Strict New Anti-Spam Regulations In Canada

An anonymous reader writes "David Reese provides an interesting analysis of just how far Canada's new anti-spam legislation goes, and its implications for business. This may provide a valuable template for citizens of other countries, and may also encourage Canadians to prepare for the inevitable push-back from spammers. It is not clear from this analysis whether the legislation would affect telemarketing, but even if it does not it provides a useful precedent for future regulation in that area."

Opt-in? Finally! Wish I was Canadian.

[i+kan+reed]

About time, these companies that deem you to want to know about their "special offers" are a horrible blight on people who want relevant information. Too bad the U.S. government hates non-corporation people.

So what...

[Kinwolf]

I live in Canada, and we still get tons of spam, telemarketing phones calls on home line and cel phone. They simply come from the USA now. Country laws are useless when crime has no more frontier.

Re:So what...

As another Canadian I have to say my personal fav is US spam telling me how i can get cheap drugs in Canada.

Don't worry, after all the exemptions you will still get spam.

You know the first exemption will be "politicians" sending mass email.

Where are the loopholes?

[denis-The-menace]

You know. The ones for political campaigning, well connected people, etc.

Every single one of these Anti-Spam laws come with them.

I'm Canadian

[ArcadeMan]

Any reply to this comment will be treated as unwanted spam.

Being Canadian, however, I feel the need to say that I'm sorry if my comment offended anyone.

Why would the spammers pay attention?

[Kenja]

There are tons of regulations etc against spam in many countries. Guess what? The people running the spam/scan email systems simply do not care. There is zero enforcement of these rules, so why should adding more regulations make any difference?

When spamming is illegal, only criminals will spam

[Gothmolly]

Oh wait, that's happening already. Thanks for a useless law.

Do Not Call List

[intermodal]

I expect that this will probably be about as frequently enforced at the USA's National Do Not Call List.

Re:Do Not Call List

[Em+Adespoton]

Well, the Canadian DNC list had the effect that now all telemarketing calls to Canada come from Texas. I'm all for a law that stops Canada being a spam source, even if they just incorporate in Texas. It narrows the field, and makes it easier for me to decide if something's legit or not. Once all calls and emails coming from Texas are deemed unsolicited, it's an easy step to blocking Texas until they clean up their act.

Re:Opt-in? Finally! Wish I was Canadian.

[JackieBrown]

About time, these companies that deem you to want to know about their "special offers" are a horrible blight on people who want relevant information. Too bad the U.S. government hates non-corporation people.

Or the U.S. government doesn't want to put the final nail in the U.S. Post Office's coffin.

Re:When spamming is illegal, only criminals will s

[KPU]

Many businesses spam customers. Banks are especially bad about this. No I would not like a balance transfer.

Try unsubscribing

[clarkkent09]

I used to just delete spam but one day I went through a whole bunch of them and clicked on unsubscribe. The amount of spam went down to almost nothing. Totally worth the 15 min of effort. Legitimate companies (who make up most of the spam I get these days) honor unsubscribe requests, the illegitimate ones will not care about any anti-spam laws anyway.

Re:Try unsubscribing

[i+kan+reed]

It's still an unnecessary hassle to reduce the noise levels. Nobody asked for it.

Re:Try unsubscribing

[Beardo+the+Bearded]

Then filter out any email with the word "unsubscribe" and whitelist the stuff you do want.

In real life, you still have to take out the garbage and recycling.

Re:Try unsubscribing

[Hamsterdan]

The difference is nobody sends you unwanted garbage bags

Re:Try unsubscribing

[Tom]

Legitimate companies don't send you crap that you didn't sign up for.

I unsubscribe from stuff when I actually did want it once, or if I registered somewhere and probably forgot to uncheck the "please fill my inbox with crap" box.

But everything that is actually unsolicited commercial email will very, very, likely not come from a legitimate company, because those wouldn't subscribe you to anything without your knowledge in the first place.

What you do when you click on that link is considerably raising the value of the address they can then sell to others, because they have now verified that not only is it a valid address, it also belongs to someone who actually reads the shit and apparently has bad spam filters.

Congratulations, you just made a spammer a couple bucks.

Yes...strict...rolls eyes.

[TheSkepticalOptimist]

Strict as in Canada's Do Not Call list, which only means once every 30 days you get telemarketers calling you, and you ask to be removed for the next 30 days. Also Strict in the sense that you still get hounded by charities and politicians calling you because they are exempt. And strict as in the sense that it's useless because I now get telemarketing from randomly generated phone numbers from foreign countries.

So yes, Canada implemented a useless regulation, again, yay.

The solution to spam is a good email client connected to a great email server. Running your own email server does not count. Creating a law does not work.

Be careful with unsubscribe links!

[Khopesh]

Hi. I'm in the anti-spam business. You got lucky.

A lot of spammers use fake unsubscribe links as a way of verifying your address and the fact that you read the message. Some questionable businesses have verification elements to their unsubscribe links that will note the fact that you visited the site but then due to a bug fail to process your unsubscribe attempt (thus netting the same effect).

I will sometimes unsubscribe from things, but that's because I want to see how successful it was (and I can deal with the trouble caused by attracting more spam). I do not suggest this for others. Use sites like myWOT to research the link before trusting it enough to follow it and perform the request. Use sites like SpamCop and KnujOn (and, if you're in France, Signal Spam, which has legal enforcement power) to report anything else as spam. All of those reporting agencies are tied to actual enforcement (in some way; KnujOn busts registrars, SpamCop informs network operators (and builds its blocklist), Signal Spam prosecutes if in France).

Re:When spamming is illegal, only criminals will s

[Em+Adespoton]

It's usually better to go with non-nebulous terms like Unsolicited Commercial Email. Annoying emails from banks and organizations which I have a connection with ARE Unsolicited Commercial Email if they are a) unsolicited, b) commercial and c) sent electronically. It doesn't matter if I have a bank account with them; I never told them I was interested in their other offerings. If we had any other conversations over their other offerings, it was me telling them I never wanted to hear about their credit card offerings. Interestingly, if *I* try to contact THEM about such things, they tell me that the credit card stuff comes from a different company held by their parent corporation. Which goes full circle to the fact that I don't have a relationship with that company, and so should not be receiving offers from them.

Hopefully this law will close that loophole.

The standard form

[Megane]

Your post advocates a

( ) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!