Antispam advocates question US bill

A bill attempting to regulate the sending of unsolicited commercial e-mail passed in the US Senate last week will have little...

A bill attempting to regulate the sending of unsolicited commercial e-mail passed in the US Senate last week will have little impact on the amount of spam coming into e-mail users' in-boxes antispam advocates have claimed.

The Controlling the Assault of Non-Solicited Pornography and Marketing (Can-Spam) Act requires e-mail users to opt out of unwanted commercial e-mail, instead of requiring e-mail senders to get opt-in permission.

The bill can do little to stem the tide of spam coming from outside the US, said antispam technologies companies and at least one consumer advocacy group.

The bill gives consumers little control over spam, said Ray Everett-Church, counsel for the Coalition Against Unsolicited Commercial Email (Cauce).

Everett-Church said he was encouraged that the final version of the bill included an amendment requiring the US Federal Trade Commission (FTC) to study the possibility of a national do-not-spam e-mail registry, but the bill only authorises the agency to create such a list.

A law Congress passed in 1991 authorised the Federal Communications Commission to create a national do-not-call telemarketing registry, and it only went into effect earlier this month Everett-Church noted.

The FTC has expressed concerns about creating and maintaining a massive do-not-spam list, and the opt-out approach of Can-Spam "legalises" spammers to send out e-mail until they are told to stop, he claimed.

"I'm deeply concerned that we may never see a do-not-e-mail list, and until such a time as we do, we will see an unlimited right to see spam," he added

Can-Spam includes a requirement that commercial e-mail include valid opt-out mechanisms and allows fines of up to $100 per piece of spam sent with misleading header information, with fines up to $3m allowed for some types of spam.

But Everett-Church questioned whether law enforcement agencies would have the time to go after spammers without larger budgets for enforcement, which Can-Spam does not provide. The FTC and state attorneys general would be responsible for most spam enforcement under the bill.

The bill's cosponsors, Senators Conrad Burns and Ron Wyden, defended the bill, saying it was a necessary weapon in the fight against unsolicited commercial e-mail. Technology will also need to play a part in eliminating spam, but Can-Spam should send a "strong message" to spammers, a Burns spokeswoman said.

"No legislation will be a silver bullet against spam, but the Burns-Wyden legislation gives consumers considerable control over the e-mail coming to their in-boxes by backing up the law's requirements with stiff civil and criminal penalties," a spokeswoman for Wyden said. "This is a good step toward taking back the internet from the 'kingpin spammers' - the worst actors of the online world."

Not surprisingly, antispam technology companies agreed that technology needs to be part of the solution, with some suggesting that antispam technologies will go further to help e-mail users. 

Dave Jevans, senior vice president of marketing at Tumbleweed Communications, an e-mail firewall supplier, said the law is a step in the right direction, and can help set a moral tone against spam.

However, he added that Can-Spam will not be enforceable, because it is difficult to validate the identify of any internet user and because a large percentage of spam comes from outside the US. Can-Spam might make some potential spammers think twice before getting in the business, but the amount of spam sent is doubling about every two months.

Jevans called for a blend of legislative and technological approaches to fighting spam, including requiring that e-mail carry a digital signature establishing the identity of the sender.

Pete Privateer, senior vice president for product strategy and marketing at Internet Security Systems, a security and antispam company, said the bill might stop legitimate marketers from employing spam techniques, but would do nothing to stop hackers from using spam as a tool for identity theft.

"This bill is like trying to write a law to ban viruses," Privateer said. "It's just about that effective. I expect the volume of traffic in your in-box to increase."

But Al DiGuido, chief executive officer of Bigfoot Interactive,  a provider of e-mail marketing services, said Can-Spam would, at least, clear up the confusion of more than 30 state laws dealing with spam.

"We're really excited about federal guidelines that will put an end to all the chaos and confusion on a state-by-state basis," he added.

DiGuido recommended that reputable marketers work on a fee-based e-mail system, where they pay a small fee to internet service providers to create "white lists" - lists of commercial entities permitted to send e-mails - to ensure that their messages are delivered.

"There will be some real teeth put behind the law that will impose jail terms and significant penalties from a dollars and cents standpoint," he said. "We also think ... the criminal element has been trying to evade the law for some time now, so they'll continue to try to find ways to evade the law."

Grant Gross writes for IDG News Service

Read more on IT legislation and regulation