The Spam Phenomenon

Joanna Loy examines a range of responses to a phenomenon that bedevils users of computers and mobile phones


‘EASILY-LOSE-25LBS-A-MONTH’, ‘theMedsYouNeedAtPricesYouWant’ and ‘Hot Stock Alert’ - Sound familiar? Most, if not all of us, have received unidentified and unsolicited e-mails or mobile short messaging services (‘SMS’) from strangers and unknown corporations on wide-ranging topics ranging from weight loss to stock tips.


Such unidentified and unsolicited messages are more commonly known as spam. Spamhaus, an international non-profit organization established to combat spam, defines spam as a message where ‘the recipient’s personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; and the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent’. Thus a message is spam only if it is both unsolicited and bulk.


The dangers of spam cannot be overrated. Between a third to two-thirds of spam is sent from ‘hijacked’ computers, a factor which makes tracing and prosecuting spammers far more difficult. Since spam is often used as a vehicle to spread viruses, fraud scams and phishing, it has resulted in an adverse impact to the internet community, resulting in the lack of effectiveness and security in communication and jeopardising the business community at large.  Research set out in an article in PC World dated 22 February 2007 predicts that by the end of 2007, up to 80% of all e-mails will be spam. This translates into an estimated cost of US$25 billion to the global economy due to time spent in identifying and deleting unsolicited messages.


One way to tackle the problem is through legislation. For instance, the United Kingdom ("UK") enforced the Privacy and Electronic Communications Regulations (“Regulations”) in December 2003 implementing the EU Directive on Privacy and Electronic Communications, which prohibits the sending of commercial e-mails, including SMS and multimedia messages, without the recipient’s prior consent. This is termed as the “opt-in” approach, which forbids spam unless an individual has elected to receive it.


A notable weakness of the Regulations is that they do not cover business e-mail addresses. In other words, the Regulations do not stop spam from being sent to work e-mail addresses. Further, despite the fact that equivalent laws have been enacted throughout the EU, the Regulations apply only to spam that originates from the UK. A person who intends to sue a spammer must show damage and claim compensation for that damage – as opposed to claiming the cost of dealing with the spam received in their inbox.


A breach of any enforcement order issued by the Information Commissioner (the body responsible for the enforcement of the Regulations) is punishable by a fine of up to £5,000 in a magistrate’s court, or of an unlimited amount in a trial before a jury.


Critics such as Spamhaus have argued that the sanctions in the Regulations are inadequate as a deterrent against spamming. In comparison, Italy has enacted tough anti-spam legislation that renders spamming a criminal offence punishable by imprisonment of up to three years and heavy fines against persistent spammers.


The United States (“US”) on the other hand, has adopted the “opt-out” approach by introducing the Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM”) Act of 2003 which requires unsolicited commercial e-mail messages to be labeled and to include opt-out instructions and the sender’s physical address. The “opt-out” approach simply means that a person would have to ask to be removed from a particular mailing list. This is less strict than the “opt-in” approach adopted by the European Union legislation.


Further, the CAN-SPAM Act bans the sending of fraudulent e-mails or unmarked sexually oriented e-mails and provides for civil and criminal sanctions for spammers who breach these rules. The penalties include fines of up to US$6 million and imprisonment of up to five years.


A report published by the Federal Trade Commission (“FTC”) on the “Effectiveness and Enforcement of the CAN-SPAM Act”, based on research provided by an e-mail filtering firm, revealed that spam accounted for 67% of traffic through its system for the first eight months of 2005, down 9% from the previous year. The FTC also reported that studies from other countries, including Canada and Finland similarly showed a decrease in the amount of spam reaching consumers’ inboxes. This was largely attributed to the enactment of anti-spam laws and better technology to control spam.


It is doubtful however whether such initial progress has been maintained. According to Spamhaus statistics as at 7 March 2007, the US tops the world’s worst spam origin countries with 2,034 current known spam issues, followed by China with 386.


Closer to home, Singapore has enacted the Spam Control Act 2007 ("Singapore Act") which came into effect on 15 June 2007. The Singapore legislators have elected to follow the “opt-out” approach adopted by the US CAN-SPAM Act.


