Canadian Internet Policy and Public Interest Clinic (CIPPIC)

Search

• 2.1: About Us
• 2.2: CIPPIC Publications
• 2.4: Events & Presentations
• Projects and Cases
  • 2.5.1: Consumer Protection Online
  • 2.5.2: Copyright law reform
  • 2.5.4: File-Sharing Lawsuits
  • 2.5.5: Identity Theft
  • 2.5.6: Lawful Access
  • 2.5.7: On the Identity Trail Project
  • 2.5.8: Other
  • 2.5.9: Privacy
  • 2.5.10: Spyware
  • 2.5.11: Telecom Policy
• FAQs & Resources
  • 2.6.1: Access to Information Laws
  • 2.6.2: ACTA
  • 2.6.3: Behavioural targeting
  • 2.6.4: Bill C-60: Copyright Bill 2005
  • 2.6.5: Bill C-61: Copyright Bill 2008
  • 2.6.7: Biometrics
  • 2.6.8: Broadcast Flag
  • 2.6.9: Copyright Law
  • 2.6.10: Defamation and SLAPPs
  • 2.6.11: Digital Rights Management
  • 2.6.12: Domain Name Disputes
  • 2.6.13: Domain Names
  • 2.6.15: File Sharing
  • 2.6.16: Internet Accessibility
  • 2.6.17: Identity Theft
  • 2.6.18: Internet Censorship in Public Libraries
  • 2.6.19: Lawful Access
  • 2.6.20: National ID Cards
  • 2.6.21: Net Neutrality
  • 2.6.22: Online Anonymity and John Doe lawsuits
  • 2.6.23: Open Source
  • 2.6.24: Podcasting Legal Guide
  • 2.6.25: Privacy
  • 2.6.26: Public Video Surveillance
  • 2.6.27: RFIDs
  • 2.6.28: Social Networking

  • Current page is 2.6.29: Spam

  • 2.6.30: Spyware
  • 2.6.31: Workplace Privacy
  • 2.6.32: Trusted Computing
• 2.7: For Students
• 2.8: Links
• 2.9: Support CIPPIC
• 2.10: uOttawa Law & Technology Program
• 2.11: Contact Us
• 2.12: Privacy Policy
• 2.13: Test Page

Spam

• F.A.Q.
• Resources

---

F.A.Q.

• What is spam?
• What is the problem with spam?
• What can I do about spam?
• What are Internet Service Providers doing about spam?
• What are others in the industry doing about spam?
• Does Canada have anti-spam laws?
• What is the Canadian government doing about spam?
• Doesn't the CRTC regulate spam?
• How can I have input into Canadian policy-making on spam?
• What are other governments doing about spam?

What is spam?

There is no single definition of spam, but everyone agrees that spam is, at a minimum, unsolicited and unwanted e-mail. Whether e-mails must be transmitted in bulk or be commercial in nature in order to be considered "spam" is the subject of debate. So is the question of whether unsolicited e-mail sent to existing customers without prior consent constitutes spam.

Definitions of spam include:

• Coalition Against Unsolicited Commercial Email [CAUCE]
• Information Technology Association of Canada [ITAC]
• bulk unsolicited mail, most of which is of a commercial nature, promoting products or services (Industry Canada)
• unsolicited bulk electronic messages, usually electronic mail messages but increasingly SMS and MMS messages (text messages and graphics/videos delivered to mobile phones) (National Office for the Information Economy (NOIE) in Australia).

Characteristics typical of spam include:

• untargeted and indiscriminate distribution;
• disguised identity and address of the originator;
• no valid or functional address to which recipients can respond in order to opt out of receiving further unsolicited messages OR failure to respect recipients' requests to stop sending unsolicited messages; and
• illegal or offensive content.

What is the problem with spam?

Spam is not just an inconvenience and annoyance to recipients. It shifts the costs of marketing from marketers to consumers, displaces legitimate e-mail, wastes resources, and reduces the productivity of those who have to deal with it.

In particular, spam:

• increases the cost of internet service, as ISPs are forced to deal with increased transmission flows, filter e-mail messages and respond to customer complaints, as consumers are forced to spend more time online in order to download unsolicited messages;
• causes slower Internet service when servers are overburdened by bulk transmissions;
• causes consumers to miss legitimate e-mail messages because they are either lost in the flood of spam, mistaken for spam, or filtered out in the effort to manage spam;
• reduces the ability of businesses to rely on e-mail as a communications tool given the likelihood of their messages being filtered out, mistaken for spam, or simply lost in the flood of spam;
• costs businesses millions of dollars per year in lost productivity; and
• frustrates e-mail users to the point that they give up on e-mail and use other means of communication instead.

The volume of spam has now reached the point at which it threatens the viability of e-mail as a reliable communications medium for businesses and consumers.

What can I do about spam?

1. Never respond to unsolicited e-mail messages from unknown sources, even to request that they stop sending you messages. That just tells them that you are a live address to which they can send more spam.
2. If there is a 1-800 number provided in the e-mail, call it and ask to be removed from the list.
3. Never buy anything in response to a spam advertisement.
4. Don't open e-mail messages that are obviously spam. They may contain programs that alert the sender to the fact that you have opened the message.
5. If your e-mail address is posted on the Internet, change the "@" to "at" (or otherwise disguise it) so that it is not automatically recognized as an e-mail address, and thus susceptible to "harvesting" by spammers as they crawl the Internet looking for addresses.
6. Don't give out your e-mail address to commercial entities without first checking their privacy policies and satisfying yourself that they won't use or share it for marketing purposes.
7. Use different e-mail addresses for different purposes: e.g., one for communicating with friends and family, one for business, and one for transacting on the Internet.
8. Use your e-mail service's spam management system - most programs allow you to identify junk e-mail when it comes in, such that any future messages from that address are either blocked or labeled as spam.
9. Use a spam-blocking or filtering service either provided by your ISP or a third party service such as:
   • Spam Filter Review 2004: List of Top Filtering Technologies
   • Giant Company: Spam Inspector 4.0 Software
   • Mailshell
   • 0spam.net
   • Qurb: Qurb 2.0 Anti-Spam Software
   • Mailwasher: Mailwasher Pro Software
   • Brightmail: Enterprise, Service Provider, Anti-Fraud & Anti-Virus Software Editions Network Associates Inc.
   • SpamAssassin Software Version 2.61
   • Cloudmark: Spamnet & Authority Software Versions
   • Anthony Muttillo Inc.: MailZapper
   • McAfee Security: SpamKiller & RedZone Suite Software
   • Lyris Technologies: MailShield Software
   • Evolvian Software: Spamender Software
   • Network Abuse Clearinghouse
   • SpamPal
   • JunkBusters
   • UXN Spam Combat
10. Report spam to ISPs, government agencies, or others collecting this information such as:
    • The Federal Trade Commission in the USA collects spam complaints: uce@ftc.gov
    • The Securities & Exchange Commission's Office of Internet Enforcement Complaint Center
    • Internet Fraud Complaint Centre
    • Spamcop.net
    • FlimFlam Dot Com
    • National Fraud Information Centre, Internet Fraud Watch Email
    • The National Consumer Complaint Centre
    • Spam Rejection
    • Spam Con Foundation Law Center
    • Report 4-1-9 Nigerian Advance Fee Fraud Spam
    • Report Pyramid Schemes & Chain Letters
    • Report e-mails promoting illegal medical products at webcomplaints@ora.fda.gov
    • Report emails promoting child pornography & exploitation at CyberSmuggling Center C3@customs.treas.gov
    • FBI's Internet Fraud Complaint Center (IFCC)
    • Google at spamreport@google.com
    • E-Consumers International
11. If spam is connected to a company located in one of the following countries, you have a case for reporting it to the relevant address.
    • Hong Kong: webmaster@ofta.gov.hk
    • Germany: mailbox@datenschutz-berlin.de
    • Finland: vihje.internet@krp.poliisi.fi
    • Australia
    • Belgium: spam@privacy.fgov.be
    • United Kingdom: data@dataprotection.gov.uk
    • Korea: spamcop@kisa.or.kr
    • China: spam@ccert.edu.cn
12. You can also complain about specific spam messages to certain government agencies:
    • The Competition Act prohibits misleading advertising. The Competition Bureau accepts online complaints about deceptive spam.
    • The Privacy Commissioner also accepts complaints about personal information collected, used and disclosed through commercial spamming activities without your consent. E-mail addresses that can be linked to you constitute "personal information" under the Personal Information Protection and Electronic Documents Act. You can complain about such activities to the Privacy Commissioner.
    • The CRTC continues to have jurisdiction over telecommunications and broadcasting, and could initiate proceedings at any time to consider regulation of spam. Complaints can be made to the CRTC.
13. Get involved in, or support, spam-fighting organizations such as CAUCE Canada.

