January 18, 2004

CAN-SPAM Act -- Can't

Wired News reports that despite the enactment of the CAN-SPAM Act of 2003, "providers of spam-filtering software say they're blocking more messages than ever. Spammers, they say, are either ignoring the law or pretending to comply with guidelines for legitimate e-mail marketing."

Here's why I believe it's going to get a lot worse before it gets better, and offer a few tips that may help.

Particularly troublesome is that spammers have "created programs that rapidly morph the content of messages, so that only three or four identical e-mails are sent out at a time. With the advent of Can-Spam, Jacob said spammers are also increasingly guilty of "faux compliance," exploiting a caveat in the law that permits unsolicited e-mails from legitimate marketers who allow recipients to opt out of future mailings. Unscrupulous junk mailers are pretending to go along with the guidelines by including false return addresses for opting out." Thus recipients who attempt to opt out either have their requests ignored or are validating their e-mail addresses for the spammers.

Ed English, CEO of Intermute (which offers SpamSubtract), confirms my original comments when he states that "many spammers will likely evade the law by moving offshore" since spam is a global problem and the U.S. law has limited reach.

Interestingly, some Wired interviewees believe that spam will continue to increase until the FTC makes an example of someone. Unfortunately, given the recent developments in music and file trading, even though the RIAA made numerous loud examples of prosecuting offenders, Wired reports mixed results in its recent "Study: Music Piracy Rising".

Indeed, the Wired spam article suggests the CAN-SPAM act may turn out to be a green light for "U.S. businesses to begin spamming American e-mail addresses as long as they give users a way to opt out. If this happened, the group predicted, 'opting out of spammers' lists will very likely become the main daytime activity for most U.S. e-mail users in 2004.'" Thus in the interim, expect more, and not less spam. I've said it before: Although the federal government was trying to do something about it, this Act was the "feel good legislation of the year", as it will not likely be effective in any meaningful way.

In my humble opinion, the Law of Unintended Consequences comes into play here. Separately the CAN-SPAM Act and the FCC "Do No Call Registry" are intended to combat unwanted and voluminous communications. However, as I've mentioned previously, a large side effect of the national "Do Not Call Registry" and separate state "do not call" laws is that they are driving the blocked telemarketers over to spamming techniques to make up for the lost call opportunities.

Here's a parting tip if you're interested in opting out from receiving more from a spammer: Don't just click blindly on the "unsubscribe" link -- its displayed text can fool you. That's because HMTL formatting in e-mails and web pages allows the displayed text to be different than the underlying link.

Instead, there's a better way to check before clicking through. It's not foolproof, but it's sometimes helpful. Depending on your e-mail program or web client, you can oftentimes right-click on the opt-out link and copy it to the clipboard. Then paste it into a text-only field (say, in Notepad or your web browser's address field). If the e-mail address looks legitimate, you have a chance it may work as desired. Conversely, there are many experts who advise against any opt-out attempts, so use your best judgment.

If the link doesn't look legitimate (e.g., it doesn't contain a valid domain name, or it goes back to a free e-mail service like Yahoo or Hotmail), then by clicking through you're just begging for more spam. Also, it depends on the sender and the relationship you do or don't have with them. If it's from a reputable company with whom you've done business, I've often had good luck unsubscribing from their newsletters, sales and PR announcements etc. (I consider it spam when I receive such things from a company when I did not specifically request them). Most mainstream companies don't want to risk offending and alienating their customers into boycotting them.

In conclusion, while I would prefer to say that it's going to be spam as usual, I fully expect it's going to get worse before it gets better, if ever.

Topic(s):   Privacy & Security
Posted by Jeff Beard