Should governments be concerned?
Spam is an expensive problem for both a country’s Internet infrastructure and its users. High volumes of spam consume network resources, and are a particular burden on countries with limited Internet access and bandwidth. Spam can deliver malware or scams to end users. This directly harms users and creates a lack of user trust in the Internet, which some see as an obstacle to the growth of e-commerce and Internet use in general.
Reducing the levels of spam in your country can help increase user trust, lower the burden on network resources, and reduce the costs of malware and scams.
What can governments do to reduce the threat of spam?
While no one actor can eliminate the threat of spam, governments can help reduce the threat of spam to their citizens by:
- Creating anti-spam legislation, strong consumer protection laws, and using robust enforcement measures to help deter offending players and reduce the amount of spam sent and received in a country. Government agencies charged with enforcing spam laws and regulations should be well-resourced and able to publicize the outcomes of enforcement measures. Those agencies should make it easy for Internet users to report problematic spam and malware distribution. See an example of effective anti-spam legislation and lessons learned from the 2004 Dutch anti-spam law.
- Understanding the changing spam landscape. Spammers are constantly evolving their methods for spreading malicious emails and other spam message. Therefore it is helpful if governments can make efforts to stay up-to-date on spam techniques, trends, and evolving threats. For example, Spamhaus and the yearly Verizon Data Breach Investigation Report provide information on spam trends and known spam operations.
- Supporting research into identifying, mitigating and recovery from spam, malware and other online threats as well as the economic and social effects of spam. Governments should also encourage the development of metrics for better policy-making and privacy-respecting information-information sharing of real-time risks and threats.
- Empowering their citizens through supporting public and private sector initiatives that educate Internet users on how to recognize and protect themselves against spam and other online threats. This includes educating citizens on the changing spam landscape.
- Partnering with other stakeholders. A range of stakeholders have a role and should be involved in developing strategies, best practices, and approaches for the implementation of antispam measures. Coordination and partnerships among private and public sector stakeholders can be developed in order to produce robust solutions to spam.
- Collaborating with international counterparts. Spam is a cross-border problem and collaboration among governments on antispam efforts, including enforcement, is critical in successfully addressing the problem of spam.
For more information on what governments can do to reduce the threat of spam, see the Internet Society’s policy brief The Challenge of Spam and the Internet Society’s report Combating Spam: Policy, Technical and Industry Approaches.
Additional Resources
- UCENet (Unsolicited Communication Enforcement Network)
- M3AAWG and Operation Safety-Net: Best Practices to Address Online, Mobile and Telephony Threats
- Anti-Phishing Working Group
- IGF Best Practices Forum 2015 report and 2014 report on the regulation and mitigation of unsolicited communications
- ITU Combatting Spam activities
- OECD (2012) Review of the 2006 OECD Recommendation on Cross-Border Co-operation in the enforcement of laws against spam, OECD Digital Economy Papers, No.202, OECD Publishing
- Council of Europe Cybercrime Convention Committee (T-CY) Guidance Note #8 Spam