Are Gmail's new advertisements in breach of CAN-SPAM?

Posted by   Virus Bulletin on   Aug 8, 2013

Marketers upset about 'emails' that you can't unsubscribe from.

A debate is happening among (anti-)spam experts on whether Gmail's new way of displaying advertisements is in breach of anti-spam laws.

It is easy to underestimate the importance of anti-spam laws. Of course, most of the spam sent today would be illegal, even without laws explicitly forbidding the sending of unsolicited bulk email. But without laws making it illegal, there would be nothing to stop any company that somehow got hold of your email address from bombarding your inbox with daily updates on their products.

As anti-spam laws go, the 2003 CAN-SPAM Act, which deals with spam in the United States, isn't the most popular among anti-spam experts. Regularly dubbed the 'YOU-CAN-SPAM' Act, it effectively makes spam legal as long as the messages are properly formatted, contain correct contact information and give the recipient the option to unsubscribe.

The CAN-SPAM Act is now the subject of a new controversy regarding Gmail's latest way of displaying ads. Google's webmail offering has recently split its inbox into five tabs, one of which is labelled 'promotions': this is where legitimate marketing email is displayed.

But right above the marketing emails, Gmail regularly places one or more advertisements. And it is these advertisements that Jordan Cohen and John Gladwell, writing for Deliverability.com, argue are in breach of the CAN-SPAM Act.

 Is the 'Vistaprint' advertisement an ad or an email?

They argue that the advertisements look like emails and behave as such: they have a subject line, an apparent From address, and a user can even forward them to others. If it walks like email and quacks like email... then it is subject to the CAN-SPAM Act. Indeed, most of the advertisements fail to provide unsubscribe links - and for those that do, it is not clear whether Google will honour the 'unsubscribe' option.

I can certainly see Cohen and Gladwell's argument. But it is also good to keep in mind that the site they write for - Deliverability.com - is aimed at email marketers, to whom it may seem that these new advertisements are taking a significant slice of their cake. What's more, Google will have a point if it argues that these advertisements weren't delivered through email and aren't stored in an email format - and thus aren't subject to the CAN-SPAM Act.

I will follow the debate with interest. But whatever the outcome, it shows that making spam illegal isn't as trivial as it may seem.

Posted on 8 August 2013 by Martijn Grooten

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.