Wow, the 2003 CAN-SPAM Act is not working, or so say the folks who passed it. The solution? More, better law.

You just can't make this stuff up.

NEXT: Whoops!

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. {The solution? More, better law.}

    What we obviously need is a War on Spam that will emulate the success of the War on Poverty, War on Drugs, War on…

    Never mind.

  2. The dumbest of the proposals I’ve seen is one for a national do-not-spam list. By adding yourself to this list, you can get your address sent to every spammer, and they’ll immediately stop sending you their trash. And if you believe that, I’ve got a fortune in Nigeria to sell you.

  3. No, this is some Next Generation kind of legislation. The War on Drugs is an orgiastic success by comparison. My incoming spam has increased tenfold in the 151 days since the anti-spam legislation passed. Annualize that yourself, because I just don’t have the stomach to. (I’m really curious about that “banned CD the government doesn’t want you to see” thing, too. Any of you ever look into that?)

  4. CAN-SPAM doesn’t work, but what, if anything, should be done about spam? I don’t see how trying to eliminate spam is a bad thing. I consider my e-mail account (and phone and fax numbers) to be my private property/services. In my opinion, spam is akin to trespassing. I want it stopped, but how do we do it properly?

  5. Bill,

    You kill spam today, you’ll kill billboards tomorrow, and kill prime-time network ads on Thursday. We can’t give in to these anti-corporate, anti-advertising, anti-capitalism zombies any more than we already have.

    That’s the esoteric side. The pragmatic side is this: one day you’ll get a spammed offer for, say, (4) nights in Cancun for $399 all-inclusive, and spam won’t seem quite the trespass anymore.

  6. > In my opinion, spam is akin to trespassing. I want it stopped, but how do we do it properly?

    1. Stop buying from spammers.

    2. Allow individuals to sue spammers (duh!). Under (you-)CAN-SPAM, only the FTC gets to sue.

    3. Provide a bounty on spammers. Whoever submits info leading to successful prosecution gets, say, 10% of the fine.

    4. If all else fails, perhaps a class action lawsuit against Microsoft is in order. If Windows wasn’t so horrifically insecure, the number of spambots would drop, and thereby reduce the level of spam.

    For a full list, see /. (or nanae).

  7. > The solution can’t and won’t come from regulation.

    Agreed. Laws don’t work (especially if you don’t enforce them).

    > It will come from widespread adoption of X.509 certificates

    Er, no. Getting a certificate is a big PITA, and if you make it easy enough for J. Random Luser to acquire a cert, you also make it easy enough for Adolf T. Spammer to get a disposable cert, and you’re back to square one.

    Better to just make everyone use PGP. You still get the digital signature, plus complete privacy (I’d like to see what Carnivore and the NSA would do with a few million or billion encrypted messages per day). But generating a PGP key is trivial compare with getting a cert, but few people still bother.

    The real problem is that SMTP doesn’t provide any way of verifying the sender — it just takes his word for it. Step #1 is fixing this hole, and the best solution for this is SPF records ( Anything that requires the mail user to do anything differently just isn’t going to fly.

  8. There is no reason getting a cert should be as difficult as it is. AOL should simply generate one for every screenname and sign things at their end. ISPs that offer POP or IMAP mail accounts should work with mail software vendors so they can generate them at signup time and make them all but autoinstall.

    The biggest problems with cert adoption right now are lack of will on the part of ISPs and abysmal interface design by the mail software developers.

    PGP addresses nothing. How does PGP cut spam? PGP allows you to confirm that the sender is the same person who gave you the public key, but not that the sender is who s/he claims to be. PGP doesn’t offer a strong central clearinghouse mechanism for revoked keys either.

    How would spammers be able to abuse certs, exactly? Deliberate abuse of a cert is breach of a contract between the holder and the CA. The cert holder is identifiable and can be sued.

  9. “1. Stop buying from spammers.”

    The way these spam messages look these days, I can’t even figure out what the hell they’re selling, except maybe email lists to other spammers. It’s almost like I’m reading the daily results of what the roomful of monkeys typed that day in their eternal quest to reproduce the works of Shakespeare.

    I mean, has this kind of crap suddenly become the standard for good advertising?


    0nline Doct0rs!

    up to 70% of the best pain killers out!

    _Som@, vioxx, v-ia-gra, Fioriceet, Phentremine

    and other popular meds..valium,Xan@x_,i@lis,”

    worldwide,it was half,rim,the great feast,scruple,during a visit,defuse,and to ivan.

  10. s.m.: {Use a cert-backed address to send spam, and your cert will be revoked, automatically relegating it to everyone’s junk folder worldwide within minutes.}

    And you’re going to explain to Aunt Ida that her chicken-soup-for-the-soul story or the “virus alert” she forwarded is spam?

    We can’t even convince our lawmakers that they can’t write legislation preventing foreign countries from hosting spammers. Any solution based on user competence is doomed to fail.

  11. Ant Ida’s forwarded “chicken soup” chain letter isn’t spam. It’s a chain letter your Aunt Ida sent you.

    A mortgage broker who blasts an ad to you and 60,000 or 600,000 or 6 million other email addresses s/he bought on a CD from Aunt Ida? That’s spam.

  12. Protecting people’s mailboxes from being flooded by mass transmissions is in no way a threat to advertising, any more than protecting a a computer from viruses is a threat to Internet commerce.

    For my comments on the “CAN SPAM” act, see

  13. CAN-SPAM legalized spam and undercut real (if mostly useless) antispam laws at the state level.

    The solution can’t and won’t come from regulation. It will come from widespread adoption of X.509 certificates from your choice of issuing authority (or your own certs if you want), something all the major desktop mail programs have supported since 1996 or so.

    Make cerificates easier to obtain and install (it’s a needlessly hellish process right now), set mail software to shunt anything sent without a certificate and signature to the junk folder, and quiet will descend upon the land.

    Once most people have certs — and there’s no reason you shouldn’t be able to get one automatically when you sign up for a net account or email somewhere or whatever — and the expectation of certs becomes the default in mail software, spam sell-through rates will dwindle to nearly nothing. Spam traffic will drop, and that will be that. Use a cert-backed address to send spam, and your cert will be revoked, automatically relegating it to everyone’s junk folder worldwide within minutes.

    Want the anonymity of today’s unsigned, cert-free mail? That’ll still work. Just turn off the filter or set an exception for your unsigned correspondent.

Please to post comments

Comments are closed.