Anti-spam laws are attempts by legislatures to deal with the problem of spam, which represents a very real threat to millions of users of electronic communication devices worldwide. In the United States, CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act was passed by the Congress in 2003 to address email spam. The European Union passed anti-spam legislation in 2002, but the specifics of these laws vary greatly from nation to nation. The first anti-spam laws were enacted in the late 1980s and early 1990s, but were ineffective because violators stayed outside the jurisdictions of the enacting governments.
CAN-SPAM effectively superseded the many anti-spam laws that had been passed by the states, and concentrated mainly on email spam, or unsolicited commercial email. In the US, as in many countries worldwide, freedom of speech is a guaranteed right, which means that most speech, no matter how offensive, cannot be banned. Thus, CAN-SPAM attempts to regulate this form of commercial speech in four major areas, both technical and contextual. These four areas also highlight the four main objections to spam.
One of the characteristics of illegitimate spam is that it’s deceptive. CAN-SPAM countered by requiring honesty. First, header information must be accurate. Spam often counterfeits header information to give the impression that it was sent by a legitimate business. CAN-SPAM’s second major provision also highlights deception — subject lines must be accurate and truthful and may not mislead the recipient into opening the email.
Another characteristic of spam is that it’s ubiquitous. Before the enactment of most anti-spam laws, the general rule was that once a spammer got hold of an email address, the only way to get relief was to change it. The third component of CAN-SPAM, then, is that recipients must be provided a way to opt out of receiving further emails. Many feel that spammers don’t honor opt-out requests, though; instead, it’s felt that spammers consider an opt-out request as confirmation that an email address is active.
CAN-SPAM finally requires that commercial email must be identified as commercial in nature, and if warranted, that it’s sexual in nature as well. The sender’s identity and physical address must also be included in the email.
When CAN-SPAM was enacted, it effectively superseded existing state laws; in fact, individual states that wish to enact more stringent legislation are prohibited by the act from doing so. CAN-SPAM is observed only by legitimate businesses; the multitude of CAN-SPAM’s violators flout the law with impunity from outside the United States. To date, fewer than 100 successful prosecutions under CAN-SPAM have been recorded. However, statistics show that the flood of spam has leveled off since CAN-SPAM was enacted, and the incidence of sexually-oriented spam has actually declined slightly.
Anti-spam laws in Europe are little better; broader than the American law, they attempt to address spam in many different forms, such as fax and text messaging, not just email. One obvious flaw in the law’s enforcement is the lack of a uniform standard for enforcement. The laws are open to the different interpretations of the member nations, and the actual penalties imposed vary widely. The United Kingdom, for example, has notably lax enforcement, with a bureaucratic maze that imposes delays of a year or more in bringing an anti-spam case to trial, and minimal fines.
Even with the restrictions and limitations imposed by anti-spam laws, spam remains tremendously popular among legitimate advertisers because it’s virtually free to send, but that also means that anyone who can cobble together a sentence — and many who can’t — can flood millions of e-mailboxes with unwanted messages with the click of a button. Email spam is also frequently the delivery vehicle for phishing scams and malware. It’s estimated that over 135 billion pieces of spam are sent daily, representing over 90% of the daily flow of email.
Statistics notwithstanding, however, anti-spam laws are remarkable for the degree to which they’re not enforced. In 2005, two years after the enactment of CAN-SPAM, it was estimated that about 1% of all commercial marketing email sent within the United States was in compliance with the act. Relative to the hundreds of billions of spam emails sent annually worldwide, there’s hardly any enforcement effort at all. While the laws set compliance standards for legitimate marketers — those marketers who also spend billions of dollars on more traditional forms of advertising — spammers whose emails are for illegitimate purposes continue to send out their emails with impunity. Users worldwide are protected from their schemes more by the efforts of the IT community, which develops and deploys anti-spam technology that prevents most spam from ever reaching e-mailboxes.