Spam & Anti-spam Legislation
What is Spam?
If you've been on the Internet even for a short time, you know about the unwelcome junk messages that pile into your in-box daily. That is spam.
You Need to Be Able to Recognize It
When it comes to spam, individuals and businesses need to know how to protect themselves. That means recognizing a legitimate email versus spam. — CASL
How'd you do?
Simply put, spam is electronic junk mail.
More precisely, spam is the spreading of a single message to a large number of email addresses, posting on an inappropriate newsgroup, or cross-posting a message to (typically) more than three newsgroups.
Other terms for spam are Unsolicited Commercial Email (UCE) and bulk email.
Spam is an issue about consent, not content. Whether the UBE message is an advert, a scam, porn, a begging letter or an offer of a free lunch, the content is irrelevant — if the message was sent unsolicited and in bulk then the message is spam. — Spamhaus
Spam is an Email Scam
I suggest you never do business with a company that contacts you in an inappropriate manner.
If they don't have the integrity to be courteous when contacting you with their offers, what makes you think they'll be there for you when you need support or if the product they sell is defective?
Use Ethical E-Commerce
Ethical Net commerce allows you to get your message out to those that are interested without endangering your organization's reputation.
Don't Be Part of the Problem
Anyone offering to "target market" for you is offering to spam others on your behalf.
Dealing with Spam: More than One Aspect
On this page the following sections, we'll deal with the following aspects of spam:
- How you pay for spam.
- Spam is out of control.
- Dealing with spam (including locating email headers).
- Why spam is continues.
The consequences of spamming can be severe, particularly in locations where legislation has been passed.
- Antispam legislation in California can find you liable for thousands of dollars in damages if even one of your emails sent to a location within California (or any other location with similar legislation) is determined to be spam.
- Canada's anti-spam legislation (CASL) became law effective July 1, 2014 and the penalties can be severe.
Not all legislation is this effective, but you could still ruin the reputation of your company even if penalties don't apply.
The U.S. CAN-SPAM Act is one example of poorly conceived and executed legislation. It did little to protect consumers. Ironically, checking for references to the CAN-SPAM legislation in email messages can be an effective way to identify spam.
Canada's Anti-Spam Legislation
If you're located in Canada (or doing business in Canada) you'll need to follow the requirements of Canada's Anti-Spam Legislation (CASL) which requires a minimum of implied consent.
CASL regulates ‘commercial electronic messages’ (CEM) which are defined broadly and includes any electronic message that has as its purpose, or as one of its purposes, the encouragement of participation in a commercial activity. An electronic message would include e-mail, text messages, and social media messaging and text, sound, voice, or image messages. Even if the electronic message itself is not related to a commercial activity, it may still be a CEM, having regard to the hyperlinks to other content or websites or the contact information contained in the message. — Violet A. French, Business Law Today
- CASL came into effect July 1, 2014 and is the toughest anti-spam law in the world.
- You can't send a commercial electronic message (CEM) if you don't have at least implied consent obtained within the last 2 years*.
- Businesses had until July 1, 2017 to obtain express consent from their past clients or customers.
- CASL has administrative monetary penalties (AMPs) up to $1 million for an individual and $10 million for other entities per violation.
- CASL's reach can go outside of Canada. Since CASL sets a new standard for spam laws around the world, being compliant with CASL will help you be compliant with other laws.
- Understanding Canada's anti-spam legislation.
- The difference between implied and express consent.
*This period ends immediately if/when recipients indicate that they no longer consent to receiving your commercial electronic messages.
3 Things to Think About When Sending Messages
When you're about to send an email message, you'll want to consider your relationship with the recipient(s), the content of the message and what you must include to ensure it meets legislated (and moral) requirements.
The CASL provides the following suggestions:
- Think about who you are sending messages to
- Did they give consent? Do you have a record of this consent?
- Do you have an existing business or non-business relationship?
- Think about the type of messages you're sending
- Is it sent to an electronic address?
- Is is commercial or promotional?
- Ensure no part of your message is false or misleading.
- Think about what you must include
- Identify your name and business accurately.
- Include details on how to unsubscribe in each message.
This is just an outline; be sure to read the infographic. Review Canada's Anti-Spam Legislation for complete understanding of the law.
The Privacy Commissioner of Canada has additional resources.
