IOC investigating spamming in the industry

jetset

RIP Brian
Joined
Feb 22, 2001
Location
Earth
U.K. DATA WATCHDOG WARNS ONLINE GAMBLING FIRMS REGARDING SPAMMING

Information Commissioner's Office advises the public that it has a channel to report spam.

Britain's Information Commissioner's Office data watchdog has advised that it is investigating massive spamming taking place via the internet, with special attention to the online gambling environment where the practice appears particularly prevalent.

The ICO has contacted over 400 gambling companies, warning them that they are required to explain how they use and safeguard customers' personal data, how they send out marketing texts and what involvement they have with affiliate marketers.

Most of the companies contacted are understood to run affiliate marketing operations to attract new players, and there is some discussion on who is responsible as the data controller in these business arrangements.

Officials have commented that if no one takes responsibility, data rules may be overlooked, which in turn could lead to firms operating in the UK facing fines of up to GBP 500,000 for failing to comply with the law.

The ICO has opined that the online gambling industry is presenting "particular problems" involving the use of affiliate marketing.

Gambling sites are separately being probed by the UK's Competitions and Market Authority, aided by the Gambling Commission over concerns about consumer protection.

The ICO's anti-spam executive, David Clancy, said in a statement this week:

"Companies must comply with the law when using people’s personal information. Not knowing the law or trying to pass the buck to another company in the chain is no excuse. The public expect firms to be accountable for how they obtain and use personal data when marketing by phone, e-mail, or text. Fail to be accountable and you could be breaking the law, risking ICO enforcement action and the future of your business."

The ICO has published a new set of codes explaining how businesses and organisations need to be more upfront with customers about how their personal data is being used.
 

goatwack

Get dunked, big buns!
Joined
Aug 29, 2012
Location
Londonia
Funny how the threat of fines will stir these casinos into action. Finding those rogue affiliates won't be so hard anymore, and the influx of Viagra spam due to having sold my personal details to 3rd parties should also magically cease.
 

interlog

Meister Member
webmeister
PABnonaccred
MM
Joined
Mar 29, 2015
Location
London
Most of the companies contacted are understood to run affiliate marketing operations to attract new players, and there is some discussion on who is responsible as the data controller in these business arrangements.

How do these affiliates get hold of the player email addresses though? On all of my affiliate accounts such stuff - quite rightly - is simply not available.
 

spoton

Senior Member
webmeister
Joined
Dec 28, 2011
Location
Right behind you
This is really great news. Casinos can't excuse themselves by blaming their affiliates anymore. Sadly I guess ICO is only for British consumers.
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
How do these affiliates get hold of the player email addresses though? On all of my affiliate accounts such stuff - quite rightly - is simply not available.

Some casino groups allow affiliates to market to their existing players via "black box" access to email addresses. The affiliate doesn't get to know email addresses and names, but it is allowed to send "via the casino's own server". [strike]Cassava and Casino Rewards have been operating along these lines for ages, and Casino Rewards have even told players this is why they are suddenly getting all those mailers for the other casinos in the group when they sign up to one. It's a cop out, probably using a loophole in DPA rules and anti-spam laws because the player will have given the casino they signed up to their email address, and by offering a "black box" system, rather than giving affiliates the names and email addresses of players, they are not "passing the data to third parties"[/strike].

Of course, an alternative explanation is that the whole thing is a ruse to pass the buck to the "mythical rogue affiliate" for what is actually their own in-house aggressive spamming of existing players.

This is really great news. Casinos can't excuse themselves by blaming their affiliates anymore. Sadly I guess ICO is only for British consumers.

Not only have they passed the buck to affiliates, they don't do much when these affiliates break the law and the terms and conditions of the affiliate program, yet they will come down like a ton of bricks when a player bets £1 over the max bet on a bonus.

The discussion will probably end with the affiliate program being held responsible under the DPA for the activities of the affiliates, and this should ensure that the more lax programs tighten up their policing to the kind of levels seen at 32Red and it's program.

This has probably come about because of the gathering of spam reports over a number of years, possibly via the ISPs sending in data based on what their customers report or flag as spam when trying to configure the newer "learning via feedback" spam filters.

