Document

Download Report

Transcript Document 

Spam, Spam, Spam, Spam….
What is it, what are we doing about it, what
do you have to do about it? (and FAQs)
www.antispam.govt.nz
What is it?
www.antispam.govt.nz
Spam – it’s taking over…
• 80% of all email traffic
• Costing US $50-87 billion globally in 2005
• Hotmail blocks 3.2 billion per day
• Costs the US $874 per office worker
www.antispam.govt.nz
Spam – it’s taking over (cont)
• One in 127 emails contain viruses,
• One in 123 emails comprised a phishing attack
• Revenues – larger than narcotics
• 600 million computers connected to the Internet
– between 1/6 and 1/4 are compromised
www.antispam.govt.nz
Who is doing it?
Top 10 countries:
1) United States
2) China
3) Russia
4) United Kingdom
5) Japan
(Sourced from Spamhaus – 1 Aug 07)
www.antispam.govt.nz
6) Germany
7) South Korea
8) Canada
9) France
10) Netherlands
Why are they doing it?
• It’s all about the money!
• Very profitable – costs minimised
• Technical know-how not necessary
• Growing support industry
• Odds in their favour
www.antispam.govt.nz
What are they doing?
200 known gangs attacking Europe:
• Software piracy
• Botnets / viruses
• Proxy high-jacking / malware / phishing
• Financial / pharmaceutical schemes
• Pump and dump stocks
• Child, animal and incest porn
(Sourced from Spamhaus – 01 Aug 07)
www.antispam.govt.nz
Spam in New Zealand
• TelstraClear – 62% of email spam
• Xtra – Between 38% and 68% of email spam
• Ihug filter – stopped 6.5 million spam emails
in month
(Sourced from Ministry of Economic Development – Feb 05)
www.antispam.govt.nz
Nigerian scam
From: frank victor [email protected]
“i am frank, son of governor of lagos state of nig.
i am looking for any bank manager over there to
contact i want to have savice acconut over there i am
coming over there soon to stay and invest my money
be fore then i need a bank manager that i can have his
acconut number let me transfer all my money to
him…so bye and god bless you from fr.son”
www.antispam.govt.nz
Russian Bride
Subject: Hello I need love and dating!!!
“Greetings, Good Hello my friend!!!! You probably do
not know who I and what for I have written to you the
letter. I am Elena from contry Russia…I would like to
know you want to get acquainted with me whether or
not? I search the man for love and more even =for a
marriage…So I wait for your answer…Your new the
girlfriend from Russia Elena!!!
www.antispam.govt.nz
Something’s ‘Phishy’
Dear eBay Community:
“We have decided to close eBay on 27 February 207 due to the
repeatedly abuses on our company. We ask your opinon on
this matter…
If you want eBay to stay open click YES otherwise click NO.
Your opinion is very important to us. If 50% of the eBay
members vote positive eBay stays open otherwise it will be
closed
Regards,
eBay Team”
www.antispam.govt.nz
Genuine Qualifications
A Genuine University Degree in 4-6 weeks!
Have you ever thought that the only thing stopping you
from a great job and better pay was a few letters
behind you name?
Well now you can get them!
BA BSc MA MSc MBA PhD Within – 46 weeks!
No Study Required!
100% Verifiable!
www.antispam.govt.nz
Beware of viruses…
“The scooby snack teaches the tornado.
Any lover can share a show with the cloud
formation inside the tomato, but it takes a
real recliner to bury the moldy globule.”
www.antispam.govt.nz
&%$#@% Spam! Why is it bad?
•
•
•
•
•
•
•
•
•
Clogs up networks
Lowers user confidence
Illegal or offensive content
Threat to network integrity and security
False positives
Financial costs for ISPs and users
Reduces productivity
Breaches of privacy/identity theft
Used for scams and malicious cyber attacks
www.antispam.govt.nz
What are we
doing about it?
www.antispam.govt.nz
Unsolicited Electronic Messages Act 2007
• Enable action against NZ spammers
• Prevent NZ becoming ‘spammer haven’
• Basis for international co-operation
i.e. Join global fight against Spam!
www.antispam.govt.nz
Purpose of the Act
• Prohibit UEMs with a NZ link
• Prohibit harvested addresses being used to send
UEMs
• Deter people from using ICT inappropriately
• Specify requirements – consent, identify and
unsubscribe
• Encourage good e-marketing practice
www.antispam.govt.nz
Responsibilities
Ministry of Economic Development
• Drafted the Act and regulations
Department of Internal Affairs
• Enforcement of the Act
www.antispam.govt.nz
The Act says DIA must
• Receive complaints about unsolicited messages with
sexual content
• Make information available
• Monitor information and communication technologies
• Form international agreements
www.antispam.govt.nz
Five pronged approach
• Enforcing the UEM Act
• Promoting education and awareness
• Facilitating industry liaison
• Monitoring emerging technologies
• Working with national and international agencies
www.antispam.govt.nz
DIA Enforcement Policy
Court actions
Infringement notices
Formal warnings
