FCC publishes wireless-phone spam list

WASHINGTON - The U.S. Federal Communications Commission (FCC) took a major step this week toward fighting unwanted e-mail messages sent to wireless phones and pagers by publishing a list of wireless mail domain names.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

The FCC, which published the list late Monday, has ruled that starting in early March, it will be illegal to send most commercial messages to users of wireless phones with addresses that include any of the published domain names. Wireless spam, still limited in the U.S., has generated significant customer complaints in other countries including Japan and India.

The FCC list was provided by wireless carriers.

Commercial mail that is authorized by wireless users will not be illegal. In addition, the prohibition does not apply to so-called "transactional or relationship" messages, such as those sent to customers about product safety or account status.

Senders who violate the FCC rules and send commercial e-mail to the wireless mail domains on the list face fines of up to $11,000 per violation.

In August, the FCC adopted rules to protect consumers from receiving unsolicited commercial messages on their wireless phones and pagers. The FCC took the action as part of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, passed by the U.S. Congress in 2003.

The FCC adopted a general prohibition on sending commercial messages to any address referencing an Internet domain associated with wireless subscriber messaging services. To assist the senders of e-mail messages in identifying those subscribers, the commission required that commercial wireless providers submit those domain names to the FCC for a list that's publicly available.

The FCC list puts spammers on notice that wireless spam is illegal, said Scott Chasin, chief technology officer at MX Logic, an antispam software vendor. Until recipients opt out of future mailings, CAN-SPAM allows marketers to send commercial e-mail to conventional addresses meant to be accessed from computers. But authors of CAN-SPAM argued that wireless spam can be more costly to recipients because wireless users often pay for service on a per-minute basis.

The FCC list has one potential downside -- it provides spammers with a working list of wireless mail domains, Chasin said. In June, the U.S. Federal Trade Commission (FTC) rejected a national do-not-spam registry after CAN-SPAM called for a study, in part because of concerns that spammers would use such a list to harvest working e-mail addresses. The national do-not-spam list would have included individual e-mail addresses, but the FCC wireless list does not.

The FCC list could make it easier for spammers to conduct so-called brute force attacks on wireless mail domains, Chasin said. In a brute force attack, a spammer tries to send e-mail to every possible combination of letters and numbers that could make up individual e-mail address names.

"It's a good first step in the right direction to try to solve the problem before it gets out of hand," Chasin said of the FCC list. "On the other hand, it provides the mobile spammers with some ability to spam users."

The wireless domain name list is available at http://www.fcc.gov/cgb/policy/DomainNameDownload.html.