Friday, 11 September 2009

India Needs an AntiSpam Law

The Problem
I dread it whenever I have to enter my email address at an Indian ecommerce site. It's mandatory if I am buying something, and I do it reluctantly. After the product is bought, I go to the My Account link if there is one on the site and unsubscribe from all marketing notifications (because most of the times they do not bother to tell you at the time of registering or entering your email address that you have been autosubscribed to such mails).
Note that I do not mind receiving notifications from system administrators and mails related to the delivery of the product I bought. But I do not want to keep on receiving general mails about things I am not interested in.

The inevitable happens after a couple of weeks. I get emails from the site offering me discounts on new products, new deals; in short, commercial email. Unsolicited – because I did not opt in. And in some cases I opted out explicitly. In other words, Spam. Some of these mails have an Unsubscribe link at the bottom. After you have apparently 'Unsubscribed' using the said link, one of the following things happen -

1. Similar mails keep coming, with the same Unsubscribe link. Most of these links are just mailto: links as opposed to an http: link. An http: link usually means it’s a mailing list manager software, which actually works. But a mailto: link more often than not means that somebody has to manually do the removal. Which does not happen.

2. The Unsubscribe mail bounces. Either because the Unsubscribe mailbox does not exist (Surprise!) or it has exceeded its quota because people keep on Unsubscribing and nobody reads or deletes them (Surprise!)

Here are some sites that do not have a working Unsubscribe link in their emails. All my efforts to Unsubscribe from their unwanted mails have failed. Most of these are commercial sites I use regularly.

http://www.sulekha.com
http://www.pvrcinemas.com
http://www.citibank.co.in (These guys take the cake as far as repeated requests to remove my address and repeated responses that they have done so and the and sorry-sir-it-won't-happen-again routine are concerned)
http://www.siliconindia.com
http://www.indiaplaza.in
http://www.bookmyshow.com

At this point I would distinguish between two kinds of spamming -

1. The kind I describe above. You cannot mark them as spam since you might be getting legitimate mails from the same address in future (like when you buy another product and there is a confirmation) and cannot afford to miss them.


2. The 'normal' spam that you get everyday in your junk mail folder. All mail providers detect and mark them as spam automatically. These are sent by people whose only job is to spam others, usually sitting in a country whose laws are lenient enough to allow it.
To start with, ecommerce sites need to understand that giving my email address for a necessary purpose does not imply that it entitles them send any email to that address.

My email address has a privacy status similar to my telephone number.

It’s like calling up someone every week with irrelevant news just because you happen to have their phone number. (On a related note, the Indian NDNC – National Do Not Call Registry – is a step in the right direction as far as controlling whom telemarketeers in India can call is concerned).

How do other countries deal with this?

Almost all progressive countries have laws and directives dealing with this explicitly.

EU : http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications
Aus : http://www.dbcde.gov.au/online_safety_and_security/spam
NZ : http://www.dia.govt.nz/DIAwebsite.nsf/wpg_URL/Services-Anti-Spam-Index
US : http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003

Here is a more comprehensive list maintained by SpamLinks.
http://spamlinks.net/legal-laws.htm#country

More…

Then there are the ISPs (Internet Service Providers).

I have a Tata Indicom broadband connection. From time to time, these guys feel I need to know about their latest antivirus offerings, or some cool deal they have for the festive season. These mails don't even have an Unsubscribe option. When I call them up and ask to be removed from receiving these mails, the customer service people are initially clueless, and on further pressing inform me that these mails are to keep me informed. Er, what? And what if I don’t want to receive them? They say they cannot remove my email.

India needs an enforceable AntiSpam law, and now.

The Indian IT Act of 2000 and its 2008 Amendment:

Disclaimer: I am not a lawyer nor do I claim to understand law well. The views below are based on a reading and an attempt to understand publicly available documents.

The only section in the Indian IT Act – the only law in the country that deals with cyber offences – that I could find dealing with unwanted email is Section 66(A).
        any electronic mail or electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the addressee or recipient
about the origin of such messages

Section 66(A) does not even begin to address the spam problems I describe above.

Either the existing law needs to include sections for dealing more specifically with spam or we need a standalone set of laws for making this kind of unsolicited email criminally prosecutable.

6 comments:

  1. Gmail provides an easy way to take care of this. if your email account is talonx@gmail.com, you can enter talon.x, t.alonx, tal.onx etc as valid gmail ids. Just create a filter that transfers any email to spam and you're done. Specific emails ( like ticket confirmation etc) you can easily go to the spam filter and get.

    Works for me!

    ReplyDelete
  2. @Satya - Yes, that might be a workaround for specific cases. However, I want to address the more general problem of privacy violation. The ubiquitousness of email makes it so easy to send junk that we have almost come to accept it as routine. We don't, however, accept it so easily for unsolicited calls on cellphones - so why for email?

    ReplyDelete
  3. Take my advice and don't enter your main email ID into any site. What I do is I have another email ID which isn't useless, but isn't my primary one either. Then you won't be flooded with spam all the time.

    Also, never click an "unsubscribe" link. Spammers use it to confirm that the email ID is working! So instead of not getting any more emails, you get many many more. I learn this in the early days of the web.

    Also, the first commenter has a good way to deal with spam. But in my opinion, why expose your mail ID at all? And don't put it anywhere on your website either as a "Contact Me" link. Use a form that submits to a server for that.

    ReplyDelete
  4. @Bhagwad : Regarding having another email address for such things - that is a workaround, not a solution. Also, the second and third points you have mentioned are completely valid. But they are what I call 'regular' spam, slightly different from the first type.

    ReplyDelete
  5. thanku for sharing...
    Hadoop training in hyderabad.All the basic and get the full knowledge of hadoop.Hadoop online training
    With the technological advancements professionals and learners need to keep themselves updated and match the pace. For an example, sorting and tracking Big Data requires enough skilled man power.

    ReplyDelete
  6. your website is so impressive ,its a great pleasure to read the post in your blog SAP HANA Training in Hyderabad

    ReplyDelete