I'm put in mind of the inequalities of protecting web sites from bad guys; they only have to be lucky once, but you, the defender, have to succeed every single day. If you missed the small print just once, the spammers direct marketers can hound you for years and years afterwards 🙁

Marketing permission, whether deliberate or inadvertent, shouldn't be transitive and definitely shouldn't be able to be sold as a commodity.