More About Legislation
The following sites will help you to learn more about legislation in various countries:
- Spam Laws includes legislation links for the United States, the European Union and other countries.
- Anti-Spam Legislation.
- Opt-In Laws in North America and Europe.
A Note to Legislators
I've experienced spam coming more frequently from certain locations (including from within Canada and the U.S.). When attempting to bring this to your attention, I've noticed that you've often protected yourself against the very annoyances that you permit businesses and individuals within your jurisdiction continue to propagate.
The argument that it affects legitimate businesses or jobs in your area is unfounded. Canada's Anti-Spam Legislation is one example of where legislation has minimal impact on business. There may be an inconvenience, but that is surely offset by the decrease in illegitimate activity that those same businesses need to deal with.
I strongly encourage you to pursue international agreements to allow for the enforcement of such legislation just as you currently enforce regulations against dumping knock-off material goods.
Spam Costs You!
The Print, Radio & TV Advertiser Pays
Tradition forms of advertising is paid for by the advertiser. For example, it costs much more to advertise in a newspaper than it does to purchase it. Some newspapers are free to the reader, completely paid for by the advertiser.
YOU Subsidize the Spammer
The opposite is true with spam. The reader pays the most!
It is extremely cheap for the spammer to send millions of messages out. If even one person responds to this junkmail, the spammer will recoup his costs.
This reverses the traditional cost/benefit ratio: the reader subsidizes the advertiser.
Subverting Affiliate Programs
The following illustration shows how affiliate programs can be subverted by greedy advertisers:
- The problem of spam is illustrated in this scenario: "Anatomy of a Spam Viagra Purchase".
- The off-shore pharmacies let unethical spammers do their work for them using an affiliate program.
- Of course, the manufacturer will protect themselves from having to clean up their own mess.
How Affiliate Programs Normally Work
There is nothing intrinsically wrong with an affiliate program. Affiliate programs provide an incentive for websites to promote products (just as traditional advertisers pay newspapers, radio and TV to promote their products).
The Problem: Unethical Advertisers and Products
The problem arises when the affiliate program is subverted by unethical advertisers using spam and other invasive tactics to promote questionable products (gambling, discounted drugs, pornography, etc.).
Spam is Out of Control
Spam is Like a 80% Internet Tax
AOL (America On-Line) once estimated that the proportion of spam at 30% of the total volume of emails received by their servers. How times have changed:
We estimate that at least 80% of all e-mail sent to our servers is junk mail and/or viruses, and that amounts to a lot of wasted resources that cost real money! — islandnet.com
The next time someone suggests that spam is no big deal, remember that you are either paying 80% more for your Internet service or getting 80% less performance. Ouch!
In 2011, roughly 82 percent of all email traffic was spam. It is estimated that scam and phishing messages make up 19 percent of spam, meaning it is essential to be able to spot and avoid email scams. Use this guide to help you dodge the bait. — ZoneAlarm Blog
That's nearly 20% that is aimed at stealing your identity or your money.
Dealing with Spam
Never "opt-out" of something you didn't opt-in for in the first place.
Responding to spam will only expose you to the thousands of spammers that do not reveal their identity or will simply pass your removal request onto their “sales” department — resulting is even more spam.
Few people have the time or resources to determine if the sender is legitimate or not.
Your Devices Need Protection Too
With the exploding use of small devices like cell phones and tablets (both in addition to and in replacement of computers), spam is an important issue there as well.
Keep Spam Out of Your Inbox
Hosting includes excellent spam management tools and friendly help.
Getting Help Dealing with Spam
These sites can help you deal with spam:
- Canada's Anti-Spam Legislation site has information on how to recognize spam and protect yourself. Report spam.
- SpamCop determines the origin of unwanted email and reports it to the relevant ISPs.
- Network Abuse Clearinghouse has resources for users, system managers and developers.
- The Coalition Against Unsolicited Commercial Email (CAUSE) proposes an “opt-in” system where only those requesting mail receive it.
- The Netcheck Commerce Bureau promotes ethical business practices on the Internet.
- Scumware.org defines scumware as the "collective term for software that performs unwanted activity on user's computer like malware, PUA, spying/tracking software, etc."
- FTC Spam includes resources provided by the U.S. Federal Trade Commission, as well as an address to report spam.
