Click the comments link on any story to see comments or add your own.
Subscribe to this blog
12 Jun 2005
The CAN SPAM Act of 2003 went into effect a year ago on Jan 1, 2004. As of that date, spam suddenly stopped, e-mail was once again easy and pleasant to use, and Internet users had one less problem to worry about.
Oh, that didn't happen? What went wrong?
There are a few good things about CAN SPAM. It made some arguably fraudulent practices specifically illegal, and set per-spam statutory damages. That allowed a variety of lawsuits such as the one where an Iowa ISP won a billion dollar default judgement against a Florida spammer. It also explicitly ratified ISPs authority to set and enforce their own stricter policies about e-mail.
But overall, CAN SPAM's weaknesses outweigh its benefits. The biggest problem with CAN SPAM is that it doesn't actually forbid spam, for any normal definition of spam. So long as mail doesn't involve fraudulent elements, and contains specified contact and opt-out information, it's 100% legal until the recipient begs the sender to stop. This has set an extremely low floor for mailers to meet, and far too many now argue that since they comply with CAN SPAM they must be OK. I've gotten spam from the National Council of Churches, who really should know better, to addresses that were clearly scraped from my church's web site and added to the NCC's list without asking permission. When I complained, they pompously assured me that they complied with the letter and spirit of CAN SPAM, an utterly vacuous claim since CAN SPAM says nothing at all about non-commercial e-mail. (The obvious counter-argument is that if they didn't comply with CAN SPAM, they're be criminals, but they evidently don't see it that way.)
Another problem is that the remedies are cumbersome, since they require filing in Federal court, so they're likely to be useful only to medium and large businesses who get a lot of spam and can bundle many similar complaints into one case. CAN SPAM wiped out a lot of more stringent state laws, but even so, the remaining state laws are at least as useful as CAN SPAM. For example, the criminal conviction of large-scale spammer Jeremy Jaynes was under the Virginia state law, not CAN SPAM.
What does this all portend for the future? A surprising press release from AOL reported that the amount of inbound spam at AOL dropped by 22% compared to a year ago. Other ISPs reported no such drop, so we can only speculate about the causes, but my speculation would be about one part spam filtering, which AOL does well, and four parts legal threats, both the Jaynes criminal case and several civil cases they've filed in the past year. Spammers may turn away from large ISPs and aim more at smaller domains who are less likely to have the resources to sue them. Tune in again next year and find out.
My other sites
© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.