Spam, Spam, Spam, Spam….

Spam, Spam, Spam, Spam….Spam, Spam, Spam, Spam….

What is it, what are we doing about it, what do you have to do about it? (and FAQs)

www.antispam.govt.nz

What is it?What is it?


Spam – it’s taking over…Spam – it’s taking over…

• 80% of all email traffic

• Costing US $50-87 billion globally in 2005

• Hotmail blocks 3.2 billion per day

• Costs the US $874 per office worker


Spam – it’s taking over (cont)Spam – it’s taking over (cont)

• One in 127 emails contain viruses,

• One in 123 emails comprised a phishing attack

• Revenues – larger than narcotics

• 600 million computers connected to the Internet – between 1/6 and 1/4 are compromised


Who is doing it?Who is doing it?

Top 10 countries:

1) United States

2) China3) Russia4) United Kingdom5) Japan

(Sourced from Spamhaus – 1 Aug 07)

6) Germany 7) South Korea 8) Canada 9) France10) Netherlands


Why are they doing it?Why are they doing it?

• It’s all about the money!

• Very profitable – costs minimised

• Technical know-how not necessary

• Growing support industry

• Odds in their favour


What are they doing?What are they doing?

200 known gangs attacking Europe:• Software piracy• Botnets / viruses• Proxy high-jacking / malware / phishing• Financial / pharmaceutical schemes• Pump and dump stocks• Child, animal and incest porn

(Sourced from Spamhaus – 01 Aug 07)


Spam in New ZealandSpam in New Zealand

• TelstraClear – 62% of email spam

• Xtra – Between 38% and 68% of email spam

• Ihug filter – stopped 6.5 million spam emails in month

(Sourced from Ministry of Economic Development – Feb 05)


Nigerian scamNigerian scam

From: frank victor [email protected]“i am frank, son of governor of lagos state of nig.i am looking for any bank manager over there tocontact i want to have savice acconut over there i am coming over there soon to stay and invest my money be fore then i need a bank manager that i can have his acconut number let me transfer all my money to him…so bye and god bless you from fr.son”


Russian BrideRussian Bride

Subject: Hello I need love and dating!!!“Greetings, Good Hello my friend!!!! You probably do not know who I and what for I have written to you the letter. I am Elena from contry Russia…I would like to know you want to get acquainted with me whether or not? I search the man for love and more even =for a marriage…So I wait for your answer…Your new the girlfriend from Russia Elena!!!


Something’s ‘Phishy’Something’s ‘Phishy’

Dear eBay Community:“We have decided to close eBay on 27 February 207 due to the repeatedly abuses on our company. We ask your opinon on this matter…If you want eBay to stay open click YES otherwise click NO. Your opinion is very important to us. If 50% of the eBay members vote positive eBay stays open otherwise it will be closedRegards,eBay Team”


Genuine QualificationsGenuine Qualifications

A Genuine University Degree in 4-6 weeks!Have you ever thought that the only thing stopping you from a great job and better pay was a few letters behind you name?Well now you can get them!BA BSc MA MSc MBA PhD Within – 46 weeks!No Study Required!100% Verifiable!


Beware of viruses…Beware of viruses…

“The scooby snack teaches the tornado. Any lover can share a show with the cloud formation inside the tomato, but it takes a real recliner to bury the moldy globule.”


&%$#@% Spam! Why is it bad?&%$#@% Spam! Why is it bad?

• Clogs up networks• Lowers user confidence• Illegal or offensive content• Threat to network integrity and security• False positives• Financial costs for ISPs and users• Reduces productivity• Breaches of privacy/identity theft• Used for scams and malicious cyber attacks


What are we doing about it?What are we doing about it?


Unsolicited Electronic Messages Act 2007Unsolicited Electronic Messages Act 2007

• Enable action against NZ spammers

• Prevent NZ becoming ‘spammer haven’

• Basis for international co-operation

i.e. Join global fight against Spam!