A significant number of bonus complaints arise from players who see something in a spam, and assume it's a genuine offer and gives the correct information regarding terms and conditions.

Whilst this is "a UK thing" at present, other countries may well look at what the UK does, and then implement their own rules, or even investigations.
 
Last edited by a moderator:

Nicola

Closed Account
Joined
Jan 22, 2013
Location
Malta
Today, I received a letter (at my home address) from the ICO accusing me directly of SMS spam. They have now requested that I send them logs of including electronic data I hold.

Firstly... what the actual f**k. Where did they obtain my home address which is not available online, electrol roll etc.

Secondly, which is most important, I have no access to any technology capable of sending mass messages (electronic or otherwise) and ZERO personal data from any customer who has signed up through any of the sites I own.

I have now passed this on my lawyer who will write directly to the ICO asking them for the evidence of SMS spam and investigate how them came into pocession of a residential address which has never been made publicly available.

IMG_0006.jpg
 

dunover

Unofficial T&C's Editor
Staff member
webmeister
PABnonaccred
PABnononaccred
CAG
mm3
Joined
May 22, 2012
Location
the bus shelter, opposite GCHQ Benhall
Everyone's residential address is available if you know where to look. If not the Investigators will get it from phone/banks/utility companies via the RIPA 2000 legislation. If you own a company it can be obtained, or if a director. I find this odd as the most likely way is through the name of any operations you run or equipment used to send texts, or contract with any marketing company that does this on your behalf. I have noticed on my gaming phone there is direct affiliate spam texts which are all reported. Don't forget e-mails can be set to phones too, not just SMS.

Someone could be using a business name very close to yours too, a not unusual tactic.

ALWAYS forward (in the UK) ALL spam texts you get to 7726 - this spells 'spam' on your keypad. These spamming twats are routinely being hammered with big fines now across the E-USSR and this is directly through people forwarding their shite to 7726.;)

Good job you have a lawyer because the ICO has very sharp teeth and will happily use them.
 

neilw

Moderator of Live Games forum
Staff member
webmeister
CAG
MM
Joined
Feb 11, 2013
Location
Kent - England
Today, I received a letter (at my home address) from the ICO accusing me directly of SMS spam. They have now requested that I send them logs of including electronic data I hold.

Firstly... what the actual f**k. Where did they obtain my home address which is not available online, electrol roll etc.

Secondly, which is most important, I have no access to any technology capable of sending mass messages (electronic or otherwise) and ZERO personal data from any customer who has signed up through any of the sites I own.

I have now passed this on my lawyer who will write directly to the ICO asking them for the evidence of SMS spam and investigate how them came into pocession of a residential address which has never been made publicly available.

View attachment 72463

I got the letter too as have lots of affiliates that have signed up through Income Access affiliate programs. It's IA who have provide the ICO with their database of affiliate details. It would appear that they should only have sent the ICO details of those affiliates that use SMS and Email as marketing methods, but they have sent them their whole database. There is a discussion going on over at GPWA, a lot of unhappy people.

I never do that sort of marketing so have just emailed them at the address they specified in the letter and told them so. That should be the end of the matter. Others that have done so have received replies acknowledging the error. No apology though.
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
Looks like a "warning shot", a mass mailer to ALL affiliates working for a particularly troublesome program that has come to their attention, and designed to warn the affiliates of the potentially severe penalties involved. Probably nothing has been done by the ICO to match individual affiliates in the program with individual SMS campaigns that appear to have broken the rules.

It's probably right that the program has simply given the ICO a list of all the UK affiliates in the program, whereas the ICO asked for a subset list of those using bulk SMS as part of their strategy.


This incident may well make UK facing affiliates in general realise that the ICO is serious about reigning in the spam, and for some it will mean changing the way they operate so that if they come under ICO scrutiny, they can prove that they are sending marketing only to those who have opted in as far as the DPA is concerned.

One thing to remember that the UK DPA requires a specific opt in, rather than using the "can-spam act" principle that anyone is fair game until they specifically opt out of receiving further marketing.
 

