The Spam Act -- a good start

Legislation may be leading the way in the war against spam, but proper education is still crucial.

People who like guns insist that it's the people who use them that cause death and injury, not the firearms themselves. It can be argued that the same applies to electronic messaging.

E-mails, SMS text messaging, and Multimedia Message Services (MMS) have evolved into society's core communicators, but they threaten to self-destruct under the pressure exerted on users by the shysters and hucksters strangling the system with malicious, unwanted junk.

Australian legislators have done a good job in framing the Spam Act that came into force last Easter to try to control the rapidly rising tide of garbage, which left unchecked, will clog society's communication arteries to the point where users will turn away in frustration.

It's a good start, but beyond legislation it will also take education and technology to make a measurable difference.

Essentially, the Act broadly says it is illegal for any Australian entity to send a single e-mail, SMS or MMS message to anyone trying to sell them something -- let alone bulk messaging -- without their previously agreeing to accept it. Or for any foreign outfit to send stuff to Australian addresses without recipient consent. Charities and government are exempt. This may lead to interesting commercial joint ventures with charity organisations.

This is called "opting in", and the Australian legislation follows that enacted by the EU and Canada and in this regard is to be applauded for it.

Those without significant legal resources in-house will need to move quickly to ensure that electronic marketing activities comply.

The question of "consent" can be vexing. Consent can be inferred from previous relationships or conduct (online customers who already get retail newsletters for example -- or just having a business card with a personal e-mail address on it) and companies need to clarify these permissions. Certainly, it would be unwise to put your business card into a barrel at a trade show as you are giving consent.

The ACS recommends five basic steps:

1. If you are not sure about consent, get it via phone, mail, or even e-mail
2. Comply with the Privacy Act and remember you are not allowed to collect e-mail addresses without consent
3. Always give recipients an effective and legitimate out option
4. If your e-mail is on the Web, community notice boards, and other public places, add a "no spam" tag to it to refute implied consent
5. If they don't have it, you won't get it, so think about excising e-mail addresses from business cards and other places where you maybe giving consent.

On the other hand, the American CAN-SPAM ("Controlling the Assault of Non-Solicited Pornography and Marketing") legislation enacted earlier this year is based on "opting out" -- in other words anybody is entitled to send you whatever they like until you tell them to stop.

It's the pervasive nature of electronic communication which makes it effective, and for as long as serious flaws exist in largely ineffective anti-spam legislation like "Can Spam" (as it has become known), a difficult battle will become significantly harder.

There is much international finger-pointing between countries, blaming each other for the problem. The EU claims that 80 percent of its spam comes from America, while US anti-spam vendor Commtouch claims that 40 percent of spam there comes from Internet Protocol (IP) addresses in 125 countries, with most coming from China.

High-profile anti-spam company Brightmail says in the Asia-Pacific region, China accounts for 34 percent of spam, Korea 30 percent, and New Zealand, which has no anti-spam legislation, for 14 percent.

Australia produces only two percent, which perhaps says something for national decency or legislative effort. But with 98 percent of our problem originating overseas, source doesn't really matter -- it's the effect. The end game will be bi-lateral agreements between countries and Australia is taking a strong leadership role in the global community by enacting legislation early.

This article was first published in Technology & Business magazine.
Click here for subscription information.

Edward Mandla is National President of the Australian Computer Society (ACS). The ACS attracts a membership (over 16,000) from all levels of the IT industry and provides a wide range of services. The Society can be contacted on 02 9299 3666, or email info@acs.org.au.

Visit this page for other ACS articles published by ZDNet Australia.

• Related stories

• Alerts

Sign up for an e-mail alert

ZDNet Australia Alerts is an e-mail alert service which provides personalised news, features and reviews to readers’ inbox on an hourly, daily and weekly basis.

Alert:

E-mail: *

Frequency: *

Hourly Daily Weekly

Add alert

Add your opinion

Add your opinion

All fields are required

Subject:
Comments:
Full name:
E-mail address:

Your e-mail will not be displayed

Posting options:

Display all details Do not display details

Security Code:

You must read and type the 6 chars within 0..9 and A..F

 

The spam act is a joke. I have ...Anonymous -- 07/05/04

The spam act is a joke. I have received more AUSTRALIAN-BASED spam since the act came into Force in April than prior.

Meanwhile, legitimate marketers cannot make initial contact with those they perceive to have an interest in their product without explicit consent.

The whole mess is unworkable!

• Reply to comment
• Reply to story
• Report offensive content

Legislation is not going to pr ...Anonymous -- 10/05/04

Legislation is not going to prevent all spam. I think that once we accept that fact, we can gain some perspective on spam.

The problem of spam actually originates with SMTP. When SMTP was invented, it was not believed that almost every home in the industrialised would have a computer. There was no immediate need to make the protocol "prove" the identity of the sender.

Today we have many unsecured computers connected via broadband, creating the perfect platform for sending out spam.

Spam needs to be attacked on all levels.

Firstly, companies need to understand that mass mailing recipients who they think may be interested in their products or services is unacceptable. By making this activity illegal (even if it is not enforcable) we discourage misguided marketers from sending spam.

The previous comment states "legitimate marketers cannot make initial contact with those they perceive to have an interest in their product without explicit consent", complaining that the solution is therefore unworkable. What they have not understood is that it is up to the recipient of any email to judge a marketer as legitimate. Marketers are optimistic about who they perceive may want to know about the product. After all you don't want to miss a sale because you thought they may not want an email.

The second part of the solution is to make use of technology. There are many different options here. The end result will probably be a small extension to the SMTP protocol, coupled with a complex set of filters, customisable for each user.

Microsoft has suggested a simple verification process piggy backed on the DNS system that will quickly detect fake senders. Yahoo is experimenting with private key signing of messages to prove their source.

This isn't actually as scarey as it sounds. In fact you could implement it without touching any client software. The ISP can check each email as it comes in to prove it comes from the "sender". Any spoofed messages can be automatically dropped without it ever getting to the end users inbox. With intelligent enough filters, whitelist senders, blacklist senders etc, 95% of SPAM would be stopped without risking dropping of an email the recipient actually wanted.

Clearly there is quite some work to go. Hopefully we can make email useful again. I urge everyone to co-operate. Note to marketers. Some estimates put the level of SPAM at over 50% of all emails. If this persits, email will cease to be a viable option, and you will have no-one else to blame.

• Reply to comment
• Reply to story
• Report offensive content

While I agree with some of you ...Anonymous -- 10/05/04

While I agree with some of your points I will give a clear example of where the anti-spam act is infringing on my ability to do my job.

Here goes:
I know that Mr Jones wants to buy a red sports car. I sell red sports cars. The only contact details for Mr Jones that I have is his email address.

As the anti-spam act stands, I cannot make contact with Mr Jones to market my red sports car to him via email until he makes contact with me. Am I wrong to think that he does not want to hear from me?

In the past I have made contact with prospects through a network of business associates - people saying they have heard that a particular business is after the kinds of products we sell. Again, if I only have an email address to go on, I cannot make contact, even though a third party has explicitly told me that they know the prospect is interested in the kind of good I market or sell.

I had a similar problem recently. I can choose to ignore the law and risk a fine or I can choose not to do my job. I chose to do the 'right' thing by the legislation and not make contact. The legislation is unworkable.

• Reply to comment
• Reply to story
• Report offensive content

which is why sender id is the ...Anonymous -- 31/03/05

which is why sender id is the way to go. It gives the end user the ability to reply direct to the spammer to request removal form the list, and if the request is not honoured, the end user can identify the spammer and take legal action for har****ment, or simply block the spammer via black or whitelists.

If end users could do this effectively, spammers would soon realise it hurts more than helps them to be unreasonably aggressive in their spam campaigns.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Login

E-mail Password (forgot?)

Login Remember

Sign up and win a iPhone3GS!

Reader Services

Popular Topics

Essentials