Unsolicited Bulk Email i.e. Spam!

posted by Damien Ramé in All about Spam on Jul 26, 2011


Spam is defined as unsolicited bulk email (UBE). We all receive unsolicited email every day (advertisements, sales enquiries, job enquiries). That alone doesn’t make it spam. And I am sure that each of you, like myself, are on the receiving end of several different enewsletters or discussion lists, i.e. bulk email. Some of which we signed up to receive, and others we wonder how the heck they ever found our email addresses. Again, bulk email alone is not considered spam. It takes two to tango. An email is considered spam only if it is both unsolicited and sent in bulk to a large quantity of recipients. 

With the amount, and subsequent cost, of spam email increasing exponentially, most countries have implemented some form of spam legislation, and the consequences to violators can be severe. For example, violators of Canada’s Bill C-28, Fighting Internet and Wireless Spam Act (FISA), can be fined up to $1 million for an individual and up to $10 million for an organization. However, since so much spam originates in other countries or from botnets, it is unlikely that such spam legislation will greatly reduce the amount of spam emails we receive.

So, what can you do to reduce the amount of spam email you receive? Here are some basic tactics that you should keep in mind:

  • Do not post your email address on websites. That includes your company website or any other website you interact with such as newsgroups.
  • Do not click on ‘unsubscribe’ in a spam email. Don’t forget, spammers are unscrupulous. It is naive to think that they will kindly remove your email from their list simply because you asked them to. In fact, by hitting ‘unsubscribe’, you have just personally confirmed that your email address is valid and actively being used.
  • Read privacy policies carefully. Most reputable companies have privacy policies posted on their websites. Before submitting any personal information, such as your email address, read the company’s privacy policy to see what they are going to do with the information you submit.
  • Report messages as spam. Many email clients, and even some anti-spam software solutions for the enterprise, offer some sort of reporting mechanism for spam email. By reporting an email as spam for analysis, you are helping to reduce targeted spam and improve filtering technologies.
  • Do not give your email address out to just anyone who asks for it. It seems like just about anywhere you go these days someone asks you for your email address. Ask yourself if you really want that person sending you emails, and more importantly, if you trust that they won’t sell your email to a 3rd party.

 


Share this article


Share

Comments

I’d like to challenge your assertion that “so much spam originates in other countries or from botnets, it is unlikely that such spam legislation will greatly reduce the amount of spam emails we receive.”

For one, CASL, Canada’s Anti-spam law does in fact allow the government and recipients to act against botnet operators, some of whom, as we have seen quite regularly, are in North America.

Secondly, non-botnet spam easily falls under the auspices of CASL, and will reverse the muddle-headed decision made under CAN-SPAM to allow an opt-out régime, CASL is opt-in, and will have tremendous impact on senders in North America. Many legitimate companies operate at the lowest common denominator of opt-out, and thus are actively spamming.

Neil Schwartzman
Executive Director
CAUCE : The Coalition Against Unsolicited Commercial Email

http://cauce.org
http://twitter.com/cauce

By Neil Schwartzman on 2011 07 27

Thanks for your comment Neil.

I’m also curious: what could Canada do against a C&C located in Russia, in Ukraine or in China.  They have zero jurisdiction over these countries.  With Rustock, Microsoft and the US Feds were able to seize a couple in the US and overseas (ref: http://www.vircom.com/u/6b), but we’re talking a multi-billion dollar tech company and the top US enforcement agency.  Not Canada. The law gives us the possibility to act, but we in Canada are in my opinion lacking the muscle to do it.  Other botnets have similar stories (Conficker) with similar entities. 

For non-botnet spam, I agree with you, CAN-SPAM will help… assuming it is reported, followed-up on and obviously enforced.  Which is not necessarily the case now.

By Damien Ramé on 2011 08 04

“I agree with you, CAN-SPAM will help… assuming it is reported, followed-up on and obviously enforced.  Which is not necessarily the case now.”

I assume you meant to write CASL. The gov’t have hired 30 law enforcement agents (cyber-cops) to work on investigating the law.

As to oversees, one step at a time. We must have our own house in order - can CASL apply in eastern-block countries? Not directly. What it can do is provide our cops with data to share with their cops, and there have been countless investigations and busts ‘over there’ (most recently Romania, previously Estonia, Russia, Spain) that have sprung from x-border cooperation.

By Neil Schwartzman on 2011 08 04