Russ Harvey Consulting - Computer and Internet Services

Spam & Anti-spam Legislation

You Pay for Spam | Legislation | Dealing with Spam | Email Headers

What is Spam?

If you've been on the Internet even for a short time, you know about the unwelcome junk messages that pile into your in-box daily. That is spam.

Simply put, spam is electronic junk mail.

More precisely, spam is the spreading of a single message to a large number of email addresses, posting on an inappropriate newsgroup, or cross-posting a message to (typically) more than three newsgroups.

Other terms for spam are Unsolicited Commercial Email (UCE) and bulk email.

Spam is an issue about consent, not content. Whether the UBE message is an advert, a scam, porn, a begging letter or an offer of a free lunch, the content is irrelevant — if the message was sent unsolicited and in bulk then the message is spam.
spamhaus.org

Spam is an Email Scam

I suggest you never do business with a company that contacts you in an inappropriate manner.

If they don't have the integrity to be courteous when contacting you with their offers, what makes you think they'll be there for you when you need support or if the product they sell is defective?

Use Ethical E-Commerce

Ethical net commerce allows you to get your message out to those that are interested without endangering your organization's reputation.

Don't Be Part of the Problem

Anyone offering to "target market" for you is offering to spam others on your behalf.

Dealing with Spam: More than One Aspect

On this page the following sections, we'll deal with the following aspects of spam:

Return to top

Anti-Spam Legislation

The consequences of spamming can be severe, particularly in locations where legislation has been passed.

  • Antispam legislation in California can find you liable for thousands of dollars in damages if even one of your emails sent to a location within California (or any other location with similar legislation) is determined to be spam.
  • Canada's anti-spam legislation (CASL) became law effective July 1, 3014 and the penalties can be severe.

Not all legislation is this effective, but you could still ruin the reputation of your company even if penalties don't apply.

The U.S. CAN-SPAM Act is one example of poorly conceived and executed legislation. It did little to protect consumers. Ironically, checking for references to the CAN-SPAM legislation in email messages can be an effective way to identify spam.

Canada's Anti-Spam Legislation

If you're in Canada (or doing business in Canada) you'll need to follow the requirements of Canada's Anti-Spam Legislation (CASL) which requires a minimum of implied consent.

CASL regulates ‘commercial electronic messages’ (CEM) which are defined broadly and includes any electronic message that has as its purpose, or as one of its purposes, the encouragement of participation in a commercial activity. An electronic message would include e-mail, text messages, and social media messaging and text, sound, voice, or image messages. Even if the electronic message itself is not related to a commercial activity, it may still be a CEM, having regard to the hyperlinks to other content or websites or the contact information contained in the message.
Violet A. French, Business Law Today

*This period ends if/when recipients indicate that they no longer consent to receiving your commercial electronic messages.

3 Things to Think About When Sending Messages

“3 Things to Think About When Sending Messages” infographic -- click to learn more.

When you're about to send an email message, you'll want to consider your relationship with the recipient(s), the content of the message and what you must include to ensure it meets legislated (and moral) requirements.

The infographic shown on the right provides the following suggestions:

  1. Think about who you are sending messages to
    • Did they give consent? Do you have a record of this consent?
    • Do you have an existing business or non-business relationship?
  2. Think about the type of messages you're sending
    • Is it sent to an electronic address?
    • Is is commercial or promotional?
    • Ensure no part of your message is false or misleading.
  3. Think about what you must include
    • Identify your name and business accurately.
    • Include details on how to unsubscribe in each message.

This is just an outline; be sure to read the infographic. Review Canada's Anti-Spam Legislation for complete understanding of the law.

The Privacy Commissioner of Canada has additional resources.

More About Legislation

The following sites will help you to learn more about legislation in various countries:

A Note to Legislators

I've experienced spam coming more frequently from certain locations (including from within Canada and the U.S.). When attempting to bring this to your attention, I've noticed that you've often protected yourself against the very annoyances that you permit businesses and individuals within your jurisdiction continue to propagate.

The argument that it affects legitimate businesses or jobs in your area is unfounded. Canada's Anti-Spam Legislation is one example of where legislation has minimal impact on business. There may be an inconvenience, but that is surely offset by the decrease in illegitimate activity that those same businesses need to deal with.

I strongly encourage you to pursue international agreements to allow for the enforcement of such legislation just as you currently enforce regulations against dumping knock-off material goods.

