Anti-Spam Law Has Holes

By Cameron Sturdevant  |  Posted 2003-12-08 Print this article Print

Senate Bill 877 won't stop the general problem of junk e-mail.

The U.S. congress has just finished work on anti-spam legislation that will likely be signed into law by years end. The bill was a nice try, but I feel confident that Ill be covering anti-spam technology for years to come.

The reason is that Senate Bill 877 wont stop the general problem of junk e-mail. This isnt to say it will have no effect. It will crimp the stupidest spammers, those too feebleminded to go offshore to send their phony baloney. It wont stop commercial e-mail from many mortgage, insurance and credit card companies. And it certainly wont stop big e-mail service providers such as America Online and Yahoo from sending bulk commercial messages to their subscribers.

Further, the legislation takes an opt-out approach as opposed to an opt-in approach. This means that corporate IT managers are going to remain the guardians at the mail gateway, turning back the continuing flood of now legal—but still unsolicited and unwanted—e-mail headed for their e-mail servers. Corporate e-mail users will have to go through the process of unsubscribing from e-mail lists, one at a time, to stop spam.

Corporate users may benefit, however, from one aspect of the pending legislation. The bill currently provides that the Federal Trade Commission study set up a national Do Not Spam list. Id love to get my Ziff Davis e-mail account on any such list. Its an address that Im obliged to put in the public domain, making it difficult to defend from spammers.

If it becomes law, the legislation will supersede anti-spam legislation in 37 states. This is too bad because states such as California and Delaware were closer to the mark in crafting anti-spam legislation. For example, California and Delaware both specified that bulk commercial e-mail could be sent only to recipients who opted to receive it. Also, Californias law would have provided a way for individuals to sue offenders. The federal legislation does neither of these things.

Unfortunately, the federal legislation will most likely create a kind of bulk unsolicited commercial e-mail thats legal under the new rules. These messages will have to follow strict rules including providing accurate subject lines and a valid method for consumers to get off bulk lists. Now corporate IT managers will be faced with a crush of U.S.-government-approved Grade A spam, with no legal recourse but to take it. Which is why technology, not rule-making, is the best way to stop spam.

One promising method of fighting spam uses a "call to action" as a way to filter out spam. The call to action, whether it is in the form of a solicitation to send money or credit card information to a post office box or a request to click on a link, is currently quite difficult to disguise.

Another emerging technology that holds promise for consumers is "disposable" e-mail addresses. These are meant for use during a very short period of time, such as when a consumer sends a message to an e-business site. The technology causes the e-mail address not to function for return e-mails after a short time. Few business users would want to send this type of message as a matter of course, however, because it would prohibit replies from business contacts unless they were to respond quickly.

A form of anti-spam technology that Im not sure will be of much use is called permission-based e-mail. One of the key weaknesses of permission-based systems is revealed by mass-mailer worms. Crackers will be motivated to steal address books and then send spam under the name of the victim to the stolen e-mail addresses. Because the addressees have likely given permission to receive e-mail from the sender, the anti-spam defense goes away.

Although I dont have a problem with the idea of introducing modestly priced e-mail services, its not likely theyll be effective because they follow the permission-based model.

The nature of spam—cheap for the sender, expensive for the receiver—isnt fundamentally changed by the legislation that is likely to become law. And for now, the technologies available cannot fundamentally change the equation either, so like it or not, Ill be covering anti-spam products for the foreseeable future.

Discuss this in the eWEEK forum. Senior Analyst Cameron Sturdevant can be contacted at

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel