What to Do If CAN SPAM Doesnt

By Cameron Sturdevant  |  Posted 2003-06-19

What to Do If CAN SPAM Doesnt

My recent column criticizing CAN SPAM left many readers wondering what I would do to stop spam.

Id start by expanding the definition of spam. Spam is usually defined as bulk, commercial, unsolicited e-mail. But real spam has another, ethereal quality: It is unwanted. I add "unwanted" to my definition of spam because even if CAN SPAM legislation passes at the national level, e-mail boxes are still going to be stuffed with what most recipients consider spam. The legislation leaves a gaping loophole for institutions that are notorious for peddling personal profiles: banks and credit card companies.

To reiterate, CAN SPAM in effect says that if the sender and receiver have had a relationship in the last three years, if the e-mail header information is not forged, if the subject line truthfully describes the contents of the e-mail and if there is a mechanism to unsubscribe, then bulk, unsolicited, commercial e-mail is not spam.

Furthermore, the proposed legislation outlines that spammers can present a menu of choices during the unsubscribe process. Think of the last time you called to activate a credit card. Did the automated call offer you some extra services? Now imagine that in Web form.

Because the current legislative efforts Ive seen to stop spam often overlap with political efforts that squash free speech and invade privacy, Im inclined to look away from new laws to stop spam. As Ive written before, current consumer protection laws and financial regulations already apply to the vast majority of companies and individuals that use spam to fleece the public and bog down e-mail servers.

My suggestions for dealing with spam fall along the lines of using products and procedures to remediate the problem.

1. Train users to think of personal information and a fresh e-mail address as extremely valuable property. Try this approach: If the information is carried in a wallet or purse, it likely shouldnt be shared over the Internet.

I can already hear the howls. Yes, I use online banking and bill payment. Yes, I check my credit card statements online. No, I dont use "free" mortgage calculators anymore. The key word in my guideline is "likely." Users should be drilled in the value of their personal data. As nearly anyone who has been the victim of identity theft will attest, personal identity is valuable both in terms of money and in confidence.

2. Take time to read so-called privacy statements and take action. My ongoing research of these policy statements makes it clear that they should be called "lack of privacy" statements. If you dont like the conditions of the privacy statement—and most users shouldnt like about 90 percent of the stated privacy policies in use today—dont consume the service offered by the site.

3. Set guidelines for corporate users that help them understand the appropriate use of company e-mail. For most users, this should limit the amount of spam they receive.

4. Dont publish e-mail addresses on Web sites.

5. Implement a spam-blocking tool.

Page Two

The current characteristics of e-mail, corporate hostility toward customer privacy, and an industry insistence on computer user ignorance complete the witches brew. We are now served a huge daily helping of spam from this cauldron.

By its nature, the bulk of the cost of spam is borne by the recipient and it is easy to obfuscate header information that might be used to effectively filter legitimate messages from spam spew.

Much of the legislative effort is focused on pushing spam costs back on the sender, mostly through litigation. As Ive said before, this might get rid of one form of spam while leaving "legitimate" spam untouched.

Any company with a Web presence should immediately change course and move in the direction of fiercely, jealously, passionately, unswervingly and with no strings attached protecting private, personal user information. Furthermore, give consumers exclusive control (even if this is complete relinquishment) over how personal information is used.

Starting today, we should begin educating children on how to make choices in the way they use Internet resources. Aside from giving them access to the Internet, we need to help them value and protect their personal identity. We should encourage them to critically assess Web sites so they can determine if the information provided is valid, biased, correct or complete. Laws and litigation are one way to approach spam, but enabling users to control their personal information is a better option.

Senior Analyst Cameron Sturdevant can be contacted at cameron_sturdevant@ziffdavis.com.

Rocket Fuel