By accessing cauce.org you do not have permission to send messages containing offers, promotions, or marketing of any kind to any email address posted on this site.
Posted at 00:00 in Frequently Asked Questions, Legal, Technology, Warnings, World | Permalink
May 2005 Stopping Spam: Creating a Stronger, Safer Internet Task Force on Spam
May 2005 Recommended Best Practices for Email Marketing Task Force on Spam
December 15, 2010 An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act
(Canada's Anti-Spam law / CASL)
April 13, 2011 Order Fixing April 1, 2011 as the Day on which Certain Provisions of Chapter 23 of the Statutes of Canada, 2010, Come into Force
June 30, 2011 Telecom Notice of Consultation CRTC 2011-400
March 28, 2012 Electronic Commerce Protection Regulations (CRTC) Telecom Regulatory Policy CRTC 2012-183
August 20, 2012 Enforcement Agencies Roles and Responsibilities
October 10, 2102 CRTC encourages businesses to start preparing for Canada’s anti-spam legislation
October 10, 2102 Compliance and Enforcement Information Bulletin CRTC 2012-548
October 10, 2102 Compliance and Enforcement Information Bulletin CRTC 2012-549
October 22, 2013 Memorandum of Understanding for Cooperation, Coordination and Information Sharing
December 04, 2013 ELECTRONIC COMMERCE PROTECTION REGULATIONS (Industry Canada) 81000-2-175 (SOR/DORS)
December 04, 2013 Order (Industry Canada) 81000-2-1795 (SI/TR)
December 04, 2013 Regulatory Impact Analysis Statement (Industry Canada)
December 04, 2013 Explanatory Note (Industry Canada)
December 04, 2103 CASL Frequently Asked Questions (FAQs) Industry Canada
December 18, 2013 Electronic Commerce Protection Regulations published in the Canada Gazette Vol. 147, No. 26
December 18, 2013 Canadian Radio-television and Telecommunications Commission (CRTC) Canada’s Anti-Spam Legislation #CASL Frequently Asked Questions (FAQ)
May 07, 2014 Canadian Radio-television and Telecommunications Commission CASL FAQ
June 15, 2014 Canadian Radio-television and Telecommunications Commission Permission Inforgraphics
May 01, 2015 Anti-spam law’s changes to Canadian federal privacy law: A guide for businesses doing e-marketing
UNOFFICIAL
CAUCE Director Shaun Brown, of nNovation Barristers & Solicitors LLP CASL Compliance Readiness Documents:
Last week we heard of yet another egregious security breach at an online provider, as crooks made off with the names, address, and birth dates of eBay users, along with encrypted passwords. They suggest you change your password, which is likely a good idea, and you better also change every other place you used the same password. But that's not much help since you can't change your name, address, and birth date, which are ever so handy for phishing and identity theft.
Continue reading "Why do we accept $10 security on $1,000,000 data?" »
The Internet offers consumers a vast global marketplace, which is really cool. Personally, I like rare audio recordings by obscure artists, and the net comes to the rescue more often than not. And talk about the savings! I recently purchase a television wall-mount for 60% less than Costco wanted for the same item! Yay me.
But at the same time, we see an endless stream of scams, and hacks, and other problems. One of the perennial things is snake oil. The term usually defines useless stuff pretending to be medicine, and is historically attributed to hucksters who sold the stuff door-to-door in the early 1900s (As an aside, an interesting historical note: Harlan Sanders sold his chicken recipe door-to-door until self-promoting himself to Colonel and making the big-time with Kentucky-fried poultry).
This snippet from Wikipedia refers to one of the first lawsuits against snake oil vendors:
The composition of snake oil medicines varies markedly among products.
The United States government in 1917 tested Stanley’s snake oil—produced by Clark Stanley, the “Rattlesnake King”. It was found to contain:
- Mineral oil
- 1% fatty oil (presumed to be beef fat)
- Red pepper
- Turpentine
- Camphor
This is similar in composition to modern-day capsaicin-based liniments or chest rubs.
None of the oil content was found to have been extracted from any actual snakes.
The government sued the manufacturer for misbranding and misrepresenting its product, winning the judgment of $20 against Clark Stanley. Soon after the decision, "snake oil" became synonymous with false cures and "snake-oil salesmen" became a tag for charlatans.
But of course, those were the olden days, and people would be so foolish in these sophisticated times, now would they?
Well, witness the backlash to Anti-vaxxer Jenny McCarthy, who asked a simple question on Twitter, and got an earful of venom sent back to her.
