• United States

The real meaning of CAN-SPAM

Dec 08, 20033 mins

As I write this, Congress is just about to finish up the approval of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, aka the CAN-SPAM Act of 2003. The term “mixed bag” was coined to cover things like this bill.

On one hand, the bill provides potentially useful tools for law enforcement to fight some types of spam. On the other hand, it specifically makes spam legal and pre-empts anti-spam laws, many of which are much stronger, in 35 or so states.

I hope that the congressional title-writer who came up with CAN-SPAM assumed that people would read the “can” as meaning “to put a stop to.” But sadly, it is better read to mean “to be enabled by law.”

This bill defines spam as ‘unsolicited commercial electronic mail messages.’ Such messages, in turn, are defined as electronic mail whose primary purpose is to advertise a commercial product or service.

The bill says that such spam is just fine as long as there is a working opt-out mechanism listed in the message and as long as the sender address and e-mail header information is not forged. Under this bill, every division of every one of the companies on earth can send you a message completely legally, and you have the power to go through some undefined per-sender process to tell the sender not to do it again. Clearly, the bill was heavily influenced by, if not actually written by, commercial spammers.

The bill has significant negative value but is not quite worthless. The requirements for working opt-out mechanisms and unforged source addresses give law enforcement officials and ISPs (the only ones permitted to sue under this bill) some potentially useful ways to enforce it. The bill’s ban on using third-party computers to forward spam without permission and a prohibition of selling e-mail addresses of people who have opted out are also noteworthy. But an example of the bill’s source is the provision in an early version that said spammers did not have to include a working opt-out mechanism after they got what they interpreted as an opt-in response. Once hooked, you could not get out – ever. That seems to have been dropped from the final version.

How useful will this bill actually be if it ever goes into effect? A quick scan of the spam I received in the last two days shows that one-third of it would be totally unaffected – it included Nigerian cons and other mail from outside of the U.S. and in languages I don’t know. Another third potentially would be affected – it included ads for body-part enlargement, porn sites and the like. The final third definitely would fall within the effective coverage of the law – it included ads from U.S. companies for various things.

There is no way this bill will significantly reduce the level of spam, but it might change the ground rules enough to give the people developing anti-spam software a little bit better chance.

Disclaimer: The bill will definitely provide Harvard-trained lawyers with a source of income, but I did not ask the law school for its opinion – the above definition of “can” is mine (and Merriam-Webster’s).