CAN SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) is an awfully catchy name for a bill. I suspect that Senator Conrad R. Burns (R–MT) and Senator Ron Wyden (D–OR) conferred with some marketing execs to craft that one. The bill is intended to stem the flow of spam onto our desktops, but I have to wonder if it will, like many other federal-government attempts to rein in the Internet, backfire or simply wither away.
Theres no question that spam is a huge problem, and an entire industry has sprung up to combat it. Spam-control tools vary from free applications like Spamgourmet to commercial programs like Junk Spy and simple tools built into our favorite e-mail applications. I understand why the government feels the need to police this problem. Those running the country know that most of us are out of our minds with anger over spam. Even when we use tools to control junk mail, our mailboxes still fill with garbage. Many prominent Web destinations like Yahoo! host free e-mail accounts, and a number of those site operators are also backing this bill for the same reason as the legislators, I assume: People (read customers and constituents) are complaining.
Most of my e-mail accounts are cursed—my office Microsoft Outlook mail, my Hotmail, my Outlook Express home account, and other various free accounts, including one with Yahoo!. All of them, to varying degrees, receive spam. Sometimes I know why Im getting it; I signed up for something and stupidly forgot to opt out or actually opted in thinking I would appreciate an occasional offer from a trusted source. Unfortunately, once I opened that door, less trusted sources crept in. I am confounded, though, by how I get some of what I receive, especially with accounts I use to correspond with friends and coworkers only.
As a PC Magazine editor, Im lucky enough to have come across many of the strategies for eliminating junk mail. They range from simple self-applied e-mail filters to applications that catch and eradicate spam. Recently, our company applied a spam blocker to our corporate e-mail accounts. Although our spam levels quickly dropped to near zero, the solution wasnt the most intelligent, and many important e-mails—from newsgroups, for example—also bounced.
This is one of the problems I have with the CAN SPAM bill. I fear it will end up hurting legitimate businesses far more than illegitimate ones. Aboveboard enterprises use bulk e-mail to contact customers. Its a cost-efficient and an important business tool. Look at what you get in your regular, physical mailbox (the one outside your house or apartment). Its filled with bulk mail. Some is useless and annoying, but other pieces are valuable—those department store coupons offering one-day, 15 percent discounts, for example. Many rules and regulations apply to snail mail, yet they manage to leave the door open for legitimate unsolicited mail. One of the key differences between physical bulk mail and the electronic version is that pornographic e-mail comes right alongside the innocuous life insurance offers. I would have to agree with legislators and others that this is just plain unacceptable. Its analogous to a Penthouse Magazine flyer (complete with graphic images) showing up, unsolicited, on your doorstep. Mailing laws prevent that from happening.
So if postal mail laws work so well to control the kind of physical bulk mail you receive, why cant the US government apply the same template to spam? Im not sure it cant, but CAN SPAM does not appear to fit that template. Sure, it says all the right things:
““(1) there is a substantial government interest in regulation of unsolicited commercial electronic mail [spam]; (2) senders of [spam] should not mislead recipients as to the source or content of such mail; and (3) recipients of [spam] have a right to decline to receive additional [spam] from the same source.”“
The bill seems focused primarily on misleading information, possibly to position spam as fraud and allow perpetrators to be federally prosecuted. But is spam really misleading? I happen to believe it comes with enough red flags to make even inexperienced e-mail users take notice. For example, most porn e-mail clearly states in the subject line what youre going to see (e-mails that dont have obvious come-ons like “Hey, baby” or “My new cam”). Theres no fraud, just the potential for offensive content. The subject lines of other junk e-mails (insurance offers, promises to improve your lifestyle, and the like) are a bit more opaque, of course. But there are other clues. None of the spam I receive ever comes from someone I know (unless its a virus sent unwittingly), for example.
Identifying spam is really quite easy—the senders are unknown and the subjects are typically short like, “Hey You”—but keeping it out of your mailbox is another matter entirely. Still, the CAN-SPAM bill gets this part wrong, too. The bill states that there must be a “return address or comparable mechanism in unsolicited commercial electronic mail.” Most junk e-mail does have a return address, information for opting out, or both. Unfortunately, the info is almost never valid, and following the opt-out procedure usually cements your status as a real e-mail target. (Oddly, the bill appears to cover the same ground twice a little further on.)
Beyond placing the policing of this act within the jurisdiction of the Federal Trade Commission, designated Federal agencies, and State Attorney Generals, the bill really doesnt address enforcement. Instead, it jumps right to penalties. CAN SPAM gives ISPs the right to sue spam purveyors as a way of recouping fines. In other words, ISPs are likely to be held accountable for delivering spam mail to desktops. This is like suing the US Postal Service for delivering hate mail. ISPs are the carriers, not the creators. America Online, the largest ISP in the US, isnt waiting for CAN SPAM to become law before it addresses the spam epidemic. The company has already filed a multimillion-dollar lawsuit against spammers.
I have other issues with CAN SPAM, too. The bill is appallingly light on technical detail and doesnt go far enough to properly define illicit mail. Whats more, as an American law, it has no jurisdiction over spam mail from outside the US. Most importantly, it doesnt address pornography domains and, to be realistic, thats not something the US can do on its own. Since 1998, the Internet Corporation for Assigned Names and Numbers (ICANN) has been looking at a host of new top-level domains (TLDs). Many TLDs, like Biz and Info and Pro, are poised to move into common use, but no adult domain has been ratified. Theres simply too much controversy surrounding the idea. Thats a shame, because if porn Web sites were forced to adopt a unique TLD, blocking the sites and any mail that came from them would be simple. Since CAN SPAM focuses on spam purveyors using real, traceable domains, this change could actually give the bill some teeth.
Senators Wyden and Burns are no doubt acting in good faith, but Wydens Internet legislation track record, in particular, confuses me. Hes also cosponsor of bills to extend the Internet tax moratorium and another to fund the development of technologies that defeat Internet jamming and censorship. On one hand he wants the government to steer clear of legislating Internet e-commerce and actually work to prevent censorship, but on the other he wants it to meddle deeply in the ebb and flow of Internet e-mail.
The US cannot afford to act imperially and pass a law that will likely only result in a bunch of legitimate businesses and organizations getting the shaft while the well-heeled and most insidious spammers and pornographers figure out yet another way to get around the latest roadblocks. Passage of this bill will by no means be a disaster, but if its not coupled with some more aggressive global changes in the way Internet domains are assigned and managed, itll be as fruitless as trying to hold back the electrons that carry Internet content.
Discuss this article in the forums.
More Lance Ulanoff:
