Archived—An Anti-Spam Action Plan for Canada
Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Industry Canada, May 2004
PDF Version (132 KB - 13 pages)
In just a few years, unsolicited commercial e-mail – now generally known as "spam"1 – has gone from being a minor nuisance to becoming a significant social and economic issue, and a drain on the business and personal productivity of Canadians. Spam now impedes the efficient use of email for personal and business communications, and threatens the growth and acceptance of legitimate e-commerce.
- In the year 2000, email traffic reports indicated that spam amounted to about 10 per cent of the total volume of electronic mail.
- By 2002, the percentage had climbed to 30 per cent.
- In early 2003, tracking services recorded a dubious milestone: the amount of electronic unsolicited commercial e-mail had surpassed that of legitimate communications.
- By the end of 2004, it is predicted that spam will constitute as much as 70 per cent of global email.
The growing volume of spam is now a well-recognized pricing factor for companies that provide facilities for Internet services. This cost is ultimately paid for by organisations and businesses that use electronic communications for the conduct of their business. It is also paid for through the service charges paid by personal users who communicate through the Internet with family, friends and others.
In addition to imposing a cost burden, spam is now undermining the reliability of e-mail networks for business users. It also threatens consumer confidence in the new e-commerce marketplace. Because of this, the potential of information and communications technology to buttress productivity, and the ability of e-commerce to attract investment, create jobs, and enrich our lives, is now constrained by torrents of spam.
The degree of public concern, and the growing cost to our economy have made it clear that it is now time for government, industry, marketers and consumers to work together in a new partnership to reduce and control spam.
On May 11, 2004, the Minister of Industry announced the establishment of a Special Task Force on Spam to oversee the implementation of a comprehensive action plan to reduce the volume of unsolicited commercial e-mail. Chaired by Industry Canada, the Task Force brings together experts and key stakeholders representing Internet service providers, Canadian businesses who use e-mail for the conduct of legitimate commercial activity, and consumers.
The anti-spam action plan components described in this document reflect the input from consultations and discussions with stakeholders on spam which the government commenced in September 2002. In particular, discussions with Canadian stakeholders, and international partners, point to a general consensus on the following principles:
- While most of the products and services promoted in electronic commercial solicitations might be unwanted and often offensive to many Internet users, they do not, for the most part, involve the offering of illegal products or services, or the making of what might be considered, in law, misleading claims. It is recognized that in instances where illegal products are offered, or misleading claims made, Canadian laws already exist to deal with this problem.
- There is merit in examining the use of current laws, and possible new laws, to fight spam. However, unless accompanied by a range of technical measures, and commitments by network managers business and legitimate marketers, and by changes in consumer behaviour, laws alone will not stem the current flood of unwanted commercial e-mail solicitation. The collaborative and comprehensive approach described in this document reflects this view.
- There is a consensus that government should not dictate detailed technical solutions, network requirements, or other features needed to create a durable and comprehensive regimen to combat spam. The Internet industry, and its underlying technology, are too diverse and ever-changing for government to usefully regulate technical specifications. Similarly, those who engage in issuing spam are too agile for any prescriptive regulatory approach to succeed with any permanence. For this reason, the government should encourage and assist all partners in using the best available technical solutions, and best business practices, when and as needed to better address spam issues in Canada.
- An effective solution to spam requires not only concerted action by all partners in Canada, but also greater cooperation at the international level. Though Canada, sadly, remains a source of some spam, only about one in 20 spam e-mails received by Canadians originates in Canada. The government understands the need for an effective international response to the spam problem, and is prepared to provide the leadership needed to ensure a coordinated international approach to fighting spam.
A Comprehensive Anti-Spam Action Plan for Canada
Spam is a multi-faceted problem that requires coordinated action on several fronts in order to achieve real and measurable progress. Our consultations to date have therefore led to the development of a six point Action Plan that combines initiatives by government, business and also by consumers, at both the domestic and international levels.
In the course of our consultations, many stakeholders expressed the view that improving the enforcement of existing Canadian laws could have a significant impact on reducing the flow of spam. They cited the Personal Information Protection and Electronic Documents Act (PIPEDA) that treats electronic mail addresses as personal information, and the Competition Act and the Criminal Code as tools to address unsolicited communications.
Under this Act, as of January 2004, commercial bulk e-mailers who establish or acquire lists of e-mail addresses must ensure that recipients have given some form of consent to commercial solicitation. This law also specifies that e-mail addresses can only be used for the purpose for which they are collected, and that the owners of these e-mail addresses must consent to any secondary use.
At present, e-mail lists, containing thousands and even millions of addresses, are routinely traded in what has been assumed to be an underground economy. They are often offered in unsolicited e-mail as a get-rich-scheme. There is little available data on the number of e-mail lists or on the conditions under which they were established.
The Task Force will work with the Privacy Commissioner of Canada to assess whether Canadian organisations that collect and use e-mail addresses have developed appropriate practices and procedures, as required by PIPEDA, and to identify any corrective actions that may be needed to reduce and control spam.
