Podcasts - do they mean more spam?
We’ve all had them: marketing emails from companies offering podcast transcription, or community software for your podcast, or a different podcast host wondering if they can help in any way.
Curiously, they’re coming to an email address you only use in your RSS feed for your podcast. So are marketers scraping RSS feeds to send you irresistible offers in your email?
“Yes, we track RSS feeds,” one marketer told us. “We do our best to not indiscriminately email any show, but instead focus on shows that likely could find the tool useful.”
Another clarified to us: “We aren’t scraping emails for marketing promotions of [PRODUCT]. Rather, we’re inquiring about potential opportunities to work together.” Hmm.
But they do work. One marketer tells us: “We average nearly a 70% open rate with a 12-14% click rate on cold emails. This has given me confidence that we usually aren’t bothering people… too much at least.”
We’ve asked for this, some say
“I don’t believe this to be illegal,” one marketer told us. “Public feeds are just that - public. If someone didn’t wish to be contacted, they could omit the email from their feed or use a fake one.”
Except there’s no opt-out like this. The
<itunes:owner> tag is used by podcast directories like those run by Apple, Spotify and Google to help you claim your podcast. The email needs to be present in the feed, and must work as an email address.
It’s difficult to argue that a “public podcast feed” is being published for any other reason than listing in a podcast directory. It’s specifically not being published as consent to be added to marketing lists.
Some companies are helping
At scale, scraping RSS feeds is a surprisingly hard job, requiring a significant investment in code and server time. There are, however, companies making life easier for marketers to get emails.
When we asked, one marketer told us: “We got the email [addresses] from PressHunt to be specific, thanks! In fact we even paid to join.”
PressHunt allows its customers to download lists of email addresses of journalists and podcasters. When contacted by Podnews, they told us “no we don’t scrape podcast data from RSS feeds”. When asked to clarify, since marketing emails had been sent to email addresses that only appear within RSS feeds, PressHunt told us: “We source from a handful of other providers, most notably ListenNotes”.
ListenNotes, a podcast directory, offers podcast datasets for sale. The company notes that this data would be useful “for marketing, PR, sales”, so appears to be actively promoting this data to be used in email shots. ListenNotes does state that this information cannot be resold; it also offers an API, which is prohibited to be stored or cached. PressHunt would appear to be operating outside of ListenNotes’s standard terms. (ListenNotes tell us that PressHunt are not a paid customer).
Incidentally, just making a press enquiry to PressHunt got us added to a daily newsletter from them without our consent.
Is it illegal to scrape RSS feeds for emails?
In Europe (and the UK, which is still bound by European law), the GDPR prohibits any scraping of personal data, which includes email, without prior consent of the person who’s email address you’re getting. The argument that “it’s on a public site/feed” isn’t enough, according to lawyers contacted by ScrapingHub, a web scraping service company. The GDPR covers EU citizens who currently live in the EU - but there is no way of knowing whether the personal details held in an RSS feed is an EU citizen and resident.
So: if you’ve received a marketing email to an email address from your RSS feed, and you’re in Europe, that marketer may have acted illegally. Fines can be up to US$22.5m - or even more in the case of larger companies. Although if that email address is a non-personal one, such as firstname.lastname@example.org, it is not covered by the GDPR, which is only concerned with personal information.
It’s less clear in other legal jurisdictions.
In the US, the CAN-SPAM Act prohibits address harvesting (¶ 6b1A) if the website or online service used has a legal notice stating that transferral of email addresses is not allowed. Most RSS feeds don’t contain the legal notice that the act would appear to require: but their linked websites may do. In that case, this harvesting would be against the Act: but it’s difficult to understand how Terms of Service for every podcaster could be programmatically checked.
(The much-lauded Californian Consumer Privacy Act appears to be irrelevant here unless the marketer has annual revenues of more than $25m.)
Canada’s Anti-Spam Legislation requires that marketers receive consent from recipients before sending messages. However, the law says that implied consent is given if (¶10(9)) “the person to whom the message is sent has conspicuously published … the electronic address to which the message is sent” - which could be the case if you publish an RSS feed.
Australia’s Spam Act 2003 also has an exception for “inferred permission”, which, similarly to Canadian law, kicks in if “the person made their email address or phone number public, such as online or in a directory”.
Is it illegal to send marketing emails like this?
In the US, the CAN-SPAM Act requires you to include a) a clear opt-out link; b) no misleading subject lines; and c) your company’s physical address in the email. Many of the marketing emails we’ve seen don’t contain one of these three legally-mandated elements. The penalty for sending infringing email is up to $16,000 per individual email.
Otherwise, it appears just fine (though if people mark these messages as spam, they may be blocked by email services).
So, are these emails illegal at all?
With the exception of European legislation, it seems that RSS feeds are fair game for hoovering up email addresses from. And it also seems fine to send marketing emails to these addresses, provided that you’re sending a compliant email.
That doesn’t mean they’re welcomed, of course. “It’s like a door-to-door salesman,” says one podcaster to Podnews. “While not illegal, it’s definitely bad behaviour”.
What happens next?
The WHOIS system for domain-names has a full list of email addresses and telephone numbers. This is the experience of someone who bought a new domain four years ago: deluged with calls and emails. (Podnews doesn’t use a privacy service for our domain-name, and I can personally attest to the high level of calls, texts and emails that it gives).
Domain-name registration companies have now added their own privacy services from WHOIS records, and give email protection as standard. ICANN, the organisation that manages the domain-name system, has also proposed redactions in public information available through WHOIS.
Perhaps it’s time for podcast hosting companies to do the same: or, for an enterprising company to produce a privacy shield for email addresses in RSS feeds.
What do you think - is this technique fair enough? The comments are open, below.
|James Cridland is the Editor of Podnews, a keynote speaker and consultant. He wrote his first podcast RSS feed in January 2005; and also launched the first live radio streaming app for mobile phones in the same year. He's worked in the audio industry since 1989.|