Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISPs and the Spam Code Presented by Jeremy Malcolm for the Western Australian Internet Association 12 July 2006.

Published byErica Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "ISPs and the Spam Code Presented by Jeremy Malcolm for the Western Australian Internet Association 12 July 2006."— Presentation transcript:

1 ISPs and the Spam Code Presented by Jeremy Malcolm for the Western Australian Internet Association 12 July 2006

2 Outline ➲ The current state of play ➲ About the two co-regulatory codes ➲ Revision on the Spam Act ➲ Detail of the Spam Code ➲ What it means in practice for ISPs

3 The state of play ➲ The bad news: ● About 80% of email is spam ● This is tipped to rise to 90% ● Spam can also be a security issue ● Insecure computers as open relays ● Phishing and other social engineering hacks ● Distribution and exploitation of viruses ➲ The good news: ● Since the Spam Act, Australia dropped from 10th to 23rd of spam sources

4 Co-regulatory codes ➲ What is co-regulation? ● Industry-drafted, registered with the ACMA ● Applies to an entire industry sector ● ACMA can direct compliance ➲ Examples ● Telecommunications Act by ACIF ● Broadcasting Services Act by IIA

5 Internet Industry Spam Code ➲ Binds ISPs and Email Service Providers (“ESPs”) ➲ Registered by ACMA in March 2006 ➲ Takes effect on 16 July ➲ Deals with: ● Education of subscribers by their ISPs ● Making spam filters available to subscribers ● Handling of reports and complaints ● Technical measures to minimise abuse ● Law enforcement cooperation

6 ADMA E-Marketing Code ➲ Binds email, IM and mobile marketers ➲ Clarifies and extends the Act in areas of: ● Factual communications ● Inferred consent (eg. pre-ticked boxes) ● Standards for identification and opt-out ● Collection and marketing practices for children ● Recording consent ● Viral marketing

7 How the code came about ➲ WAIA attends ACMA Spam Law Implementation Forum on 27 Feb 2004 ➲ IIA announced it had a draft code ➲ ACMA made clear it would not accept IIA-led process without WAIA and SAIA ➲ Compromise reached 20 April 2004: ● WAIA and SAIA to be affliate members ● WAIA representative to lead taskforce ➲ Much public comment and pain

8 Revision: the Spam Act 2003 ➲ Commenced 11 April 2004 ➲ Prohibits sending of unsolicited commercial electronic messages ➲ Penalties for corporations up to $220k per day rising to $1.1m for recidivists ➲ No minimum – one email enough ➲ Prohibits address harvesting software and harvested address lists

9 Other Legislation ➲ Trade Practices Act ● Outlaws much misleading and deceptive spam ➲ Corporations Law ● Outlaws much stock-touting spam ➲ Privacy Act ● Outlaws some uses of collected addresses ➲ Criminal Code Act ● Outlaws open relay exploitation

10 Consent, Identify, Subscribe ➲ Consent ● May be inferred from a previous relationship or “conspicuous publication” in a role ● Not a carte blanche for any messages ➲ Identify ● Sender must remain identifiable for at least 30 days ➲ Subscribe ● Functional unsubscribe facility must remain for 30 days, actioned after 5 days

11 The scope of exemptions ➲ Factual information ● Must still contain unsubscribe information ➲ Political, religious and charitable bodies ● Even relating to supply of goods or services ➲ Carriage Service Providers ➲ Educational institutions ● To present and former students ➲ As prescribed, eg. faxes

12 Enforcement ➲ ACA ● Formal warnings ● Enforceable undertakings ● Infringement notices ➲ Federal Court ● $220k first corporate offence, up to $1.1m ● Ancillary compensation, disgorgement ● Injunctions ● No undertaking as to damages needed

13 Part B of the Code - Information ➲ Provision of information ● About the Act, Code, and any amendments ● About the ISP's AUP and spam ● About methods to minimise and filter spam (and the risk they may miss legitimate mail) ● About how to complain about spam ● Disclose whether they are already filtered ➲ International ESPs partially exempt ➲ Code includes a free sample AUP!

14 Part C - Enforcement ➲ Comply with all lawful directions ➲ Provide ACMA with contact details ➲ Provide urgent out-of-hours contact ● Can be a messagebank with call-back for smaller ISPs ➲ International ESPs partially exempt

15 Part D - Filters ➲ ISPs must make them available ➲ May be either client-side or server-side ➲ The ISP may charge a reasonable fee ➲ Must provide information on updating ➲ Must not engage in third-line forcing (requiring customers to buy a particular filter)

16 Part E – ISP obligations ➲ Secure their open relays and proxies ➲ Require their customersto do the same ➲ AUP must allow customer disconnection for operating an open relay ➲ ISP must take reasonable steps to notify subscribers of their open relays and give them reasonable assistance ➲ ISPs must reserve the right to scan ➲ Retain IP records for 7 days

17 Best Practices ➲ Code recommends ISPs consider: ● Publishing SPF records ● Keeping WHOIS data updated ● Rate limiting outgoing email ● Reverse DNS entries ● Requiring SMTP AUTH authentication ● Prohibit outgoing connections on port 25 ● Not distribute modems with remote admin ● Control automated registration of free email accounts

18 Part F - Reporting ➲ ISPs must tell users how to report: ● Spam from that ISP using abuse@ etc. ● Spam from other ISPs – to the other ISP ➲ Must be acknowledged in 3 days ➲ Acknowledgment must tell the user: ● How the report will be dealt with ● How to contact other ISPs ● How to contact ACMA ● How to make a complaint ➲ International ESPs exempt

