I haven’t yet weighed in on this briskly-debated issue since everyone else is doing a pretty good job covering the ground. For those who don’t know what the fuss is all about: Two months ago California then-governor Gray Davis signed into law a bill which would make unsolicited commercial email illegal. This law would require senders to demonstrate proof of permission and would grant recipients the right to sue spammers for up to $1000 per message. It was set to go into effect on January 1st 2004.
However, the federal government rushed the “CAN-SPAM” act through voting and it will almost certainly be passed any day now, to also go into effect January 1st 2004. The federal law adopts an “opt-out” approach, meaning spammers can spam you as much as they like until you ask them to stop. The federal law provides clear guidelines on how to send legal unsolicited email, effectively legitimizing spam marketing and opening the floodgates for an exponential explosion of ads for fake Viagra, cut-rate mortgages, and barnyard porn. It removes the right for individuals to sue spammers, leaving that in the hands of government agencies and ISPs. The federal law overrides and castrates 37 different state spam laws, including the California ban.
As effective as the California law would be (if enforced), it is not without its own flaws. Some say the law’s definition of spam is actually too broad, especially since it even covers “a single transmission or delivery to a single recipient.” Meaning any email sent to someone without first gaining explicit permission could land you in court. If spam were illegal, spamming wouldn’t even be an option for law-abiding businesses. The concern is that even emails you want could be considered spam and those same law-abiding businesses could still be liable.
Of course, spammers are already unethical sleazebags who won’t hesitate to break the law to keep hawking their unaccredited diplomas and pyramid schemes. This is why the individual right to sue is instrumental in making an anti-spam law effective. It would only take a few dozen lawsuits at $1000 bucks a pop to quickly destroy a spam outfit’s profitability and drive them out of business. But there is no shortage of lawyers eager to latch onto any new excuse to sue a big corporation with deep pockets, and probably not bother going after the independent spamhausen responsible for the vast bulk of worldwide spam.
Neither of these two laws is perfect, but at least the California law would actually make spamming illegal, rather than legalizing it as the federal law does. Under the federal law, an individual recipient has no legal recourse to strike back at the spammers. We can only go through the steps of opting out one list at a time. With some of the most prolific spammers maintaining literally thousands of domains, opting out of mailing lists you never opted into could become a full-time job. In addition, the CAN-SPAM law makes no specifications for what that opt-out method should entail, meaning you may have to visit the spammer’s website and be suckerpunched with banners, popups, cookies, drive-by spyware, cross-scripted hacks and porn.
As for the good points of CAN-SPAM, it does address some of the most common spamming tactics, which will be difficult to enforce, but it’s something. It forbids the falsification of header information and the use of open proxy servers for relaying email. This means that the legal spam will be easier to trace to its source, and it will force spammers to pay for their own resources, cutting into their profit margins. It also outlaws “deceptive subject headings” which have become common practice as spammers try to trick you into opening their garbage. Spam with subjects like “Re: information request” or “About last night…” would break the law. CAN-SPAM also forbids the harvesting of email addresses from public sources (web pages, usenet postings, etc, where spammers find most of their victims) and dictionary attacks (wherein the same spam is sent to lots of random addresses at a given domain in hopes that some will find live recipients).
In the end, CAN-SPAM is weak and unenforcable. Starting in 2004, email users will be drowning under the massive tide of legal spam sure to come. While the California law would have also spelled potential disaster for legitimate companies accused of spamming, it would have created a clear precident declaring unsolicited commercial email to be an illegal activity. As it stands now, the problem will have to get worse before it gets better.