Feeds

Does Gmail's tarted-up tab makeover bust anti-spam laws?

'Advert looks like an email, walks like an email...'

Intelligent flash storage arrays

Anti-spam experts are openly wondering whether Google's redesigned web mail service Gmail violates US laws against bulk unsolicited messages.

The CAN-SPAM Act (passed in 2003) makes the mass distribution of commercial electronic mail legal as long as the messages are properly formatted, include correct contact information and give the recipient the option to unsubscribe.

In late May, Gmail introduced a revamped interface featuring five tabs - labelled Primary, Social, Promotions, Updates and Forums - into which messages are sorted. The Promotions folder holds offers from online businesses a person uses, such as Amazon or Hotels.com, and acts as a pigeonhole for legitimate marketing email that's separate from other messages. (Spam still disappears into a separate holding pen.)

Above these marketing emails, in the Promotions tab, Gmail places one or more adverts based on the contents of the inbox, which is par for the course with Google. But these advertisements are dressed up as email messages yet they don't allow users to unsubscribe from "receiving" them, sparking outcry from email marketing experts.

Jordan Cohen, veep of marketing for Movable Ink, and John Caldwell, writing for Deliverability.com, claim Google's new webmail interface is in "flagrant violation of the CAN-SPAM Act", in that it there's no sight of an opt-out button for the ads in most cases.

"Google insinuates that only legitimate promotional emails will be routed to the Gmail 'Promotions' tab, while unsolicited messages will be sent to a Spam Folder," the duo wrote. "These ads dressed as faux email messages attempt to trick people into thinking that these are legitimate messages."

"Google will claim that since the ads aren’t transmitted via the Simple Mail Transfer Protocol, they are not email," wrote Cohen and Gladwell, who describe this as a potential "technical loophole" in US anti-spam laws.

The Google-promoted advertisements look like emails and behave as such: they have a subject line, an apparent From address, and a user can even forward them to others, notes Martijn Grooten, Virus Bulletin's anti-spam test director.

"If it walks like email and quacks like email... then it is subject to the CAN-SPAM Act," Grooten argued on the Virus Bulletin blog.

"Indeed, most of the advertisements fail to provide unsubscribe links - and for those that do, it is not clear whether Google will honour the 'unsubscribe' option."

Grooten notes that while there may be some merit to the duo's claims, the email marketeers have a vested interest and may well be upset that the Google-brokered ads are appearing in a prominent place in Gmail users' mail folders, while a substantial percentage of their own messages are at the mercy of spam filters.

"Deliverability.com is aimed at email marketers, to whom it may seem that these new advertisements are taking a significant slice of their cake," Grooten concluded. "What's more, Google will have a point if it argues that these advertisements weren't delivered through email and aren't stored in an email format - and thus aren't subject to the CAN-SPAM Act."

Whether or nor the messages are ads or emails is far from clear.

"If these ads are indeed emails, they are generated on Google's servers itself, so there would be no reason to transfer them from one system to another," Grooten told El Reg. "So I don't think the 'it wasn't delivered via SMTP' argument is very strong. I think it will boil down to whether it is more important how the messages are stored (probably not as emails - though I'm guessing here) or how they are presented (as emails)."

More debate on the ad or email issue can be found on a blog post by Laura Atkins of anti-spam consultancy and software firm Word to the Wise here.

Google declined our invitation to comment on the issue. El Reg presumes the advertising giant's lawyers cleared the Gmail redesign and declared it compliant with US anti-spam laws. ®

Remote control for virtualized desktops

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.