What are Internet Service Providers doing about spam?

The Canadian Association of Internet Providers (CAIP) requires that its members abide by a "Fair Practices Document" that includes the following rule:

"CAIP Members will not knowingly allow their services to be used for the transmission of unsolicited bulk e-mail especially unsolicited commercial bulk email between parties that have had no previous commercial relationship."

Like CAIP members, most ISPs have Acceptable Use Policies for their customers, which typically place limits on the volume and type of outgoing e-mail permitted. See, for example, AOLs policy on unsolicited bulk e-mail.

In the effort to contain spam and respond to customer demand, most ISPs offer filtering services of one type or another. No filter is 100% effective however, and ISPs must be cautious not to filter out legitimate e-mail messages. For an example, see Bell Sympatico's explanation of its filtering service.

CAIP also provides a "tip sheet" for consumers on dealing with spam.

What are others in the industry doing about spam?

The Canadian Marketing Association "CMA" requires its members (who represent about 80% of direct marketers in Canada) to abide by a Code of Ethics that includes a rule against sending unsolicited email other than to existing customers. The CMA has also launched a website for consumers that includes information and tips on spam.

A working group of Canadian businesses, consumer organizations and government representatives has developed a voluntary Code of Practice for Consumer Protection in Electronic Commerce that includes the following rule on Unsolicited E-mail:

7. 1 Vendors shall not transmit marketing e-mail to consumers without their consent, except when vendors have an existing relationship with them. An existing relationship is not established by consumers simply visiting, browsing or searching vendors' Web sites.

7. 2 Any marketing e-mail messages vendors send shall prominently display a return e-mail address and shall provide in plain language a simple procedure by which consumers can notify vendors that they do not wish to receive such messages.

The Anti-spam Research Group (ASRG), under the umbrella of the Internet Research Task Force, is investigating large-scale technical solutions to the spam problem. The self-regulatory online privacy trustmark Truste offers a certification program that allows eligible websites to display a "We don't spam' seal if they agree to practices such as obtaining consent from consumers before sending commercial e-mail and offering an "unsubscribe" option that is easy to use and responsive.

Does Canada have anti-spam laws?

No. The distribution of unsolicited promotional and product information over electronic networks per se is neither illegal nor regulated in Canada. However, fraudulent practices and misleading representations are illegal, and privacy laws require an individual's consent to the collection and use of their e-mail address where it can be traced to them.

The Personal Information Protection and Electronic Documents Act (PIPEDA) requires that organizations obtain the knowledge and consent of individuals to the collection, use or disclosure of their personal information, except in specified situations. E-mail addresses are generally considered "personal information" since they can be associated with an identifiable individual. The federal Privacy Commissioner has found unsolicited marketing e-mail to violate PIPEDA in two reported cases. However, these findings are not legally binding, and there is no penalty associated with them. See CIPPIC's Privacy FAQs and Resources for more information on PIPEDA and related provincial laws.

In addition, the Criminal Code prohibits fraud, and the Competition Act prohibits misleading advertising. To the extent that spam is either misleading or fraudulent, it can be captured under these laws.

In 2003, two Private Member's Bills: C-460 (which would make spamming a criminal offence), and S-23 (which would set up a "do not spam" list, among other things) were introduced in Parliament, but later died on the order paper when Parliament was prorogued. Bill S-23 was re-introduced in 2004 as Bill S-15, "An Act to Prevent Unsolicited Messages on the Internet". Senator Donald Oliver is the sponsor of this bill.

What is the Canadian government doing about spam?

On May 11, 2004, Industry Canada announced a six-point action plan to address spam. The plan calls for:

• more effective use of existing laws to reduce spam;
• review of existing laws to identify any regulatory or legislative gaps;
• improving network management practices and industry codes of practice;
• using technology to validate legitimate commercial communications;
• enhancing consumer education and awareness; and
• promoting an international framework to fight spam.

A multi-stakeholder Task Force was established to oversee implementation of the action plan. It rendered its report in May 2005, calling for targeted anti-spam legislation, more rigorous enforcement measures, more effective industry self-regulation, and a focal point within government to coordinate actions against spam and other threats to the Internet such as spyware. A consumer education campaign, under the banner "Stop Spam Here" was launched by the Task Force, and a set of best practices for industry was put forward.

It is expected that the federal government, though Industry Canada, will act on the Task Force's recommendations in 2005/2006.

The previous policy articulated by the Canadian government on spam was set out in a July 1999 document in which Industry Canada (IC) noted that spam can be tackled by educating consumers, encouraging industry stakeholders to develop good business practice, and enforcing provisions of current legislation. This approach has been criticized as ineffectual.

In January 2003, IC released a discussion paper acknowledging that the problem had become serious, and invited comment on issues including the definition of spam, the efficiency of filtering technologies, and appropriate solutions to the spam problem. A number of interested parties commented, including:

• CAUCE Canada
• Public Interest Advocacy Centre
• The Canadian Association of Internet Providers
• Information Technology Association of Canada

Doesn't the CRTC regulate spam?

No. In 1998/99, the Canadian Radio-Television and Telecommunications Commission (CRTC) held a public proceeding to consider how, if at all, it should regulate the Internet. In the resulting decision, the Commission did not address the problem of spam and chose to leave the Internet largely unregulated. The CRTC does, however, regulate telemarketing.

How can I have input into Canadian policy-making on spam?

Industry Canada, through its Electronic Commerce Directorate, is taking the lead on spam policy at the federal level. The Anti-Spam Task Force is developing an action plan, and invites your input. You can also write to the Minister of Industry (Minister.Industry@ic.gc.ca) urging him to act on the issue.

The Competition Act prohibits misleading advertising. The Competition Bureau accepts online complaints about deceptive spam.

The Privacy Commissioner also accepts complaints about personal information collected, used and disclosed through commercial spamming activities without your consent. E-mail addresses that can be linked to you constitute "personal information" under the Personal Information Protection and Electronic Documents Act. You can complain about such activities to the Privacy Commissioner.

The CRTC continues to have jurisdiction over telecommunications and broadcasting, and could initiate proceedings at any time to consider regulation of spam. Complaints can be made to the CRTC.

You can lobby your M.P. to support legislation designed to minimize the problem of spam.

You can also join anti-spam groups such as CAUCE Canada.

What are other governments doing about spam?

In late 2003, the USA enacted nation-wide anti-spam legislation, entitled Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 or the "CAN-SPAM Act of 2003". This new law took effect on January 1st, 2004. This federal legislation pre-empts state laws on spam. Some elements of the CAN-SPAM Act 2003 include:

• prohibition of deceptive subject headings and misleading information
• prohibition of falsified routing information
• requirement for an operational opt-out mechanism with identity and physical address of sender, and
• a study on the potential of a do-not-email registry in the near future.

The US Federal Trade Commission "FTC" has engaged in law enforcement actions against deceptive commercial email and spammers who don't honor their "remove me" claims, and has engaged stakeholders in an effort to identify effective ways of dealing with spam.

States that have Anti-Spam Law

Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware Florida Georgia Hawaii Idaho Illinois

Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana

Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania

Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virginia Washington West Virginia Wisconsin Wyoming

Australia has enacted two federal laws on spam: Spam Act 2003 and Spam (Consequential Amendments) Act 2003. In addition, the National Office for the Information Economy of Australia issued a detailed report on spam.

A European Union Directive requires all EU members to adopt strong anti-spam legislation that, among other things, prohibits the sending of commercial e-mail without the recipient's prior consent (i.e., takes an "opt-in" approach to consent). As of December 2003, most EU countries, including the UK, had taken steps to adopt legislation compliant with the Directive, and others were being pressured to do so expeditiously.

The Organization for Economic Cooperation and Development "OECD" has developed Guidelines for Consumer Protection in the Context of Electronic Commerce and is working on guidelines specific to spam.

