So long as spam legislation applies to these notifications¹, you don’t need to: in theory you just report it to the relevant enforcement body, and they get fined heavily until they do something about it (which, under most sets of spam legislation, will start by requiring that these sorts of messages be opt-in only).
—⁂—
¹ I vaguely recall hearing that EU spam legislation would apply to notifications, but I may be wrong or misremembering. For my home jurisdiction of Australia, the Spam Act 2003 may or may not cover them; it depends on whether these things count as “electronic messages”, a term which is defined in the Act as “a message sent:
(a) using:
(i) an internet carriage service; or
(ii) any other listed carriage service; and
(b) to an electronic address in connection with:
(i) an email account; or
(ii) an instant messaging account; or
(iii) a telephone account; or
(iv) a similar account.”
As a technologist, I would expect push notifications—that is, notifications sent by the app provider’s server via Apple/whoever servers to your device—to meet this classification; but that it would be less clear-cut with notifications generated directly by the app, as there’s not so obviously an electronic address involved.
Ho man. Works so well for email and phone calls huh?
Maybe (maybe!) large players will pay attention as they have a lot to lose and aren’t able to ‘dodge’ well. But there are millions of fly by night scam operations that come and go.
Only real solution here is, like email, user side filtering and infrastructure level black holeing of offenders.
I think I average around one illegal spam email or phone call from Australian companies per year. I will always respond to them, though I don’t think I’ve ever actually got any to acknowledge the bald illegality of their action, and normally I will report them to ACMA.
As far as email is concerned, a part of the problem that leads to moderately generic spam is that addresses are often readily available, and there are then no technical means to stop the sending of the message (… though filtering can block receiving the message). The difference with push notifications is that each provider gets a unique address to send to, and you have to at least install an app or accept push notifications (on the web) before they get that address, which guards against the completely casual you-don’t-want-any-notifications crew.
It’s who is in control, who bears the cost/gets hit with the bad behavior, and who is what level of desperate.
Sounds like Australia is pretty mellow. The US often is not.
In the US, I usually get at least 4-5 spam calls a day (post filtering). I used to get dozens before I setup filtering. Sometimes even two at once!
At one point during the bad days (a year or two ago), after I made the mistake of putting my actual phone number in a .us domain registration (no privacy filters), I got 20+ a day. Usually from India. Sometimes even at 2am!
If the infrastructure provider gets paid for the spam directly or indirectly (USPS, phone system, perhaps Apple too via App Store commissions?) then they’ll only stop the really ridiculous and egregious abusers.
If the end user has some control (either via opting out or via filtering), it can cut it down much more. But without tooling it’s still an uphill battle.
They don’t need the experience to be good, just better than the alternatives. Completely cutting it off is not an acceptable alternative for most.
Your comment about ‘easy to get’ email addresses made me chuckle, because having an actual valid email address is actually a response to early spamming!
It used to be, you could use any email address (or send from any IP), even if it wasn’t valid or deliverable and it would go through. Those days faded quickly.
Then came DNS black lists. Then SpamAssassin, which worked pretty good actually (that was cutting edge), and it started to work in Bayesian filtering + weighting of various lists.
Then Gmail et al. and their proprietary filtering software. Then DKIM, etc.
I’m curious what the options will look like for notifications.
The iOS platform controls are problematic as it makes it hard to explore the space of options organically via third party apps (a SpamAssassin for App notifications would be awesome!).
All the focus hacks and weird rules are just too complicated for almost anyone to understand, hence the ‘DND all the time’. It would be like manual blacklist curation for email. Maybe they’ll allow a pluggable integration point there, like password managers for passwords?
At some point a critical mass of users will start DND’ng all the time, or it will even start becoming ‘cool’ to just not have a phone at all or something, and the platform folks will have to start taking a stand.
—⁂—
¹ I vaguely recall hearing that EU spam legislation would apply to notifications, but I may be wrong or misremembering. For my home jurisdiction of Australia, the Spam Act 2003 may or may not cover them; it depends on whether these things count as “electronic messages”, a term which is defined in the Act as “a message sent: (a) using: (i) an internet carriage service; or (ii) any other listed carriage service; and (b) to an electronic address in connection with: (i) an email account; or (ii) an instant messaging account; or (iii) a telephone account; or (iv) a similar account.” As a technologist, I would expect push notifications—that is, notifications sent by the app provider’s server via Apple/whoever servers to your device—to meet this classification; but that it would be less clear-cut with notifications generated directly by the app, as there’s not so obviously an electronic address involved.