Laws relating to receiving and sending SPAM emails

You might hear different interpretations of “spam” or “junk mail” when you speak to people, but in general spam is regarded as any unsolicited email, SMS or message sent to one or more recipients. Generally spam is sent in “bulk” to a number of recipients, however it is our submission that it need not necessarily be in bulk.

Considering the above-mentioned, you can be either the recipient of spam, but you may even be the sender of spam without knowing it. Futhermore, spam may not always relate to electronic communications, but may also include items like flyers or pamphlets.

What does South African law say about spam? Three pieces of legislation that we can consider are the Consumer Protection Act (CPA), the Electronic Communications and Transaction Act (ECTA) and the Protection of Personal Information Act (POPIA). Before we look at the provisions under these laws, you must bear in mind that in South Africa, spam is regarded “unsolicited commercial communications”. The word “commercial” creates a conundrum. Some argue that spam might not always be commercial, while other contend that spam will always be commercial in nature.

Section 16(3) of the CPA states that a consumer may cancel a transaction resulting from any direct marketing. This doesn’t specifically mention spam, however the key words in this provision are “direct marketing”. Direct marketing can be closely linked to the definition of spam. Direct marketing can be electronic or physical, but in essence it is commercial communication sent in bulk. Whether the specific communication is unsolicited will depend on whether the recipient agreed to receive it.

Section 45 of the ECTA also deals with direct marketing, however only in electronic form. Herein the law criminalises certain action, or rather inaction, on the part of the sender. The ECT Act requires the sender of spam to allow the recipient to cancel the communication. This is commonly known as an “opt-out” option. If your receive spam from a sender and request to no longer receive such communication, the sender is obligated to immediately stop and failure to stop may result in penalties being opposed. Although the legislature is attempting to curb spam through this provision, the ICT cyber security industry evolved. Recipients of spam should be careful not to recklessly respond to emails and request to “opt-out”. The reason for this is that sometimes hackers use this “opt-out” request to confirm that they have indeed reached a person and therewith use other techniques, such as social engineering, to attempt to infiltrate recipient devices.

The third piece of legislation worth mentioning is POPIA. At the time of writing, POPIA was not fully in effect, however section 69 of POPIA prohibits the direct marketing. Again, it relates to an “opt-out” mechanism similar to the ECTA. Although POPIA will have an impact on business marketing methodologies once fully in operation, it should be noted that this act mainly deals with personal information. [Update: 21 Sep 2020 – View our video on POPIA –]

From the acts above it is clear that technology has become an intricate part of our daily lives. The problem lies in the tedious processes required to adapt legislation versus the rapid speed at which technology changes. While you have options to report the senders of spam to authorities, this might not always be possible given that senders are not always known. As previously mentioned, the unsolicited communication received might not be to directly sell something, but might be a ploy to gain unauthorised access to your device.

Although you can be a victim of spam, also be careful not to be the sender of spam, whether electronic, paper or other. Think twice before sending out your commuication and apply the rules to ensure you are not a spammer.

There is no golden rule to avoid spam and no anti-spam system is 100% effective. We do however submit that you can minimize being a victim of spam by:

  1. Using external email filtering systems like “SpamHulk“, which stops spam before they reach your network. This is especially effective if you have a private or company domain and your ISP’s email filtering is not effective.
  2. Installing a commercial anti-spam solution on your device or network, such as Sophos. You might try to test free systems like AVG or AVAST.
  3. Creating a “free email account” with services such as Gmail or Yahoo. You can use this address when subscribing on website or filling in forms.
  4. Being vigilant when interacting with email, even if the sender is known to you. Just because you know the sender doesn’t mean it is safe.

If you have any questions relating to spam or require any of our services to curb spam infiltrating your network or devices, reach out by using our Contact Form.