Spam might not have brought an end to the internet or email, as some dire predictions in the early 2000s claimed it could — but it’s still a massive pain.
Despite all the spam being removed by filtering technologies, most people still receive it every day. How do these messages end up flooding our inboxes? And are there any legal consequences for the senders?
What is spam?
The Organisation for Economic Co-operation and Development (OECD) noted in 2004 that “there does not appear to be a widely agreed and workable definition for spam” across jurisdictions — and this remains true today.
That said, this term generally refers to unsolicited electronic messages. These are often sent in bulk and frequently advertise goods or services. It also includes scamming and phishing messages, according to the OECD.
Most people think of spam in the form of emails or SMS messages. However, what we now call spam actually predates the Internet. In 1854, a spam telegram was sent to British politicians advertising the opening hours of dentists who sold tooth-whitening powder.
The first spam email came more than 100 years later. It was reportedly sent to 600 people on May 3, 1978, through ARPAnet — a precursor to the modern Internet.
As for how much spam is out there, the figures vary, possibly due to the various definitions of “spam.” One source reports the average number of such emails sent daily in 2022 was about 122.33 billion (which would mean more than half of all emails were unsolicited). As for text messages, another source reports a daily average of 1.6 billion spam texts.
Where do spammers get my details?
Each time you enter your email address or phone number into an e-commerce website, you may be handing it to spammers.
But sometimes, you may even receive such emails from entities you don’t recognize. That’s because businesses will often transfer customers’ contact information to related companies or sell their data to third parties such as data brokers.
Australia’s Privacy Act 1988 somewhat limits the transfer of personal information to third parties. However, these laws are weak — and weakly enforced.
Some entities also use “address-harvesting” software to search the internet for electronic addresses that are captured in a database. The collector then uses these addresses directly or sells them to others looking to send out these types of emails.
Many jurisdictions (including Australia) prohibit these harvesting activities, but they are still common.
Is sending such messages against the law?
Australia has had legislation regulating this type of messaging since 2003. But the Spam Act surprisingly does not define the word “spam.” It tackles it by prohibiting the sending of unsolicited commercial electronic messages containing offers, ads, or other promotions of goods, services, or land.
However, if the receiver consented to these types of messages, the prohibition does not apply. When you buy goods or services from a company, you will often see a request to click on a “yes” button to receive marketing promotions. Doing so means you have consented.
On the other hand, if your phone or inbox is hit by commercial messages you haven’t agreed to receive, that is a breach of the Spam Act by the sender. If you originally signed up to receive the messages but then unsubscribed and the messages kept coming after five business days, that is also illegal. Senders must also include a functioning unsubscribe facility in every commercial message they send.
Spammers can be penalized for breaches of the Spam Act. In the past few months alone, Commonwealth Bank, DoorDash, and mycar Tyre & Auto were fined more than A$6 million in total for breaches.
However, most of these messages come from outside Australia, where the laws aren’t the same. In the United States, it is legal under the CAN-SPAM Act until you opt out. Unsurprisingly, the U.S. tops the list of countries where the most spam originates.
Although these types of emails sent to Australia from overseas can still breach the Spam Act — and the Australian Communications and Media Authority (ACMA) co-operates with overseas regulators — overseas enforcement actions are difficult and expensive, especially if the spammer has disguised their true identity and location.
It’s worth noting that messages from political parties, registered charities, and government bodies aren’t prohibited – nor are messages from educational institutions to students and former students. So while you might consider these messages to be “spam,” they can legally be sent freely without consent. Factual messages (without marketing content) from businesses are also legal as long as they include accurate sender details and contact information.
Moreover, the Spam Act generally only covers such messages sent via email, SMS/MMS, or instant messaging services, such as WhatsApp. Voice calls and faxes aren’t covered (although you can use the Do Not Call Register to block some commercial calls).
Staying safe from spam (and cyberattacks)
These messages aren’t only annoying, they can also be dangerous. Such messages can contain indecent images, scams, and phishing attempts. Some have malware (malicious software) designed to break into computer networks and cause harm, such as by stealing data or money or shutting down systems.
The Australian Cyber Security Centre and ACMA provide useful tips for reducing the unwanted emails you get and your risk of being hit by cyberattacks. They suggest to:
- Use a spam filter and block spammers — email and telecommunications providers often supply useful tools as part of their services.
- Unsubscribe from any emails you no longer want to receive — even if you originally agreed to receive them.
- Remove as much of your contact details from websites as you can and always restrict the sharing of your personal information (such as name, birth date, email address, and mobile number) when you can — beware of pre-ticked boxes asking for your consent to receive marketing emails.
- Install cybersecurity updates for your devices and software as you get them.
- Always think twice about opening emails or clicking on links, especially for messages promising rewards or asking for personal information — if it looks too good to be true, it probably is.
- Use multi-factor authentication to access online services, so even if a scam compromises your login details, it will still be difficult for hackers to break into your accounts.
- Report breaches to your email and telecommunications providers and to ACMA.
Kayleen Manwaring, Senior Research Fellow, UNSW Allens Hub for Technology, Law & Innovation and Senior Lecturer, School of Private & Commercial Law, UNSW Law & Justice, UNSW Sydney
This article is republished from The Conversation under a Creative Commons license. Read the original article.
Follow us on X, Facebook, or Pinterest
