regulation in Australia
This page deals with electronic junk mail (spam, speam,
spit and spim) - also known as unsolicited commercial
email (UCE) - and email scams.
It covers -
profile about electronic mail, instant messaging, chat
and other messaging systems is here.
A profile discussing the regulation of spam in Australia
and New Zealand is here.
There is also a note about
EU, US and ITU developments.
If you've used email you've almost certainly encountered
UCE, a concern because
recipient pays for unwanted (and often offensive) messages,
leading some to characterise spam as a form of trespass
volume of messages floods many mailboxes, reducing productivity,
increasing stress and requiring action by ISPs
or corporate network administrators
that flood is perceived by some recipients as an insuperable
often forge addresses, resulting in damage to reputation
and even blacklisting of legitimate email in some instances
spammers exploit open relays or other technical inadequacies
to use the machines of other internet users in sending
spam travels across national borders, posing challenges
for national and international governance.
Uptake of instant messaging (IM) systems means that more
consumers are encountering spim, the IM version of spam.
Spam is used by direct marketers because mailing lists
are readily available (eg can be purchased from specialists
or generated from databases of all inquiries to a web
site), because it is 'easy' - a few keystrokes and a message
appears in email boxes all over the world - and because
sufficient recipients respond to make the mailout commercially
The average cost per thousand addresses for permission-based
email lists is between US$200 and $600 (with a response
rate of 3% to 10%). For addresses marketed by spam merchants
the average cost is between 0.1 and 0.025 of a US cent
(with a response rate of up to 0.5%). As they say in the
US, do the math - enough people respond to spam to make
It is not uncommon to receive offers - via spam, of course
- for a three CD set that supposedly contains "300
Million Email Addresses and 1.5 Million USA Business Fax
Numbers" for a mere US$99. The disks claim to offer
email addresses of people living in all US states (broken
down by area codes) and addresses of people -
interested in gambling
a home based business
interested in online shopping
interested in gardening interested in golf.
interested in fitness, weight loss, etc
interested in Opt-In"
"who have bought more than $1,000 over the Internet
in the last 2 months"
interested in traveling and vacationing.
with 25 million verified AOL, Compuserve & MCI addresses.
Spam is also used because some marketers claim that response
rates are significantly higher than those for traditional
junk mail (eg 0.5% rather than 0.001%), although such
figures are problematical. We've highlighted some issues
in our Marketing guide.
Figures on investment by marketers (eg the 132 page PDF
from eMarketer) are even more contentious than those on
traffic. However, it is common to see claims that
companies in the US and EU are now spending upwards
of US$2.5 billion pa on electronic direct mail
the cost of generating email lists 'in-house' and actioning
them is in the order of US$2 per head, in contrast to
direct snail mail of US$18-100 ph and purchase of snail
mail lists at around $280 ph.
There is little agreement regarding figures about -
volume of spam sent to consumers
volume received (not necessarily the same, as many ISPs
and organisations employ filters that deflect the junk
before it arrives in the recipient's in-box)
volume actually opened by recipients
rates, the frequency of particular types of messages
and points of origin
reason for uncertainty is that many figures come from
vendors of anti-spam products/services. Particular announcements
by the anti-spam industry have received widespread attention,
particularly in the mass media, but been questioned. Another
reason is that volumes appear to vary significantly, with
US studies suggesting that recipients in the entertainment
and transport industries get a higher per capita number
of messages than those those in the health or construction
One study suggested that 2.8 billion direct marketing
email messages were sent in 1998, with - hold your breath
- that figure forecast to rise to 236 billion in 2005.
US-based AOL estimated in 2001 that spam accounted for
30% of email to its subscribers, between 5 and 8.5 billion
messages pa. By mid-2003 other ISPs and institutions were
claiming that spam accounted for up to 45% of incoming
messages. Filter vendor MessageLabs claimed in May 2003
that 55.1% of all messages scanned were spam; competitor
SpamTrap announced that 55.8% of messages tracked with
its service were spam.
A January 2001 study
from the European Commission suggests that internet users
pay 10 billion euro in connection costs just to receive
spam. Other studies have claimed that at the beginning
of 2002 some ISPs were now receiving between 4 and 20
items of spam for every genuine message.
Anti-spam vendor Brightmail claimed that of 5.5 million
unique UCE messages identified through its service in
November 2002, over 75% were solicitations for consumer
products, financial services and adult content, with 25%
regarding online scams or spiritual, health and other
services. In July 2003 Brightmail projected
least 1 in 2 of all emails that individuals and businesses
receive will be spam by September 2003 or earlier, and
a fifth of spam in the UK will be pornographic.
