The CAN-SPAM Act
RIVER BENDER - January 2004
After years of bickering Congress finally passed a law to impose limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet. It is called the "CAN-SPAM Act of 2003" and probably will be signed by the president and in effect before this is published. Let's discuss what the problem is with spam, how CAN-SPAM is supposed to work and whether it's going to help the situation.
Spam, or unsolicited commercial e-mail, is out of control and increasing exponentially. Some reports estimate that industry loses up to $10 billion a year in terms of lost productivity and investment in software and other resources to filter spam. Everybody hates to waste time downloading it, but the real problem is that spam overloads the Internet and now represents close to 60% of all e-mail traffic. Internet service providers are suffering daily from heavy spam traffic that at times causes them to have to shut down their mail server. As they keep doing this they begin to lose clients and some are even on the verge of bankruptcy. One ISP engineer in New Bern mentioned last summer that they were getting around 140,000 spam messages per day. Clients may delete unwanted mail at the ISP using Webmail or MailWasher but an ISP must accept and process all mail to decide what to do with it. Most ISPs subscribe to blacklists of known spam sites or use filters to delete unwanted mail. Lots of spam comes from overseas. Hong Kong is high on the list so an ISP may filter out all mail from the *.hk domain. The problem is that you'll never see mail from your friend in Hong Kong unless you notify your ISP. Filtering, unfortunately, sometimes deletes valid e-mail.
The CAN-SPAM Act, dubbed "Controlling the Assault of Non-Solicited Pornography and Marketing Act" will make spammers liable for fines of up to $250 per message if they conceal their identities with a cap of $2 million that can climb to $6 million in repeat violations. The FTC reported last May that nearly 70 percent of spam has either a false return address or a deceptive subject line. The Act also directs the FTC to explore the pros and cons of a national Do-Not-Spam registry similar to the recent approved federal phone registry.
Will CAN-SPAM work?
It’s probably better than nothing is at this time but it’s getting a lot of flak. First of all it overrides state anti-spam laws, some of which are harsher than the federal law. Attorney Generals in seven states and the District signed a letter to House members complaining that the bill had so many loopholes that it wouldn’t deter spammers and just foster more litigation. California's new law, which was scheduled to go into effect on January 1, 2004, is an example of a state anti-spam law more restrictive than the new federal law.
The Act still allows e-mail marketers to send unsolicited messages to users but requires that an 'opt-out' mechanism be placed in every message, giving consumers the opportunity to decline additional mail. It prohibits false or misleading headers and subject lines so that users can note the true origin of the e-mail, and Internet providers can identify high-volume spammers.
But what about spam coming from overseas? How can it be regulated? I've found that about half of my spam comes from foreign countries. By setting up filters in MailWasher to block 20 foreign domains I’ve cut down spam considerably. But ISPs can’t do that or they might block legitimate mail. What is really needed is a global anti-spam agreement but that looks to be virtually impossible.
There's no First Amendment problem restricting or penalizing lies or fraud, but what about restricting truthful commercial speech, which the First Amendment protects? If we end up having a do-not-spam registry it will restrict commercial speech but allow unsolicited charitable or political email, which may be equally unwanted and annoying to some people. The do-not-call phone registry has already been subjected to a legal challenge thus the fate of a similar do-not-spam registry is an open question
Is Technology the Solution?
I hate to see the Internet regulated. I see the anti-spam Act becoming the stepping stone for more government regulations. Have you ever thought of how amazing the Internet works without any intervention from the FCC, FTC or other government agencies? How do you suppose this happened? It's because the Internet has always had standard-setting bodies made up of global members and I think they've done a superb job. The solution is for these groups to examine ways to improve the structure of delivering e-mail so that faked headers and spoofing would be impossible. Such a solution, like those in the past, could be be deployed worldwide, something that's not likely to ever happen with a legal solution.
All past articles are posted at http://www.always-online.com/nbcug/dwindex.htm