Feeds

Does Gmail's tarted-up tab makeover bust anti-spam laws?

'Advert looks like an email, walks like an email...'

High performance access to file storage

Anti-spam experts are openly wondering whether Google's redesigned web mail service Gmail violates US laws against bulk unsolicited messages.

The CAN-SPAM Act (passed in 2003) makes the mass distribution of commercial electronic mail legal as long as the messages are properly formatted, include correct contact information and give the recipient the option to unsubscribe.

In late May, Gmail introduced a revamped interface featuring five tabs - labelled Primary, Social, Promotions, Updates and Forums - into which messages are sorted. The Promotions folder holds offers from online businesses a person uses, such as Amazon or Hotels.com, and acts as a pigeonhole for legitimate marketing email that's separate from other messages. (Spam still disappears into a separate holding pen.)

Above these marketing emails, in the Promotions tab, Gmail places one or more adverts based on the contents of the inbox, which is par for the course with Google. But these advertisements are dressed up as email messages yet they don't allow users to unsubscribe from "receiving" them, sparking outcry from email marketing experts.

Jordan Cohen, veep of marketing for Movable Ink, and John Caldwell, writing for Deliverability.com, claim Google's new webmail interface is in "flagrant violation of the CAN-SPAM Act", in that it there's no sight of an opt-out button for the ads in most cases.

"Google insinuates that only legitimate promotional emails will be routed to the Gmail 'Promotions' tab, while unsolicited messages will be sent to a Spam Folder," the duo wrote. "These ads dressed as faux email messages attempt to trick people into thinking that these are legitimate messages."

"Google will claim that since the ads aren’t transmitted via the Simple Mail Transfer Protocol, they are not email," wrote Cohen and Gladwell, who describe this as a potential "technical loophole" in US anti-spam laws.

The Google-promoted advertisements look like emails and behave as such: they have a subject line, an apparent From address, and a user can even forward them to others, notes Martijn Grooten, Virus Bulletin's anti-spam test director.

"If it walks like email and quacks like email... then it is subject to the CAN-SPAM Act," Grooten argued on the Virus Bulletin blog.

"Indeed, most of the advertisements fail to provide unsubscribe links - and for those that do, it is not clear whether Google will honour the 'unsubscribe' option."

Grooten notes that while there may be some merit to the duo's claims, the email marketeers have a vested interest and may well be upset that the Google-brokered ads are appearing in a prominent place in Gmail users' mail folders, while a substantial percentage of their own messages are at the mercy of spam filters.

"Deliverability.com is aimed at email marketers, to whom it may seem that these new advertisements are taking a significant slice of their cake," Grooten concluded. "What's more, Google will have a point if it argues that these advertisements weren't delivered through email and aren't stored in an email format - and thus aren't subject to the CAN-SPAM Act."

Whether or nor the messages are ads or emails is far from clear.

"If these ads are indeed emails, they are generated on Google's servers itself, so there would be no reason to transfer them from one system to another," Grooten told El Reg. "So I don't think the 'it wasn't delivered via SMTP' argument is very strong. I think it will boil down to whether it is more important how the messages are stored (probably not as emails - though I'm guessing here) or how they are presented (as emails)."

More debate on the ad or email issue can be found on a blog post by Laura Atkins of anti-spam consultancy and software firm Word to the Wise here.

Google declined our invitation to comment on the issue. El Reg presumes the advertising giant's lawyers cleared the Gmail redesign and declared it compliant with US anti-spam laws. ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.