- "Virus" Hoaxes — avoid spreading ignorance.
Getting Help Dealing with Investment Fraud
Not all investment fraud is generated by spam, but the warning signs are usually the same. If it sounds too good to be true, it probably is. Nowhere is this truer than when shown investment proposals.
InvestRight is a BC Securities Commission program to help investors know the difference between legitimate and fraudulent investments by identifying the warning signs.
Ever Wonder Why Spam is Allowed to Continue?
Have you ever wondered how spam can continue to exist? How can something this disruptive be allowed to continue. Can't governments or companies stop it?
There are three aspects to this:
- Spam is profitable.
- Legislators don't understand the problem.
- Corporate interests often are at odds with effectively dealing with spam.
The Profit Motive
Perhaps you've wondered, like I have, how spammers can process stolen and scammed credit card information? This would seem to be relatively easy given the numbers quoted in a recent Information Week article:
95% of spam-advertised products are monetized using merchant services from just a handful of banks, suggesting payment handling is the weak link in the global spam value chain.
All told, they saw 13 banks handling 95% of the 76 orders for which they received transaction information. (Only one U.S. bank was seen settling spam transactions: Wells Fargo.)
But just three banks handled the majority of transactions: Azerigazbank in Azerbaijan, DnB NOR in Latvia (although the bank is headquartered in Norway), and St. Kitts-Nevis-Anguilla National Bank in the Caribbean.
The article quotes one potential reason:
We have to remember that spam is actually very profitable for the banks and credit card companies that move the money. That might affect how likely they are to actually do something about this. — Mikko Hypponen, chief research officer at F-Secure
See the related article, Anatomy of a Spam Viagra Purchase.
Lack of Prosecution
The U.S. CAN-SPAM Act
If you receive spam from the U.S. that claim to be legal, quoting the U.S. CAN-SPAM Act, they are wrong!
The U.S. CAN-SPAM Act merely outlaws the sending of spam with false or misleading sender information (and other specified conditions). That in no way makes the sending of "non-forged" spam OK. — Spamhaus
In fact, this legislation is so useless in protecting unwilling recipients of spam it is nicknamed the "You CAN Spam Act."
Prosecution is Difficult
As well, the legal action that could stem the tide is more difficult than you might think.
- Many operations originate overseas where prosecution under existing laws is difficult or impossible.
- This is further exasperated by protection provided by the U.S. CAN-SPAM Act (lawmakers in most states other than California are reluctant to introduce legislation that makes it more difficult for legitimate businesses to use email for promotion and sales).
- Hacking and the information gathered through spam is undoubtedly being used by nations as modern espionage. The June 2011 hacking of the IMF may have been triggered by malware when an employee clicked on a link in an email.
However, it is not impossible. It is merely a lack of commitment.
Big media companies have deep pockets and are more effective at demanding effective legislation, quoting huge costs to their businesses. These “costs” is often based upon the ill-conceived assumption that all downloaders would pay full retail for all illegally-downloaded products if the illegal sources dried up. More likely, many either could not or would not pay.
Instead, they can make changes to their own business practices such as fairness of pricing, availability and freedom from DRM restraints such as locking the purchase to one device and profiting from changing media types (e.g. VHS, DVD, BluRay).
Services like Netflix are a great example. Rather than enforcing bandwidth caps designed to force users to purchase similar content via expensive cable subscription models, lower the price to compete with Netflix.
Concerns are more heavily weighted in ensuring that businesses aren't hampered. Imagine if only big corporations had protection from credit card fraud!
Corporation Interests Hamper Success
AOL, Google, Microsoft, and Yahoo are to Blame
In 2007 ZDNet examined in 2007 Why AOL, Google, Microsoft, and Yahoo are to blame for spam. It noted that they are the only ones large enough to agree on a global standard to deal with spam effectively and decisively.
It seems the problem is one of cooperation:
- Microsoft killed one strategy by claiming their Sender ID is proprietary. They relented (but only after the others had already left the table).
- Yahoo! and eBay cooperated on dealing with phishers going after users of eBay while PayPal cooperated only with Google about issues with Google Checkout. None of parties shared the information with the other major email services.
This is also hampered by the anonymity of these free email programs. This is beginning to change. These companies are now seriously investigating methods of authentication that can help avoid spamming.