What is spam?

The term “spam” was originally used to refer to unsolicited email messages, but now more broadly covers unsolicited messages sent by SMS, instant messaging services, or on social media. Spam is usually sent using a bulk messaging facility, i.e. from one sender to many recipients. A message is unsolicited unless there is an existing relationship between the sender and the recipient, or the recipient has given consent to be sent the message.

Spam is usually commercial in nature, promoting a product or a service, but may also be criminal in nature, trying to persuade the recipient to visit a malicious website, or to disclose personal information that can be used to commit fraud.Someone who is successfully targeted by spam containing malware may find that their personal contacts have been stolen, to be added to the spammer’s database

Spammers collect email addresses and contact details from public sources (e.g. web sites) and from both legal and illegal contact databases. . A considerable amount of spam is spammers trying to sell such databases to other potential spammers.

In 2008, it was estimated that 97% of all email was spam. By 2018 this had dropped, but only to 90%. Despite these high volumes, most Internet users do not experience this proportion of spam, since most of the spam is rejected by mail servers before it reaches the end-user.

South African law

There are several pieces of legislation which deal with spam, including:

  • Section 45 of the Electronic Communications and Transactions Act, 2002 (No. 25 of 2002)
  • Section 11 of the Consumer Protection Act, 2008 (No. 68 of 2008)
  • Section 69 of the Protection of Personal Information Act, 2013 (No. 4 of 2013) (“POPIA”)

The most important of these is POPIA, which makes it an offense to send unsolicited electronic communications for the purpose of direct marketing. POPIA does permit a company to approach you once (and only once) to ask for your permission to send you marketing messages, but if you ignore or decline this request, you may not be sent further communications.

POPIA also makes it illegal for companies to sell databases (referred to as “directories”) of contact information without first seeking your permission to do so, but with the notable exclusion of printed directories that already existed.

Importantly, while POPIA went into effect on 1 July 2020, companies still have until 1 July 2021 to comply with the legislation. After this date (and assuming that the deadline is not moved), you will be able to report a company sending you spam in contravention of POPIA to the Information Regulator who is empowered to take action against the spammer.

Reporting spam

Please do not send or report your spam to ISPA, unless it is being sent by one of ISPA’s members. We do not have the power to make someone stop spamming you. If you are getting spam from one of ISPA’s members, or from someone using an ISPA member’s network, you should fill in this form and we will try to help you.

If you are getting SMS spam, you can try to report it to WASPA. If it is being sent via a member, WASPA will be able to help you stop the spam. Both WASPA and the Direct Marketing Association of South African (DMASA) also operate “do not contact” lists. If you add your details to these, you will be blocked from getting spam from their members. WASPA’s DNC is here, while the DMASA’s is here. Note that the DMASA’s system will require you to disclose your ID number in addition to an email address and/or phone number. WASPA’s system only requires a phone number, but is also limited to SMS spam.

The Consumer Protection Act (CPA) provides for the National Consumer Commission to set up a national pre-emptive block registry to be used by consumers to block spam, but this has not been done. Despite the name of the DMASA’s system, South Africa does not currently have an official national block list, only those operated by industry bodies on a voluntary basis.

What can I do to make spam stop?

First, if the spam appears to be coming from a legitimate company, and is simply aggressive marketing, try unsubscribing. We agree with you that you shouldn’t have to unsubscribe from something you didn’t ask for in the first place, but a working opt-out is a legal requirement in South Africa, so many spam senders do have a working unsubscribe system.

However, if you are suspicious of the sender of a spam, don’t click on the unsubscribe link. Scam artists frequently use spam to try to collect personal information or to trick people into installing malware. If you are asked to provide any additional personal information beyond your email address when trying to unsubscribe, that is most likely a scam. If you are in any doubt, mark the message as spam in your mail folder (if you can), and then ignore it.

Second, for spam being sent by a South Africa company, try sending a message directly to the spammer asking to be unsubscribed. There is a template you can adapt for this purpose here, which references the relevant legislation.

Third, you can report unrepentant spammers to their Internet service provider. Most ISPs have policies against sending spam, have an abuse@ email address and take spam reports seriously. As noted earlier, if you are getting spam from someone using an ISPA member’s network, you should fill in this form and we will try to help you.