The Singapore Act contains guidelines that are reasonably easy for marketers to follow and consumers to understand. For instance, it requires an unsolicited commercial message to be labeled in a prescribed manner in the subject heading or in the first phrase of the messages to identify it as an advertisement.


Marketers are also required to provide a valid return contact for consumers to send a request to be removed from the mailing list. Marketers who continue to spam consumers who have made such a request face a potential penalty of S$25 per electronic message, subject to a maximum penalty of S$1,000,000.


Malaysia has yet to enact any specific legislation on spam. However, Section 233(1)(b) of the Communications and Multimedia Act 1998 (“the Act”)  provides that:


“… a person who initiates a communication using any applications service, whether continuously, repeatedly or otherwise, during which communication may or may not ensue, with or without disclosing his identity and with intent to annoy, abuse, threaten or harass any person at any number or electronic address, commits an offence.”


A person who commits an offence under Section 233(1)(b) is liable to a fine not exceeding RM50,000 or to imprisonment for a term not exceeding 1 year or to both. In addition, such person shall be liable to a further fine of RM1,000 for each day that the offence continues after conviction.


The difficulty with Section 233(1)(b) is that the communication must have been initiated with an intention to annoy, abuse, threaten or harass. Such an intention may be difficult to establish even though spamming may cause some negative emotional reaction on the part of the recipient. This inevitably gives rise to difficulties in enforcement as the onus lies with the prosecution to prove such an intention.


Moreover, the Act lacks bite as it does not prescribe civil sanctions for unlawful conduct. It also does not compel senders of unsolicited messages to adopt either the “opt-out” or “opt-in” approach with regard to their messages.


The Malaysian Communications and Multimedia Commission (“MCMC”), the regulatory body established under the Act to regulate the communications and multimedia industry, has in a study entitled 'Regulating Unsolicited Commercial Messages' in 2003 recommended that a ‘multi-prong approach’ be adopted in dealing with spam i.e. by (1) self regulation by users through education and awareness initiatives, (2) management by service providers, (3) legislative recourse and (4) international cooperation.


The MCMC’s recommendations are discussed further in the “Anti-Spam Toolkit”, a publication produced by the MCMC in collaboration with the Information Sharing Forum. This publication is intended to be the ‘source book’ containing the policy and regulatory framework and approach in curbing spam from the Regulator’s perspective and best practices and technical guidelines for organizations and users to take preventive and precautionary measures against spamming.


In addition, the MCMC has produced an Anti-Spam Framework of Best Practices and Technical Guidelines to minimise spam.


Other notable initiatives by the MCMC are the endorsement of the London Action Plan on 18 May 2005 and the establishment of a network between ASEAN countries to enter into bilateral arrangements to fight spam and to engage with other international forums to cooperate in fighting spam.


The MCMC has shown that it does not take spam lightly. It recently issued non-compliance warnings to a local SMS gateway provider for sending unsolicited SMSes to its customers, which resulted in refunds being made by the service provider to the recipients of the unsolicited SMSes.


It is clear that there is no short-cut to combat spam. One can no longer ignore the fact that spam is clearly a growing phenomenon and sufficient safeguards need to be put in place to keep spam at a manageable level. A collaborative effort needs to be taken between countries and legal systems to ensure conformity in approach and action to tackle the problem.




JOANNA LOY ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it )



IFLR 1000 2019 Rankings


IFLR 1000 2019 has ranked Skrine as a Tier 1 firm in four practice areas. In addition, eight of our lawyers were listed among the leading lawyers.


Asialaw Profiles 2019 Rankings


Asialaw Profiles 2019 has ranked Skrine as an ‘Outstanding’ firm in seven industry and practice areas. In addition, 10 of our lawyers were listed among the leading lawyers.


Benchmark Litigation Asia-Pacific 2018


We are pleased to announce that our firm is recognised as a Top Tier Firm in the inaugural Benchmark Litigation Asia-Pacific 2018. Some of our partners were also listed in the rankings.



English | Bahasa Malaysia