David Poellhuber doesn’t seem worried that Canada’s recently passed antispam regulation will put him out of business soon.
Poellhuber is the chief operations officer of Montreal-based ZeroSpam. Bill C-28, the Fighting Internet and Wireless Spam Act, or FISA, clamps down on unsolicited commercial e-mail, forcing businesses to be able to demonstrate the receivers’ permission to contact them.
“We’re for it,” he says of the legislation. “We just think it’s badly named.”
Badly named, he says, because it’s not going to do much to deter spam artists. “It’s not going to change the spam you and I receive in our inboxes,” he says.
That’s because about 70 per cent of spam comes from botnets in Brazil, the U.S., Russia and other countries, and, “botnets don’t care about laws.”
The core of the legislation demands that businesses have recipients’ permission to send them e-mail – unless there’s a prior business relationship – and, just as importantly, makes businesses responsible for proving that permission. Fines levied by the CRTC can amount to up to $1 million for individuals and $10 million for businesses.
In a statement proclaiming “VICTORY!,” the Coalition Against Unsolicited Commercial E-mail (CAUCE) lauded the bill. “It’s been a long time coming, but Canada has an anti-spam law, and one which sets a new world standard,” wrote executive director Neil Schwartzman. It has a “tough, but fair, opt-in protocol for everyone in North America who sends commercial e-mail and other commercial messages,” he says.
I beg to differ on the “fair” aspect of that statement, without rejecting the need for legislation to deal with UCE. Given the context of who sends spam, legitimate businesses, not botnets, shoulder a disproportionate amount of the burden.
As Poellhuber points out, after the law takes effect, businesses won’t be able to ask for permission to send e-mail, either.
And as to its effect, well, the U.S. has had its CAN SPAM Act since 2004. It’s still the No. 1 source of spam worldwide, producing almost 38 per cent of spam, according to CipherTrust statistics. (Don’t get smug; Canada’s fifth on the list, producing 3.25 per cent.)
Yes, the U.S. has had some litigious success against the most persistent and unapologetic spam artists. And, says Poellhuber, it will allow the government to prosecute “the most egregious” violators among the small per cent of non-botnet spammers that are proudly Canadian-based.
C-28 also has been widely received as potentially more effective than CAN SPAM, which has an opt-out protocol, rather than opt-in.
But the most significant security risk from spam is that created by organized criminals – phishing attacks and identity theft, for example – and organized criminals, by definition, aren’t the most respectful of laws.
So I’m of two minds about the law. On the one hand, yes, there should be a special circle in hell dedicated to the most persistent spam artists. On the other, this isn’t going to change the volume, or danger, of spam in my inbox.
Businesses must recognize now, says Poellhuber, that “e-mail is a risky business.” And it’s one most businesses shouldn’t be in.
“Outsource outright your sending practices,” Poellhuber advises businesses, especially SMBs with unsophisticated, mailing-list-based practices. A legitimate e-mail marketing company won’t rent lists or flood inboxes. It’s their business at stake, too.
(ZeroSpam has a list of best practices for complying with the law in PDF format.)
ZeroSpam has a real-time spam index on the company home page detailing what percentage of e-mail processed by its servers is rejected as spam. For the last week, it’s been running at 77 to 91 per cent. Don’t expect a dent in that soon.
