Last month Canada imposed its first financial sanction under the CASL legislation - a 1.1 million dollar fine on flagrant offender Compu-Finder.
Unlike the usual spammer that focuses on individuals, Compu-Finder is a B2B spammer, and promotes various business training courses to business email addresses it gathers illegally. Over 25% of complaints submitted to the Spam Reporting Centre regarding the Professional Training category are about Compu-Finder.
Compu-Finder scrapes business sites for email addresses and sends commercial emails without consent. When the messages actually have an unsubscribe link, as is required, it doesn't work.
The Notice of Violation was issued on March 5th. At that point Compu-Finder had 30 days to submit written representations to the CRTC or pay the penalty. It also has the option of "requesting an undertaking" with the CRTC.
The action has gotten lots of attention - it's the first fine, and it's hefty, demonstrating that the CRTC is willing to act aggressively. But the CRTC does more than enforce and penalize, and is eager to collaborate with businesses to fight online threats, as the following incident demonstrates.
In July of 2014 the Spam Reporting Centre received reports of spam, LOTS of spam, which was traced back to a small business. The small business "topped the charts for spam activity in Canada in June and July 2014, peaking at approximately 24 million emails sent in June and 73 million in July."
CRTC investigated and came to find that the small company's servers were infected with malware, and were churning out millions of malicious spam messages without the business’ or its service provider's knowledge. The CRTC notified the ISP and the business, and all quickly worked together to shut the botnet down.
The Compu-Finder situation is quite different, and not likely to have a positive, collaborative result. One company, ZEROSPAM, based in Canada, is very familiar with Compu-Finder. ZEROSPAM claims that Compu-Finder is such a blatant and unrelenting spammer that some requests for proposal explicitly include the ability to block Compu-Finder emails.
Compu-Finder has also been investigated and sued over the years, for other matters, like not paying their employees, and cancelling pre-paid sessions without refunding fees. So it seems that CRTC has a deserving offender for this, their first, high-profile, big-money spanking.