Postal Service delivers ... spam?

The United States Postal Service is promoting its online Click-N-Ship service by sending spam to customers -- in apparent violation of its loophole-ridden privacy policy and certainly the spirit of federal law -- according to a pair of longtime anti-spam activists who say they themselves have received the unsolicited e-mail.

John Levine, a consultant, author and holder of leadership positions in various anti-spam organizations, reports on his blog:

"I was somewhat surprised to get spam last week from the United States Postal Service. It was advertising a new feature of Click-N-Ship, a Web shipping service, sent to an address that I think I gave them when I signed up to try out some other online system for validating postal mail addresses. The message did not have the postal mailing address of the sender (pretty ironic, huh?) nor opt-out instructions, both of which are mandatory under CAN SPAM. Did the USPS break the law?"

Paul Hoffman, director of the VPN Consortium and an IETF regular, says he "got the same spam from them."

"We are well beyond the point where large companies should be making this kind of goof," Hoffman says. "Regardless of whether or not it was legal, it is bad business, and it turns off orders of magnitude more customers than it attracts. Whoever at USPS organized this mailing should be summarily fired."

The USPS has yet to return my phone call asking for comment.

Here's what the postal service's Web site has to say about its privacy policy:

The Postal Service believes in permission-based marketing. We do not sell, rent, or otherwise provide your personal information to outside marketers. You will only receive marketing about products and services of the Postal Service or its partners, other than products and services you already receive or are registered for, under the following conditions.

If you are a consumer, we use an opt-in standard. If you have provided personal information to register for or purchase a product or service, we will not use that information to contact you in the future about another product or service unless you have provided express consent.

If you are a business, we use an opt-out standard. We assume you are interested in other products and services that could aid you in your business, and so we will provide information to you unless you tell us you do not want to receive it.

Whether the USPS will contend that Levine and Hoffman are businesses for this purpose I cannot say (Hoffman says he used a personal e-mail address), but the policy itself reeks of convenient self-interest.

As for the law, Levine isn't sure the USPS has broken the letter of it either:

"Probably not," he writes. "By ancient legal tradition, the government's rules do not apply to itself unless it specifically says they do. (This may seem unfair, but if you work out the scenarios, it leads to fewer absurd situations than the alternatives.)"

But here's what we know for sure: By this point in time, every government agency should be adhering to at least the spirit of CAN SPAM, which in the case of the USPS means providing a physical address and an opt-out mechanism in its promotional e-mails.

Lumps of coal all around for those responsible.

Welcome Postal Service employees, regulars and passersby. If you have the time, here are a few other Buzzblog items and Network World stories that involve the USPS or spam.

'Tis the season for the U.S. Postal Service network to deliver.

Can't domain registrars just say 'no' to obvious phishers?

Need a valid e-mail address to register but don't want the spam? Try this Seam-based Web app

Rule #1 when doing PR for an anti-spam vendor: Don't spam

Spammers dodging OCR with .gif 'cut-and-paste'

• anti-spam
• spam