How much of a problem is spam? Well, that depends on who you are and how ubiquitous your e-mail addresses are. Absa, a bank that offers its customers free e-mail services, is probably fairly representative of what it's like at the top-end, both as an internet service provider and as a business.

According to Christo Vrey, who is in charge of digital channels at the bank, its ISP operation receives roughly 18 million messages a month, 14.5 million (or 80 percent) of which are classified as spam. With just over 122 000 subscribers, this works out to slightly less than 120 messages per user per month. Within the bank itself, he reports that 60 percent of the approximately one million messages received daily are spam. In the context of about 29 000 e-mail-enabled employees, that's over 1 000 messages per user per month.

Dave Gale, business development director at Storm, says these figures are on the high side and suggests that the ubiquity of an e-mail address featuring absa.co.za or absamail.co.za is a factor. "It's not unknown [for an ISP] to get 70 percent of the [spam] traffic if you don't have filters in place," he notes.

The ECT Act was intended to curb spam, but something seems to have been lost in the translation. Mervyn Kahn is MD of ePasella, an online advertising agency that sends out a bimonthly electronic newsletter. Mervyn freely admits that the first time the newsletter is received, it is typically unsolicited. "The first one that goes out is spam; the second time we go out, we are sending to people who have decided not to opt out." This, he explains, is entirely within the law: The Act is pretty clear in that if you send an unsolicited e-mail, you must give the opportunity to the recipient to unsubscribe.

According to Mike Silber, an ICT consultant with Michalsons Attorneys, he is right! Mike comments, “While the Act is opposed to spam, the effect of the wording is that you're able to send one unsolicited mail. This means the Act is broken because it has had the effect of enabling people to send at least one spam without fear of prosecution. And since security companies advise against "unsubscribing" from spam - since to most spammers, this merely means the address is active - unfortunately the hole in this law is as wide as a barn door."

South African internet service providers that are members of the ISP Association subscribe to a Code of Conduct that includes the requirement to take measures to ensure that their networks are not used for unsolicited bulk e-mail. But this raises another aspect of the Act. As Mervyn Kahn remarks, “ISPs that interfere with my e-mail have a total disregard for the law because the transmission aspects of the legislation render it illegal to do anything that prevents e-mail from going through, including putting my domain on blacklists."

Mike Silber is unequivocal in his approach: "That's absolute nonsense. The ECT Act says absolutely nothing about transmission. The Interception and Monitoring Act says you can do all sorts of things on your network but you need the permission of your network controller, which is your CEO." He adds, “You need to take reasonable measures to let people who are using that network know that you are intercepting communication. Filtering spam would be an intercept."

It is worth noting that the vast majority of unsolicited e-mail received in South Africa originates overseas. That being the case, local legislation will have little or no effect, and all local internet users will be more or less equally affected - even the spammers who with resounding irony, bemoan the fact that they receive 500 to 800 international spam messages daily.

So, in the absence of legal remedies, what can businesses and consumers do about spam? Gale says there are a number of very simple ways to identify and prevent spam, from blocking open relays to verifying the source server and e-mail address as well as the destination.

But as long as our anti-spam law is broken, and operators can apparently legitimately exploit this, spam is something we'll just have to put up with.