On September 5 2007 the ‘unsolicited Electronic Messages Act 2007’ came into effect in a drive to enable action to be taken against New Zealand spammers and prevent New Zealand from becoming a ‘spammer haven’. This will provide the basis for international co operation in the fight against spam. This act will affect you if you send commercial emails. The following provides a quick summary of the key components of the Act.
What is spam?
Spam is the generic term for the electronic commercial ‘junk mail’ you receive without having requested it. This includes unwanted messages sent to people’s email accounts or mobile phones.
The negative effects of spam are significant and far-reaching. Current estimates suggest that around 12 billion spam messages are sent every day. These emails clog up the Internet, disrupt email delivery, reduce business productivity, raise Internet access fees, irritate recipients and erode people’s confidence in using email.
These messages are essentially commercial in nature and often sent in bulk. Some spam is sent by legitimate businesses inviting the recipient to buy a product or service. Other spam may attempt to trick people into divulging their bank account or credit card details. Many spam messages also contain offensive or fraudulent material or spread computer viruses.
How do I know if my message is spam?
Your message is spam if is:
Does not include voice or fax
Electronic messages = emails, instant messages. SMS, multimedia message services and other mobile phone messages. Does NOT include telephone, Voice-over-IP or fax.
Commercial = marketing or promoting goods, services or land, or directing the recipient to a location where a commercial transaction can take place (such as a website).
Unsolicited = An unsolicited message is one that the recipient has not consented to receive.
Please note: There is no volume threshold in NZ law. A SINGLE MESSAGE MAY BE SPAM. The message does not need to be sent or received in bulk.
What is not considered spam?
The Act takes common sense approach and excludes a range of common communications between businesses and customers:
Responses to a request for a quote or estimate
Messages that facilitate, complete or confirms a commercial transaction that the recipient previously agreed to
Warranty information, product recalls and safety and security information about goods or services used or purchased by the recipient
Factual information about a subscription, membership, account, loan or similar ongoing relationship
Information directly related to employment or a related benefit plan which the recipient is currently involved in
Delivers goods and services that the recipient is entitled to receive under the terms of a previous transaction
Why is spam an issue?
The following are a few facts about spam:
Spam accounts for 80% of all email traffic
It costs US $50-87 billion globally in 2005
Hotmail blocks 3.2 billion per day
Costs the US $874 per office worker
One in 127 emails contain viruses,
One in 123 emails comprised a phishing attack
Revenues – larger than narcotics
600 million computers connected to the Internet
– between 1/6 and 1/4 are compromised
(Message Labs Intelligence)
The top 10 spaming countries are:
1. United States
4. United Kingdom
7. South Korea
(Sourced from Spamhaus – 1 Aug 07)
Why do people send spam?
We’re used to thinking about spammers as some disgruntled teenager sending out a virus. Well they still exist, but today it’s about the money.
As a business model it is very profitable. All the costs of dealing with spam are passed on to the ISPs and the recipient, who are charged for e-security, bandwidth, computer repairs and lost money to scams. The criminals pay no taxes, escape the costs of running a legitimate business, buy services off other criminals at low rates and have no real service or product to deliver.
Spammers don’t have to know their way around a computer. There’s a whole industry to provide them with the tools they need. You can buy plug-and-play spammer kits off the Internet – with technical support to keep you one step ahead of the anti-virus software.
You can hire a botnet of compromised computers (capable of sending out millions of emails) for a week for only US $60.
A spam message only has to appeal to as few as 50 people in a million for the spammer to break even.
What are spammers doing?
200 known gangs attacking Europe:
Botnets / viruses
Proxy high-jacking / malware / phishing
Financial / pharmaceutical schemes
Pump and dump stocks
Child, animal and incest porn
(Sourced from Spamhaus – 01 Aug 07)
The following are some common examples of spam that you may have come across: (put these into boxes as examples in italics)
From: frank victor email@example.com
“i am frank, son of governor of lagos state of nig. i am looking for any bank manager over there to contact i want to have savice acconut over there i am coming over there soon to stay and invest my money be fore then i need a bank manager that i can have his acconut number let me transfer all my money to him…so bye and god bless you from fr.son”
The Nigerian spam explained:
A respondent is told that they will receive a generous commission to help transfer millions out of the country. But first stamp duty or bribes must be paid. A small investment on the promise of a large return. But the demands for more money never stop. By the time the respondent figures out they have been conned, they have paid over hundreds, if not thousand of their own money.
Subject: Hello I need love and dating!!!
“Greetings, Good Hello my friend!!!! You probably do not know who I and what for I have written to you the letter. I am Elena from contry Russia…I would like to
know you want to get acquainted with me whether or not? I search the man for love and more even for a marriage…So I wait for your answer…Your new the girlfriend
from Russia Elena!!!
The Russian Bride Scam explained:
This is a variation on the Nigerian scam.
The young woman would like to meet you but needs money for a passport and airline tickets. Once the money is sent the email account closes and the love-struck man is left poorer and feeling foolish.The alternative is just email me back and I will get a refund from the agency that selected you!
Dear eBay Community:
We have decided to close eBay on 27 February 207 due to the repeatedly abuses on our company. We ask your opinon on this matter…
If you want eBay to stay open click YES otherwise click NO. Your opinion is very important to us. If 50% of the eBay members vote positive eBay stays open otherwise it will be closed
The phising spam explained:
Ever received an email from a bank that you’re not a customer of, asking you to confirm your account details? Phishing is the act of tricking someone into giving them confidential information, or tricking them into doing something that they normally wouldn’t do or shouldn’t do. This is a classic example of a phishing attack where the hook is a poll based on eBay being closed because of so many phishing attacks?
