CAN-SPAM: Good, Bad or Indifferent?

By Larry Seltzer  |  Posted 2004-01-15 Print this article Print

The CAN-SPAM anti-spam law is in effect and you're still getting spam? Hard to believe spammers would actually break the law, isn't it? But just because CAN-SPAM is largely impotent doesn't mean that alternatives would have worked any better, despi

Some people just have to be right and their critics wrong. Such looks to be the case with much of the current criticism surrounding CAN-SPAM, the federal anti-spam law that went into effect recently. We recently reported on such criticism of the law. Youd definitely get the impression, to listen to critics such as Vincent Schiavone, president and chief executive officer of the ePrivacy Group, that things will be worse after CAN-SPAM. Mr. Schiavone argues that spam has been green-lighted by the law. In addition, a recent Slashdot story agreed, calling CAN-SPAM a "spam friendly anti-spam bill."

These critics would have preferred a purely opt-in-based system, where it would be very hard for any commercial entity to justify sending you e-mail. Now, they argue, all restraint will be gone.
But if we really had a more stringent system, would things really be any better than they will be with CAN-SPAM? I see no reason to believe so.

What these critics (mistakenly) fear is that legitimate companies will go wild with spam because CAN-SPAM has given them "permission." But thats not why we have a spam problem. Let me reach into my blocked mail folder and pick a few spams to see if any real companies can be found there. What are the subjects: Portuguese stereo equipment, drugs, cigarettes, rapid weight loss and pirated software. In fact, its all the same sort of trash. No company with a reputation would soil it by casting its lot with such a marketing method. In fact, we used to see real companies using spam (I remember Omaha Steaks among them), but I havent seen them in a while. And if real companies really do see CAN-SPAM as a guide for e-mail marketing, then theyll actually follow the rules in it, including honoring opt-out and not spoofing anything in the message headers.

However, the frustrating part is that the critics are right that CAN-SPAM will likely be ineffective. For the law to be effective to a fair degree, it must be vigorously enforced. Given todays priorities, Id be very surprised if the government decided to spend less money rebuilding Iraq and more on jailing spammers. If the necessary resources were really allocated, a lot of spammers could get caught and subject to severe punishment. In addition, companies that promote products through spam could be liable even if the spammers used foreign ISPs.

Sad to say, thats not going to happen. More likely, in the great American tradition of the civil lawsuit, ISPs, state attorneys general along with some individuals with too much time and money on their hands, will sue the spammers under CAN-SPAM. Such a tactic might go somewhere if we were talking about suits against a stalwart of Corporate America such as General Motors or McDonalds. But the outfits selling wares through spam dont look like the type of businesses that will be intimidated by a civil suit. By the time a company could be identified and then served with papers, the perpetrators will have moved assets through three shell corporations and there will be nothing left to sue for. Or perhaps the entire outfit will be located in a foreign country, making it not worth the effort to charge from the get go. The result will be the same: ineffective.

Critics also often point out that CAN-SPAM supercedes a large number of state laws, many of which were stricter on spam. But they dont point out that it doesnt completely supercede them, specifically authorizing state jurisdiction, for example, in matters of fraud. Theres a lot of fraud in spam, and I would argue that its a bigger part of the problem than genuine commercial solicitations from legitimate companies.

Just because Im pointing out the impotence of CAN-SPAM doesnt mean I oppose it. I believe that some things are wrong and should be against the law, even if enforcement of that law is impractical. I used to pooh-pooh proposed technical changes to SMTP, also for reasons of practicality, but Im begriming to think that theyre inevitable. Once spam has strangled the usefulness out of e-mail, people will put up with inconveniences in order to make basic changes. And at that point further legislation might be useful in order to strengthen the transition.

Critics of CAN-SPAM are right that spam will get worse, but thats in spite of CAN-SPAM, not because of it. Unless large numbers of people start going to jail for spamming, or some sort of significant technological change makes spamming more difficult, you can expect the spam percentage of your mail to continue to increase. Were not at the point where people really demand something be done, but were getting there.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Be sure to check out eWEEK.coms Security Center at for the latest security news, views and analysis.

More from Larry Seltzer
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel