• forIndividuals
  • forBusiness
  • forCommunity
search
About usFact sheetsPrimary legislationWhat's new?
DictionaryTeachingContact usSite mapLinks
click to go home


Our Fact Sheets provide a detailed account of 29 areas of law as they apply to the Internet

Fact Sheets



IIA releases draft Cybercrime Code of Practice in July 2003

Use of customer information

Spamming


1. What is spamming?

Spamming or UBE (unsolicited bulk e-mai) refers to sending unwanted or unsolicited emails (eg advertisements) to a large number of people via a mailing list or newsgroup. It is referred to as the electronic equivalent of junk mail.

A proliferation of spam in recent years has resulted in the loss of time and privacy to email users and increased costs to the ISP and email consumer.

2. Problems Associated With Spam

Spamming is a major problem for ISPs and email users. Spam increases the processing and storage requirements of ISPs for which consumers ultimately pay regardless of whether the ISP bills by connection time or data downloads. This is because an ISP cannot distinguish between legitimate and bulk emails and cannot simply delete the unwanted e-mails. Spammers rarely use the same address twice and are difficult to trace.

The acceptable use policies (UAPs) of many ISPs (for example,see Acceptable Usage Policy) prohibit spamming enabling the ISP to terminate the service it provides to any customers who send spam.

3. Is spamming legal?

New Australian legislation relating to spam - the Spam Act 2003 - came into effect on 10 April 2004. It is now illegal to send, or cause to be sent, 'unsolicited commercial electronic messages'. The Spam Act is enforced by the Australian Communications Authority (ACA). For information on spam laws, spam reduction, internet security tips and how to report spam, visit www.spam.aca.gov.au.

Existing privacy laws do not specifically ban spamming. However, the new privacy laws require businesses who wish to send marketing material to their customers via e-mail to obtain express advance permission from the customer. These laws endorse an "opt-out approach" to spamming. The laws will allow the use of personal information for direct marketing purposes provided an individual is given the opportunity to opt-out of receiving any further direct marketing.

It is a criminal offence (Crimes Act 1914(Cth) section 76E(b)) punishable by a maximum of 10 years imprisonment to interfere with, interrupt or obstruct the lawful use of a computer by means of a carrier (telephone line or ISP) or facility provided by the Commonwealth Government. A spammer was convicted under this law for relaying spam off a Commonwealth facility without permission.

The National Privacy Principles require that personal information collected must be necessary for one or more of the functions or activities of an organisation and must be collected only by lawful and fair means and not in an unreasonably intrusive way. Personal information collected by spamming may constitute collecting information in an intrusive way. Repeated unsolicited mail would appear unreasonably intrusive. After December 2001 a breach of the NPPs can be referred to the Privacy Commissioner for action.

4. Practical measures to minimise spam

Although spamming is not against the law, a government backed consumer code on e-commerce (see link to Best Practice Model below) makes it clear spamming should be discouraged.(1) Generally the Best Practice Model states that businesses should only send commercial email to their customers or to people who have already indicated they want it. In particular, the code states that businesses should not send commercial email except to people with whom they have an existing relationship or to people who have already said they want to receive commercial email. See Best Practice Model.

The Internet Industry Association Code of Practice encourages Internet Service Providers to block incoming bulk postings from non-subscribers.

Spam may already be illegal under the common law as trespass to goods (See Rollo T, "Liability for spam through trespass to goods" (2001) 8 IPLR 77). A narrower version of this common law approach has already been successfully adopted against spammers in the United States.

Nonetheless, legislation and education of users are key ways to combat spamming.

To minimise spam, an internet user should:

(a) not supply a personal e-mail address to a commercial web site mailing list unless you are prepared to accept spam. For example, avoid posting to USEnet, mailing lists and using IRCs;

(b) where spam is received, remove his or her email address from the mailing list via "Remove" button and if that does not stop the spam, complain direct to the manager of the organisation;

(c) specify what types of mailing subscriptions you want to receive if the website provides for these prompts;

(d) be wary of online purchasing, on-line product registration and websites that request your e-mail address.

For detailed information on what types of sites to avoid and how to avoid spam see http://www.caube.org.au/avoid.htm.

For further information, see the Australian Privacy Commissioner website at http://www.law.gov.au/privacy.

5. Minimising commercial and legal risk

To minimise commercial and legal risk and maintain strong customer relations, a business should:

(a) not send customers unsolicited e-mail;

(b) not assume customers want to subscribe to regular bulk e-mails or receive promotional material;

(c) not default its web page check boxes to "on" in relation to accepting subscriptions. Customers may not see it or feel pressured to choose the default setting (the more control a business gives its customers, they will stay. Statistics show approximately 33% of customers will leave if sent spam);

(d) give customers choices as to the type of e-mail they want to receive and only send what they have requested (eg. Critical Notices, Registration Information etc);

(e) use buttons with no default - easier understand and no undue pressure to make a particular choice; and

(f) send customers confirmation of the details of their subscription.

An ISP should block spam to minimise the risk of:

(a) endorsing forgery and breach of acceptable use policies;

(b) large-scale aggravation and expense to other Internet targets sites;

(c) counterfeit source addresses;

(d) increased traffic costs if news-servers are left open to globalposting;

(e) legal action from disaffected users and sites;

(f) constant complaints or "ping floods'; or

(g) ISP servers being "blackholed".

An ISP can implement the above measures by:

(a) educating users;

(b) implementing technical obstacles;

(c) maintain a working contact address for spam complaints;

(d) install relay protection on their mail servers;

(e) subscribe to the current version of Internet Industry Association Code of practice (section 10 prohibits spamming, with the exception of pre-existing relationships);

(f) include an opt-out provision (a button in email) when sending marketing and other promotional information.

For comprehensive practical and legal information on spamming, see the Coalition Against Unsolicited E-mail, Australia (CAUBE.AU) at http://www.caube.org.au/

For more information about spamming see http://www.spam.abuse.net.


Other relevant Articles on this site:
Best practice model
Electronic communications policy

Other relevant Fact Sheets:
Consumer Protection
Privacy
Workplace Net Control

End Notes
1. The code is called Building Consumer Sovereignty in Electronic Commerce: A Best Practice Model for Business.

"People demand freedom of speech to make up for the freedom of thought which they avoid", Soren Aabye Kierkegaard (1813-1855)
forBusiness/