Canning SPAM
It is time Congress got serious
about putting an end to SPAM.
In 2003 Congress passed the CAN SPAM Act,1 a piece of legislation that was supposed to eliminate a significant amount of SPAM, and make opting-out of future SPAM relatively easy. Of course, what Congress intended, and what actually occurred are two radically different things.
While there is no definitive answer as to how much SPAM is CAN SPAM Act compliant, industry sources tend to agree that less than 20% of E-mails that qualify as "SPAM," comply with the CAN SPAM Act's basic requirements (e.g., the physical address of the sender, correct headers and subject line, and ability to opt-out from future mailings.)2 Our own research shows that only SPAM that is being sent by reputable vendors, on behalf of large corporations, complies with the CAN SPAM Act's basic requirements. Additionally, we have found that while many spammers will provide the required opt-out link, use of the link does not result in a cessation of SPAM and in many instances results in an increase. One can verify this result by setting up a free E-mail account with an odd account name (e.g., abcd12349e@hotmail.com) and then opt-out using the link provided in a SPAM message sent to an account you actually use. (When you start getting SPAM at the new, unlisted, randomly chosen E-mail address, you know the spammer used the opt-out as an indication of a valid address that should remain on the spammer’s list of addresses.) Spammers also attempt to get around the opt-out request by claiming that the opt-out was only effective as to the client/campaign from which they received the request, or by claiming that "spammer A" is not related to "spammer B," even though their physical address, contact and other identifying information are identical.
So you may be asking yourself, what is the big deal about SPAM. Sure it is inconvenient to the end user, but so what? The problem with SPAM is not only the lost time spent sifting through all of the SPAM,3 but the increased costs of storing ever increasing SPAM, which itself is increasing in size due to embedded images and file attachments. Additionally, SPAM has become increasingly infected with viruses and other malicious code. While many members of Congress recognize that there needs to be tough penalties for the distribution of malicious code, Congress has failed to pass any legislation to prevent or limit the growth of this problem.
Part of the problem with the CAN SPAM Act is that it delegates enforcement of the act to ten different federal agencies.4 Further, while the act provides for prosecution by state law enforcement and Internet Service Providers, neither of these groups have been eager to prosecute spammers.5 When Congress passed the CAN SPAM Act, it ordered the Federal Trade Commission (FTC) to investigate the possibility of a bounty system for private individuals who tracked down spammers who violated the CAN SPAM Act. Unfortunately, in September 2004, the commission rejected the idea of a private bounty system, except for whistle-blowers inside or close to the SPAM operation. Given that SPAM operators tend to be very small (i.e., one to two people), it is extremely unlikely that a spammer is going to whistle-blow on themselves. The FTC's rationale for limiting the bounty system to insiders was that the cost was going to be excessive. The FTC's reasoning is flawed and ignores the successful use of private causes of action under the Telephone Consumer Protection Act (TCPA)6 to significantly cut down on the sending of unsolicited commercial faxes and pre-recorded telephone commercials.
Like SPAM, junk faxes are an attractive form of mass marketing on a small budget. While not completely free, junk faxes shift most of the advertising expense to the recipient, who has to pay for the paper and ink wasted by the junk fax. If spammers were to face statutory damages similar to those of the TCPA ($500 per fax, or $1,500 per fax if violation was wilful or knowing), private individuals would have sufficient motive to track down and prosecute spammers. Admittedly tracking down spammers is more difficult because they can hide their IP address with greater ease than a junk faxer can hide the number from which their fax originated, however this is not an insurmountable obstacle. There is another alternative to the private enforcement system.
The purpose of junk faxes and SPAM are generally the same, to make money. If the government in cooperation with a couple of credit card issuers created a system whereby the use of an account number resulted in an automatic freezing of the spammer's account, it would eliminate the spammer's incentive for spamming.
Admittedly, the later suggestion seems draconian and will need some tweaking in order to be legal, however, our economy and our information infrastructure cannot sustain the continued abuse that results from year over year double and triple digit increases in the percent of SPAM. Given the use of online scams by criminal enterprises and terrorist organizations, our society cannot continue to treat SPAM as a mere nuisance. Further, since Congress preempted tough state laws with the CAN SPAM Act, Congress has an obligation to fix the mess it created.
1 P.L. 108-187.
2 See 15 U.S.C. § 7704 for complete list of requirements.
3 Even with SPAM filters being provided by every major Internet Service Provider, it is still prudent to search through one's junk/bulk mailbox to ensure that legitimate E-mails were not misdirected. Many spammers have resorted to sending their messages via pictures embedded into the E-mail because anti-SPAM filters are highly ineffective in detecting "image SPAM." Not only does this new form of SPAM make filtering more difficult, but it consumes additional bandwidth and storage capacity. Even if "image SPAM" filtering becomes readily available, the additional computational resources required to filter billions of images will significantly slow the flow of E-mail across the Internet, as messages will sit in filtering queues.
4 See 15 U.S.C. § 7706.
5 According to a FTC report from December 2005 entitled Effectiveness and Enforcement
of the CAN-SPAM Act: A Report to Congress, the Federal government has commenced only twenty enforcement actions, ISPs have commenced less than thirty actions (with some being dismissed), and the states have commenced six cases against spammers using the CAN SPAM act.