Those of you who follow the blog over at Intronis may have seen this blog post published last week:
— one thing that we can all be grateful for is the SPAM Act. December 16 marks the 13th anniversary of this act being signed. The law, which was put into effect a few weeks later in January 2004, limited businesses and organizations from sending unsolicited emails to people who have opted out.
The post gives some information on the SPAM Act, and then goes on to discuss the similarities to email then and the Internet of Things now. You can read the post in its entirety here.
If you've happened to see any recent news on email attacks, including this week's disclosure on the LA County phishing incident that happened back in May, you may be wondering why we've bothered to make spam illegal at all. Clearly criminals are still spamming, they're still making money, and they don't seem to be getting caught. And the criminals aren't the only ones filling up your inbox with bulk mail. Email is still a valuable source of customer contact and analytics data for businesses.
So what has the SPAM Act really done for us?
The SPAM Act is officially known as the CAN-SPAM Act of 2003. It's been revised over the years, and today it's best known for providing a specific set of protections for the public. The FTC describes the Act as follows:
“The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.”
Some of the more commonly recognized protections are the choice to ‘opt-in' to an email subscription, the “unsubscribe” link you'll find at the bottom of commercial messages, and the identification that an email is an advertisement. The law also spells out requirements on the accuracy of email headers and the conduct of third party companies that send marketing emails on behalf of someone else. In short, the very basic things you can count on, such as the ability to “opt-out” of a marketing newsletter, were put into place by the CAN-SPAM Act.
No law is perfect, and many people and advocacy groups had concerns that the CAN-SPAM Act would lead to more mass-marketing emails because the law didn't forbid the practice. In fact, commercial marketing via email has grown over the years, in part because so many companies offer perks like discounts or early access to email subscribers. Since email analytics continue to advance, markets have more and better information to use when targeting consumers. Email marketing offers great returns for the companies who are doing it right.
It's important to recognize that not everything commonly considered “spam” is malicious activity. The law defines spam as email whose purpose is to market a product or service. When we talk about things like phishing, for example, we're not talking about the kind of spam that the SPAM Act was originally targeting. The SPAM Act makes the following offenses criminal acts:
- Using a hijacked computer to send multiple spam emails
- Sending multiple emails using Internet Protocol addresses that the sender represents falsely as being his/her property
- Disguising the source of the emails by routing them through other computers to deceive the recipients as to their origin
- Sending out communications via multiple mailings with falsified information in the header
- Distributing multiple emails through various email accounts obtained using falsified account registration information.
If you're about to engage in email marketing, you definitely want to get familiar with this Act and the other laws that may govern your jurisdiction. The CAN-SPAM Act is hardly the only law in play here, and this blog post barely scratches the surface. Fortunately there are a lot of reputable email marketing services available, and these companies will probably not let you run afoul of the laws if you are using their systems properly. They verify subscribers, insert ‘unsubscribe' links automatically, and will red-flag any message that appears to break the rules.
Email and legitimate email marketing aren't going anywhere anytime soon. It is more important than ever that email users are able to identify suspicious email and know the procedures to follow when one arrives.
For more information on these topics, including how Barracuda can help, take a look at these resources: