The U.S. Senate passed an anti-spam law by a vote of 97-0. That such a law was passed is no surprise. It's about time.
The law provides for a do-not-spam list, which is to be similar to the do-not-call list for telemarketers. I wonder how long that will last. The list is likely to be huge. There are certainly many more email addresses than there are phone numbers. And email is less restricted by national borders than telephone calls. So, with a do-not-spam list that contains 200 million entries, which are probably secure hashes of the actual email addresses, and with spam originating from any and every country in the world, how can such a do-not-spam list possibly work? How will they update the list? If they make it too easy, spammers may attack it in spirit of a denial-of-service attack. One possibility would be just to add many fake email addresses to the list with a view to make the list too large to be practical. Another issue will arise as to how a user confirms that he wants his email address on the list.
Certainly, some of the worst spamming practices, such as promoting scams or sending sexually explicit content, need to be made explicitly illegal, if for no other reason than to make it easier to prosecute cases against such practices.
The bill is weak in many areas -- opt-out is permitted, rather than opt-in, for example. I don't have a problem with a weak anti-spam law, because I favor technical means to fight spam. However, I really believe that we are headed to a new era in spam where unsolicited messages are sent from otherwise respectable companies. Expect messages announcing the big weekend sale at J.C. Penny or Sears, for example. These messages will be allowed under an opt-in policy. Expect to have to opt-out daily.
In short, this bill is all about clearly defining the boundary between legitimate commercial email and illegitimate commercial email. Once that boundary is clearly defined, expect more "legitimate" commercial email. At least the legitimate commercial email should be easier to filter.
Posted by Doug Sauder at October 23, 2003 10:52 AM