spam laws

Good anti-spam legislation is a required component for eliminating spam. But legislation alone will not eliminate spam, for these reasons:

1. Spammers ignore laws, by changing their online identity every few days, and by moving their operations into states or countries which do not prosecute. (Long term, it would be interesting if all email from such countries got marked as potential spam, this incenting those countries to prosecute, so their businesses could use email.)

2. Politicians are not qualified to make technology strategy decisions, and as such, they keep filing naive anti-spam legislation which gets the politician in the newspaper but does not stop spam! Do you trust the government to protect your privacy?
   • The currently proposed Massachusetts law suggests forced subject labeling with ADV. This will fail-- bad spammers will ignore it, and many legal professionals feel this law would fail in court due to free speech.

   • Massachusetts has an equally lame program which tries to stop telemarketers: the Do Not Call program. The idea is you fill out a web form with your phone number, and you won't get any more junk phone calls. The way this works is that the state of Massachusetts will sell the list of all such registered phone numbers to any business who wants to buy the list and use it, presumably to purge such numbers from its own call lists. However, what is to prevent some scummy business from also anonymously publishing the entire list onto the web?

---

I use the term "BUCE" to mean Bulk Unsolicited Commercial Email. "Bulk" means email sent by a person or computer program to a bunch of different people. "Unsolicited" means the recipient did not request to get this email, not signing up for any mailing list etc from the sender. "Commercial" means the sender is looking to make or raise money from this email.

Paul's Proposed Laws

1. Internet service providers (ISPs) must be held liable for BUCE sent from their services or networks. This is very important, as it provides an easier target to sue than fly-by-night spammers, and also provides motivation for the people in control (ISPs) to run proper networks. An ISP anti-spam law with teeth would require ISPs to install volume filters and to require their legitimate high volume customers to get bonded and insured against BUCE claims. Such a law should have a 12-18 month grace period, to give small ISPs time to adopt new low cost, high quality technologies to stop their networks from being used to spend BUCE.

2. Spammer credit card blacklist. Require ISPs to maintain and share a blacklist of one-way hashed credit card numbers for users whose accounts have been terminated due to violation of spam laws. This would require a rapid response dispute process. This law would make it a lot harder for spammers to keep moving from one ISP to another. See my cardblock.com mockup.

3. True identity of sender must be in the email, including an accurate From/from address using an email address and/or domain name clearly owned by the sender. Each such BUCE should also contain an easy to see working sender website address and phone number.

4. Misleading Subjects such as "Re: your order" or "it was nice seeing you again" and other such false and manipulative subject lines should be illegal.

5. Sending porn text or images to anyone who has not explicitly signed up for it (and thus potentially children) should be fined $500 per such email per recipient.

Enabling violators (such as ISPs or bulk-email software companies) must be able to be sued by individuals, not just by the government. This would also allow for class action lawsuits.

Many states have laws requiring spammers to put "ADV" in their subject lines. But these laws could lose in court vs. free speech, and bad spammers would ignore them anyway.

Another great, detailed site about anti-spam legislation is CAUCE.org. See also spamlaws.com.

Back to Paul's spam page.