MSPs Get Busy Helping Customers As Canadian Antispam Law Set To Take Effect

A Canadian law intended to cut down on unsolicited email messages could have a major impact on service providers when it takes effect next week, but security experts don't believe it will have a tremendous impact on spam.

Adjustments must be made to messaging systems to meet the new restrictions or businesses risk lapses that could lead to serious repercussions, according to service provider experts helping clients address the issue. Under the new restrictions beginning July 1, businesses must gain permission before sending electronic messages to customers located in Canada. Violation of the law could result in a maximum fine of $10 million, according to the new law.

[Related: Security Expert: Industry Is Failing Miserably At Fixing Underlying Dangers ]

Some managed service providers told CRN they have been advising clients on ways to apply measures to meet the new law, including modifications to databases and CRM systems to control the volume and quality of messages being sent. Unlike the U.S. CAN-SPAM Act of 2003, which addressed marketing communication, the Canadian law applies to all messages, regardless of their intention, said Jeremy MacBean, director of business development at IT Weapons, a Brampton, Ontario-based solution provider. The U.S. law allows e-mail marketers to send unsolicited messages to users provided each message contains an "opt-out" mechanism.

id
unit-1659132512259
type
Sponsored post

The Canada Anti-SPAM law requires a similar "opt-out" function in messages and applies to email, SMS text messages, instant messages and any other electronic communication sent to Canadian citizens. Messages also must clearly identify the sender, have a valid mailing address and contact information, under the law. A provision provides some wiggle room for certain message types, such as legal notices or confirmation of a purchase of goods and services. Those exemptions are granted to personal messages, business-to-business, legal, referral business practices, and telecommunications services.

The biggest issue for service providers will be to work with smaller companies that don't have a centralized CRM or email management system in place, MacBean said. Anyone who maintains contact lists should be aware of the law. After July 1 businesses are prohibited from contacting customers to gain permission, he said.

"IT is directly involved because new software and auditing tools are now required for everyone to stay compliant," MacBean said.

NEXT: Spam Out Of Control, Despite U.S. Law

The country contributing the most to the spam and phishing problem is the U.S., according to the June 2014 threat report issued Wednesday by Intel Security (formerly McAfee). The security vendor said the U.S. holds the title for hosting the most phishing URLs with 55 percent of them globally. The U.S. also sends out the most spam, accounting for 37 percent of all spam URLs.

Security experts say the security industry has been good at filtering out spam but they warn that the unwanted messages pose a traffic strain on the Internet backbone, with some ISPs reporting nearly 99 percent of email traffic identified as spam.The Spamhaus Project, an international organization that tracks email spam and maintains block lists used by security firms and ISPs, considers the U.S. CAN-SPAM act and other attempts to regulate -- rather than ban -- the practice a mistake because they often lack an enforcement mechanism.

Speaking at a security conference this week, Eugene Spafford, a noted computer security expert and professor of computer science at Purdue University, said he feels that the growing amount of spam and the phishing attacks and malware that it spreads is reaching a breaking point.

’The load is continuing to increase every year and it's huge amounts of wasted bandwidth and disk space," Spafford said." All indications point to it not getting better at all."

IT Weapon's MacBean calls the Canadian law admirable in its intentions. For example, an IT Weapons analysis of one of its client's email systems found only 3 percent was legitimate business email. The rest of the inbound traffic was caught in spam filters, he told CRN.

"The spirit of the new CASL legislation is admirable: to protect people and businesses from the growing problem of spam and malware and phishing scams inundating our inboxes," MacBean said. "Asking businesses to take better care in managing their databases and controlling the volume and quality of communication is a good thing."

Expect true spammers to ignore the law, MacBean said. "We all know the real bad guys never cared about existing privacy and legal constraints when they sent their junk mail, spam, phishing scams from ghost addresses, and off-shore domains," he said.

The current CAN-SPAM act in the U.S. is consistently ignored or not adhered to properly, said Jeremy Scott, a senior research analyst at Solutionary, a managed security service provider subsidiary of NTT Group. The Canadian rules will likely get the same treatment, said Scott, adding that legitimate marketers have been able to use subtle ways to skirt the U.S. law.

"Unsolicited emails hit our inbox every day," Scott said. "The actual problem is not the law or act but the lack of enforcement of such a law."

PUBLISHED JUNE 25, 2014