Resources

Governmental Initiatives re: Spam

Canada

• Industry Canada (IC) web page on spam
• Canadian Code of Practice for Consumer Protection in Electronic Commerce
• Spam Task Force (Industry Canada)
• CRTC Decision not to regulate internet/spam (1999)

USA

• United States CAN-SPAM Act
• Spamlinks.net: Links to US spam legislation
• Federal Trade Commission (FTC) Spam page (USA)
• FTC Consumer Alert on E-mail Harvesting
• SpamCon Foundation Law Center

Australia

• Australia's Spam Act 2003
• Australia's Spam (Consequential Amendments) Act 2003
• Coalition Against Unsolicited Bulk Email (CAUBE)
• Australian Spam Law Compliance

European Union

• European Union Laws on Spam
• European Union Directive
• Spam Laws in EU Member States
• France's New Digital Economy Bill (highly controversial digital bill)

International/Other

• Other Countries' Laws on Spam - links to governments of other nations with anti-spam laws
• Organization for Economic Cooperation and Development's (OECD) Guidelines for Consumer Protection in the Context of Electronic Commerce

Anti-Spam Organizations

• CAUCE Canada - includes links to other CAUCE sites
• Junkbusters - Tips on handling Spam
• The Spamhaus Project - UK web page containing spam info. & Top 150 known spammers (ROKSO)
• UXN Spam Combat - part of Spamhaus Project
• Anti-Spam Research Group - Taxonomy of the problem and solutions of spam
• Center for Democracy and Technology spam page (USA)
• Electronic Privacy Information Center spam page (USA)
• Telecommunications and Research Action Center - Ban the Spam webpage (USA)

Private Anti-Spam websites

• Stop Spam Here - Canadian initiative
• Be Web Aware spam page
• Spam.org - Useful Information on Reducing Spam
• Get Net Wise - Using Tools and Action against Spam
• Fight Spam on the Internet
• Death to Spam: Guide to Dealing with Unwanted email
• Self-Help Remedies on Spam
• Self Proclaimed Spam Fighter's web page
• Spam Awareness Spam information web page with links and resources
• Promoting Responsible Net Commerce
• Managing Spam: A Call to Action
• SpamPal: E-mail Classification Program
• Spam Prevention Early Warning System
• SpamArchive - Testing, Developing and Benchmarking Anti-spam Tools
• SpamNEWS - information relevant to professionals in the anti-spam sector
• Open Relay Database - Industry organizations and initiatives re: spam
• The Canadian Association of Internet Providers (CAIP)
• Canadian Marketing Association - Code of Ethics

Anti-Spam Laws, Bills, Directives and Cases

• United States Federal Law on Spam
• Other Countries' Laws on Spam
• European Union Laws on Spam
• European Union Directive
• Australia's Spam Act 2003
• Australia's Spam (Consequential Amendments) Act 2003
• France's New Digital Economy Bill
• CRTC Decision on Internet Regulation
• John Marshall Law School Cases on Spam

Spam Reports

• Phrack Magazine: A description from Phrack Magazine of how IP spoofing works and how it can be prevented, "IP-Spoofing Demystified"
• CAUBE.AU, "Spam Volume Statistics"
• Federal Trade Commission's Division of Marketing Practices 2003, "False Claims in Spam"
• Federal Trade Commission's "You've got Spam: How to 'Can' Unwanted E-mail?"
• Center for Democracy & Technology, "Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research: Six Month Report"
• Paul Hoffman & Dave Crocker, "Unsolicited Bulk Email: Mechanisms for Control"
• Paul Hoffman & Dave Crocker, "Unsolicited Bulk Email: Definitions and Problems"
• Lilian Edwards, "Canning the Spam: Is There a Case for Legal Control of Junk Electronic Mail?"
• Jonathan Byrne, "Squeezing Spam Off the Net: Federal Regulation of Unsolicited Commercial Email" (1998) 2 W.Va. JL and Tech 4
• Anti-Spam Research Group, "Internet Service Providers' Consortium Position Paper"
• National Office for the Information Economy (NOIE), "The Spam Final Report"

Back to top

This page last updated: June 2, 2007

Researched and compiled by Sukesh Kamra, LL.M.