19 Part G - Complaints ➲ See ACIF complaint handling code ➲ ISPs must have a complaint policy that: ● Is documented in plain English ● Has regard to AS 4269-1995 ● Includes timeframes for investigation, escalation and response ● Allows the complainant to be represented ● Advises of other avenues eg. ACMA ➲ Complaints about breach of the Code to ACMA, referred to IIA or TIO

20 Complaint handling fees ➲ Charges may only be levied if the process is onerous enough to justify it ➲ Complainant must agree to charges ➲ Must not exceed the ISP's actual costs ➲ Must be refunded within 30 days if the complaint is upheld ➲ International ESPs partly exempt

21 In practice: educate your users ➲ Patch Windows systems that can be hijacked by spammers and crackers ➲ Use antivirus and antispyware software ➲ Secure “open relays” that allow third parties to send email through them ➲ Use disposable email accounts when posting public messages or Web forms ➲ Obfuscate email address on Web sites ● eg. user at email dot com

22 In practice: ISP best practices ➲ SPF (cf. Microsoft's Sender ID) ● Email is received from a certain domain ● Receiving machine looks up IP addresses that are authorised to send mail from that domain ● If it doesn't match, can be rejected ➲ Rate-limiting of outbound email ➲ Blocking port 25 on dial-up and ADSL Internet accounts

23 In practice: filtering options ➲ Provide information on filters only ● Similar to the content regulation regime ➲ Tagging mail without deleting ● Tell users how to filter at the client side ➲ Web control panel to turn filtering on ● Many products available to do this ➲ Across-the board filtering ● Also fine, as long as the users are informed

24 Conclusion ➲ Our tough stand on spam is working ● Consent, Identify, Subscribe ● Codes of practice for marketers and ISPs ➲ What you have to do: ● Inform your users ● Cooperate with ACMA ● Provide filters or filtering information ● Secure your network and help your users ● Receive reports and complaints ➲ Review of Act 2006, Code 2007

25 Questions? ➲ Questions? ➲ Email the presenter at Jeremy@Malcolm.id.auJeremy@Malcolm.id.au ➲ See also: ● http://www.acma.gov.au http://www.acma.gov.au ● http://www.adma.org.au http://www.adma.org.au ● http://www.iia.net.au http://www.iia.net.au ● http://www.isoc-au.org.au http://www.isoc-au.org.au ● http://www.waia.asn.au http://www.waia.asn.au

Download ppt "ISPs and the Spam Code Presented by Jeremy Malcolm for the Western Australian Internet Association 12 July 2006."

Similar presentations

Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
L0505TE281 Ross Kent Task Force Member General Manager Alliance Capital New Zealand The Regulation of Financial Intermediaries in NZ Implications of The.

L0505TE281 Ross Kent Task Force Member General Manager Alliance Capital New Zealand The Regulation of Financial Intermediaries in NZ Implications of The.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
The Do Not Call Register Act 2006 and The Spam Act 2003 Jane Cole Manager, Telemarketing Investigations Section Julia Cornwell McKean Manager, Anti Spam.

The Do Not Call Register Act 2006 and The Spam Act 2003 Jane Cole Manager, Telemarketing Investigations Section Julia Cornwell McKean Manager, Anti Spam.
New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.

New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.
Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.

Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
1 Unsolicited Electronic Messages Ordinance An Overview of Implementation and Enforcement 28 May 2007.

1 Unsolicited Electronic Messages Ordinance An Overview of Implementation and Enforcement 28 May 2007.
MIT Info Group, January 19, 2005 Page 1 The CAN-SPAM Act and what it means for MIT communicators MIT Info Group, January 19, 2005 Marsha Sanders Senior.

MIT Info Group, January 19, 2005 Page 1 The CAN-SPAM Act and what it means for MIT communicators MIT Info Group, January 19, 2005 Marsha Sanders Senior.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Email Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
Spam and E-Security Bruce Matthews Manager, Anti-Spam Team International Training Program 11 September 2006.

Spam and E-Security Bruce Matthews Manager, Anti-Spam Team International Training Program 11 September 2006.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Database SIG APNIC Database Privacy Issues 1 March 2001 APRICOT, Malaysia Fabrina.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Database SIG APNIC Database Privacy Issues 1 March 2001 APRICOT, Malaysia Fabrina.
Presented by Bishop & McKenzie LLP May 30, 2014. Vancouver Sun, “Anti-Spam Legislation Has Businesses Scrambling to Comply”, May 26, 2014.

Presented by Bishop & McKenzie LLP May 30, Vancouver Sun, “Anti-Spam Legislation Has Businesses Scrambling to Comply”, May 26, 2014.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Anti Spam Team Case Studies International Training Program Bruce Matthews Manager, Anti Spam Team Converging Services Branch ACMA.

Anti Spam Team Case Studies International Training Program Bruce Matthews Manager, Anti Spam Team Converging Services Branch ACMA.
Marketing Systems Group Southern California MRA Education Seminar Presentation September 17, 2005 Privacy and Current Issues.

Marketing Systems Group Southern California MRA Education Seminar Presentation September 17, 2005 Privacy and Current Issues.
Virtual Business CREATING A WEB PRESENCE Copyright © Texas Education Agency, 2012. All rights reserved.

Virtual Business CREATING A WEB PRESENCE Copyright © Texas Education Agency, All rights reserved.
CALEA Discussion Internet2 Joint Techs July 19, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University

CALEA Discussion Internet2 Joint Techs July 19, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University

Similar presentations

Ads by Google