Anti Spam - SpamUnit

Anti-spam laws are a relatively recent innovation, but are becoming more and more important across the world. Here, we will look at spam law and spam sentencing in some important countries, including American spam laws, spam law in Russia and elsewhere.

The United States spam laws are mostly based around the CAN SPAM act of 2003. Of course, the individual states have their own laws. New Jersey is trying to institute its own anti-spam law, while California has very stringent antispam rulings on its law books. But the CAN SPAM act is making all the headlines. “Spam kings” from coast to coast have been detected and prosecuted under this law. The key aspects of the law are honesty and consent: users must be able to opt out of the mailing list, contact the mailing list provider, and be able to trace the sender via correct header and return address information. Also, adult spam is specifically targeted: all pornographic messages must be labelled accordingly.

However, it is judged that most spam, even from within the USA, breaks these laws. This has resulted in some high-profile arrests, such as those of “spam-king” Soloway and fellow spammer Vitele in mid-2007. Since then, spam rates have not dropped significantly worldwide, but the hefty sentences promised for the likes of Soloway may act as a deterrent.

In the United Kingdom, European Union spam law - even more restrictive than American law in some ways - is in effect, but there is also domestic precedent. A few individual users have won small cases against spammers within the UK for sending unsolicited mail; however, as so little spam actually originates from within the country, these cases cannot be judged as massively important, ground-breaking though they may be.

Russian spam laws are sometimes seen as being rather lax. In 2000, the Federal Russian law admittedly did declare that it was the right of the email user not to receive unsolicited email. However, the wording of the law, at least as of a 2003 interpretation, was that it was the responsibility of the ISP to block emails from reaching the user . Since then, not that much has changed: as of 2005, the state of affairs was the same - and, in a very indirect way, this may have resulted in a murder. Russian spammers are sometimes seen as a law unto themselves, and so too can be the retribution. Vardan Kushnir was murdered in 2005 apparently in a spam-related killing. The notorious spammer was found dead in his apartment after his national spam campaign for his English language school quickly became legendary amongst Russian internet users. One security consultant from Sophos, Carole Theriault, said, “If Kushnir was murdered as a result of sending unsolicited spam, Russian law-makers might want to reconsider their current computer crime legislation.” Of course, blaming the legal situation for the murder should not absolve the actual killers, but the point remains that the legal situation for spam in Russia is far less restrictive than in America and most of Europe.

Of course, due to relations between Russia and the USA, American laws do not apply in Russia, and extradition seems extremely unlikely. The same goes for the EU, despite slightly closer cooperation between the two. But in an increasingly electronic world, perhaps spam laws in Russia may come sooner rather than later.

Finally, Australian spam laws only came into force in 2004. Before that, existing laws were shoehorned around spam offences, but then the Spam Act 2003 was drafted, becoming law a year later. This law is largely similar to the previous year’s CAN SPAM Act in the USA. Its three guiding principles are Consent, Identify and Unsubscribe. The users must have given express or inferred consent to receive marketing mails. Express consent is obvious, but inferred consent is a subject of hot debate. Nonetheless, as long as the other two are adhered to, it’s academic: the user must be able to identify the company responsible, via specific details such as address and contact information given in the email. In doing so, they must also be able to unsubscribe from the mailing list with ease. Predictably, not all marketers adhere to the law, yet it took two years for the first arrest to occur. In April 2006, Wayne Mansfield of marketing company Clarity1 was arrested for breaching the Act; he was fined AUD$1m and his company AUD $4.5m. This was not his first spam-related arrest, but his first under the new, specific spam law. This development served as a warning shot to the shrinking influence of the Australian spam community.

Seemingly, the problem is that spam is a global business. Spammers can keep moving and operate in territories that have little chance of detecting them, and even if they do, they may not have the laws to deal with them. What’s more, the growth of botnets and IP masking techniques render many laws difficult to enforce. It’s a challenging time for law enforcement agencies and perhaps only international cooperation can fix the spam problem once and for all.