(ii)The Criminal Code and the Competition Act
Sending unsolicited commercial e-mail for a legal product or service is currently not a criminal offense. Like unsolicited commercial information distributed through traditional mail, it can be considered a form of advertising and marketing. The current Competition Act, however, contains specific provisions dealing with deceptive and misleading representations that have frequently been used to deal with misleading advertising in traditional media. The application of the Act to misleading claims made in e-mail solicitations is an area that merits examination.
Similarly, many e-mail abusers now resort to forged information in electronic mail headers to avoid being identified, and the sending of "trojan" programs embedded in e-mail messages that can be activated by spammers to relay spam. Such methods of gaining unauthorized access to computer systems could violate several current provisions of the Criminal Code. These provisions provide for substantial fines and even imprisonment. Whether evidence of intent to commit criminal fraud through spam could be proven is unclear. This application of this law to spam, however, merits examination.
There are some electronic commercial communications, like some messages promoting pyramid get-rich schemes, that are clearly illegal under current Canadian laws. However, enforcing criminal laws in this area is further complicated by jurisdictional challenges, and the need for technical expertise and resources to track down, investigate and prosecute offenders who are often operating outside their jusrisdictions. In Canada, laws such as the Criminal Code are enacted federally, but the responsibility for investigation and prosecutions rests with provincial and local authorities.
For this reason, the Task Force will need to work with other federal government departments and agencies to examine an effective, coordinated national approach to dealing with fraudulent activities in e-mail solicitation.
Canadian authorities should continue to make use of existing laws, such as the Personal Information Protection and Electronic Documents Act, the Competition Act and the Criminal Code to help reduce and control spam. As well, the Task Force will review existing laws to determine whether stronger enforcement or new legislation could make a significant impact on the reduction and control of spam, and whether the government should consider taking any further legislative or enforcement measures.
Any measure aimed at successfully curtailing the flow of unsolicited and unwanted commercial e-mail must involve more than government actions. There is now a growing consensus among stakeholders on a number of steps that can be taken by Internet service providers2 and businesses who use the Internet to rebuild trust in e-mail communications.
Some of these initiatives relate to the development and application of technology, others to the implementation and enforcement of best practices within the industry. They are based on a commonly shared objective: to ensure that e-mail remains a viable tool for legitimate business and personal communications.
By its design and architecture, the Internet is an open "network of networks" that is intended to allow the free flow of information. Redesigning and implementing new technical standards to enhance security and curtail abuse will be an ongoing requirement over many years.
There are already, however, a number of known network management practices that can enable e-mail abuse, such as leaving servers open to relay and forward messages, which allows computer systems to be hijacked as proxy e-mail servers for abusers. Some steps have been taken by several organisations to warn businesses and network managers about the importance of securing systems and networks, but adoption of these practices remains uneven.
The government believes that the time has come for stepped up effort in this area. While the problem of spam, like the Internet itself, is global in scope, network management actions taken in Canada can contribute to the solution. Those who own and manage networks and facilities must, in the governments view, address and adopt management practices that will effectively reduce and control spam.
Canadian industry stakeholders have the ability to agree on basic operating practices for network facilities that will reduce spam, and can show leadership by requiring their adoption on networks and facilities based in Canada. They should also encourage equipment makers and suppliers to configure their products in a way that does not facilitate abuse.
Industry Best Practices: Codes of Conduct
Over the years, Internet industry stakeholders have emphasized to consumers and to governments their ability to self regulate, and many have developed voluntary codes based on industry best practices. The government recognizes that these codes must evolve to reflect changing circumstances, particularly where technology and the very nature of services offered is changing quickly and constantly. However, many of these best practices initiatives, as they currently exist, remain at the level of suggestions for members of organisations.
The reality of Internet communications is that many firms are involved in any chain of commercial electronic solicitation, starting with the seller of goods and services, to marketers, bulk e-mailers, network carriage providers and finally, the operators of e-mail servers, such as ISPs and commercial organisations, that receive and store the communications.
In some cases, stakeholders in this chain have already developed agreements to ensure the movement of commercial e-mail. Some marketers and e-mailers negociate with ISPs to be "whitelisted" to ensure delivery of e-mail they send on behalf of clients. For their part, service providers agree to deliver e-mail from whitelisted firms, often on the proviso that this permission will be revoked if customers complain, and the whitelisted marketer is found to be in violation of its agreements.
Such a regime, which, in some cases, operates on the basis of informal arrangements, is far from ideal. It requires some stakeholders to continuously negociate agreements, and may leave some Internet users with the impression that their service provider feels that they should receive as much commercial solicitation as they will bear. Some industry stakeholders now believe that such practices are not sustainable.
All partners in the industry should develop codes of practice that are transparent, practical, verified, vigorously monitored, and enforced by everyone in the communications and marketing chain. Effective codes are essential to protecting the viability of e-commerce, should provide clear information on acceptable commercial e-mail practices and policies, and should ensure that Internet users are provided with the tools they need to make informed choices.
Up until now, most initiatives aimed at controlling the rising volume of unsolicited commercial e-mail have focussed on a combination of filtering technologies, and the use of so-called "blacklists" of servers and domains that have been identified as sources of spam. As these spam control services have become more and more sophisticated, so have the e-mail abusers who continue to find new tactics to bypass the barriers.
