The company was concerned that my email address still existed in its database in a hidden form i.e. an address that redirected to mine. It asked me to wait until the next mailshot was due, which was Friday 13th February (an ominous date), to see if I'd receive another message. I received nothing, so I guess they'll leave me alone now.
What have I learned from this experience?
- Reporting spam directly to the spammer doesn't stop the spamming. (This is not really news.)
- Reporting spam to the ICO takes some organisation on your part. It's a pain, really.
- Weeks pass before the ICO takes any action.
- The first action it takes will be to confirm something that you've already agreed to.
- It will then take swift action.
- This action will be a warning.
- You can expect further contact from the spammer. (Don't complain, though, because you are "working together" now. And properly, not like in step one above.)
- If everything works out, you'll receive one less spam message per month. The other 4,000 you get will come from abroad or from hijacked systems in the UK. In these cases the ICO won't be any use to you.
- Reporting spam is really not worth the effort in the UK.
What would I like to have happened?
- The ICO should confirm receipt of spam reports as soon as it receives them.
- Confirmation of things that should not need to be confirmed ought to be requested straight away.
- The initial spam reports should be more basic. If the ICO receives lots of similar ones from different people then it can deduce that a problem exists without having to ask for a full set of correspondence. The email headers from the spam message should be enough to begin with.
- If I'm honest, I'd like the spammer to have been fined.*
* I'm being unfair, though, because the impression I get is that the company is a small and naive entity rather than an evil spamming operation. But I did tell it to remove me from its list and it did not, at least initially.