Cardinal Path’s response to COVID-19 Cardinal Path is sharing all we know to help marketers during COVID-19.  Learn more.

And I thought Shaw was bad! Well, this week I’ve found another excellent contender for the worst opt-out system, and even better the company is sending from the US. Yes folks, a genuine CAN-SPAM breach!

While browsing an old mail account the other day I noticed that I’ve been receiving regular emails from Codemasters. Who on earth are Codemasters? All I remember is that they have something to do with video games. Their email is an ad for a game called Operation Flashpoint. I never played this game, nor do I have any desire to play it, so why are they emailing me? Maybe at one point I signed up for an account there and they used an opt-out instead of an opt-in for their newsletter (a bad sign).

“Whatever,” I think, “I’ll unsubscribe.” Well, we know how well that has worked in the past.

Some background

Codemasters is based out the UK, and as of 2008 is owned by Balderton Capital (the European wing of Benchmark Capital). That’s why I find it odd that they list their mailing address at the bottom of the email as Codemasters Software Inc., Suite 2401, 10 Universal City Plaza, Universal City, California 91608, USA. I assume that the reason for this is that Britain has more stringent anti-spam laws (or so I assume, I know Europe has a host of strong laws) than the US, and thus sending from the US means that they only have to adhere to US anti-spam laws.


Well, some of us actually know our CAN-SPAM law. In particular I remember this little gem from the CAN-SPAM amendments:

From:FTC Approves New Rule Provision Under The CAN-SPAM Act

1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out
preferences, or take any steps other than sending a reply e-mail
message or visiting a single Internet Web page to opt out of receiving
future e-mail from a sender;

So, you are not allowed to ask for anything other than an email address and a subscription preference, and you can not make them visit more than a single unsubscribe page. Let’s see how many times Codemasters breaches this.

How do you unsubscribe?

CAN-SPAM leaves a lot of grey area (oh the puns) when it comes to where your link is located. Bottom of the page is pretty standard, and quite acceptable, though in this case the position, color, and general illegibility of the text leaves a lot to be desired.

So where does this link take us?

<img 2>

Okay… why do you need to know where I live? Whatever.

And whats with this form? I almost started filling it out when I first saw it, thinking that they had some long and absurd unsubscribe process. Then I noticed that the link at the bottom signs you up for more newsletters. Yes folks, clicking your unsubscribe link takes you to a landing page designed to make you sign up for more email marketing.

Classy. Also illegal.

But you may notice that the upper left hand corner houses a sign in box. Perhaps we have to sign in? Now I wonder, what is my login? Is it the name I used to sign up with, my email address, and which login name did I use? I can not remember.

I should note at this point that the URL they send you to the page with is[ADDRESS] which implies that they couldjust take you to your account. Instead they force you to login.

Normally, at this point, I would just mark the email spam and move on, but for “Science!” I decided to reset my password, which was pretty easy, and let me into the site, though instead of taking me to my profile it took me to&hellip;

Yes, it took me to a giant ad for one of their games. Classy, and again illegal! Maybe you can find where I would go to unsubscribe? I would guess here:

which leads to &hellip;

Yep, that looks like it. Interestingly I also don’t own any of the systems checked here here (other than a PC with a DVD rom, which is not checked), so I wouldn’t buy any games on these. But un-checking the top two should do it, no?

Ooops, didn’t notice that I had to agree to their terms and conditions in order to unsubscribe.

But there we have it, I should be out (we’ll see…).

So lets take a look at CAN-SPAM again.

1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender;

Failed on 6accounts!

  1. You must visit the country of origin page
  2. You must provide your country (though I notice Canada was not on that list)
  3. They first take you to a sign up page
  4. You must provide your password
  5. They then take you to an advertising page
  6. You must provide your agreement to their terms and services (that technically falls under a latter category as well)
  7. (Bonus) You must provide your login, which is technically your email address, so that’s not in violation of CAN-SPAM. But as they don’t identify it as such so they are really only escaping this one on a technicality.

That’s pretty bad for such a large company!


Truth be told, I don’t think that any of this is any kind of scheme on Codemasters part to make it a hassle for their users to unsubscribe (though lots of email marketers still use opt-out processes such as this for exactly that reason). Implementing a proper opt out system is much more difficult than simply directing users to their account options page. Setting up the ability to change settings of your CMS without logging in can be a real hassle, which is why CAN-SPAM gave everyone three years to get their act together. What this is is laziness on Codemasters part, but unfortunately it’s laziness that has put them in breach with CAN-SPAM.

Even worse, Codemasters’ troublesome unsubscribe process is the kind of problem that leads to the overuse of the “Report as Spam” button. As long as companies are making it too hard to unsubscribe people are going to use the “Report as Spam” button as a means of unsubscribing. This creates problems for Codemasters’, as it associates their domain with spamming, blocking more of their email, and also it creates problems for everyone else as this trend of reporting non-spam continues.

The solution for Codemasters is easy: do a quick double opt to get rid of the people who simply aren’t interested, and are more likely to report Codemasters’ email. Then move over to an email service that will allow you to provide a simple one click unsubscribe. Any major email provider will do that.