Education and persuasion
THE UNSOLICITED ELECTRONIC MESSAGES ACT
www.antispam.govt.nz
Civil Regime
• Formal warnings
• Infringement notices
- Fine of up to $2,000 per infringement
• Court Actions:
- Pecuniary penalties of up to $500,000
- Compensation and damages to victims
www.antispam.govt.nz
First Aussie Case (October 2006)
• Clarity1 Pty Ltd
• $4.5m penalty for company
• $1m penalty for director
• Inferred consent
• Accessory liability
www.antispam.govt.nz
What do you have
to do about it?
www.antispam.govt.nz
Is my message spam?
Your message is only spam if it is:
• ELECTRONIC
• COMMERCIAL
• UNSOLICITED
Does not include voice or fax
www.antispam.govt.nz
What’s not “Spam”
•
•
Act takes common sense approach
Excludes a range of common communications
between businesses and customers
E.g. Warranty information, product recalls and
safety and security information about goods or
services used or purchased by the recipient
www.antispam.govt.nz
What should I do?
Three steps:
1) CONSENT
2) IDENTIFY
3) UNSUBSCRIBE
www.antispam.govt.nz
Types of consent
Three types:
1) EXPRESS
2) INFERRED
3) DEEMED
www.antispam.govt.nz
What do you have to ‘identify’?
Commercial electronic messages must:
• Identify sender
• Identify how sender can be contacted
• Details must be likely to be accurate for 30 days
www.antispam.govt.nz
Unsubscribe
Unsubscribe facility must be:
• FREE of charge
• Clear and conspicuous
• Functional for at least 30 days
• Able to be sent using the same method of
communication
• Actioned within five working days
www.antispam.govt.nz
You must also…
• Comply with the Privacy Act
1)
Source information directly from the person to who it relates
2)
Tell people the purpose for which it was collected
3)
Use it only for the purpose for which it was collected
• NOT use electronic address harvesting software to
send unsolicited commercial electronic messages
www.antispam.govt.nz
Frequently asked
questions
www.antispam.govt.nz
Consent
• Does receiving a business card count as inferred
consent?
• Is it legal to buy lists if they were not electronically
harvested?
• Can I establish consent by emailing my existing
customer database asking them to unsubscribe if
they do not wish to receive messages?
www.antispam.govt.nz
Example: Consent
‘Business X’ sends an email following up goods they
sold to ‘customer A’ stating:
“If you do not wish to receive promotional emails from
us click here to send an email and type ‘no promotions’
in the subject line. If you wish to receive our promotion
emails don’t do anything.”
www.antispam.govt.nz
Consent (cont)
• If I have swapped business cards with someone do I
have to keep the cards as proof of consent?
• If I send out media releases do I need to ensure my
media contacts opt-in?
• Is verbal consent okay and do I have to keep a
record of it?
www.antispam.govt.nz
Viral marketing
• Is it considered spam if we run a campaign
encouraging existing customers to ‘email a friend’?
• Can we include two tick boxes for consent – one
agreeing to receive messages from our
organisation/client and one for agreeing to receive
promotional material from third parties?
www.antispam.govt.nz
Example: Viral marketing
Business X has developed a website to promote a new
product they have launched.
Business X creates a game which allows Customer A
to send a challenge to their friend via email.
The email links to the game on Business X’s website.
www.antispam.govt.nz
Text messages
• What is the minimum amount of info you can include
as an unsubscribe in a text?
• Does the unsubscribe in a text have to be free?
• Are abbreviated place names acceptable
identification? i.e. Auck, Wgtn, Chch
www.antispam.govt.nz
Text messages (cont)
• What if a business has a really long name – what are
the rules around reducing the business name?
• What about SMS systems that cannot accept replies.
Can we ask them to unsubscribe by email instead?
www.antispam.govt.nz
Unsubscribe
• Is a confirmation email saying ‘thank-you for
unsubscribing’ okay?
• Do I need to have an unsubscribe ‘button’ or some
other flash unsubscribe facility?
• When does the five working days commence (in
which you must honour the unsubscribe request)?
www.antispam.govt.nz
Example: Text unsubscribe
Maya owns Mad 4 Shoes (which has a number of
outlets in various cities and is commonly known as
M4S) and has express consent to send her clients
promotional text messages. Her Auckland store has a
regional promotion.
She includes “M4S Aklnd reply stop to unsubscribe’ in
the text message.
www.antispam.govt.nz
More questions?
www.antispam.govt.nz
Recap – what business needs to do?
• Clean address lists to ensure consent
• Keep evidence of consent
• Set written policies
- authority to send CEMs
- consent
- sender information
- functional unsubscribe
• Implement systems to process unsubscribe
• Compliance programme
- employee training, prevention, detection
www.antispam.govt.nz