Spam: Unsolicited Emails

Dealing with Spam | Email Headers | Legislation

A rural-style mailbox with “No Spam” on the front and an @ sysmbol on the raised flag.

What is Spam?

Spam is the unwelcome junk messages that pile into your in-box daily.

Spam is unwanted or unsolicited bulk email, postings, contact requests, SMS (text messages), instant messages, or similar electronic communications.
— Microsoft

Simply put, spam is electronic junk mail.

More precisely, spam is the spreading of a single message to a large number of email addresses, posting on an inappropriate newsgroup, or cross-posting a message to (typically) more than three newsgroups.

Other terms for spam are Unsolicited Commercial Email (UCE) and bulk email.

Spam is Email Without Consent

Spam is an issue about consent, not content. Whether the UBE message is an advert, a scam, porn, a begging letter or an offer of a free lunch, the content is irrelevant — if the message was sent unsolicited and in bulk then the message is spam.
— Spamhaus

In most cases, there is also an unethical nature to the emails, usually involving some sort of scam.

I suggest you never do business with a company that contacts you in an inappropriate manner. What makes you think they'll be there for you when you need support or if the product they sell is defective?

Spam Costs You

The next time someone suggests that spam is no big deal, remember this statistic:

In 2011, roughly 82 percent of all email traffic was spam. It is estimated that scam and phishing messages make up 19 percent of spam, meaning it is essential to be able to spot and avoid email scams.
— Check Point blog

The cost of spam is borne by the recipient, not the spammer, both in terms of the financial cost but also in the amount of time you waste dealing with unwanted emails.

It costs much more to advertise in a newspaper than it does to purchase it. Some newspapers are free to the reader, completely paid for by the advertiser.

The opposite is true with spam:

It is extremely cheap for the spammer to send millions of messages out. If even one person responds to this junkmail, the spammer will recoup his costs.

What happens if you buy something advertised via spam? This graphic shows the flow of Internet traffic and money following a purchase of Viagra from a spam email.
— Technology Review

Return to top

Dealing with Spam

When it comes to spam, individuals and businesses need to know how to protect themselves. That means recognizing a legitimate email versus spam.
— CASL

Learn to Recognize Spam

Test your knowledge with this short quiz.

One thing to watch for is emails that come from a company but come from Gmail, Hotmail or similar free email addresses. Corporations purchase and use their own domains for marketing emails.

Don't "Opt-out"

Never "opt-out" of something you didn't opt-in to.

Responding to spam will only expose you to the thousands of spammers that do not reveal their identity or will simply pass your removal request onto their “sales” department — resulting in even more spam.

Your Devices Need Protection Too

With the exploding use of small devices like cell phones and tablets (both in addition to and in replacement of computers), spam is an important issue there as well.

Is That Business Ethical?

If you're dealing with a business, you need to ensure that business is ethical.

Ethical e-commerce allows a business or an organization to get their message out to those that are interested without endangering the organization's reputation.

Anyone offering to "target market" for you is offering to send spam on your behalf.

Avoid avoid opt-out tactics like pre-selected checkboxes. Not only is this illegal in Canada, it is unethical. The legal alternative is opt-in.

Getting Help Dealing with Spam

These sites can help you deal with spam:

Canada's Anti-Spam Legislation site has information on how to recognize spam and protect yourself. Report spam.
SpamCop determines the origin of unwanted email and reports it to the relevant ISPs.
Network Abuse Clearinghouse has resources for users, system managers and developers.
The Coalition Against Unsolicited Commercial Email (CAUSE) proposes an “opt-in” system where only those requesting mail receive it.
The Netcheck Commerce Bureau promotes ethical business practices on the Internet.
How to get less spam in your email — FTC.

Return to top

Finding the Headers

During the process of getting help dealing with spam (or other email issues) you'll often be asked for a copy of the original email with the full headers.

The headers include tracking information that tells where the email originated and include the various servers involved in delivering the message.

If someone requests “the headers” they are looking for the tracking information contained within the email, but hidden by most email programs until you request that information (show headers, view source, etc.).

Email headers include information similar to the following:

From: <sender@yahoo.com>
Return-path: <sender@yahoo.com>
To: <somebody@islandhosting.com>
Received: pender.islandhosting.com
Wed, 08 Jun 2022 11:03:04 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Language: en-US

Information and layout varies between hosting services and email programs.

Short Headers

Usually folks only see the “short” headers:

From: <sender@yahoo.com>
To: <somebody@islandhosting.com>
Subject: Cat video updates

To:, CC: & BCC:

To: and CC: are often included in the short headers, but BCC: addresses are only visible to the sender (and may appear as a To: address for the recipient).

Be sure you understand how to use To:, CC: & BCC: correctly.

List Info

Emails coming from a listserv (a subscription service) often include a list-info entry in the short headers.

Clicking on the list-info reveals the listserv information including the list owner and how to subscribe or unsubscribe.

