Bill C-28 and your inbox

David Poellhuber doesn’t seem worried that Canada’s recently passed antispam regulation will put him out of business soon.

Poellhuber is the chief operations officer of Montreal-based ZeroSpam. Bill C-28, the Fighting Internet and Wireless Spam Act, or FISA, clamps down on unsolicited commercial e-mail, forcing businesses to be able to demonstrate the receivers’ permission to contact them.

“We’re for it,” he says of the legislation. “We just think it’s badly named.”

Badly named, he says, because it’s not going to do much to deter spam artists. “It’s not going to change the spam you and I receive in our inboxes,” he says.

That’s because about 70 per cent of spam comes from botnets in Brazil, the U.S., Russia and other countries, and, “botnets don’t care about laws.”

The core of the legislation demands that businesses have recipients’ permission to send them e-mail – unless there’s a prior business relationship – and, just as importantly, makes businesses responsible for proving that permission. Fines levied by the CRTC can amount to up to $1 million for individuals and $10 million for businesses.

In a statement proclaiming “VICTORY!,” the Coalition Against Unsolicited Commercial E-mail (CAUCE) lauded the bill. “It’s been a long time coming, but Canada has an anti-spam law, and one which sets a new world standard,” wrote executive director Neil Schwartzman. It has a “tough, but fair, opt-in protocol for everyone in North America who sends commercial e-mail and other commercial messages,” he says.

I beg to differ on the “fair” aspect of that statement, without rejecting the need for legislation to deal with UCE. Given the context of who sends spam, legitimate businesses, not botnets, shoulder a disproportionate amount of the burden.

As Poellhuber points out, after the law takes effect, businesses won’t be able to ask for permission to send e-mail, either.

And as to its effect, well, the U.S. has had its CAN SPAM Act since 2004. It’s still the No. 1 source of spam worldwide, producing almost 38 per cent of spam, according to CipherTrust statistics. (Don’t get smug; Canada’s fifth on the list, producing 3.25 per cent.)

Yes, the U.S. has had some litigious success against the most persistent and unapologetic spam artists. And, says Poellhuber, it will allow the government to prosecute “the most egregious” violators among the small per cent of non-botnet spammers that are proudly Canadian-based.

C-28 also has been widely received as potentially more effective than CAN SPAM, which has an opt-out protocol, rather than opt-in.

But the most significant security risk from spam is that created by organized criminals – phishing attacks and identity theft, for example – and organized criminals, by definition, aren’t the most respectful of laws.

So I’m of two minds about the law. On the one hand, yes, there should be a special circle in hell dedicated to the most persistent spam artists. On the other, this isn’t going to change the volume, or danger, of spam in my inbox.

Businesses must recognize now, says Poellhuber, that “e-mail is a risky business.” And it’s one most businesses shouldn’t be in.

“Outsource outright your sending practices,” Poellhuber advises businesses, especially SMBs with unsophisticated, mailing-list-based practices. A legitimate e-mail marketing company won’t rent lists or flood inboxes. It’s their business at stake, too.

(ZeroSpam has a list of best practices for complying with the law  in PDF format.)

ZeroSpam has a real-time spam index  on the company home page detailing what percentage of e-mail processed by its servers is rejected as spam. For the last week, it’s been running at 77 to 91 per cent. Don’t expect a dent in that soon.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Dave Webb
Dave Webb
Dave Webb is a freelance editor and writer. A veteran journalist of more than 20 years' experience (15 of them in technology), he has held senior editorial positions with a number of technology publications. He was honoured with an Andersen Consulting Award for Excellence in Business Journalism in 2000, and several Canadian Online Publishing Awards as part of the ComputerWorld Canada team.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now