1. 1
    What is spam?

    While there are various definitions of what spam is, it can be identified by the following characteristics:

    • spam is considered as unsolicited messages, i.e. when messages are sent to a person who has not given their consent to receive messages from the sender;
    • spam is sent to a large number of recipients, with content which is substantially identical;
    • spam often has commercial objectives;
    • spam may be sent using various means of electronic communications (including the telephone service, fax and email), in all cases, remaining stored for subsequent access by the recipient;
    • spam may make use of email addresses without the owner's consent and which have been unlawfully obtained;
    • spam is often associated with illegal and fraudulent activity;
    • spam is often sent by persons who conceal their identity.

    Under the law, individuals may not be sent unsolicited messages for direct marketing purposes without the recipient's express consent; this includes unsolicited messages sent using automated call and communication systems that do not require human intervention, and using facsimile or email, including SMS, EMS and MMS.

    These rules do not apply to messages sent to organisations; organisations are subject to an opt-out system, i.e. they can be sent messages until they refuse them or until they add their name to the Direção-Geral do Consumidor (General Directorate of Consumer) list of organisations which have expressed their wish not to receive unsolicited communications for direct marketing purposes.

    See Law no. 46/2012 of 29 August

  2. 2
    It is safe to open spam?

    It is not safe to open spam.

    Do not open any email that is spam, even if the subject appears to be of interest.

    Flag these emails as spam whenever your email programme has this option. By doing so, you are reporting cases to your email service provider, helping to make their spam filters more effective and providing them with valuable information on the origins of these messages which will help them protect you from spam. Alternatively, delete these messages without opening them.

  3. 3
    What are the risks associated with spam?

    While some a mere nuisance, unsolicited email messages (spam) are taking on an increasingly fraudulent and criminal character. A well known example is the use of emails for phishing, which are sent to trick end-users into revealing sensitive data through fake websites that falsely attempt to represent real companies, with a risk of identity fraud and damaging the reputation of companies.

    The spread of spyware by electronic mail or through software, used to detect and provide perpetrators with details of users' behaviour online, continues to expand. Spyware may also be used to collect personal information such as passwords and credit card numbers.

    The spread of malicious code, such as "worms" and viruses, makes sending massive amounts of unsolicited electronic mail much easier. Once this code is installed, it allows an attacker to take control of the infected computer system, as part of a botnet, concealing the identity of the parties behind spam. Botnets are used by parties engaging in spam and phishing activities and in the sale of spyware for fraudulent and criminal purposes.

  4. 4
    What should I do to stop spam?

    Do not give out your email address unless you need to and make sure you know how it will be used. Always check, as far as possible, the legitimacy of the person/entity requesting it.

    Do not publish your email address on a website, because it can be easily copied by software which detects this data automatically.

    To perform higher risk operations on the Internet (e.g. subscribing to newsletters, participating in forums, e-commerce transactions, publishing on web sites and blogs), create a different email address from the one you use to communicate with family and friends or for professional matters.

    If you are unsure or suspicious about the trustworthiness of a message's origin, do not respond (not even to unsubscribe). Sometimes these links to "unsubscribe" serve only to confirm to the sender of the spam that your email address is valid and by clicking on them you may actually receive more spam.

    When you send a message to multiple people simultaneously, use Bcc to make sure that the email addresses you are sending to are not visible.

    Do not give out the email addresses of family, friends, etc. or of other third parties without their consent.

    Do not open any email you receive whose source is not obvious or which has been sent by unknown persons, because they may contain viruses.

    Do not participate in chain messages, even if they seem to be for a good cause.

    Install a reliable antivirus programme and ensure it is updated regularly.

    Tell your children about these security precautions and make sure they are careful about how they use their own email addresses (which preferably should be different from yours).

    When you send the same email message to more than one address, enter the addresses in the Bcc field not in the To or Cc field. This will protect the privacy of your email's recipients, as you will not be disclosing the email addresses from your contacts list.

    Install a reliable antivirus programme and ensure it is updated regularly.

    Tell your family and friends about these security procedures.

  5. 5
    What rules apply to spam?

    It is illegal to send direct marketing messages to individuals who have not given their prior express consent or to organisations who have expressed non-consent; anyone doing so is committing an offence which is punishable with:

    • a fine of between 1,500.00 and 25,000.00 euros, when committed by an individual;
    • a fine of between 5,000.00 and 5,000,000.00 euros, when committed by an organisation.

    It is also an offence to seek prior consent for sending direct marketing messages by:

    • simple general email (without specifying the purpose);
    • any means, which does not allow the recipient to opt-out;
    • any means which makes use of third parties (e.g. family or friends) to seek consent.

    The following practices used to compile databases for sending direct marketing messages are also illegal:

    • automatic compilation of personal information in public spaces on the Internet (email harvesting);
    • automatic collection performed by software.

    The practice of sending electronic mail for direct marketing purposes, and disguising or concealing the identity of the person behind the communication is also prohibited.

    Parties that send communications for direct marketing purposes are required to maintain an updated list of people who have given their express and free consent to receive such communications.

    The Direção-Geral do Consumidor (General Directorate of Consumer) maintains an up-to-date nationwide list of organisations that have expressly opted out from receiving unsolicited communications for direct marketing purposes.

    Databases containing lists of parties who have opted in and opted out of receiving direct marketing messages are considered as containing personal data and, as such, are subject to certain rules.

    More information about the processing of personal data can be obtained from the website of CNDP - Comissão Nacional de Proteção de Dados (National Data Protection Commission) on codes of conduct for direct marketing messages.

    If you are receiving messages in disregard of the defined rules, you should contact the CNDP, which is the body in Portugal responsible for overseeing compliance with these rules. The CNDP can be contacted as follows:

    Address: Rua de São Bento, no. 148 - 3.º, 1200-821 Lisbon
    Telephone: (+351)213928400
    Fax: (+351)213976832