The following text is copyright 2000 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

Further codifying SPAM

By Scott Bradner

On June 14th U.S. House of Representatives' Commerce Committee approved a bill that further legalizes and somewhat restricts spam email. The bill is very much a mixed blessing and a few small additions would make a big difference.

The bill, H.R. 3113 (http://thomas.loc.gov/cgi-bin/query/z?c106:H.R.3113:) bears the grand title "Unsolicited Electronic Mail Act of 1999" and claims "To protect individuals, families, and Internet service providers from unsolicited and unwanted electronic mail."

While the bill's ostensible purpose is to protect people from junk email the biggest impact would be to unequivocally make such email legal. The bill does not even give ISPs the right to ban this type of email outright - it only gives ISPs the right to demand compensation from a sender of unsolicited email for the costs of delivering the email. It is far from clear if an ISP could set a high value on its spam delivery services under this proposed law.

The task of anyone who actually would like to control unsolicited email is that so far the US courts have decided that the free speech clause in the US Constitution enables spamers to inundate our mailboxes with all sorts of textual and visual garbage. Thus the bill limits itself to "unsolicited commercial electronic mail and unsolicited pandering electronic email" and does not address unsolicited non-commercial email - for example, someone could send a copy of the Unibomber's manifesto to their 10 million closest friends and this bill would provide no way to block that. This type of bill may be about as good as we are going to get but there are a few things missing.

Basically the bill tells the FCC to maintain a list of people who do not want to get spam and tells people who send spam to not send any to people whose names are on the FCC list. But the bill should target people who sell lists of email addresses as well as those who use such lists. It should include some way that the operator of an email list, such as the IETF list, can get the list name onto the FCC list. The bill requires a "conspicuously displayed" email address to ask to get off but should require that this address be the return address on the spam. The bill requires that notice be given to a spammer through "registered or certified mail" but does not require a working postal address in the spam - it should. The bill should permit ISPs to "just say no." And especially the bill should enable class action lawsuits against spammers - the way it is now, you can sue if you got email after saying no but who is going to bother for the $500 to $2500 you might get?

We are doomed to be inundated with ever more spam but a good law might be able to help some.

disclaimer: I'm sure Harvard Business and Law Schools have people profiting on all sides of this issue but I did not ask them and the above advice is my own.