A Genuine University Degree in 4-6 weeks!
Have you ever thought that the only thing stopping you from a great job and better pay was a few letters behind you name?
Well now you can get them! BA BSc MA MSc MBA PhD Within – 46 weeks! No Study Required! 100% Verifiable!
Fast tracked qualifications explained:
Basically this is a misrepresented or worthless product.
Beware of viruses…
“The scooby snack teaches the tornado. Any lover can share a show with the cloud formation inside the tomato, but it takes a real recliner to bury the
Virus emails explained:
Even the most innocent emails can hold a danger.
Some spammers use machine generated language to either get around the filters by using non-standard spellings and orderings of words. While these emails will generally be your VIAgra type emails requiring you to click on a link to go to a website, OR they can be used to harvest addresses for future span attacks. They can also contain viruses, trojans, malware and spyware.
Why is spam bad?
It clogs up networks
Lowers user confidence in the internet (follow on impact on e-commerce)
Contains Illegal or offensive content (such as pornography and scams)
Is a threat to integrity and security of networks and attached devices
Prevents wanted emails from getting through (Anti-spam technologies generating false positives)
Generates financial costs for ISPs and users
It breaches privacy and aids identity theft
Used for scams and malicious cyber attacks
How does the legislation help reduce spam?
The ‘unsolicited Electronic Messages Act 2007’ (UEM) will enable us to fight NZ sourced spam and enter into international agreements concerning international enforcement of anti-spam legislation, sharing of information between national enforcement agencies, and the pursuit of cross-border complaints.
It allows us to co-operate with overseas government agencies to help trace the senders and beneficiaries of spam sent to NZ.
The Act seeks to support its use for legitimate marketing purposes where the interests of the recipient are duly respected, and ensure no company is at a dishonest financial advantage
Prohibit UEMs with a NZ link
Prohibit harvested addresses being used to send UEMs
Deter people from using ICT inappropriately
Specify requirements – consent, identify and unsubscribe
Encourage good e-marketing practice
What should I do?
Follow these three steps:
What do I go about getting consent?
There are three types of consent:
Direct indication that it is okay to send messages. Can be gained by: filling in a paper form, ticking a box on a website, a phone or face-to-face conversation. Businesses should keep a record of consent. It is advisable to verify that consent has come from the holder of the electronic address. Can be done by requesting recipient reply to confirm.
The person you wish to contact has not directly instructed you to send them a message, but it is still clear that there is a reasonable expectation that messages will be sent i.e. address holder provided their email address when purchasing goods and services in the general expectation there will be follow-up communication, or swapping business cards.
Someone conspicuously publishes their work related electronic address or mobile number (i.e. on a website, brochure or magazine). If the publication includes statement that the person does not want to receive spam at that address, consent cannot be deemed.
It is important to note that the onus is on the sender to prove consent.
What do I have to identify?
Commercial electronic messages must clearly identify the business responsible for sending the message and how they can be contacted. Identification details that are provided must be likely to be accurate for 30 days after the message is sent.
How do I provide an unsubscribe option?
Commercial electronic messages must contain a functioning unsubscribe facility. This needs to be clearly presented and easy to use i.e. If you do not wish to receive future messages, send a reply with UNSUBSCRIBE in the subject line. There must be no cost to the recipient. You must honour a request to unsubscribe within five working days, any subsequent emails will be regarded as unsolicited.
Is there anything else I need to be aware of?
When sending commercial electronic messages you must also ensure you do not use electronic address harvesting software and comply with the Privacy Act 1993 and be familiar with the Privacy Principles.
1. Source information directly from the person to who it relates
2. Tell people the purpose for which it was collected
3. Use it only for the purpose for which it was collected
Passing on email addresses, without permission, to another organisation or business may breach the Privacy Act. The Privacy Commissioners website will give you more details at www.privacy.org.nz
Fine of up to $2,000 per infringement
Pecuniary penalties of up to $500,000
Compensation and damages to victims
Civil regime with pecuniary penalties to the Crown and compensation and damages to the victim.
Penalties range from formal warnings to infringement notices to court actions.
The act provides for fines of up to $2,000 per infringement. Regulations setting the actual level of the fines are currently being drafted.
A court action holds a maximum penalty/fine of $200,000 for individuals and $500,000 for businesses.
Individuals and businesses can also be made to pay the victims compensation up to the amount of loss suffered or damages up to the amount of profit that was made as a result of sending the spam.
What can I do to protect myself against spam?
In today's E-society we necessarily depend on electronic communication to conduct business, exchange information, and simply be social. So how do you protect yourself and others from spam?
Limit the amount of non-essential emails you send, particularly mass forward stories or jokes.
Ensure your anti-virus software is up to date, as well as installing and running anti-spyware.
Never click on the REMOVE link unless you can verify the sender, as this will validate your email address and be sold to more spammers.
Report spam by sending the message plus the full header to spamcop.net or abuse.net.
Use unusual email addresses containing numbers and letters i.e. firstname.lastname@example.org to avoid spammers who use computer programs to guess email addresses.
If you have a website, provide a form for people to contact you and ensure that the “send to” email address is not contained in the HTML, but in the form processing script.
Avoid anti-spam software that bounces spam emails, as the bounce message will go to an innocent person, possibly turning you into a spammer.
Source: this information was obtained from InternetNZ and is deemed to be correct at the time of publishing.