Canada's new Bill C-28 aims to reduce email spam
December 17, 2010
Canada has recently passed new ligislation with the introduction of Bill C-28 that is aimed at greatly cutting down on the amount of email spam businesses are getting everyday. David Poellhuber is the chief operations officer of Montreal-based ZeroSpam.
Canada's new Bill C-28 clamps down on unsolicited commercial e-mail, forcing businesses that send bulk emails to be able to demonstrate the receivers’ permission to send advertising or promotional email messages.
Poellhuber says “We’re all for it. We just think it’s badly named, that's all.” He thinks it's badly named because it’s not going to do much to deter spammers which are almost always a step or two ahead of anybody else, especially governments. “It’s not going to reduce much of the spam you and I receive in our inboxes,” he says. "It might make a small dent, but it won't be significant," he added.
That’s because almost 71 percent of all email spam comes from botnets (complex networks that send millions of spam emails per hour) in Brazil, Roumania, Poland, China, the U.S., Russia and other countries. "Botnets don’t care about laws," said Poellhuber.
The basic principle of the new legislation specifically demands that businesses have recipients’ permission to send them email (unless there’s a prior business relationship) and, just as importantly, makes businesses that send bulk emails responsible for proving that permission.
Fines levied by the CRTC can amount up to $1 million for individuals and $10 million for businesses that break the law.
In a statement proclaiming “Victory!,” the Coalition Against Unsolicited Commercial E-mail (CAUCE) welcomed and fully embraced the new bill. “It’s been a long time coming, but Canada has an anti-spam law, and one which sets a new world standard,” wrote executive director Neil Schwartzman.
“It has a tough, but fair, opt-in protocol for everyone in North America who sends commercial e-mail and other commercial messages,” he says.
Poellhuber added "I beg to differ on the “fair” aspect of that statement, without rejecting the need for legislation to deal with UCE. Given the context of who sends spam, legitimate businesses, not botnets, shoulder a disproportionate amount of the burden."
As he points out, after the law takes effect, businesses won’t be able to ask for permission to send e-mail, either.
And as to its effect, the U.S. has had its CAN SPAM Act since 2004, and by far, it’s still the No. 1 source of spam globally, producing a staggering 38 percent of all email spam sent on the Internet everyday, according to Cipher Trust statistics.
But the U.S. did have some litigious success against the most persistent and unapologetic spam artists, however. And it will prosecute “the most egregious” violators among the small percent of non-botnet spammers that are Canadian-based.
Bill C-28 also has been widely received as potentially more effective than CAN SPAM, which has an opt-out protocol, rather than opt-in.
However, the most significant security risk from email spam is that it is created by organized criminals: phishing attacks and identity theft, for example, and organized criminals, by definition, aren’t the most respectful of laws, if any.
"Businesses must recognize that e-mail is a risky business, and it’s one most businesses shouldn’t be in," added Poellhuber.
He added “Outsource your sending practices, especially SMBs with unsophisticated, mailing-list-based practices. A legitimate e-mail marketing company won’t rent lists or flood inboxes. It’s their business at stake, too."
His company, ZeroSpam has a real-time spam index on the company's home page detailing what percentage of e-mail processed by its servers is rejected as spam. For the last week, it’s been running at 77 to 91 percent.
Source: ZeroSpam Inc.
You can link to the Internet Security web site as much as you like.