PaaskeDenmark

Always think positive
webmeister
PABnoaccred
CAG
Joined
Nov 24, 2008
Location
UnKnown
Today, I received a letter (at my home address) from the ICO accusing me directly of SMS spam. They have now requested that I send them logs of including electronic data I hold.

Firstly... what the actual f**k. Where did they obtain my home address which is not available online, electrol roll etc.

Secondly, which is most important, I have no access to any technology capable of sending mass messages (electronic or otherwise) and ZERO personal data from any customer who has signed up through any of the sites I own.

I have now passed this on my lawyer who will write directly to the ICO asking them for the evidence of SMS spam and investigate how them came into pocession of a residential address which has never been made publicly available.

View attachment 72463

OMG i received same letter 2 days ago and found it very strange but also got bit scared. I know for fact i have NOT been spamming i know the law and secondly i have NEVER spammed or at least not sending emails out or SMS / text messages. I dont do this kind of thing. I can see you are taking the big step further. I think at least i will just bash them hard trough their own contact email as I am furious myself about this :mad:
 

lockinlove

Staring into the sun
PABaccred
Joined
Jan 17, 2014
Location
Canada
meh that letter isnt a big deal. Its a warning/scare tactic. Its what they do.

Go on about your day
 

Nicola

Closed Account
Joined
Jan 22, 2013
Location
Malta
Not a big deal as such but this line:

"a large number of potentially unsolicited text messages promoting online gaming sites have been sent by affiliate organisations including yours"

That is a direct accusation to me (and others on this thread who have received a letter) which deserves an apology. Also do Income Access have any right revealing a private residential address to a third party?
 

Jd666

Riff Raff
CAG
mm4
Joined
Apr 9, 2012
Location
Republic Of West Yorkshire
Everyone's residential address is available if you know where to look. If not the Investigators will get it from phone/banks/utility companies via the RIPA 2000 legislation. If you own a company it can be obtained, or if a director. I find this odd as the most likely way is through the name of any operations you run or equipment used to send texts, or contract with any marketing company that does this on your behalf. I have noticed on my gaming phone there is direct affiliate spam texts which are all reported. Don't forget e-mails can be set to phones too, not just SMS.

Someone could be using a business name very close to yours too, a not unusual tactic.

ALWAYS forward (in the UK) ALL spam texts you get to 7726 - this spells 'spam' on your keypad. These spamming twats are routinely being hammered with big fines now across the E-USSR and this is directly through people forwarding their shite to 7726.;)

Good job you have a lawyer because the ICO has very sharp teeth and will happily use them.

Well thanks for that.

Getting sick of this spam on my mobile, and there is no number so looks like they are emails being sent from...

Top casinos
Bonus tips
Casinolist
New casinos
Bonus list
Casinotop10
bonus king

They are all bit.ly in the messages

Now going to forward them all.
 

jjezebel37

Dormant account
Joined
Nov 20, 2011
Location
Belfast (Northern Ireland)
I just got an email this morning supposedly from Sky Vegas citing their free £15 for new and old customers.
It really looked ligit but I clicked on when my username wasn't on it.

I've reported it to Casino.

The lengths.......
 

Casinomeister

Forum Cheermeister
Staff member
Joined
Jun 30, 1998
Location
Bierland
Not a big deal as such but this line:

"a large number of potentially unsolicited text messages promoting online gaming sites have been sent by affiliate organisations including yours"

That is a direct accusation to me (and others on this thread who have received a letter) which deserves an apology. Also do Income Access have any right revealing a private residential address to a third party?

Yeah - looks like a mailer sent to most everyone. It's scare tactics, and I'd just tell them to fob off. If you are sending emails that have been double opted in, then fuck them. You are abiding by ethical policies - they aren't by spamming you with a bullshit letter.
 

Casinomeister

Forum Cheermeister
Staff member
Joined
Jun 30, 1998
Location
Bierland
Some casino groups allow affiliates to market to their existing players via "black box" access to email addresses. The affiliate doesn't get to know email addresses and names, but it is allowed to send "via the casino's own server". [strike]Cassava and Casino Rewards have been operating along these lines for ages, and Casino Rewards have even told players this is why they are suddenly getting all those mailers for the other casinos in the group when they sign up to one. It's a cop out, probably using a loophole in DPA rules and anti-spam laws because the player will have given the casino they signed up to their email address, and by offering a "black box" system, rather than giving affiliates the names and email addresses of players, they are not "passing the data to third parties"[/strike]...