Purpose of the ActPurpose of the Act

• Prohibit UEMs with a NZ link• Prohibit harvested addresses being used to send

UEMs• Deter people from using ICT inappropriately• Specify requirements – consent, identify and

unsubscribe• Encourage good e-marketing practice


ResponsibilitiesResponsibilities

Ministry of Economic Development

• Drafted the Act and regulations

Department of Internal Affairs

• Enforcement of the Act


The Act says DIA mustThe Act says DIA must

• Receive complaints about unsolicited messages with sexual content

• Make information available

• Monitor information and communication technologies

• Form international agreements


Five pronged approachFive pronged approach

• Enforcing the UEM Act

• Promoting education and awareness

• Facilitating industry liaison

• Monitoring emerging technologies

• Working with national and international agencies


DIA Enforcement PolicyDIA Enforcement Policy

Formal warnings

THE UNSOLICITED ELECTRONIC MESSAGES ACT

Education and persuasion

Infringement notices

Court actions


Civil RegimeCivil Regime

• Formal warnings• Infringement notices - Fine of up to $2,000 per infringement• Court Actions: - Pecuniary penalties of up to $500,000 - Compensation and damages to victims


First Aussie Case (October 2006)First Aussie Case (October 2006)

• Clarity1 Pty Ltd

• $4.5m penalty for company

• $1m penalty for director

• Inferred consent

• Accessory liability


What do you have to do about it?What do you have to do about it?


Is my message spam? Is my message spam?

Your message is only spam if it is:

• ELECTRONIC

• COMMERCIAL

• UNSOLICITED

Does not include voice or fax


What’s not “Spam”What’s not “Spam”

• Act takes common sense approach • Excludes a range of common communications

between businesses and customers

E.g. Warranty information, product recalls and safety and security information about goods or services used or purchased by the recipient


What should I do?What should I do?

Three steps:

1) CONSENT

2) IDENTIFY

3) UNSUBSCRIBE


Types of consentTypes of consent

Three types:

1) EXPRESS

2) INFERRED

3) DEEMED


What do you have to ‘identify’?What do you have to ‘identify’?

Commercial electronic messages must:

• Identify sender

• Identify how sender can be contacted

• Details must be likely to be accurate for 30 days


UnsubscribeUnsubscribe

Unsubscribe facility must be:• FREE of charge• Clear and conspicuous• Functional for at least 30 days • Able to be sent using the same method of

communication• Actioned within five working days


You must also…You must also…

• Comply with the Privacy Act 1) Source information directly from the person to who it relates

2) Tell people the purpose for which it was collected

3) Use it only for the purpose for which it was collected

• NOT use electronic address harvesting software to

send unsolicited commercial electronic messages


Frequently asked questionsFrequently asked questions


ConsentConsent

• Does receiving a business card count as inferred consent?

• Is it legal to buy lists if they were not electronically harvested?

• Can I establish consent by emailing my existing customer database asking them to unsubscribe if they do not wish to receive messages?


Example: ConsentExample: Consent

‘Business X’ sends an email following up goods they sold to ‘customer A’ stating:

“If you do not wish to receive promotional emails from us click here to send an email and type ‘no promotions’ in the subject line. If you wish to receive our promotion emails don’t do anything.”


Consent (cont)Consent (cont)

• If I have swapped business cards with someone do I have to keep the cards as proof of consent?

• If I send out media releases do I need to ensure my media contacts opt-in?

• Is verbal consent okay and do I have to keep a record of it?


Viral marketingViral marketing

• Is it considered spam if we run a campaign encouraging existing customers to ‘email a friend’?

• Can we include two tick boxes for consent – one agreeing to receive messages from our organisation/client and one for agreeing to receive promotional material from third parties?


Example: Viral marketingExample: Viral marketing

Business X has developed a website to promote a new product they have launched.

Business X creates a game which allows Customer A to send a challenge to their friend via email.

The email links to the game on Business X’s website.


Text messagesText messages

• What is the minimum amount of info you can include as an unsubscribe in a text?

• Does the unsubscribe in a text have to be free?

• Are abbreviated place names acceptable identification? i.e. Auck, Wgtn, Chch


Text messages (cont)Text messages (cont)

• What if a business has a really long name – what are the rules around reducing the business name?

• What about SMS systems that cannot accept replies. Can we ask them to unsubscribe by email instead?


Unsubscribe Unsubscribe

• Is a confirmation email saying ‘thank-you for unsubscribing’ okay?

• Do I need to have an unsubscribe ‘button’ or some other flash unsubscribe facility?

• When does the five working days commence (in which you must honour the unsubscribe request)?


Example: Text unsubscribeExample: Text unsubscribe

Maya owns Mad 4 Shoes (which has a number of outlets in various cities and is commonly known as M4S) and has express consent to send her clients promotional text messages. Her Auckland store has a regional promotion.

She includes “M4S Aklnd reply stop to unsubscribe’ in the text message.


Spam, Spam, Spam, Spam….

Documents

Transcript of Spam, Spam, Spam, Spam….