Jenny McCarthy asks Twitter a question and gets schooled on her anti-vaccination nonsense - National Post March 17, 2014
"Dr." Jenny McCarthy
Witness the backlash live on Twitter - check out the hashtag #JennyAsks
As well, famous television weight loss snake oil scammer Kevin Trudeau was recently convicted and sentenced to ten years in prison for defrauding his victims.
Kevin Trudeau Sentenced to 10 Years In Prison - NBC, March 17, 2014
"Dr." Kevin Trudeau
Someone suggested to me that ‘"The Weight Loss Cure They Don't Want You to Know About" is probably prison food, which should keep Mr. Trudeau nice and slim for the next decade.
I subscribe to a newsfeed published by the United States Food and Drug Administration (FDA) and I was taken aback at how many actions they have taken against Snake Oil, mostly online sales, in these past three months. As you can see, pills for weight-loss, and what is euphemistically referred to as ‘men’s health’, are extremely popular.
Most of this garbage can even be readily found at legitimate on-line retailers like eBay and Amazon; a healthy dose of skepticism is what you need when buying a potentiation to make your belly smaller, or your body-parts larger.
One great source of information is Montreal’s McGill University’s Office for Science & Society run by Dr. Joe Schwarcz. He devotes his career to solid, science-backed advice on healthy living and debunking snake oil salesmen, kind of like the James Randi of the food and health set.
We encourage you to check out Dr. Joe’s website here, his Facebook page here, and his radio show here.
As the character Sergeant Phil Esterhaus used to say on Hill Street Blues: "Let’s be careful out there!"
There are loads of good reasons why you might want to require an address, and confirm it, when someone is signing up for your WIFI service.
However, one of them is NEVER ‘so we can send you unwanted spam’. Like this one :
I encountered this silly approach to ’growing a marketing list’ at the Westin Market Street in San Francisco recently, and since I figured the sign-up might be tied to my room, and disallow repeat attempts, I gave them a real address. As it turned out, I could have entered FredFlinstone@bedrock.com since they didn’t actually confirm the address …
So what has the Westin accomplished? They are forcing people to give the a ton of bad addresses, most of which will bounce, the rest of which will complain about any mail being send to them as spam, and rightly so.
What a dumb policy. I told the conference organizers about this, so they could take it up with management. We’ll see what happens next year, same time, same place.
Posted at 16:05 in Legal, United States, Warnings | Permalink
Speaking as a Canadian, Sochi was pretty nice. However, in terms of cybercrime, NBC recently published a report which sums it up pretty well :
Skilled, Cheap Russian Hackers Power American Cybercrime
The following clip is from a remarkable documentary called ‘Thieves by Law’ about the Russia organized crime syndicates and their relationship with the Russian government, which is pretty stunning in its assertions.
Posted at 21:08 in Frequently Asked Questions, Legal, Warnings, World | Permalink
Long-time Anti-spammer & Publisher of MainSleaze Catherine Jefferson Discusses CASL and its Impact on Mainstream Marketers
In early December 2013 the Canadian government announced that the 2010 Canada's Anti-Spam Law (CASL) will go into effect on July 1, 2014. Although this law covers considerably more ground than just unsolicited bulk email (spam), it is very good news for those who fight spam, and especially good news for those of us who fight spam by otherwise legitimate companies. The reason? CASL requires (with some limited exceptions) that recipients of bulk email give explicit consent to receive the email before it is sent. In other words, CASL requires opt-in. Unlike the U.S. CAN-SPAM law and many other laws in many other countries, CASL actually forbids most spam.
CASL also has teeth. Violations of the CASL opt-in requirement can draw fines as high as $10 million Canadian per infringing email. By all appearances, the Canadian government agencies responsible for enforcement of CASL are prepared to enforce the law vigorously.
CASL applies to “criminal spammers” — the sorts of spammers that use botnets and compromised servers to advertise quack medications, controlled substances, fake luxury goods, or solicit help to move large sums of money out of Africa in return for an up-front fee. I do not expect CASL to be of much assistance reining in criminal spam, however, because I do not expect criminal spam gangs to obey CASL or pay CASL fines. Such spam gangs are often located in countries that offer them safe havens from law enforcement, and the identities of the people that run them are unknown. Other methods than CASL or anti-spam laws (such as blocklists, spam filters, and Interpol) are needed to fight that type of spam.
CASL also applies to what I call mainsleaze spammers — legitimate companies and organizations that use their own IPs or legitimate email service providers (ESPs) to offer legitimate goods and services. Legitimate companies sometimes break the law, but they do not often ignore it entirely. If prosecuted or sued, they and their attorneys normally appear in court to defend themselves. Legitimate companies also send a great deal of solicited bulk email mixed in with the spam, so IP or domain blocks and spam filters cause significant and sometimes-unavoidable false positives. Properly-written and properly-enforced anti-spam laws can target only the spam and be used to punish those who send spam without blocking email that people asked to receive.