Return to top

Spam Costs You!

The Print, Radio & TV Advertiser Pays

Tradition forms of advertising is paid for by the advertiser. For example, it costs much more to advertise in a newspaper than it does to purchase it. Some newspapers are free to the reader — completely paid for by the advertiser.

But You Subsidize the Spammer

The opposite is true with spam. The reader pays the most!

It is extremely cheap for the spammer to send millions of messages out. If even one person responds to this junkmail, the spammer will recoup his costs.

This reverses the traditional cost/benefit ratio: the reader subsidizes the advertiser.

Subverting Affiliate Programs

The following illustration shows how affiliate programs can be subverted by greedy advertisers:

  • The problem of spam is illustrated in this scenario: "Anatomy of a Spam Viagra Purchase".
  • The off-shore pharmacies let unethical spammers do their work for them using an affiliate program.
  • Of course, the manufacturer will protect themselves from having to clean up their own mess.

How Affiliate Programs Normally Work

There is nothing intrinsically wrong with an affiliate program. Affiliate programs provide an incentive for websites to promote products (just as traditional advertisers pay newspapers, radio and TV to promote their products).

The Problem: Unethical Advertisers and Products

The problem arises when the affiliate program is subverted by unethical advertisers using spam and other invasive tactics to promote questionable products (gambling, discounted drugs, pornography, etc.).

Return to top

Spam is Out of Control

Spam is Like a 80% Internet Tax

AOL (America On-Line) once estimated that the proportion of spam at 30% of the total volume of emails received by their servers. How times have changed:

We estimate that at least 80% of all e-mail sent to our servers is junk mail and/or viruses, and that amounts to a lot of wasted resources that cost real money!
islandnet.com

The next time someone suggests that spam is no big deal, remember that you are either paying 80% more for your Internet service or getting 80% less performance. Ouch!

In 2011, roughly 82 percent of all email traffic was spam. It is estimated that scam and phishing messages make up 19 percent of spam, meaning it is essential to be able to spot and avoid email scams. Use this guide to help you dodge the bait.
ZoneAlarm Blog

That's nearly 20% that is aimed at stealing your identity or your money.

Return to top

Dealing with Spam

“Worried it's Spam? 5 Things to Look For” infographic -- click to learn more.

Don't "Opt-out"

Never "opt-out" of something you didn't opt-in for in the first place.

Responding to spam will only expose you to the thousands of spammers that do not reveal their identity or will simply pass your removal request onto their “sales” department — resulting is even more spam.

Few people have the time or resources to determine if the sender is legitimate or not.

Help Keep Spam Out of Your Inbox

Islandhosting.com Recommended

This site hosted by
Check out Islandhosting.com
Islandhosting is owned/operated by Islandnet

I strongly recommend Islandhosting for hosting. Hosting includes excellent management tools and help dealing with spam. Spam is not permitted by their terms of service which require opt-in mechanisms.

Microsoft provides some tools to control spam when using Microsoft Office Outlook, Windows Live Mail & Hotmail and Windows Mail (Vista only).

Getting Help Dealing with Spam

These sites can help you deal with spam:

Getting Help Dealing with Investment Fraud

Not all investment fraud is generated by spam, but the warning signs are usually the same. If it sounds too good to be true, it probably is. Nowhere is this truer than when shown investment proposals.

InvestRight is a BC Securities Commission program to help investors know the difference between legitimate and fraudulent investments by identifying the warning signs.

Return to top

Ever Wonder Why Spam is Allowed to Continue?

Have you ever wondered how spam can continue to exist? How can something this disruptive be allowed to continue. Can't governments or companies stop it?

There are three aspects to this:

  1. Spam is profitable.
  2. Legislators don't understand the problem.
  3. Corporate interests often are at odds with effectively dealing with spam.

The Profit Motive

Perhaps you've wondered, like I have, how spammers can process stolen and scammed credit card information? This would seem to be relatively easy given the numbers quoted in a recent Information Week article:

95% of spam-advertised products are monetized using merchant services from just a handful of banks, suggesting payment handling is the weak link in the global spam value chain.

All told, they saw 13 banks handling 95% of the 76 orders for which they received transaction information. (Only one U.S. bank was seen settling spam transactions: Wells Fargo.)

But just three banks handled the majority of transactions: Azerigazbank in Azerbaijan, DnB NOR in Latvia (although the bank is headquartered in Norway), and St. Kitts-Nevis-Anguilla National Bank in the Caribbean.

