Australia tables anti-spam law

The legislation will fine businesses up to AU$1.1m a day for sending spam

New anti-spam legislation has been introduced into Australia's House of Representatives that allows for penalties of up to AU$1.1m (£0.46m) per day for sending spam, and Senator Richard Alston has called on the United States to follow suit with similar legislation.

The Spam Bill 2003 will apply to spam that originates in Australia, and contains a flexible sanctions regime that includes warnings, infringement notices and court-awarded penalties. The Minister for Communications, Information Technology and the Arts, Senator Richard Alston, said the legislation was part of a "multi-layered" approach and was meant to complement the use of email filtering software.

Alston acknowledged that the vast majority of spam originates overseas. "The bulk of spam seems to originate in the US, and if the US goes down the same path as us by adopting an opt-in model, then I think that will make a very big difference," he said. "But in the meantime we can only do what's possible within Australia, but of course in combination with users helping themselves."

The legislation has won the endorsement of the Internet Industry Association, and chief executive Peter Coroneos said the Spam Bill incorporated most major elements the industry has pushed for, and reflected best practice standards the Association had defined for its own members.

"It will position Australia as one of the first countries anywhere to enact national anti-spam legislation, and marks another milestone in the continued battle against spam," said Coroneos.

Spam causes numerous problems for the online community, including sending pornographic and offensive content to minors. The cost of spam to businesses has been estimated at an annual AU$900 per worker, in addition to the dangers of being sued by an employee over the content of the spam they receive.

Spam can also contain malicious code such as viruses and worms, and clogs bandwidth, with estimates that it now accounts for at least half of all email sent. Since many spam messages contain a fake "from" address, through a process called spoofing, businesses that have had their address stolen have found themselves on the receiving end of a barrage of rejected email and complaints, using large amounts of bandwidth that has to be paid for.

The new legislation will be enforced by the Australian Communications Authority, according to Alston. "There's the capacity for them to have infringement notices issued," he said. "They can go to the Federal Court if necessary to take action against serious or repeat offenders so there will be a series of levels at which these matters can be dealt with."

"But legislation in itself has a very significant deterrent effect, and I think that's the key message that we want to put across at this point," said Alston. "We're not so much interested in prosecuting people as stopping spamming, and if we can stop it by deterring them with serious penalties and an effective enforcement regime then I think we'll achieve our objective."

The bill specifically states that if a person sends spam by mistake, they won't be subject to the penalties. The legislation also allows for legitimate email marketing, and there will be a 120-day grace period after the legislation gains royal assent for businesses to bring their practices in line with the legislation.

Key features of the legislation include:

  • An opt-in regime for commercial electronic messaging firmly based on the principle of consent;
  • A requirement for accuracy and a functioning unsubscribe facility;
  • A ban on electronic address harvesting tools, their use for the purposes of spamming, and harvested address lists;
  • Support for the development of appropriate industry codes, and
  • A flexible and dynamic civil sanctions regime including warnings, infringement notices and court-awarded penalties. The courts can also compensate those who have suffered losses, and recover the financial gains made by spammers.
  • For a first offence, an individual could be liable for up to a total of AU$44,000 for contraventions on a single day, while an organisation could be fined up to AU$220,000 in a day;
  • Repeat offenders will be penalised at a higher scale, up to a maximum of AU$220,000 payable for a each day of spamming by an individual and up to AU$1.1m per day for an organisation;
  • There will also be smaller "spot fines" issued through infringement notices, or for formal warnings to be issued in cases where a court action isn't warranted.