A number of people with legal backgrounds have posted blogs detailing the provisions of CASL. I know spam better than I know the law, so I took a look at how this law might apply to a number of actual spams that I have received if either the sender or I were Canadian. Below I discuss four cases where one or more spams was sent either to my spamtraps or to a personal email address of mine. Each of the spams that I discuss was sent by a legitimate U.S.-based or multinational corporation via either their own IPs or a legitimate email service provider (ESP).
Telecommunications Giant: Selling Internet & TV Service: In October 2011, a U.S. telecommunications company spammed an email address at a domain of mine that has never had a legitimate email address, advertising its all-in-one TV and Internet package. This email violated CASL. If the company sends a similar email to a Canadian citizen after July 1, 2014 and the citizen reports it, they face a stiff fine.
Social Networking Site: Sent Invitations to Non-Members. In early 2012 a large social networking site sent repeated invitations, and reminders, to an email address of mine that did not belong to that social network. After some pressure, the site added an opt-out mechanism, but to this day most social networking sites continue to send invitations to non-members. These emails violate CASL. If the company that spammed me continues to send invitations to Canadian citizen non-members after July 1, 2014 and one reports it, they face a stiff fine.
Large Software Company: Selling its Newest Product. In late 2011 a major software company spammed a pristine spamtrap with an advertisement for the new release of its flagship product. The email violated CASL. If the company sends an email to a Canadian citizen after July 01, 2014 they face a stiff fine.
Gourmet Food Company: “Opting-in” customers who previously opted out. I occasionally shop online at an internationally-known gourmet food company. When I first bought from them, I opted out of all offers after the first arrived in my inbox. Since then, I’ve shopped there four times. *Each* time I was opted back in and started to receive offers again, despite repeated opt-outs. As best I can tell, this practice violates CASL. If after July 01, 2014 the company continues to re-opt-in Canadian customers who opted out each time they place an order, they face a stiff fine, in addition to loosing customers. (I’ve found somewhere else to buy goodies.)
You would think that companies that obey the laws would also be open to appeals to ethics and simple good manners, but I have found that this assumption is incorrect entirely too often. The companies whose spam I discuss above generally respect the law. Nonetheless, all three of them also demonstrated a fundamental disrespect for the right of individuals to choose whether to receive that company’s email advertisements or not. Unlike many people, I know how to determine who sent me an email. I know who to complain to, and how to complain effectively. I also have a forum where I can complain and be heard: the Mainsleaze Spam Blog. That did not prevent two of these companies from spamming me repeatedly.
These spams illustrate the often-frustrating fact that the threat of loosing customers or potential customers is not enough to prevent some companies from spamming. Marketers assume that if they target their advertisements properly, most people that they target will want to receive their offers whether they asked for those offers or not. Many marketers are convinced (rightly or wrongly) that, if they spam, they will sell more goods and services than they will if they do not spam. VPs of marketing and CMOs who think this way often carry the day with company presidents and CEOs, who must answer to their boards of directors when profits or the company’s stock price drop.
Many ESPs have strong antispam policies. Some of these ESPs enforce those policies effectively and consistently. At the end of the day, though, all ESPs depend upon the companies that mail through them to keep them in business. So, when companies are under pressure to spam, their ESPs are under pressure to help them spam or at least to look the other way.
Fortunately good laws can bring their own financial pressures to bear. Legitimate companies do not like to pay substantial fines any more than individuals do. As the saying goes, $10 million here, $10 million there, and pretty soon you’re talking about real money. If companies and ESPs believe that they are likely to be prosecuted and face fines that top out at $10,000,000 Canadian dollars per email, most will stop spamming, even those who are otherwise willing to spam.
CASL also allows non-Canadians to complain about spam that they receive from a Canadian company, although it defers to the spam laws in the recipient’s country. Canadian investigators and prosecutors are expected to act on these complaints, extending the reach of CASL outside of Canada’s borders. As an American who deals with spam, I am most grateful to Canada for helping provide me a level of protection against being spammed by companies that my own government doesn’t, under CAN-SPAM.
CASL isn’t perfect. It has built-in grace periods for many opt-in requirements (see FAQ => About the Law => Regardless of the date set for coming into force, will there be a phase-in period for compliance…), periods that exempt mailers from the full rigor of those requirements for as long as three years in some cases. Given that the law was passed in 2010, I have to wonder whether mailers really need this much time to bring their practices into compliance with CASL. It shows too much respect for the much poorer antispam laws in other countries. It also exempts some political and non-profit organizations that I believe it should cover. As with all laws, its effectiveness also depends on how well it is enforced.
However, Canada’s Anti-Spam Law is far and away the best national anti-spam law that I’ve read yet. Kudos to the many legislators, legislative assistants, consulting attorneys, and (not least) antispam activists who made it happen.
Catherine Jefferson wrote the first spam-filtering software package, SpamBouncer in 1996.
Posted at 09:00 in Canada, Legal, Prognostication, Warnings | Permalink
Tags: canada's anti-spam law, casl, mainsleaze, spam
There is no silver bullet, and there is no panacea.
Confirmed Opt-In is not the only way to do email marketing with permission. Permission can take many forms.
I just received this email ostensibly from business reputation firm Dub & Bradstreet. The fact that I don’t actually have a business at present time didn’t escape me, but the verbiage of the email is compelling, and I can see why someone might inadvisedly click on the attachement
I carefully saved the attachement and went over to VirusTotal and uploaded it there. No suprise, it is malware. See for yourself
Looking at the headers we see that this was sent from an IP in Mexico, presumably not a sending platform used by D&B
Received: from fixed-189-17-231.iusacell.net (fixed-189-17-231.iusacell.net [187.189.17.231] (may be forged))
inetnum: 187.188/15
status: allocated
aut-num: N/A
owner: Iusacell PCS de Mexico, S.A. de C.V.
ownerid: MX-IPMS2-LACNIC
responsible: Rafel Rodriguez Sanchez
address: Montes Urales, 460, Col. Lomas de Chapultepec
address: 11000 - Mxico - DF
country: MX
phone: +52 55 51095068
owner-c: CHD
tech-c: CHD
abuse-c: CHD
inetrev: 187.188/15
nserver: GWIUSACELL.IUSACELL.COM.MX
nsstat: 20131119 AA
nslastaa: 20131119
created: 20111208
changed: 20120604
The From: is alert@dnb.com and D&B has SPF records, but does not publish firm -all assertions which would allow a receiving system to reject such mail with 100% confidence and so we see this result:
Authentication-Results: iecc.com; spf=softfail
dig://dnb.com;debug=0;querytype=TXT
; <<>> DiG 9.8.3-P1 <<>> dnb.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25745
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;dnb.com. IN TXT
;; ANSWER SECTION:
dnb.com. 300 IN TXT "v=spf1 mx ip4:68.233.77.18 ip4:72.19.252.170 ip4:202.129.242.64/31 ip4:204.14.232.64/28 ip4:204.14.234.64/28 ip4:96.43.144.64/31 ip4:96.43.148.64/31 ip4:182.50.78.64/28 ip4:220.130.152.173 ip4:204.92.22.200/30 " "ip4:12.129.29.143 ip4:158.151.208.120/31 ip4:158.151.214.66/31 include:alerts.wallst.com ~all"
;; Query time: 100 msec
;; SERVER: 10.0.1.1#53(10.0.1.1)
;; WHEN: Thu Nov 21 09:07:43 2013
;; MSG SIZE rcvd: 342
Posted at 12:13 in Frequently Asked Questions, Technology, Warnings | Permalink | Comments (0)
On Saturday, October 26, around 9:00 a.m. in the morning, The American Direct Marketing Association sent out an email to a list that was clearly purchased. It was sent by way of Yesmail, data broker InfoUSA’s email wing.
Here’s the payload of the spam:
We know it to be spam to purchased lists because it was sent to ‘tagged’ addresses, single-purpose addresses used at only one place. Chief Marketer (directnewsline / pbinews.com / primedia.com aka Penton Media) were involved in selling or renting their subscriber lists, The DMA in mailing to them, and Yesmail in facilitating the emailing. This is not the first spa, seen at these aliases, Aviationweek.com also spammed them in September.
Here’s the funny bit, they claim recipients were interested in, or members of The DMA. That’s an outright lie!
You received this email message at redacted@munged.com due to your membership, participation, or interest in DMA.
In fact, not only did the DMA spam several people at CAUCE, but they also managed to spam Steve Linford, the CEO of Spamhaus, the world’s most well-used anti-spam blacklist. Spamhaus wrote about the issue, here. The DMA should know better than to rent of purchase lists; the provenance of permission is always lousy. The only way to properly advertise your goods and services on someone else’s list is to have them place your creative in with their regular mailings.
The spam run precipitated in four Yesmail IPs getting listed on the SBL (Spamhaus Block List)
2013-10-27 02:00:19 GMT | yesmail.com |
Spam Source (email-dma.org / thedma.org / the-dma.org) (U.S. Direct Marketing Association) |
Posted at 10:05 in Legal, News, United States, Warnings, World | Permalink | Comments (0) | TrackBack (0)