Spam

• that companies in the US and EU are now spending upwards of US$2.5 billion on electronic direct mail
  
• the cost of generating email lists 'in-house' and actioning them is in the order of US$2 per head, in contrast to direct snail mail of US$18-100 ph and purchase of snail mail lists at around $280 ph.

     does it matter?

How Much Information, the major report by Hal Varian & Peter Lyman, suggests that many people are swamped by information. 

There are few impartial studies of the impact of spam - most research promotes particular filters or network management schemes. 

However, it is clear that those on the receiving end of electronic junk mail (spam) consider that it is a waste of time and expensive, since the recipient pays for the traffic. Some characterise it as threatening. As a business practice it is rarely effective.

     legal frameworks

Defining and regulating junk mail, electronic or paper-based, is contentious. Globally there are few guidelines or standards. Most derive from privacy legislation and principles such as the OECD privacy guidelines discussed in our Privacy guide.

The US has traditionally adopted a laissez-faire stance, given the clout of mailers and recognition of free speech issues. However, in line with tougher federal and state involvement in privacy, it appears to be moving to regulate spam. 

There's thus considerable support for proposed legislation requiring unsolicited commercial email to be labelled as advertisements (allowing them to be filtered) and include a valid return address so that consumers can opt out of receiving future advertising. The various Bills build on the 1991 Telephone Consumer Protection Act, primarily concerned with 'cold-calling' of residences.

In 1999 US industry group CommerceNet released a paper (PDF) on Unsolicited Commercial E-mail: Legislative Solutions. It updates the more learned analysis in Jonathan Byrne's 1998 paper Squeezing Spam Off The Net: Federal Regulation of Unsolicited Commercial Email, David Sorkin's 1997 paper on Unsolicited Commercial E-Mail & the Telephone Consumer Protection Act of 1991 and Michael Carroll's Berkeley Technology Law Journal paper on Garbage In: Emerging Media & Regulation of Unsolicited Commercial Solicitations.

In July 2000 the European Commission published a proposal that would prevent the sending of unsolicited commercial e-mails to potential consumers unless their prior consent had been received, effectively introducing an opt-in scheme. 

It would extend the European Electronic Commerce Directive (EECD) that requires explicit identification of unsolicited commercial email, in line with telephone sales regulation mandating that the commercial nature of the call must be made clear from the outset. The EECD must be implemented in all EU states by early 2002. 

Individual EU countries such as Austria, Italy, Germany and Sweden, are already implementing 'opt-in' schemes, where the sender has to get permission from the recipient before sending a commercial email. In the UK, Australia and New Zealand there are no specific laws the prohibiting bulk email for direct marketing. In a mid-2000 review the UK Department of Trade & Industry (DTI) concluded that self-regulation is sufficient. The US, Canada and other countries already restrict sending inappropriate email to children.

     action

In the US there's growing regulation of fax and telephone junk mail, eg fax mailer 20th Century Fax was recently fined US$1 million under the Telephone Consumer Protection Act and Yan Shtok was sentenced to two years in a Californian prison for a scam that used 50 million emails. 

Many US and EU ISPs restrict the sending of spam in the contract with their customers. ISPs are unhappy about the cost of such activity and the potential damage to their reputation. Legal proceedings have already been brought successfully by ISPs, particularly in the US.

The US Coalition Against Unsolicited Bulk Email (CAUCE), European Coalition Against Unsilicuited Commercial Email (EuroCAUCE), Mail Abuse Prevention System (MAPS) and Australian Coalition Against Unsolicited Bulk Email (CAUBE.AU) are four consumer advocacy organisations lobbying for improved regulation. 

In the US the Responsible Electronic Communications Alliance (RECA), an industry group that includes DoubleClick, 24/7 Media, Bigfoot Interactive and ClickAction, has proposed self-regulatory privacy standards to cut down on Internet spam (and presumably head off at least five bills in Congress). 

The standards, to be accompanied by a 'Seal of Approval' for online direct advertisers, would ban advertisers from sending solicitations to consumers without consent, allow consumers to remove themselves from mailing lists, restrict e-mail to relevant content, and require RECA members to state how information supplied by customers will be used. Sounds too good to be true? We'll see next year when the fine print is released.

More drastic action has been taken by the StopSpam organisation, which issues a 'Usenet Death Penalty' encouraging usenet systems administrators to delete usenet postings from ISPs such as Excite@Home ISP after alleged failure to address spamming concerns. Other activist cum vigilante groups include SpamFree (FREE), SpamCop (SCop) and Spam.Abuse.Net (SAN).

The Junkbusters organisation, despite its clunky name and dot com domain, is a US-based citizens action group that offers a lengthy set of pointers to print and online publications on spam.

     practice

Do you want use online direct mail?

There's disagreement about the legal position in Australia. Telecommunications, privacy and consumer protection legislation does not specifically prohibit spamming.

The Australian Direct Marketing Association (ADMA) has released Online Marketing Guidelines (PDF). The guidelines are not mandatory and there is no central register which consumers can use to flag that they do not want to receive junk mail. They are essentially 'opt-out': the onus is on the consumer to alert the sender that spam is not appreciated. 

This contrasts with some US proposals and EU practice with 'opt-in' schemes, where the sender has to get permission from the recipient before sending commercial email. Permission might involve recipients having ticked a box in a response form explicitly saying they are prepared to receive emails. Or it could involve registering their interest in specific subjects on a central database, maintained by a commercial operator or a trade association. Opt-out schemes are currently used for both mail and telephone sales, where the cost is borne by the sender. But the recipient bears the cost of email, so an opt-in system may be more appropriate. 

Consumer perceptions are changing: overall businesses and individuals (particularly those who receive large volumes of mail) appear to be becoming negative about junk mail. We suggest that you think carefully before spamming: any revenue that you gain may be outweighed by the damage to your brand. 

If you do send unsolicited mail, operate on an opt-in basis. Identify the nature of mail and provide valid contact details. Don't follow Medibank Private's example at Christmas 2000, sending thousands of people a message with an EXE attachment (which many recipients regard as synonymous with a virus) and a 14 line legal disclaimer.  Don't send further spam once you receive a complaint. Do follow-up any feedback.

   books

Two useful books are:

Stopping Spam (Sebastopol, O'Reilly & Associates 98) by Alan Schwartz & Simson Garfinkel (author of the recent privacy primer Database Nation) - an introduction to spam and its management for people whose diet isn't based on takeaway pizza, Jolt cola and C++

the more technical Removing the Spam: Email Processing & Filtering (Reading,  Addison-Wesley 99) by Geoff Mulligan

    next page  (site defacement, cyberjacking etc)