Please do not make statements like this without 100% proof or undeniable evidence. That is potentially damaging if it's true - but it's not.
 

spintee

Ueber Meister
webby
mm2
Joined
Mar 21, 2012
Location
Northants
Well I was told along the lines as what VWM stated, I was told that they could send a mass markting email out on my behalf or they would give me such lists, It was a little while ago so unsure what it exactly what was said but I still may have the email,

I also got the exact same message as jjezebel37 this morning from sky, and also getting the same SMS as
JdRocks, So thank you Dunover I will take a look at that forward SMS thing,

I think its great that something is getting done, As its not normally the small affiliates that are the problem but the big guns,

I also think that the letter that people are receiving is just a scare tactic or just sent out too all,
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
Please do not make statements like this without 100% proof or undeniable evidence. That is potentially damaging if it's true - but it's not.

The proof, not 100%, but certainly on "balance of probabilities" is based on my own experience, and that of others, with regard to the deluge of CR related spam that does come (or appears to come due to the headers used) from CR mail servers, not those of affiliates.

Players are told that if they don't want to get all the spam, they have to unsubscribe from EVERYTHING, including the promotional mailers and newsletters. This would most certainly not be the case if the official CR newsletters and promos were sent by CR directly, and the spam is sent by affiliates, as unsubscribing from one would have no effect on the other.

Many have pointed out that it's when they sign up for a CR casino for the first time that they see a sudden surge of CR related emails (or spam as it's officially called by the ICO using UK definition, not US definition). When players ask about this, they are told by CR support that the sudden deluge of spam is actually sent by affiliates, not CR themselves, but it's one hell of a coincidence that these affiliates suddenly get the email addresses when players have just signed up to one of the casinos, but were not getting the spam prior to this.

I expect this is a result of deceptive business practice that has been standard in the industry since the start, beginning with the hiding of the true beneficial ownerships of the companies, and the cloaking of how the internals work with respect to cross marketing, affiliates, third party advertising agents, etc.

My explanation has become "accepted wisdom" in player circles as to how things have always worked in the CR affiliate program. Until now, this "accepted wisdom" has never been challenged, players have been allowed to carry on believing it, and only now is there a determined effort being made to clarify that this is not how the system works. Unfortunately, this just opens another can of worms now that the first one has been sealed back up. If there isn't a facility for affiliates to "blind send" marketing to current CR players for CR casinos they may not yet have signed up to, how are these affiliates getting fresh email addresses for players who have just signed up at one CR casino, and so soon after signing up?

In fact, the one and only time I made a formal complaint to Kahnawake was when I signed up to a CR casino, and then got what appeared to be a "personal invite" direct from CR to sign up at another of their casinos and take the welcome bonus there. I did so, and was punished for it by having my rewards account locked. Apparently, I was spammed by an affiliate, although at the time I had no idea that this is how things worked in the industry. However, since I had NEVER BEFORE been sent promotional material for online casinos on that email address, when I got the first about a week after signing up, I assumed it was a genuine direct invitation from them, rather than a spammy affiliate.

Maybe in the past, myths were allowed to continue unchallenged because it suited the casinos to have players believe something that they might consider more benign than the truth, but with the ICO looking into things, it has become very important to ensure that myths are challenged and the truth about how such arrangements work becomes more widely known.

It may well be the perpetuation of these myths that has lead to the way the ICO has gone about this, because it's complaints from members of the public that give the ICO it's raw data as to what issues warrant a formal investigation.

I also suspect that ISPs are looking at which emails are "marked as spam" and gathering data that might be feeding into the ICO. I get this impression because some organisations that send out regular mailers are asking (begging even) people not to simply "mark as spam" if they don't want them, but to formally unsubscribe. Obviously, many people are simply using "mark as spam" to teach filters to keep these unwanted newsletters at bay, but it's also obvious that this practice is detrimental to the organisation producing the mailers.