August 2001 Gallup Poll report
indicates that most US email users say that up to 30%
of messages they receive are spam; 39% say they receive
more than that, including 18% who say that at least half
their e-mail is spam. 42% said they "hate it," 45% said
spam is "an annoyance, but do not hate it," while the
rest have no strong feelings either way (9%) or sometimes
find the information contained in spam useful (4%).
And the cost?
In 2003 Ferris
Research claimed that the cost of spam in the US was US$10
billion per year. Radicati
Group - noted for the claim that "email failure is
more stressful than divorce" - estimated that the
global cost for 2003 would be US$20.5 billion. Nucleus
Research claimed US$87 billion for the US alone in 2003.
Those figures - and similar estimates from Australia and
the EU - are problematical because they appear to assume
that all messages are individually scrutinised by recipients
and then manually deleted. In practice many consumers
appear to be manually identifying and preemptively deleting
spam on the basis of the message title, the sender's email
address or even the ccTLD
(with the exclusion of much email from Romania or S Korea).
Others are actively using filtering tools, which for example
allow a recipient to add all messages from a particular
address or with a particular title to a personal filter.
does it matter?
How Much Information, the major report
by Hal Varian & Peter Lyman, suggests that some -
perhaps many - people are swamped by information.
There are few impartial studies of the impact of spam
- most research promotes particular filters or network
However, it is clear that those on the receiving end of
electronic junk mail (spam) consider that it is a waste
of time and expensive, since the recipient pays for the
traffic. Some characterise it as threatening. As a business
practice it is rarely effective.
A February 2001 study
by NFOWorldWide, for example, suggests that when consumers
change email address (41% of US respondents chaged within
2 years), under 32% inform regularly-visited sites and
newsletter lists. 78% commented that they were receiving
unsolicited mail from those sites. 5% were receiving over
100 messages a week.
Defining and regulating junk mail, electronic or paper-based,
is contentious. Globally there are few guidelines or standards.
Most derive from privacy legislation and principles such
as the OECD privacy guidelines discussed in our Privacy
Perceptions about the likelihood of building on those
guidelines varies. In January 2003 Jamie Love of the Consumer
Project on Technology (CPT)
for example claimed that
reason there is no cross border cooperation on rules
is both ideological and the result of lobbying by firms
that dream the Internet will be a haven for self-regulation
on other issues. Hence, we tolerate spam, to prevent
cross border consumer protection measures from getting
off the ground.
US has traditionally adopted a laissez-faire stance, given
the clout of mailers and recognition of free speech issues.
However, in line with tougher federal and state involvement
in privacy, it has been moving to regulate spam, with
state legislation driving the development of federal law.
In 1999 US industry group CommerceNet
released a paper (PDF)
on Unsolicited Commercial E-mail: Legislative Solutions. It
updates the more learned analysis in Jonathan Byrne's
Squeezing Spam Off The Net: Federal Regulation of Unsolicited
Commercial Email, David Sorkin's 1997 paper
on Unsolicited Commercial E-Mail & the Telephone
Consumer Protection Act of 1991 and Michael Carroll's
Berkeley Technology Law Journal paper
on Garbage In: Emerging Media & Regulation
of Unsolicited Commercial Solicitations.
Michael Geist's 2004 Untouchable? How Canadian Law
Can Tackle Spam (PDF)
argues that despite the absence of specific anti-spam
legislation current Canadian legal options allow for enforcement
actions against most conduct addressed by anti-spam enactments
and suggests that the problem primarily results from the
lack of aggressive enforcement action by government agencies.
A map of overseas anti-spam codes and laws is here.
For a global view we recommend Wye Keen Khong's 2001 JILT
Spam Law for the Internet.
For a more detailed discussion of particular national
and international regulatory initiatives see
Many US and EU ISPs restrict the sending of spam in the
contract with their customers. ISPs are unhappy about
the cost of such activity and the potential damage to
their reputation. Legal proceedings have already been
brought successfully by ISPs, particularly in the US.
The US Coalition Against Unsolicited Bulk Email (CAUCE),
European Coalition Against Unsolicited Commercial Email
Mail Abuse Prevention System (MAPS)
and Australian Coalition Against Unsolicited Bulk Email
are four consumer advocacy organisations lobbying for
organisation, despite its clunky name and dot com domain,
is a US-based citizens action group that offers a lengthy
set of pointers to print and online publications on spam.
In the US the Responsible Electronic Communications Alliance
an industry group that includes DoubleClick, 24/7 Media,
Bigfoot Interactive and ClickAction, sought to channel
legislative proposals by suggesting self-regulatory privacy
The standards, to be accompanied by a 'Seal
of Approval' for online direct advertisers, would ban
advertisers from sending solicitations to consumers without
consent, allow consumers to remove themselves from mailing
lists, restrict email to relevant content, and require
RECA members to state how information supplied by customers
will be used.
More drastic action has been taken by the StopSpam
organisation, which issues a 'Usenet Death Penalty' encouraging
usenet systems administrators
to delete usenet postings from ISPs such as Excite@Home
ISP after alleged failure to address spamming concerns. Other
activist cum vigilante groups include SpamFree (FREE),
and Spam.Abuse.Net (SAN).
Do you want to use online direct mail?
The Australian Direct Marketing Association (ADMA)
has released Online Marketing Guidelines (PDF).
The guidelines are not mandatory and although ADMA now
maintains a central register which consumers can use to
flag that they do not want to receive print/digital junk
mail the organisation does not cover all direct marketers
and there are questions about use of the data. The register
embodies an 'opt-out' approach: the onus is on the consumer
to alert the sender that spam is not appreciated.
This contrasts with some US proposals and EU practice
with 'opt-in' schemes, where the sender has to get permission
from the recipient before sending commercial email. Permission
might involve recipients having ticked a box in a response
form explicitly saying they are prepared to receive emails.
Or it could involve registering their interest in specific
subjects on a central database, maintained by a commercial
operator or a trade association. Opt-out schemes are currently
used for both mail and telephone sales, where the cost
is borne by the sender. But the recipient bears the cost
of email, so an opt-in system may be more appropriate.
A December 2002 New York Times article on the privacy
practices of Vivendi
subsidiary MP3.com noted that the site
users to provide an e-mail address before they can listen
to music. Then, without offering a choice or notice,
the site adds that address to six mailing lists, including
a music newsletter and one for "partner product
A note at the bottom of the messages sent to the lists
offers two ways to avoid receiving e-mail. The first,
less user-efficient method involves clicking a link.
But as it turns out, this removes the person's address
from only one list. The second way is to send the message
to an "unsubscribe" address. ....
is also a third approach: The user can go to the site's
e-mail preferences area to opt out. But because of the
confirmation screens for each list, it can take 21 pages
of clicking before the user is reasonably assured of
being removed from all the mailing lists.
defence? The company needs to be aggressive with its e-mail
marketing "to keep the lights on and to keep the
service free for people".
Consumer perceptions are changing: overall businesses
and individuals (particularly those who receive large
volumes of mail) appear to be becoming negative about
junk mail. We suggest that you think carefully before
spamming: any revenue that you gain may be outweighed
by the damage to your brand.
If you do send unsolicited mail, operate on an opt-in
basis. Identify the nature of mail and provide valid contact
details. Don't follow Medibank Private's example at Christmas
2000, sending thousands of people a message with an EXE
attachment (which many recipients regard as synonymous
with a virus) and a 14 line legal disclaimer. Don't
send further spam once you receive a complaint. Do follow-up
Although there are a large number of academic papers and
industry documents regarding the dimensions of the spam
problem, its impact and potential regulation there are
surprisingly few books on UCE.
Two of the better works on technical aspects are -
Spam (Sebastopol: O'Reilly & Associates 1998)
by Alan Schwartz & Simson Garfinkel (author of the
privacy primer Database Nation) - an introduction
to spam and its management for people whose diet isn't
based on takeaway pizza, Jolt cola and C++
the more technical Removing the Spam: Email Processing
& Filtering (Reading: Addison-Wesley 1999)
by Geoff Mulligan
views of and from within the industry see
Kings: The Real Story behind the High-Rolling Hucksters
Pushing Porn, Pills, and %*@)# Enlargements (Sebastopol:
O'Reilly 2004) by Brian McWilliams
Inside the SPAM Cartel (New York: Syngress
2004) by Spammer-X
Spam Wars: Our Last Best Chance to Defeat Spammers,
Scammers & Hackers (New York: Select 2004)
by Danny Goodman
A note about the 419 (aka Nigerian) email scam and chain
email scams is here.
(site defacement and DOS)