CAN-SPAM law: Little impact so far

Still, CAN-SPAM was a positive step in fighting spam because it set the ground rules for what is acceptable behavior, said Shinya Akamine, president and chief executive officer of Postini. The increase in the amount of spam may have been higher without the CAN-SPAM law, he said.

"We think that it's a great law," Akamine said. "It prohibits illegal activity, now we believe it's the role of the private sector to actually go out and secure (e-mail)."

Akamine and Hans Peter Brondmo, senior vice president of e-mail marketing vendor Digital Impact Inc., disagreed on what technological measures can be effective in blocking spam. Postini is blocking close to 99 percent of its customers' spam, Akamine said, but Brondmo said the only way to get rid of spam is to adopt sender-authentication protocols proposed by large ISPs including Microsoft Corp. and AOL.

AOL on Thursday announced during the hearing that the amount of spam e-mail hitting its subscribers' in-boxes declined by 20 percent to 30 percent in the last year, through a variety of spam-fighting initiatives. CAN-SPAM helped AOL and other ISPs sue hundreds of spammers in early March, said Ted Leonsis, vice chairman of America Online and president of the AOL Core Service.

"You did a great service to the online medium and tens of millions of online consumers," Leonsis told the committee. "CAN-SPAM was the right bill at the right time for all the right reasons, and we look forward to measuring its success with more time."

While Leonsis and Scelson argued over whether AOL was blocking Scelson's e-mails, James Guest, president of the Consumers Union, said the debate missed the point: that consumers don't want unsolicited commercial e-mail.

CAN-SPAM requires all commercial e-mail to have a working opt-out mechanism and requires senders to include valid postal addresses. The law also includes a criminal penalty of up to a year in jail for sending commercial e-mail with false or misleading header information, plus criminal penalties of up to five years in prison, for some common spamming practices, including hacking into someone else's computer to send spam.

But the law forces consumers to opt out of commercial e-mail, instead of requiring e-mailers to get opt-in permission, and Guest urged the committee to change the opt-out requirement. Spam can come from thousands of sources, and a consumer would have to send an opt-out request to each sender to cut off all spam, Guest said.

E-mail users should have the same protections as phone owners do under the national do-not-call list, which the do-not-e-mail list proposal is modeled after, he said. "Obviously, this is an absurd burden to place on people," he added. "Congress should put the burden on spammers to get permission, not on consumers to fend off the intrusion."