Skip Navigation Links
By Dr. Philip Baczewski, Associate Director of Academic Computing
SPAM was in the news again in October. On October 23, the U.S. Senate passed the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" or, as it is also known, the "CAN-SPAM Act of 2003 ." A similar measure was expected to pass in the U.S. House of Representatives, but so far that process has been bogged down with two competing versions.
I'm fairly sure that, even if passed by the full Congress, the CAN-SPAM act would do more than ensure that some people CAN still SPAM your E-mail account. But, at least the Senate may have accomplished finding a definitive use of SPAM as an acronym (it's not, really). The term "unSolicited Pornography And Marketing" is fairly accurate in describing many of the annoying messages I receive on a daily basis, although the words "Pharmacy offers" would be as appropriate as "Pornography."
In general the CAN-SPAM act prohibits unauthorized use or falsified use of E-mail routers or services for the transmission of multiple commercial electronic mail messages. Enforcement is by the Federal Trade Commission (FTC). Criminal penalties for violation range 3 or 5 years in prison, depending upon the nature of the offense. In addition, States may bring civil action against violators with statutory damages up to $1,000,000. The bill also mandates the creation of a "Do-Not-E-mail" list by the FTC.
Will it work?
All of this sounds very proactive and the Senate should be commended for passing it unanimously (97-0) except for the fact that it probably won't work. An overwhelming number of SPAM messages I receive are generated and/or transmitted from outside the U.S. In other words, a U.S. law will have no effect. In most cases, it is also extremely difficult and time intensive to track down individuals responsible for sending SPAM messages. This means that only the most egregious cases which result in tens of thousands of mail messages to one particular mail exchanger will get the enforcement support required to actually track someone down.
The other scary part of this bill is the "Do-Not-E-mail" list. The way that the current "Do-Not-Call" list works is that if you register, your registered telephone number along with millions of other working numbers is provided to the telemarketing companies with the instructions not to call any of those numbers. This seems akin to giving a basket of eggs to a hungry fox with instructions not to eat them. Once a copy of a "Do-Not-E-mail" list found its way off the U.S. shore, you can guaranty that SPAMmers everywhere will be salivating over that basket of working E-mail addresses.
The most effective technical solution to SPAM
The most effective technical solution to SPAM is to deny delivery of E-mail messages from users or networks which cannot be verified. If a numeric IP address can be linked to a network name then it is probable that there's a person on the other end who can be contacted about a problem such as SPAM. In the past, the UNT CITC has attempted to put such a restriction in place but received vehement complaints when E-mail could not be received from certain external commercial networks. Yet, everyone is ready and willing to complain about SPAM and ask why the IT department won't do anything about it.
On the other hand . . .
If the will to change is not present, then change will not be accomplished. One need only look at 20th-century U.S. History (prohibition) or a cluster of smokers puffing outside in freezing weather to understand that concept. Until the International Internet community has the will to control SPAM, SPAM will continue to exist. On the other hand, the Internet for some in the world is the first forum where they've been able to freely express themselves without the fear of retribution. Hmmm - delete button versus loss of freedom? I think I'll just keep hitting that delete button thank you.