WASHINGTON - A bill attempting to regulate the sending of unsolicited commercial e-mail passed the U.S. Senate last week,
but many antispam advocates say the bill would have little impact on the amount of spam coming into e-mail users' in-boxes.
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, which the Senate approved 97-0 late
last Wednesday, requires e-mail users to opt out of unwanted commercial e-mail, instead of requiring e-mail senders to get
opt-in permission, and the bill can do little to stem the tide of spam coming from outside the U.S., said vendors of antispam
technologies and at least one consumer advocacy group.
The bill gives consumers little control over spam, said Ray Everett-Church, counsel for the Coalition Against Unsolicited
Commercial Email (CAUCE). Everett-Church said he was encouraged that the final version of the bill included an amendment requiring
the U.S. Federal Trade Commission (FTC) to study the possibility of a national do-not-spam e-mail registry, but the bill only
authorizes the agency to create such a list, rather than requiring it to do so.
A law Congress passed in 1991 authorized the Federal Communications Commission to create a national do-not-call telemarketing
registry, and it went into effect earlier this month -- 12 years later, Everett-Church noted. The FTC has expressed concerns
about creating and maintaining a massive do-not-spam list, and the opt-out approach of CAN-SPAM basically legalizes spammers
to send out e-mail until they're told to stop, he added.
"Until the FTC decides whether or not they care to create a do-not-e-mail list, (CAN-SPAM) creates essentially carte blanche
permission for spammers to send unlimited quantities of e-mail to the consumer," Everett-Church said. "I'm deeply concerned
that we may never see a do-not-e-mail list, and until such a time as we do, we will see an unlimited right to see spam."
CAN-SPAM includes a requirement that commercial e-mail include valid opt-out mechanisms and allows fines of up to $100 per
piece of spam sent with misleading header information, with fines up to $3 million allowed for some types of spam. But Everett-Church
questioned whether state and federal law enforcement agencies would have the time to go after spammers without larger budgets
for enforcement, which CAN-SPAM does not provide. The FTC and state attorneys general would be responsible for most spam enforcement
under the bill.
The bill's cosponsors, Senators Conrad Burns, a Montana Republican, and Ron Wyden, an Oregon Democrat, defended the bill,
saying it was one necessary piece in a multipronged fight against unsolicited commercial e-mail. Technology will also need
to play a part in eliminating spam, but CAN-SPAM should send a "strong message" to spammers, said a Burns spokeswoman.
"No legislation will be a silver bullet against spam, but the Burns-Wyden legislation gives consumers considerable control
over the e-mail coming to their in-boxes by backing up the law's requirements with stiff civil and criminal penalties," added
a spokeswoman for Wyden, responding by e-mail. "This is a good step toward taking back the Internet from the 'kingpin spammers'
-- the worst actors of the online world."
Not surprisingly, vendors of antispam technologies agreed that technology needs to be part of the solution, with some suggesting
that antispam technologies will go further to help e-mail users than CAN-SPAM will. The spirit of the law is headed in the
right direction, and CAN-SPAM can help set a moral tone against spam, said Dave Jevans, senior vice president of marketing
at Tumbleweed Communications Corp., an e-mail firewall vendor based in Redwood City, California.
But CAN-SPAM won't be enforceable, Jevans said, because it's difficult to validate the identify of any Internet user and because
a large percentage of spam comes from outside the U.S. CAN-SPAM might make some potential spammers think twice before getting
in the business, but the amount of spam sent is doubling about every two months, he said.
"The growth will outweigh by far the amount of spam stopped by CAN-SPAM," Jevans said.
Jevans called for a blend of legislative and technological approaches to fighting spam, including requiring that e-mail carry
a digital signature establishing the identity of the sender.
Another antispam vendor expressed even less hope that CAN-SPAM would stop spam. The bill might stop legitimate marketers from
employing spam techniques, but would do nothing to stop hackers from using spam as a tool for identity theft, said Pete Privateer,
senior vice president for product strategy and marketing at Internet Security Systems Inc., a security and antispam vendor
based in Atlanta, Georgia.
"This bill is like trying to write a law to ban viruses," Privateer said. "It's just about that effective. I expect the volume
of traffic in your in-box to increase."
But Al DiGuido, chief executive officer of Bigfoot Interactive, a New York City-based provider of e-mail marketing services,
said CAN-SPAM would at least clear up the confusion of more than 30 state laws dealing with spam. "We're really excited about
federal guidelines that will put an end to all the chaos and confusion on a state-by-state basis," he said.
DiGuido agreed with Wyden that the legislation will be one piece in the fight against spam. He recommended that reputable
marketers work on a fee-based e-mail system, where they pay a small fee to Internet service providers to create "white lists"
-- lists of commercial entities that are permitted to send e-mails -- to ensure that their messages are delivered.
"There will be some real teeth put behind the law that will impose jail terms and significant penalties from a dollars and
cents standpoint," he said. "We also think ... the criminal element has been trying to evade the law for some time now, so
they'll continue to try to find ways to evade the law."
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
