Report Demonstrates Initial Effectiveness of Canadian Spam Reduction Law

Cloudmark's recently issued 2015 Q1 Security Threat Report demonstrates the initial effectiveness of the recently enacted Canadian Anti-Spam & Spyware Law (CASL), SC 2010, c. 23, in reducing the amount of unwanted spam in email boxes in Canada and abroad. In the 8 months following the coming into force of the law, the report notes a 29% reduction in the average amount of spam received by Canadians each month. It notes an even more significant 37% reduction in spam sent from Canada to the United States. The larger reduction in US-bound spam is unsurprising, as Canada (who was one of the last countries in the developed world to finally adopt an anti-spam law) had become a spam haven, with 78% of all Canadian spam being US bound. By contrast, only about 50% of spam received by Canadians is from the United States, which has regulated spam to some degree for many years.

With respect to Canadian-received spam, the report notes that only about 17% of unwanted spam email received by Canadians relates to fraudulent "bootleg pharmaceuticals, diet pills and adult services." This amount of spam was reduced by about 5% in the months since CASL came into force (29% overall reduction x 16% of all spam). The most marked reduction, however, was from 'grey area' marketers, which the report describes as "unscrupulous email marketers" who "grow[] their mailing lists by co-marketing or easy-to-miss opt out checkboxes." The 24% reduction in this brand of unwanted email spam (which the report terms as 'legitimate' because it is legal under U.S. spam laws) affirms that the broader approach to spam adopted by CASL is necessary to make any meaningful inroads in spam reduction. CASL adopted a definition of 'spam' that allows Canadians to decide for themselves what emails they do or do not want to receive, whereas the US anti-spam law relies on easy to abuse 'opt out checkboxes'. And Canadians have taken to the law in droves, with the CRTC receiving an unprecedented 47,000 plus complaints against unwanted emails in just the first month after CASL came into effect.

A case study in the report demonstrates more directly the difference between Canadian and US approaches to spam and their comparative effectiveness. Under CAN-SPAM, the US law, mass email lists are often generated through a process called 'co-registration', a "process of collecting an email address purportedly for one purpose while incidentally signing that email address up for additional marketing messages". This is typically done by embedding a surreptitious 'opt out' or "easy to miss" unsubscribe mechanism on other, legitimate messaging sign up processes, allowing "unscrupulous email marketers" to amass marketing lists with tens of millions of email addresses. These lists are then rented to legitimate (but still unwanted) or illegitimate marketers, depending on the company that amassed the email list, but the end result is the same - individuals receive lots of emails they do not want. This, in turn, contributes to the over $40 billion in annual time and money wasted on sorting and filtering through unwanted emails. Under the US CAN-SPAM approach, the generation and mass use of such lists is legitimate, and companies such as Frontline Direct generate millions in annual revenues by sending individuals messages they do not want to receive. Canada's approach, which de-legitimizes the 'easy to miss opt-out' mechanisms by requiring express opt-in, is far more effective at reducing unwanted spam (whether fraudulent or not) because it lets individuals decide what they do or do not want to subscribe to.