Feeds

Does Gmail's tarted-up tab makeover bust anti-spam laws?

'Advert looks like an email, walks like an email...'

Internet Security Threat Report 2014

Anti-spam experts are openly wondering whether Google's redesigned web mail service Gmail violates US laws against bulk unsolicited messages.

The CAN-SPAM Act (passed in 2003) makes the mass distribution of commercial electronic mail legal as long as the messages are properly formatted, include correct contact information and give the recipient the option to unsubscribe.

In late May, Gmail introduced a revamped interface featuring five tabs - labelled Primary, Social, Promotions, Updates and Forums - into which messages are sorted. The Promotions folder holds offers from online businesses a person uses, such as Amazon or Hotels.com, and acts as a pigeonhole for legitimate marketing email that's separate from other messages. (Spam still disappears into a separate holding pen.)

Above these marketing emails, in the Promotions tab, Gmail places one or more adverts based on the contents of the inbox, which is par for the course with Google. But these advertisements are dressed up as email messages yet they don't allow users to unsubscribe from "receiving" them, sparking outcry from email marketing experts.

Jordan Cohen, veep of marketing for Movable Ink, and John Caldwell, writing for Deliverability.com, claim Google's new webmail interface is in "flagrant violation of the CAN-SPAM Act", in that it there's no sight of an opt-out button for the ads in most cases.

"Google insinuates that only legitimate promotional emails will be routed to the Gmail 'Promotions' tab, while unsolicited messages will be sent to a Spam Folder," the duo wrote. "These ads dressed as faux email messages attempt to trick people into thinking that these are legitimate messages."

"Google will claim that since the ads aren’t transmitted via the Simple Mail Transfer Protocol, they are not email," wrote Cohen and Gladwell, who describe this as a potential "technical loophole" in US anti-spam laws.

The Google-promoted advertisements look like emails and behave as such: they have a subject line, an apparent From address, and a user can even forward them to others, notes Martijn Grooten, Virus Bulletin's anti-spam test director.

"If it walks like email and quacks like email... then it is subject to the CAN-SPAM Act," Grooten argued on the Virus Bulletin blog.

"Indeed, most of the advertisements fail to provide unsubscribe links - and for those that do, it is not clear whether Google will honour the 'unsubscribe' option."

Grooten notes that while there may be some merit to the duo's claims, the email marketeers have a vested interest and may well be upset that the Google-brokered ads are appearing in a prominent place in Gmail users' mail folders, while a substantial percentage of their own messages are at the mercy of spam filters.

"Deliverability.com is aimed at email marketers, to whom it may seem that these new advertisements are taking a significant slice of their cake," Grooten concluded. "What's more, Google will have a point if it argues that these advertisements weren't delivered through email and aren't stored in an email format - and thus aren't subject to the CAN-SPAM Act."

Whether or nor the messages are ads or emails is far from clear.

"If these ads are indeed emails, they are generated on Google's servers itself, so there would be no reason to transfer them from one system to another," Grooten told El Reg. "So I don't think the 'it wasn't delivered via SMTP' argument is very strong. I think it will boil down to whether it is more important how the messages are stored (probably not as emails - though I'm guessing here) or how they are presented (as emails)."

More debate on the ad or email issue can be found on a blog post by Laura Atkins of anti-spam consultancy and software firm Word to the Wise here.

Google declined our invitation to comment on the issue. El Reg presumes the advertising giant's lawyers cleared the Gmail redesign and declared it compliant with US anti-spam laws. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.