Industry Canada Discussion Paper:E-mail Marketing: Consumer Choices and Business Opportunities

Comments of the Public Interest Advocacy Centre

This document is also available as a PDF [pdf file: 0.12mb]

The following comments are provided by the Public Interest Advocacy Centre (PIAC) on the Discussion Paper issued by Industry Canada in January 2003 on the issue of unsolicited commercial electronic mail (“spam”).

The Public Interest Advocacy Centre is a national non-profit organization devoted to the representation of consumer interests in matters involving public utilities, essential services, and public interest issues of broad application to Canadians. PIAC has developed a strong record of consumer advocacy since its inception in 1976, and is widely recognized as an important and influential voice for ordinary consumers in a variety of marketplace issues. PIAC is governed by a distinguished volunteer Board of Directors from across the country, and is supported by member groups and donors representing hundreds of thousands of Canadians.

The Problem of Spam

As Industry Canada’s discussion paper recognizes, unsolicited commercial email is becoming a serious problem for online consumers, and thus a serious hindrance to the further growth of this medium of communication and commerce. There have been many studies, reports, and estimates of the extent of the problem. For example:

• One research company estimates that 2.3 billion spam messages are now broadcast daily over the Internet, and that this will rise to 15 billion in 2006;1
• Another company reports that 32% of the 7.3 billion e-mail messages sent each day are spam;2
• As of March 2003, it is estimated that roughly 40% of all e-mail traffic in the
• U.S. is spam, up from 8% in late 2001 (citing Brightmail Inc., anti-spam software vendor)3 and 12-15% in 2002;4
• In the UK, its was estimated that 40% of emails received by computer users in December 2002 were spam5; another survey in February 2003 estimated that 25% of e-mail was spam (MessageLabs survey);6

ISPs estimate that the quantity of spam rose by more than 500% between September 2002 and March 2003;7 AOL’s spam filters block 1 billion messages daily8, or an average of 24 junk e-mails per account per day;9

• On 5 March 2003, AOL said it blocked a billion e-mails offering mortgages and organ enhancements;10

If 1% of the 24 million small businesses in the U.S. sent an e-mail subscriber one e-mail a year, it would result in 657 messages in the subscriber’s in-box every day;11

Type of spam sent:

• 18% pornographic or sex sites
• 33% products (inexpensive ink cartridges, etc.)
• 24% financial offers (“low-cost” loans)
• 5% scams/fraud 20% other12

Clearly, the problem is significant and shows no sign of abating, despite efforts, both technological and legal, to control it.

The Costs of Spam

• While cheap for the marketers who use it, spam is also proving costly to the economy, as well as to individual consumers.
• In the U.S., e-mail marketing is a $1.4 billion industry (citing Jupiter Research);13
• Collecting addresses to spam is relatively inexpensive: $150 for a CD with millions of addresses;14
• e-mail software is being sold online that will extract e-mail addresses from websites; prices range from $19.95 to $89.60;
• an e-mail costs a fraction of a cent to send;15

Yet,

• Spam costs are largely born by recipients, both directly and as customers of ISPs who are forced to spend money fighting it (in contrast to other media of communication such as television, radio and print, where advertising revenues support the media itself);
• Inmarsat-C cell phone holders pay US$6 to receive a 1000-character e-mail, with one-minute connection costs of US$2 – mail cannot be deleted unless it is received;16
• Brightmail, an anti-spamming company, sells its services for $5-$15 per user per year;17
• In August 2002, Computer Mail Services, a technology company, projected that a company whose 500 employees each receives 5 junk e-mails a day and uses 10 seconds to delete each one, can expect to lose $40,000/year in wasted salaries, and 105 days in lost productivity;18
• San Francisco consulting firm Ferris Research Inc. estimates that spam will cost U.S. organizations more than $10 billion in 2003, due to lost productivity, additional equipment, software and staff time needed to address the problem;19

It estimated that unwanted commercial e-mail cost

• U.S. corporations $8.9 billion in 2002;20 Close to $1 billion in Canada;21

Approaches to Controlling Spam

ISPs, regulators, consumers and entrepreneurs have been struggling with the problem of spam for some time. Many different approaches to controlling spam have emerged: technological options, self-regulatory codes, standards development and legal requirements. Those closest to the problem seem to agree that the solution will require action on all fronts: technology, self-regulation, standards development, and law.22

(a) Technological options

The market has produced an array of constantly-evolving filtering and blocking services, now widely used by ISPs as well as individual e-mail users. Different methods of filtering are used, including blacklists of known spammers’ Internet addresses. Companies such as Brightmail Inc. who specialize in anti-spam software are finding a growing market for their services. While these filtering services help to reduce the costly impact of spam on ISPs and users, however, they do not appear to be stopping spammers from engaging in the practice in the first place.

Non-governmental organizations such as the US-based Internet Research Task Force’s recently inaugurated “Anti-Spam Research Group”, are attempting to develop technological means to better control spam. The group’s Charter focuses on the need to allow for “consent-based communication”, under which “an individual or organization should be able to express consent or lack of consent for certain communication and have the architecture support those desires.”23 The Chair of this group noted that technical and legal solutions must work hand in hand.24

Another group recently formed in the USA, “JamSpam”, was created “to produce an open interoperable antispam specification that serves as a universal solution to both edges of the spam sword”.25 Some options being considered include developing e-mail authentication standards to ensure that legitimate messages are recognized and delivered securely, closing “open relays” – insecure servers used by spammers to send bulk e-mail, and creating more transparency for legitimate messages, so as for example to be able to discern whether the message is a newsletter, a bill, or a message from a friend.26

(b) Policy and self-regulatory approaches

There are hundreds, if not thousands, of mailing lists, message boards and anti-spam organizations battling the problem of junk e-mail.

ISPs deal with spam in a variety of ways, including automatic filtering technologies, as well as customer-controlled filtering services. Microsoft recently announced that its MSN Hotmail subscribers would be limited to sending only 100 messages per day, “in an effort to prevent spammers from using Hotmail to spread spam”.27 Prior to this, Microsoft relied on filtering technology: it filtered all messages twice, first through its e-mail servers and then at the subscriber end, based on the subscriber’s own designation of previous messages as junk.28

In January 2003 AT&T WorldNet unsuccessfully tried to use a “reverse DNS lookup” to block spam: ISP servers were programmed to relate incoming e-mail’s originating address to a valid domain name or Web address by looking it up in a DNS database; if not there, the message was dropped. This approach failed, however, as too many legitimate e-mails were dropped.29

In addition to spam filtering and acting on subscriber complaints, AOL tracks the volume of e-mail in its system, and terminates AOL subscribers who have unusually high volumes of outgoing mail.30

ISPs such as Yahoo and Microsoft have also changed their registration processes so as to make it more difficult for spammers to automate the process of creating new free e-mail accounts.

Associations of Direct Marketers are also trying to control their members’ behaviour online. But even effective self-regulation by such bodies is ineffective insofar as spammers are not members of the organization.

(c) Legislation

In the USA, Microsoft, AOL, Verizon, Earthlink and other ISPs are aggressively pushing for national legislation. Even marketers, who generally oppose more regulation, now support the drive for national legislation, if only to avoid a patchwork of state regulations that vary in strength and approach: in October 2002, the American Direct Marketing Association announced that it supported federal anti-spam legislation that would ban false headers.31

The following approaches are either being taken in other jurisdictions, or are being considered, currently:

(i) Regulate Spammers

• prohibit unsolicited commercial email without explicit, prior, opt-in consent from the recipient;32
• require labeling of all unsolicited commercial email as such;33
• require standardized labeling of all unsolicited commercial email (e.g., “ADV” in the subject line of the email);34
• require electronic marketers to filter out addresses maintained in a central database of users who register their wish not to receive any unsolicited commercial email (similar to telemarketing “Do Not Call” lists);35
• require valid, active e-mail address of sender to be displayed on all messages;36
• require conspicuous, easy, effective opt-out of further mailings by recipients;37
• prohibit the sending of messages to those who have requested to be removed from the sender’s list;38
• prohibit transmission of large quantities of advertising email using randomly chosen addresses;39
• prohibit the harvesting of e-mail addresses from the Internet;
• prohibit falsified or forged routing and transmission information, as well as the sale of software designed to permit such falsification or forgery;40

(ii) Regulate ISPs

• require the licensing of all ISPs, and make a condition of license the blocking of spam41
• prohibit ISPs from selling or trading subscriber e-mail addresses to marketers;

(ii) Regulate Businesses who use e-mail lists compiled by others

• prohibit the use by marketers of e-mail addresses without documented proof of addressee’s consent to receive unsolicited commercial e-mail;

(iii) Empower E-mail users and ISPs to enforce law and obtain redress

• Provide users and ISPs with the right to sue spammers for specified damages per unsolicited e-mail received in violation of the law;42

PIAC Position

As others have noted, spam is a serious problem in need of a multi-faceted and coordinated response. Neither technological nor legal approaches alone will suffice; both are needed.

Legal initiatives are needed both to further encourage the development of technological “fixes” and to deter spammers. Even where enforcement of laws is difficult, it is important to establish ground-rules for online marketers, so that the limits of acceptability are clear, and so that enforcement can proceed where possible.

PIAC advocates an internationally-coordinated approach which includes:

• prohibition of all unsolicited commercial e-mail without prior, explicit consent from the recipient or contrary to the recipient’s expressed wishes; * Alternatively, establishment of a national “Do Not Send” database, in which e-mail users can register their desire not to receive any unsolicited e-mail, and which all e-mail marketers are required to respect; AND prohibition of the sending of unsolicited commercial e-mail to such addresses;
• a standardized labeling requirement for all advertising e-mail;
• inclusion, at the top of each commercial message, of a simple method by which recipients can opt-out of any future mailings;
• specific prohibition of false, misleading, or invalid information in e-mail messages, as well as disguised paths of transmission;
• specific prohibition of software products used to harvest e-mail addresses from the Internet, to falsify return addresses, or to disguise transmission paths;
• significant penalties for violation of the law (e.g., $25 per illegal e-mail message); and
• statutory provision for civil suits by e-mail users and ISPs against spammers.

Only with a set of meaningful rights and obligations such as those above will e-mail users and service providers be properly equipped to control spam.

Contact: Philippa Lawson Senior Counsel Public Interest Advocacy Centre 1204 – 1 Nicholas St. Ottawa, Ontario K1N 7B7 tel: (613)562-4002 x.24 fax: (613) 562-0007 email:plawson@piac.ca

http://www.piac.ca

1 “States Still Trying to Stop Spam” Wired News (7 February 2003) http://www.wired.com/news/print/0,1294,57585,000.html
2 Ira Teinowitz, “FTC to Hold Spam Workshop: Three-Day Hearings Could Lead to Reglatory Action” online: ADAGE.com news (3 February 2003).
3 Jonathan Krim, “Spam’s Cost To Business Escalates: Bulk E-Mail Threatens Communication Arteries” Washington Post (13 March 2003)
4 Jennifer Lee “Spam: An Esclating Attack of the Clones” The New York Times on the Web (27 June 2002).
5 Claire Cozens,, “ASA clamps down on spam” The Guardian online: The Guardian http://www.guardian.co.uk/Print/0,3858,47617533,00.html
6 “Spam comprises nearly quarter of email” online: SMH.com.au (11 February 2003).
7 Stefanie Olsen, “Hotmail restricts outgoing messages”, CNET News.com (24 March 2003).
8 Ibid.
9 AP “AOL Claims Record Block of Spam E-Mails” The Washington Post (5 March 2003) online: Washington Post http://www.washingtonpost.com/ac2/wp-dyn/A47523-2003Mar5?language=printer
10 Ibid.
11 Jonathan Krim, op cit
12 Neil McIntosh, , “Mail out of order” The Guardian 27 February 2003)
13 Jonathan Krim, op cit
14 James Love, “Taking on Junk E-Mail” online: Consumer Project on Technology http://www.cptech.org
15 Ibid.
16 Herwig Feichtinger e-mail (18 May 2000), on CAUCE website http://www.cauce.org/tales/retrieve_mail.shtml
17 Neil McIntosh, op cit.
18 E-mail “The High Price of Spam” (1 March 2002; printed 3 August 2002).
19 Ibid.
20 Brian Morrissey “Spam Cost Corporat eAmerican $9B in 2002” online: Juperiterresearch http://cyberatlas.Internet.com/big_picture/applications/print/0,,1301_1565721,00.html
21 http://webmania.ctv.ca/w2003jan17.htm
22 See Stefanie Olsen, “Tech Firms tackle spam”, CNET News.com (14 March 2003); and WIRED NEWS, “Net Gurus Rally Anti-Spam Forces”, 01 March 2003.
23 WIRED NEWS, “Net Gurus Rally Anti-Spam Forces”, 01 March 2003.
24 Ibid.
25 Stefanie Olsen, “Tech Firms tackle spam”, CNET News.com (14 March 2003).
26 Ibid.
27 Stephanie Olsen, op cit.
28 Microsoft “Spiking The Spammers” (12 February 2003) online: Microsoft on the Issues http://www.microsoft.com/issues/essays/2003/02-12spam.asp
29 Stefanie Olsen, “AT&T spam filter loses valid e-mail” online: CNET (24 January 2003) http://news.com.com/2102-1023-982118.html
30 Ibid.
31 Jonathan Krim, op cit.; Ken Magill, “Minnesota Anti-Spam Law Takes Effect, Texas Introduces Bill” DMNews (4 March 2003)
32 E.g., Delaware; France; UK, EU (to become effective end of 2003), Korea (impending)
33 E.g., UK (ASA), California
34 E.g., Minnesota, Washington, Korea,
35 “States Still Trying to Stop Spam” Wired News (7 February 2003)
36 E.g., Japan, Minnesota, Virginia, Washington
37 E.g., Arizona, California,
38 E.g., Japan, Arizona, Minnesota, Ohio,
39 E.g., Japan
40 E.g., Virginia, Washington.
41 Proposed by an M.P. in the U.K.: Neil McIntosh, op cit.
42 E.g., Minnesota, Ohio, Texas, Utah, Virginia, Washington