I wasn't enthusiastic when CAN SPAM (otherwise known as the Controlling the Assault of Non-Solicited Pornography And Marketing Act, a laborious backronym if there ever was one) was made into law in 2003. It didn't appear to have sufficient teeth to do the job and the feds were hardly in a position to prosecute more than a handful of the most egregious cases.

Guess what? The act didn't do much for spam but it did do something right: It provided a framework that legitimate businesses could use to send unsolicited commercial e-mail, and UCE complying with CAN SPAM gave consumers a reasonable knowledge of who was trying to communicate with them and ensured that they could opt out (though the lack of consistency in this area is ridiculous).

It is time for an overhaul of CAN SPAM. We need to create a better set of standards for companies that want to use UCE responsibly. Here's my outline proposal for a responsible commercial messaging act (I have yet to find a good acro- or backro-nym for it):

Commercial E-mail will be defined as electronic mail with the purpose of advertising or promoting a commercial product or service, or political or religious opinion. The sender of such messages will be termed a Commercial Sender.

UCE will be defined as e-mail sent to a recipient who has not explicitly double opted-in to receive messages from the sender.

Double Opt-in will be defined as the process by which a subscription request for a product or service has been validated by the service provider sending a confirmation request to the address given in the initial request. All double opt-in requests must be documented, including date, time and source, and be made available on request from the recorded address within 12 hours.

Commercial Senders must register with the Federal Trade Commission to legally send UCE. Every sending domain and subdomain must be registered (this means that each agent of a company must also register) and Commercial Senders, domains and subdomains cannot be registered more than once. Note that registration doesn't have to be a huge overhead on the feds. An automated system can handle the task and anyone should be able to register from a verifiable e-mail address (accounts on services such as Hotmail, AOL and Google should not be allowed).