Locating the “Full Headers”

Full headers refers to the complete information about an email. This varies by email program and mail provider, but usually including a message ID, user-agent (the software generating the email), tracking information, delivery date and more.

Who@ gives details on viewing the headers for a number of email programs.

Return to top

Ever Wonder Why Spam is Allowed to Continue?

Have you ever wondered how spam can continue to exist? How can something this disruptive be allowed to continue. Can't governments or companies stop it?

There are three aspects to this:

Spam is profitable.
Legislators don't understand the problem.
Corporate interests often are at odds with effectively dealing with spam.

The Profit Motive

Perhaps you've wondered, like I have, how spammers can process stolen and scammed credit card information? This would seem to be relatively easy given the numbers quoted in a recent Information Week article:

95% of spam-advertised products are monetized using merchant services from just a handful of banks, suggesting payment handling is the weak link in the global spam value chain.

All told, they saw 13 banks handling 95% of the 76 orders for which they received transaction information. (Only one U.S. bank was seen settling spam transactions: Wells Fargo.)

But just three banks handled the majority of transactions: Azerigazbank in Azerbaijan, DnB NOR in Latvia (although the bank is headquartered in Norway), and St. Kitts-Nevis-Anguilla National Bank in the Caribbean.

The article quotes one potential reason:

We have to remember that spam is actually very profitable for the banks and credit card companies that move the money. That might affect how likely they are to actually do something about this.
— Mikko Hypponen, chief research officer at F-Secure

See the related article, Anatomy of a Spam Viagra Purchase.

Anti-Spam Legislation

The consequences of spamming can be severe, particularly in locations where legislation has been passed.

Antispam legislation in California can find you liable for thousands of dollars in damages if even one of your emails sent to a location within California is determined to be spam.
Canada's anti-spam legislation (CASL) became law effective July 1, 2014.
The penalties can be severe (an administrative monetary penalty of $75,000, to Scott William Brewer for sending commercial electronic messages without the consent of the recipients).

Not all legislation is this effective, but you could still ruin the reputation of your company even if penalties don't apply.

Canada's Anti-Spam Legislation

If you're located in Canada (or doing business in Canada) you'll need to follow the requirements of Canada's Anti-Spam Legislation (CASL) which requires a minimum of implied consent.

CASL regulates ‘commercial electronic messages’ (CEM) which are defined broadly and includes any electronic message that has as its purpose, or as one of its purposes, the encouragement of participation in a commercial activity.

Even if the electronic message itself is not related to a commercial activity, it may still be a CEM, having regard to the hyperlinks to other content or websites or the contact information contained in the message.
— Violet A. French, Business Law Today

CASL came into effect July 1, 2014 and is the toughest anti-spam law in the world.
You can't send a commercial electronic message (CEM) if you don't have at least implied consent obtained within the last 2 years*.
CASL has administrative monetary penalties (AMPs) up to $1 million for an individual and $10 million for other entities per violation.
CASL's reach can go outside of Canada. Since CASL sets a new standard for spam laws around the world, being compliant with CASL will help you be compliant with other laws.
Understanding Canada's anti-spam legislation.
The difference between implied and express consent.

*This period ends immediately if/when recipients indicate that they no longer consent to receiving your commercial electronic messages.

The U.S. CAN-SPAM Act

The U.S. CAN-SPAM Act is one example of poorly conceived and executed legislation. It did little to protect consumers.

The U.S. CAN-SPAM Act merely outlaws the sending of spam with false or misleading sender information (and other specified conditions). That in no way makes the sending of "non-forged" spam OK.
— Spamhaus

In fact, this legislation is so useless in protecting unwilling recipients of spam it is nicknamed the "You CAN Spam Act."

Ironically, checking for references to the CAN-SPAM legislation in email messages can be an effective way to identify spam.

When Sending Messages

When you're about to send an email message, you'll want to consider your relationship with the recipient(s), the content of the message and what you must include to ensure it meets legislated (and moral) requirements.

The CASL provides the following suggestions:

Think about who you are sending messages to

Think about the type of messages you're sending

Think about what you must include

Review Canada's Anti-Spam Legislation for complete understanding of the law.

The Privacy Commissioner of Canada has additional resources.

Prosecution is Difficult

Legal action against spam is more difficult than you might think.

Many operations originate overseas where prosecution under existing laws is difficult or impossible.
This is further exasperated by protection provided by the U.S. CAN-SPAM Act (lawmakers in most states other than California are reluctant to introduce legislation that makes it more difficult for legitimate businesses to use email for promotion and sales).
Hacking and the information gathered through spam is undoubtedly being used by nations as modern espionage. The June 2011 hacking of the IMF may have been triggered by malware when an employee clicked on a link in an email.

Commitment Lacking

However, it is not impossible. It is merely a lack of commitment.

More About Legislation

The following sites will help you to learn more about legislation in various countries:

Spam Laws includes legislation links for the United States, the European Union and other countries.
Anti-Spam Legislation.
Opt-In Laws in North America and Europe.

Related Resources

Related resources on this site:

or check the resources index.