
An auto-response, vacation message, or bounce will not be able to serve as a verified response/request to the confirmation notice.
The confirmation notice may contain no advertising or promotional material, but only an appeal to complete the subscription process for the list.
It should clearly indicate that a response is required to add the subscriber to the mailing list, and that this is the purpose of the confirmation email.
Additionally, for a better presentation and relationship with potential subscribers, you may also wish to include the following in the confirmation notice:

A note as to the origin of the subscription request. This may be a copy of the original subscription request email received, if the request was received by email, or the IP address and timestamp when the request was received, if made from a web form. Otherwise, if received from a face-to-face meeting, conference, or the like, a brief reminder of the circumstances under which the request was received may be helpful.
The list name and a brief reminder of the topic of the list.
A statement that, in the case that the email address owner did not originate the request, and does not wish to be added to the mailing list, they may simply ignore the confirmation notice; that by taking no action, the email address will NOT be subscribed to the mailing list.

cont...in the tutorial itself, and finally, For additional details about the Confirmed Opt-In processes, including how and why it should be used, you may find this site helpful:
Clueless Mailers: Best Practices for Mailing List Management .
http://cluelessmailers.org/info/listmanagement.html

Thanks, bjseiler, for the good advice. I utilize some of the methodology you mention, but not all. Perhaps I will look into the "double opt-in hoop."

Deb, thanks for the very well thought out reply. There's a lot of great advice in there.

A good practice would be a footer at the end of each of these legit messages saying something along the lines of "You got this message because you signed up for X/Y/Z with me. To stop receiving this message, please do A, B, or C by clicking here..."

I got a spam message recently & in the foother they have very smartly written the following :

NOTE: **Since India has no anti-spamming law, we follow the US directive passed in Bill.1618 Title III by the 105th US Congress, which states that mail cannot be considered spam if it contains contact information, which this mail does. If you want to be removed**

Does this make the mails they send any different from spam ? How do i report this matter to there host ? Best part is they are using the "To" address of a free email service as well as for the orders. I feel i must get there free accounts suspended so that no orders for this spam.

Well, for that I'd just report them to Spews sightings list and Spamcop. My footer suggestion was for his 'legit' mailings, which he said that people signed up for.