Aussies give a damn about spam

Filed Under: Law & order, Malware, Spam

Aussie Spam Act 2003
Australia has a Spam Act which is regarded as an elegant legal framework for regulating undesirable electronic correspondence (at least by those who see beauty in criminal law), firstly for taking a strict opt-in approach, and secondly for covering all sorts of messaging, not just email.

In fact, here at Sophos Australia we've added a whole load of acronyms to extend the word spam to cover new sorts of electronic abuse, including:

  • SPIT - spam using internet telephony
  • SPIM - spam over instant messaging
  • SPASMS - spam via SMS
  • SPATTER - spam via Twitter
  • SPEWS - spam through electronic web submissions

(SPEWS refers to messages which come into your company via forms on your own website. If your website generates email on the basis of content submitted by outsiders, make sure you put those emails through your spam gateway as if they were external. This stops automated form-fillers from using your website to sneak unsolicited messages past your spam filter.)

ACMA
We are, of course, being slightly tongue-in-cheek above, but unsolicited messages of all these sorts are regulated by the Australian Spam Act, which is enforced by the Australian Communications and Media Authority.

ACMA is often dismissed as a toothless tiger which has done little to reduce overall spam volumes, notably from outside Australia. But there is little or nothing ACMA can do about spam from companies it cannot legally touch, or from senders it cannot identify. Inside Australia, however, AMCA has at least made some headway in several of the categories above, including, this month, against both unwanted email and misuse of SMS.

Though hardly major victories, these results make two clear points.

The first is that you may as well report infringing messages to your country's regulator (if you have one, of course). The regulator may not be able to do much if you do report spam, but that beats the certain nothing it can do if you report nothing.

The second point is that by gradually making it clear what your local internet community expects in terms of good netizenship, your regulator can help to create an environment in which you can be increasingly willing not just to block the stuff you are sure is bad (and take a chance on the rest, just in case you miss some possible business messages), but instead to accept only the stuff you know you want (and actively say no to those who don't clearly and visibly play by the rules, even though they may be existing business acquaintances).

Make yourself one of those people who does give a damn about spam!

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog