Will bill kill spam?

Singapore looks set to join the ranks of Australia and the United States in battling unsolicited e-mail with its draft spam bill. But just how effective is legislation in fighting spam?

E-mail spam has become such a problem that various governments worldwide have attempted to push legislation as a way to curb its growth momentum. But if the U.S. CAN-SPAM Act is anything to go by, government intervention may not be all that effective.

Authorities in Singapore recently called for a second consultation of its proposed Spam Control Bill. The first was made in May 2004.

Under the proposed law, victims can take legal action against alleged spammers if they are able to prove they suffered damages as a result of the spam e-mail. The draft bill also recognizes mobile devices as a delivery platform for spam.

Singapore is just one of several nations including the United States and Australia, initiating assaults on spam.

According to Symantec's eighth biannual Internet Security Threat Report, spam constituted 61 percent of e-mail during the first half of 2005.

Likewise, data from Ironport showed that 69 percent of all messages in the month of August were spam.

Logistics and transportation company UPS estimates that it receives between 2.5 million and 3 million spam e-mail a week across its offices worldwide.

The company uses an "outsourced solution provided by one of the industry's leading vendors", which successfully filters about 90 percent of spam e-mail before they reach employees, said Donna Barrett, UPS corporate office's technology public relations manager, in an e-mail interview.

In Singapore, hospital chain Parkway Group Healthcare logs 300 spam e-mail per day from its 800 e-mail user accounts, said its general manager Kenneth Thean, who noted that his company does use an antispam software.

Andrew Sansom, director of DP Search, estimates that each PC in his Singapore office receives five to 10 spam e-mail a day. A recruitment agency specializing in the IT and finance industries in Southeast Asia, DP Search uses Symantec's Norton AntiVirus but does not set a high level of antispam protection.

The nature of his business makes the company vulnerable to more unsolicited e-mail, Sansom noted, but setting its antispam tool at a high level could filter out legitimate e-mail from genuine job-seekers.

"We don't throw the baby out with the bath water," he said.

Will legislation work?
With spam fast becoming a pesky part of business electronic communication, it is not surprising that governments worldwide are starting to look at legislation as a way to curb its growth.

But tech lawyer Siew Kum Hong pointed out that Singapore's revised draft bill is as yet an antispam law since it seeks to regulate, but not prohibit, unsolicited commercial electronic messages.

A director of Singapore law firm Keystone Law, Siew noted that while Internet service providers and victims of spam can sue alleged spammers, the proposed law does not make spamming a criminal offence.

ZDNet Asia polled online readers for their take on whether Singapore's draft spam bill would be effective in ridding spam. Of the 83 responses, 67.5 percent indicated that spam cannot be completely eradicated, whether or not there is legislation in place.

Only 10.8 percent felt that the bill would be effective against spam, while 21.7 percent said

changes needed to be made in order for the bill proposed law to be effective.

Shortly after the United States government implemented its CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act on Jan. 1, 2004, the Pew Internet & American Life Project released a report which indicated more users have reduced their overall use of e-mail because of spam, as compared to June 2003, before the Act came into effect.

Another Pew Internet study conducted early this year, found that users reported an increase in the number of spam e-mail received, although fewer users--22 percent--said spam had reduced their overall use of e-mail.

A study conducted by antispam company MX Logic, also suggests that the U.S. legislation has not been too effective.

Lydia Leong, Asia-Pacific research director at Gartner, noted that countries such as Korea, which had been primary original sources of spam, had "successfully passed and enforced strict antispam laws, and reduced their spam on a temporary basis."

"South Korea, however, remains one of the biggest sources of spam in the world, and spam volumes overall are growing," said Leong.

As a result, antispam legislation enacted in other countries may not be effective.

Said DP Search's Sansom: "Legislation when used in the context of Singapore, does not always help because 98 percent of spam attacks originate from outside of Singapore, and are therefore not influenced by local laws and practices."

According to the Symantec report, 61 percent of spam during the first six months of 2005 originated from North and South America, while Asia contributed 23 percent of total spam.

The top five origin countries of spam for August, as captured on Ironport's report, are the United States, China, Korea, Brazil and Great Britain.

UPS' Barrett added that the magnitude of the spam problem makes it challenging to enforce legislation. There are also grey areas in the definition of spam.

"Differentiating between what is a legitimate marketing effort and what qualifies as spam, is often very subjective," she said.

Because it is clear that the spam problem spans across various countries, several governments are starting to recognize that a bigger ecosystem has to be established to eradicate spam.

Twelve Asia-Pacific government agencies, for instance, have joined forces in their efforts to fight spam. Australia, the United Kingdom and United States, last year have also inked an agreement of their own to battle spam.

But the countries have each adopted different approaches to controlling spam. While Australia and the United Kingdom chose the "opt-in" approach, the United States and Singapore have adopted the "opt-out" method which puts more responsibility on the individual user.

Whichever the methodology, it remains to be seen if legislation will indeed be effective in completely eradicating spam.

But as Keystone's Siew concludes, legislation plays "a key part of the solution" and good effective legislation is a step nearer to deter errant spammers.