After a complaint to the Advertising Standards Authority, they've ruled that the spam I was sent is in breach of the CAP code; follow that link to read the ASA's ruling.
This ruling says that it isn't enough to buy a list for emailing with the assurance that consent for the email was given - you have to be able to provide evidence of that consent.
Usually what happens, is that some unscrupulous list vendor scrapes together a list from whatever sources they can find, such as email addresses found on web sites. Then they sell this list as being "fully opted in" or as "business addresses only" or even as "telephone verified". They don't care that the list is 99% rubbish.
The person buying the list has no way of checking that it's as the list vendor says (and in some cases, the list vendor seems to go out of business every couple of months, reappearing under a new name) and isn't too bothered, because they feel that their message is reaching millions of people at a low cost.
They don't make the connection that, just as they delete any spam they get unread, so will the people they're spamming. And people get the impression that anyone using spam to sell their services is in the same category as the vendors of Viagra and those who tell you that they have ten million dollars for you. In other words, not to be trusted. Would you trust a spammer?
And so the spam business continues. The main losers? Actually, the spammers, who are paying good money for these lists that don't work, and which also put them in bad odour with the Advertising Standards Authority. The winners are the list vendors, who take the money and run. And us ordinary folks? We use spam filters, and don't actually see the spam or are affected by it. Unless we look at our spam folder, and complain to the ASA.