What to Do If CAN SPAM Doesnt

Sturdevant: Users should demand complete control of their personal information.

My recent column criticizing CAN SPAM left many readers wondering what I would do to stop spam.

Id start by expanding the definition of spam. Spam is usually defined as bulk, commercial, unsolicited e-mail. But real spam has another, ethereal quality: It is unwanted. I add "unwanted" to my definition of spam because even if CAN SPAM legislation passes at the national level, e-mail boxes are still going to be stuffed with what most recipients consider spam. The legislation leaves a gaping loophole for institutions that are notorious for peddling personal profiles: banks and credit card companies.

To reiterate, CAN SPAM in effect says that if the sender and receiver have had a relationship in the last three years, if the e-mail header information is not forged, if the subject line truthfully describes the contents of the e-mail and if there is a mechanism to unsubscribe, then bulk, unsolicited, commercial e-mail is not spam.

Furthermore, the proposed legislation outlines that spammers can present a menu of choices during the unsubscribe process. Think of the last time you called to activate a credit card. Did the automated call offer you some extra services? Now imagine that in Web form.

Because the current legislative efforts Ive seen to stop spam often overlap with political efforts that squash free speech and invade privacy, Im inclined to look away from new laws to stop spam. As Ive written before, current consumer protection laws and financial regulations already apply to the vast majority of companies and individuals that use spam to fleece the public and bog down e-mail servers.

My suggestions for dealing with spam fall along the lines of using products and procedures to remediate the problem.

1. Train users to think of personal information and a fresh e-mail address as extremely valuable property. Try this approach: If the information is carried in a wallet or purse, it likely shouldnt be shared over the Internet.

I can already hear the howls. Yes, I use online banking and bill payment. Yes, I check my credit card statements online. No, I dont use "free" mortgage calculators anymore. The key word in my guideline is "likely." Users should be drilled in the value of their personal data. As nearly anyone who has been the victim of identity theft will attest, personal identity is valuable both in terms of money and in confidence.

2. Take time to read so-called privacy statements and take action. My ongoing research of these policy statements makes it clear that they should be called "lack of privacy" statements. If you dont like the conditions of the privacy statement—and most users shouldnt like about 90 percent of the stated privacy policies in use today—dont consume the service offered by the site.

3. Set guidelines for corporate users that help them understand the appropriate use of company e-mail. For most users, this should limit the amount of spam they receive.

4. Dont publish e-mail addresses on Web sites.

5. Implement a spam-blocking tool.