On Computers

Behind the Scenes with GailLA

Gail Allinson, gail@oncomputers.info

23 November 2003

CAN-SPAM

It's been a long time since I have written anything other than the requisite articles I do for the tips segment, but this week there is something in the news that interests me to the  point of taking the time to write about it.  It is the passage of the CAN-SPAM bill by the U.S. House of Representatives.  While I don't know the exact final law, I can be pretty sure that it is almost in its final form at this point.

Before you develop any hard and fast opinions based on my opinions or the opinions of anyone else, you can read it in PDF form for yourself. (Update 11/24 -- that was the version the Senate passed.  Here is the House version in PDF.)

Now that you've done that I'll offer a negative commentary from a leading anti-spam group, CAUCE. I agree whole heartedly that this is not the law I would have preferred.  It only took the US Congress 6 years to understand that the vast majority of the US public is fed up with spam and then they offered us a bill with some glaring holes in it.

My take on it? First, only time will tell if this truly stems the tide of sludge that daily assaults my inbox and my sensibilities. It does distinctly make illegal some of the most egregious spammer actions including the harvesting of addresses, dictionary attacks (mass guessing of e-mail addresses), automated registration of throw-away e-mail accounts, as well as a number of other popular spammer tactics.

Many critics say that CAN-SPAM legalizes "main-sleaze" spam (spam sent by otherwise reputable companies with working opt-out links and non-fraudulent content).  What those critics miss is that it merely fails to make it illegal -- it is already legal for companies to send that kind of spam.  Right now it is only the AUPs (acceptable use policies) or TOSs (terms of service) of some ISPs that prohibit such mass e-mailing by otherwise legitimate advertisers. I also want to note that this legislation does not take away the rights I have to protect myself or my e-mail servers from accepting any mail that I don't want.  I do not have to accept it or download it.  I can filter it and send it to /dev/null oblivion just like I do now.

One of the worst things this legislation actually does is to pre-empt stronger state laws like the California anti-spam law that was due to go into effect in January 2004. However, it is still questionable how well we can control spam one state at a time.  Critics of CAN-SPAM bemoan the fact that it is only enforceable in the US.  If that is true, is a state law however strong, more effective?  At least we are now able to attack some aspects of the problem on a national level and even though they use servers in other countries most of the worst spammers attacking US e-mail accounts are US based.

So while CAN-SPAM is not nearly as strong as I would like, it clearly makes illegal things that up until now have been perfectly legal. It is a start. After 6 years of absolutely no federal relief for the problem, I'm grateful for the bone they've thrown our way.  If the "main-sleaze" keep a low profile and don't abuse the privilege, it may work.  If they don't practice self-restraint, we will continue to suffer under the daily sludge clogging our filters and our inboxes.  If that happens, we can only hope that it won't take another 6 years for Congress to act.

This is far from the end of the fight as some would tell you. There are things we can do. We need to educate end-users. We we need to educate our friends and relatives about recognizing, filtering and deleting spam without opening it.  We need to educate people not to buy "spamvertised" goods. We need to continue to complain to our elected representatives if this law does not deliver the promised relief from spam. We need to educate the main-sleaze that spam and opt-out is unacceptable and that we will not buy anything from unsolicited advertising by them or on their behalf.  We will only do business with them if we have first voluntarily given them a confirmed opt-in to their mailing list. We also need to loudly and vigorously rally for the FTC to implement a "do not spam list" against which an e-marketer can check an e-mail address, but which can not be turned into a mailing list (some kind of hash scheme comes to mind).

In closing, I offer the words of the immortal Roger Ebert (yes, that Roger Ebert):

The Boulder Pledge works by making junk mail unprofitable. If nobody ever buys anything, spammers eventually will quit I hope.

End the Plague. Raise your right hand. Read aloud from below. Then, pass it on. On second thought, don't pass it on.

The Boulder Pledge

"Under no circumstances will I ever purchase anything offered to me as the result of an unsolicited e-mail message. Nor will I forward chain letters, petitions, mass mailings, or virus warnings to large numbers of others. This is my contribution to the survival of the online community."

Cya next time!

Gail

P.S.  Here is a very hopeful post about enforcement by spam-fighter Steve Linford of Spamhaus that appeared in NANAE today (warning: while Steve's post is free of foul language, the same can not be said of all posts in this thread)

© 2003 Gail Allinson

Back • Home • Up • Next


© 2002 - 2004 by On Computers and the Videotex Services Coalition.