The article quotes one potential reason:

We have to remember that spam is actually very profitable for the banks and credit card companies that move the money. That might affect how likely they are to actually do something about this.
Mikko Hypponen, chief research officer at F-Secure

See the related article, Anatomy of a Spam Viagra Purchase.

Lack of Prosecution

The U.S. CAN-SPAM Act

If you receive spam from the U.S. that claim to be legal, quoting the U.S. CAN-SPAM Act, they are wrong!

The U.S. CAN-SPAM Act merely outlaws the sending of spam with false or misleading sender information (and other specified conditions). That in no way makes the sending of "non-forged" spam OK.
spamhaus.org

In fact, this legislation is so useless in protecting unwilling recipients of spam it is nicknamed the "You Can Spam Act."

Prosecution is Difficult

As well, the legal action that could stem the tide is more difficult than you might think.

  • Many operations originate overseas where prosecution under existing laws is difficult or impossible.
  • This is further exasperated by protection provided by the U.S. CAN-SPAM Act (lawmakers in most states other than California are reluctant to introduce legislation that makes it more difficult for legitimate businesses to use email for promotion and sales).
  • Hacking and the information gathered through spam is undoubtedly being used by nations as modern espionage. The June 2011 hacking of the IMF may have been triggered by malware when an employee clicked on a link in an email.

Commitment Lacking

However, it is not impossible. It is merely a lack of commitment.

Big media companies have deep pockets and are more effective at demanding effective legislation, quoting huge costs to their businesses. These “costs” is often based upon the ill-conceived assumption that all downloaders would pay full retail for all illegally-downloaded products if the illegal sources dried up. More likely, many either could not or would not pay.

That said, there are sites like Don't Make Me Steal which has several conditions for agreeing not to download illegal copies including fairness of pricing, availability and freedom from DRM restraints.

The needs to protect individuals from are easier to ignore. Concerns are weighed more heavily in ensuring that businesses aren't hampered. Imagine if only big corporations had protection from credit card fraud!

Corporation Interests Hamper Success

AOL, Google, Microsoft, and Yahoo are to Blame

In 2007 ZDNet examined Why AOL, Google, Microsoft, and Yahoo are to blame for spam. It noted that they are the only ones large enough to agree on a global standard to deal with spam effectively and decisively.

It seems the problem is one of cooperation:

  • Microsoft killed one strategy by claiming their Sender ID is proprietary. They relented (but only after the others had already left the table).
  • Yahoo! and eBay cooperated on dealing with phishers going after users of eBay while PayPal cooperated only with Google about issues with Google Checkout. None of parties shared the information with the other major email services.

This is also hampered by the anonymity of these free email programs. This is beginning to change. These companies are now seriously investigating methods of authentication that can help avoid spamming.

Return to top

www.RussHarvey.bc.ca/resources/spam.html
Updated: July 16, 2015

Spam not wanted here!

Finding the Headers

During the process of getting help dealing with spam (or other email issues) you'll often be asked for a copy of the original problem email with the full headers. Email headers is the term used to refer to the tracking information contained in an email (see example).

“Short Headers”

Usually folks only see the “short” headers which include From, Subject and To but can also include CC:, BCC and List info.

  • More about To:, CC: & BCC:.
  • List info: is often included on emails that are part of a list. Expanding the list info provides information on unsubscribing and often the list owner, etc.

Locating the “Full Headers”

Full headers refers to the complete information about an email. This varies by email program and mail provider, but usually including a message ID, user-agent (the software generating the email), tracking information, delivery date and more.

  • Who@ gives details on viewing the headers for a number of email programs.

Return to top

Beware: Domain Registry of Canada

Do not do business with the Domain Registry of Canada (or the Domain Registry of America). Both are run by Brandon Gray Internet Services, Inc. as Namejuice.com.

Their “Domain Name Expiration Notice” in a brown envelope with a red maple leaf is designed to make you think you're dealing with CIRA and looks like a government invoice.

These “notices” (known as “domain slamming”) show up significantly prior to expiration — long before you normally renew your domain and prior to any authentic renewal notice.

  • Their intent is to trick you into moving your domain from your current registrar.
  • Their pricing is exorbitant and they appear to be culling your domain's WHOIS information for purposes contrary to CIRA's legal notice.
  • This is not the sort of company that you want to do business with at any price!

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!