Are Gmail's new advertisements in breach of CAN-SPAM?

Posted by   Virus Bulletin on   Aug 8, 2013

Marketers upset about 'emails' that you can't unsubscribe from.

A debate is happening among (anti-)spam experts on whether Gmail's new way of displaying advertisements is in breach of anti-spam laws.

It is easy to underestimate the importance of anti-spam laws. Of course, most of the spam sent today would be illegal, even without laws explicitly forbidding the sending of unsolicited bulk email. But without laws making it illegal, there would be nothing to stop any company that somehow got hold of your email address from bombarding your inbox with daily updates on their products.

As anti-spam laws go, the 2003 CAN-SPAM Act, which deals with spam in the United States, isn't the most popular among anti-spam experts. Regularly dubbed the 'YOU-CAN-SPAM' Act, it effectively makes spam legal as long as the messages are properly formatted, contain correct contact information and give the recipient the option to unsubscribe.

The CAN-SPAM Act is now the subject of a new controversy regarding Gmail's latest way of displaying ads. Google's webmail offering has recently split its inbox into five tabs, one of which is labelled 'promotions': this is where legitimate marketing email is displayed.

But right above the marketing emails, Gmail regularly places one or more advertisements. And it is these advertisements that Jordan Cohen and John Gladwell, writing for Deliverability.com, argue are in breach of the CAN-SPAM Act.

 Is the 'Vistaprint' advertisement an ad or an email?

They argue that the advertisements look like emails and behave as such: they have a subject line, an apparent From address, and a user can even forward them to others. If it walks like email and quacks like email... then it is subject to the CAN-SPAM Act. Indeed, most of the advertisements fail to provide unsubscribe links - and for those that do, it is not clear whether Google will honour the 'unsubscribe' option.

I can certainly see Cohen and Gladwell's argument. But it is also good to keep in mind that the site they write for - Deliverability.com - is aimed at email marketers, to whom it may seem that these new advertisements are taking a significant slice of their cake. What's more, Google will have a point if it argues that these advertisements weren't delivered through email and aren't stored in an email format - and thus aren't subject to the CAN-SPAM Act.

I will follow the debate with interest. But whatever the outcome, it shows that making spam illegal isn't as trivial as it may seem.

Posted on 8 August 2013 by Martijn Grooten

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.