Cyber Eye: Can-Spam could be a can of worms

William Jackson

A lot of thought went into naming the antispam legislation signed into law last month. The Can-Spam Act of 2003 stands for Controlling the Assault of Non-Solicited Pornography and Marketing. Too bad that much thought didn't go into drafting the rest of the bill.

As of Jan. 1, the act overrode state laws that Congress has decided have been unsuccessful at stopping unsolicited commercial e-mail. It specifies prison sentences up to five years and criminal fines up to $2 million plus civil penalties of up to $1 million for the most egregious violators. But it offers no help in the way of enforcement.

The Federal Communications Commission has that responsibility without any money allotted for the job.

If prosecuting spammers were easy, there would be no need for a law. We already have laws against fraudulent and deceptive advertising. The trick is to give enforcers the resources to identify, track down and prosecute those who violate the laws.

With major funding bills still unfinished in Congress, the resources are unlikely to become available soon.

Worse, spammers can put themselves beyond enforcement by giving some basic information in e-mail headers and letting recipients opt out. But systems administrators have been telling users for years not to use opt-out features for spam, because they verify that the addresses are live.

The idea of a no-spam registry has been ridiculed as merely a way of handing spammers a list of verified addresses. The law does not mandate such a list but requires the FCC to study its feasibility.

On the positive side, Can-Spam outlaws using compromised computers as spam proxy servers, harvesting addresses from sites whose privacy policies prohibit it, and generating address lists from automated dictionary attacks.

Of course, if spammers were decent, law-abiding people who observe such strictures, they wouldn't be sending fraudulent and deceptive messages in the first place.

Another bright spot is a provision for service providers to sue spammers in federal court. If providers see this as a way to recover their costs for handling spam, the civil suits could be helpful.

Congress noted in the bill that 'the problems associated with the rapid growth and abuse of unsolicited commercial e-mail cannot be solved by federal legislation alone.' Technology will be needed, too.

Keep fine-tuning those e-mail filters.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above