The diverse types of spam filtering and blocking tools, and the cyclical battles between spammers and spam blockers, have produced some unwanted results. In particular, legitimate commercial communications are now too often blocked inadvertently by filters, sometimes without the knowledge of either the sender or recipient. Legitimate noncommercial personal communications can also be blocked for the same reason.
These filtering practices, though well-intended, have therefore inadvertently contributed to undermining confidence in the reliability of e-mail. For this reason, a number of commercial organisations are now considering moving their services to closed networks.
There are, however, technical means of shifting the focus away from blocking unwanted communications toward facilitating the movement of legitimate commercial e-mail. Some of these verification systems are based on proprietary technology, but others are open source. While these programs may impose some costs on the senders of commercial e-mail, and on those who own and manage Internet network facilities, these costs would be more than offset, for senders, by the value of guaranteed delivery. Service providers would also see reduced costs in managing e-mail service and customer preferences. Validation protocols could also provide e-mail users with more effective tools to manage their own e-mail preferences, and reduce the risk of people receiving content they consider inappropriate.
While it would be inappropriate for government to limit the development of a competitive marketplace by endorsing one particular validation technology or protocol, the use of technology to validate legitimate commercial e-mail and to provide Internet users with effective choices is one of the most promising solutions to spam. For this reason, ISPs and businesses who use e-mail for commercial activities have a shared interest in using technology to validate legitimate commercial communications. Requiring the true identification of the sender and the nature of the communication, as well as an effective means of refusing further e-mail from a verified sender, would be a minimum requirement for e-mail certification. Such a regime should also include effective performance measurement, and appropriate sanctions for certificate holders that do not abide by the rules.
While there is much that industry and marketers can do that is effective in combatting spam, and seamless for e-mail users, there is general agreement among stakeholders that more should be done to inform Internet users on what they can do to limit the amount of unwanted commercial e-mail they receive.
While there is a considerable body of readily available information on best online practices to avoid spam, it appears, judging by the number of complaints recorded, that current efforts to communicate this information requires more effort. Some of the simplest messages – such as don't buy from spammers – have not reached some consumers. There is clearly a need for information to users that is credible, well-distributed and well-marketed.
Given the small positive returns needed to make spam commercially viable, consumer awareness of the relationship between spam and profits and their personal behaviour needs to be more strongly emphasized. While shifting most of the burdens of dealing with unsolicited junk e-mail to individual users, under the guise of user empowerment, is not a viable strategy to resolve the current crisis in e-mail trust and confidence, the government believes that there is need for more effort in this area.
Service providers and legitimate sellers of goods and services, because of their direct relationship with Internet users, are in the best position to lead a public education and awareness campaign, delivered in partnership with consumer groups and governments. To facilitate the development of an appropriate social marketing and communications program aimed at users, serious consideration should be given to supporting an effective private sector-led plan to achieve this objective, and to implementing it in conjunction with consumer groups, provincial governments, and interested international partners.
For a number of years, the government has been active in several international fora where Internet issues have been discussed. Canada chairs a Joint Working Party within the Organisation for Economic Cooperation and Development (OECD) that is currently developing an action plan on unsolicited commercial e-mail. It has also been involved in relevant work of the Asia-Pacific Economic Cooperation (APEC) forum and by the business-led Global Business Dialogue on Electronic Commerce (GBDe).
Much of these international discussions have focussed on various legislative and regulatory actions taken by some countries to deal with the flood of unsolicited commercial e-mail, and the need to ensure that these approaches are compatible in the global Internet environment. While legislation is important, it is now clear that a broader approach – such as the more comprehensive approach discussed in this document – is needed at the international level.
Canada will continue to play a leadership role in international efforts to reduce and control spam. One of the major ways international efforts could prove more successful would be for member countries to more closely involve their domestic industries in these deliberations, and to broaden the global fight against spam to include a broader range of solutions. As this document makes clear, fighting spam here in Canada requires a partnership effort by government, industry and consumers. The same partnership collaboration is required internationally.
For this reason, the government supports the development and adoption of best practices for e-mail marketing and network management in an internationally coordinated manner. We also encourage the Canadian Internet and marketing industry, and Canadian consumer representatives, to become active in international efforts to reduce and control spam through initiatives such as the move toward globally compatible e-mail certification and validation regimes.
By its mandate, the Task Force has one year to oversee and coordinate the implementation of the Action Plan. After this period, the Task Force will report on progress made and propose any new actions that might be required, including legislative initiatives.
During the course of the next year, the Task Force will convene key stakeholders to review the implementation of the Action Plan and to identify any other possible areas that might require further action.
The Task Force will consult all interested stakeholders and individual Canadians who might wish to express their views or make a contribution to its work. It will report regularly on progress made and, if necessary, meet with organisations and groups representing key stakeholders.
1 The terms "spam" and "unsolicited commercial email" are used interchangeably in this document.
2 For the purpose of this document, Internet service providers (ISPs) include private organisations that provide both connectivity as well as carriage of Internet communications, and other related services.
- Date modified: