CAN SPAM a Toothless Act?

The Can-Spam Act, passed last December, was supposed to stop unsolicited commercial e-mail. But most users are still getting offers from Viagra merchants, pornographers and those looking to prevent foreign dictators from collecting their supposed fortunes. Is the Can-Spam Act a toothless piece of legislation? Or a step that gives CSOs the grounds to sue spammers who are flooding their servers with unwanted e-mail?

The Can-Spam Act includes a number of components to protect consumers and businesses. The act sets fines and prison penalties for spammers who hijack computers to distribute e-mail, falsify header information or falsely represent themselves. The act also mandates the inclusion of a return address, opt-out technologies and e-mail identifiers. Lastly, the act requires the Federal Trade Commission to research and develop a Do Not E-Mail registry, similar to the Do Not Call registry (see “You Don’t Call, You Don’t E-Mail,” Page 13).

Phillip Hallam-Baker, principal scientist for VeriSign, doesn’t think this act alone will stop spam, but it will make it harder for the worst offenders to hide. The Justice Department has yet to prosecute anyone for violating this act, but it’s still early, and Hallam-Baker is confident that some of the biggest spammers will be punished.

Four of the country’s leading e-mail and Internet service providersAOL, EarthLink, Microsoft and Yahoojoined forces to form an antispam alliance in the spring of 2003. And since the passage of the Can-Spam Act, the alliance has filed six lawsuitsall in the month of Marchagainst hundreds of defendants in California, Georgia, Virginia and Washington.

But Andrew Lochart, director of product marketing for e-mail security provider Postini, disagrees with Hallam-Baker. Lochart says the Can-Spam Act will ultimately hurt legitimate bulk e-mail companies. “Because of the nature of e-mail and because it is easy to hide one’s identity, enforcement of this is going to be basically impossible. The people who are going to get nailed by the law are small companies that want to be DoubleClick when they grow up, who don’t have the resources to make themselves compliant,” says Lochart.

John Mozena, cofounder and vice president of the Coalition Against Unsolicited Commercial E-Mail, doesn’t think the Can-Spam Act is strong enough to eliminate spam entirely. His major complaint is that the government did not outlaw sending unsolicited e-mail; it just said you have to be honest when doing so. “We think the best law is one that just tells us not to spam,” he says.

He suggests that CSOs look into the enforcement abilities the Can-Spam Act gives them, in particular requirements to ensure that server logs stand up in court.