Last updated: 24 April 2015
The Brazilian government has developed a number of measures to regulate the traffic of spam. In this article we will look at the statistics and current regulation for spam in Brazil.
Spam in Brazil
Brazil has historically been known for the high amount of spam messages sent from its servers. Data gathered by Botlab.org indicates the country is fourth place in a list of nationalities affected by spam and is in second place for bot IP’s.
The high quantity of spam traffic can be directly related to factors such as the minimal security measures applied by internet users, whose machines are frequently turned into bots that relentlessly send these types of messages, and the lack of national regulation that enforce companies not to send emails to customers if not requested.
Over the last few years, a number of measures coordinated by the country’s government have aimed to reduce the amount of spam messages received by internet users. One of these was the substitution of port 25, usually reserved for the exchange of email messages, to port 587 by internet services providers in 2013. This action was designed to limit abusive behaviour that took place through spamming machines that used port 25 to transmit data.
Still, the number of spam messages exchanged in Brazil remains high, as the government continues to have difficulty in implementing effective regulations designed to reduce this type of traffic and its content to internet users.
CERT.br, or the Brazilian National Computer Emergency Response Team, reports on the current statistics of cybersecurity incidents in Brazil, including spam. These statistics are generated from information received at SpamCop and Abusix.org.
According to their data, the total number of reported spam has decreased each year, starting in 2003, with 4.072.334 spams, until 2014 with 735.262 reported spams. The traffic of spam messages in Brazil reached its peak in 2010.
The Antispam.br website provides a list of companies responsible for sending the most spam messages in Brazil based on notifications received by ISP’s. These companies are listed as:
- Global Village Telecom
- Telemar Norte Leste
- Brasil Telecom
- Locaweb Servicos de Internet
- UP Digital Midia
- Lamarque Industria e Comercio de Confeccoes
- CTBC Telecom
- Soul Business - Servicos de internet
- Telefonica Data
- Governo do Estado do Tocantins
- NET Servicos de Comunicacao
- FMZ Midia Digital
Brazilian Civil Rights Framework for the Internet
The Marco Civil, or the Brazilian Civil Rights Framework for the Internet, was recently approved by the country’s federal government in an effort to turn the internet into a more legally open and democratic environment. There is no specification in it in regards to spamming, but a few statements for privacy protection of users can help on the defense against spam emails.
The framework establishes that companies need to be more transparent about their actions on the internet. Now, personal data protection and user privacy are guaranteed by law. This means that internet companies that operate with users data to send advertisements can no longer pass this information along without the users permission. This protection can only be broken by a court order.
According to the new framework, users are allowed to close down their accounts and have their personal data permanently deleted, as Marco Civil da Internet establishes that the data is the property of the user and not from the hired service. These policies must be specified in the terms and conditions, which users must comply with before signing up.
Before this framework, the principle of private communications was not applied to internet-based services like emails, for example. Now, electronic private communication services have the same privacy protection as traditional ways of communication like written letters and phone calls.
Part of Marco Civil determines that international companies who serve Brazilian users, even if they are not physically located in the country, must also follow the Brazilian Framework. This means that users can apply national laws in a legal battle with Facebook, for example.
Law Projects regarding Spam Regulation
The framework is a big achievement, but this is not the first time this subject has been discussed in Brazil. Although no specific law for spam has been approved, there has been significant progress towards regulating these incidents, especially in the case of a law project from 2003. Nowadays, there are many projects undergoing discussion in congress that date back to 1999.
Until these regulatory measures are put into action, Brazilian lawyers suggest that it is possible to demand your rights based on existing laws by claiming any damages caused by spam. Spamming can be considered illegal when it harms the users privacy, which is considered an abusive practice against the consumer.
The rare cases of punishments for spammers are for the crime committed by the content and not by sending the spam itself. These cases include when spam is sent posing as another person or company or even sent with malicious programs designed to break into users systems or steal passwords.
Consumer Protection Code
A law project from 2012, which has not been put to action as of yet, aims to update the country’s Consumer Defense Code in order to apply restrictions to the act of spamming. According to the latest submitted versions of the code update, sending a large volume of unsolicited messages would not necessarily be considered spam if there has been previous business relations between the sender and the receiver.
If approved, the code would restrict the issuing of non-requested electronic messages with advertising content in cases where the recipient:
- Has not had any previous connection with the sender and has not allowed them to send this type of content
- Is registered with an anti-spam system
- Has requested not to receive the messages
The law would also require senders to inform the recipient in each message:
- A simple and safe way of unsubscribing without any additional charge
- How the user’s data was obtained
The sender will be required to immediately discontinue the communication once the user has unsubscribed from the service, and will also be prohibited from sharing users information or data under any circumstances.