United States set to Legalize Spamming on January 1, 2004

Against the advice of all anti-spam organizations, the U.S. House of Representatives has passed the CAN-SPAM Act, a bill backed overwhelmingly by spammers and dubbed the “YOU-CAN-SPAM” Act because it legalizes spamming instead of banning it. Spam King Alan Ralsky told reporters the passage of the House bill “made my day”.

Congress and President Bush, listening more to the Direct Marketing Association and other pro-spam outfits than to the people who actually have to deal with the problems caused by spam, signed this bill into law last week. This law will do absolutely nothing to stop spam and will, in all likelihood, actually increase the amount of junk e-mail you get.

One of the many problems of this law is that it allows spammers — excuse me, “direct marketers” — to follow the opt-out model rather than opt-in. This means that every single business in the country has carte blanche to send you as much unsolicited junk mail as they want until you explicitly tell them to stop. It also supersedes state laws, so states that have stronger laws will find themselves de-fanged after the first of the year. This is probably why New York state picked now to file lawsuits against a few high-profile spammers while they still can. Once the law takes effect, individuals will no longer be able to sue spammers — that privilege is reserved for ISPs only.

This law claims to regulate spam by making illegal the practice of forging headers and not honoring opt-out requests. What Congress apparently doesn’t realize is that most spammers are already breaking a number of existing laws by exploiting open relays, unsecured proxy servers, and launching denial of service attacks against the networks and web servers of anti-spam organizations. Not to mention the recent Windows trojan Sobig that was written by spammers for the purpose of turning home users’ Windows machines into spam proxies. I have no reason to believe they’re going to start obeying the law now when they’ve never cared to in the past.

I can already hear all the would-be spammers I’m going to have to deal with at work claiming that they should be allowed to spam if they’re in compliance with the new law. I had to explain to someone just a couple days ago that our acceptable use policy trumps the law, and that the law can’t force a private network to let people spam.