Having signed up to CR all those years ago, my mailbox is fed a regular diet of both official CR mailers and CR related spam. I can now tell them apart with much greater accuracy than in 2004 by looking at the content.

One test to gather "undeniable evidence" is of course the "honey trap" method with a newly created email address that has been allowed to "bed in" for a while to assess what spam finds it from bots just guessing emails addresses at random.

Oddly enough, I was taught this in the 1970's by a friend of a friend who used it to find out who sold on his postal address and details. He spelled his name a little different for different companies, so when "junk mail" came in, he could deduce which company had sold on his details from how his name was written.

I will have to accept that the "accepted wisdom" I had believed for many years is not how things actually work with CR and it's affiliates.

In response to the ICO looking into this, casinos should now ensure that the way they conduct marketing is more transparent so that "accepted wisdom" is as close as possible to the truth. It will require more honesty and training of front line CS, as often it's when a player responds to a mailer and gets told by CS "no such offer, you must have received this from an affiliate who has used out of date information", that players learn that specific mailers they are seeing are "spam". They should also make it crystal clear to players that a mailer that is sent directly from the casino has come direct, and is not a third party affiliate. This should help players better determine when a crafty affiliate has done a good job of making their spam look like it's an official mailer from the casino.
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
Here is one example of CR related spam that has been deliberately designed to deceive the recipient it has come direct from CR (look at the text at the top).

When the recipient reads the text at the top, they are lead to believe they have been sent this as a "Casino Rewards members only" offer, which logically can only be something that CR themselves can know (that the recipient is indeed a member). If this is a third party marketing company, the only way they can correctly target these mailers to "CR Members" is by having access to a list of email addresses of members, or being given the facility to "blind send" to CR members' email addresses via CR facilities.

The naïve recipient will believe the above are the ONLY possible explanations, as other explanations would involve acting illegally, and would surely be stamped out by the regulators.

The design of this CURRENT mailer is serving to reinforce the myth of how the CR system works, which is categorically denied by those who should know and who can be trusted to tell the truth.

The REAL explanation is probably along the lines of affiliates being allowed to get away with such deceptive practices by the program managers because it does bring in the traffic. However, it takes the experienced player to accept this as the most likely explanation, whereas the naïve player and those who have never gambled online are likely to be the ones taking this at face value and complaining to the ICO that "xxxx casino is sending me spam".

The actual spammer in this example is located offshore, there is nothing the ICO will be able to do about it, rendering their investigations somewhat futile in respect of them going after the affiliates.

Ones I have seen in the past do actually use servers that have names implying they are under the control of Casino Rewards, and will often spoof the "from" address to give it a CR related domain, and even falsely sign the mailer as having come from the mythical "Emma" that is seen on the newsletters.

The method I now use is looking to see if my account numbers are quoted, as genuine CR mailers are nominally sent to the "last played" group casino account as of the time of sending, and at the bottom is a complete list of all CR account numbers for that email address. If a CR mailer doesn't have these, I assume it has come from a third party affiliate, although this is usually obvious from the content.
 

Attachments

  • CR related spam.jpg
    CR related spam.jpg
    65.2 KB · Views: 105

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
Well I was told along the lines as what VWM stated, I was told that they could send a mass markting email out on my behalf or they would give me such lists, It was a little while ago so unsure what it exactly what was said but I still may have the email,

I also got the exact same message as jjezebel37 this morning from sky, and also getting the same SMS as
JdRocks, So thank you Dunover I will take a look at that forward SMS thing,

I think its great that something is getting done, As its not normally the small affiliates that are the problem but the big guns,

I also think that the letter that people are receiving is just a scare tactic or just sent out too all,

By whom?

I certainly used to receive loads of mailers that fit this description of how things work (with CR related servers appearing to have been used for the sending). Things do seem different now, and I have been assured that this operating model isn't true. They were welcome offers for the various CR properties, and I got them regardless of whether or not I already had an account there.

The normal model (which IS the true one according to CR), is that the program provides creative for affiliates to use, but affiliates have to compile their own mailing lists and do so according to the local regulations in the markets they target
 
Top