CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Why we've finally canned spam

U.S. Senators Ron Wyden and Conrad Burns say critics overlook the real impact that the law they wrote will have in the reduction of unwanted e-mail.

    Congress has finally taken an important step forward in the battle against unwanted and offensive e-mail by passing the Can-Spam Act of 2003.

    As co-authors of this legislation and as two of the Senate's leading technology legislators, we do not claim that the Can-Spam Act, which passed into law Tuesday, offers a silver bullet that will stop all unwanted e-mail. However, we do believe that the law will offer important new tools in the fight against spam and that some of the criticisms of the legislation are misguided.

    Experts say most spam comes from a relatively small number of hard-core spammers (perhaps as few as 200) who send out millions of messages per day. Under the Can-Spam bill, these big-time spammers--who currently perceive little risk--will suddenly be risking criminal prosecution, Federal Trade Commission enforcement and million-dollar lawsuits by state attorneys general and Internet service providers (ISPs).

    Big-time spammers will inevitably violate the Can-Spam Act because it strikes at the heart of how their sleazy businesses work.
    Big-time spammers will inevitably violate the Can-Spam Act because it strikes at the heart of how their sleazy businesses work. The bill prohibits senders of commercial e-mail from hiding or disguising their identities or from using misleading subject lines. Spammers must use these deceptive tactics to avoid now-common spam filters and ply their trade. If they continue to do so, they will run afoul of the law.

    Some critics, including ZDNet writer David Berlind, have correctly noted that enforcing the new law will be a key challenge. In our view, it will be important for enforcement authorities to bring a few high-profile cases shortly after the bill is enacted. That will send a clear message to the kingpin spammers that the game has changed. However, we disagree with critics who claim that the bill cannot be effectively enforced.

    Berlind suggests that an "opt out" approach is hard to enforce, because opt-out mechanisms do not always work and lack a standard protocol. It is important to note that many legitimate businesses currently use opt-out mechanisms that work the vast majority of the time. If a mechanism repeatedly fails to work, it would be clear that a spammer is violating the law. Even if a violation of the opt-out provisions were somehow too difficult to prove in a particular case, a spammer could still be prosecuted or sued for falsifying header information or subject lines, which, as noted above, are the essential tools of the spammers' trade.

    Second, some critics argue that there is little support for the bill among those charged with enforcing it. It is true that state attorneys general are uncomfortable with federal legislation that preempts state laws. But other parties charged with enforcing the bill have been far more positive. In particular, ISPs--whose networks are burdened by spam and who have been on the front lines in the spam battles to date--have expressed strong support for the bill. The FTC has also said the bill should be helpful.

    Third, critics point out that some spammers live abroad and hence are outside U.S. jurisdiction. But the fact is that many big-time spammers do reside in the United States. Moreover, the bill cannot be evaded by hiring an offshore spammer. A person in the U.S. who hires an offshore spammer to send unlawful e-mails would be fully liable under the bill.

    In the end, fighting spam is going to require a multipronged approach.
    Finally, some say that the bill's large potential damages are irrelevant, because many spammers have limited resources. But the bill applies both to spammers and to those who hire spammers. One of those parties, if not both, is likely to have some real resources. Moreover, big-time spamming involves a business calculation. Right now, the costs of spamming are near zero, making any revenue pure profit. With the possibility of large money judgments, the potential cost of spamming rises, and the business calculation could change.

    In the end, fighting spam is going to require a multipronged approach. It will require improved technology, which is why we welcome the recent announcement that Yahoo is working on technology to authenticate the source of e-mails. Greater cross-border cooperation is needed, which is why we joined three U.K. Parliament members to urge our respective governments to engage in bilateral cooperation on spam enforcement. Of course, kingpin spammers must also face tough criminal and civil penalties, which is why we proudly co-authored the Can-Spam Act.

    We firmly believe that the Can-Spam Act is an important piece of the antispam puzzle. With proper enforcement, it will be an effective tool in the war on spam.