Penalties for Noncompliance
The law sets forth some hefty penalties—for example, fines as high as $2 million and prison terms of 3 to 5 years—depending on the number of spam messages sent and whether the messages are connected to another felony, such as fraud. The FTC is tasked with enforcement, although the government hasn't bestowed any money toward enforcement efforts. Other agencies get involved if designated federal departments already regulate the spammer. A list of such companies would include banks, credit unions, airlines, insurance or financial services companies, and media companies. For example, the US Department of Agriculture can enforce the law against land banks.
One welcome aspect of the law decrees that a state attorney general can file civil suits against spammers on behalf of state residents. I'm looking forward to the day when an eager attorney general, yearning to be the next Eliot Spitzer, takes on one of the larger spamming houses. ISPs can sue spammers, too. However, no means exist for an individual to file civil suits; our power is limited to filing complaints with the FTC. Noted attorney Lawrence Lessig suggested offering a bounty or reward for people who turn in spammers, but that provision didn't make the final version of the law.
The real question is whether any of the agencies that have the ability to go after spammers will have the resources to do so. Although spam is a huge annoyance, it's clear that it isn't sufficiently notable to grant the FTC and other agencies enough additional budget money to make antispam efforts worthwhile. I expect to see more action from civil suits (such as the ones AOL filed earlier this year) because ISPs can recover damages under the law.
What Should You Do?
This discussion would be pointless without some specific recommendations for what you should do—or not do—to comply with the law. An entire industry dedicated to CAN-SPAM compliance is already springing up, and I recommend investigating whether one of these firms is right for you. Even without an external advisor, though, you should be aware of a few things you should and shouldn't do:
- Don't hire spammers, and exercise due diligence to make sure the marketing or mass-mailing companies you use are complying with the law.
- Always use legitimate headers in your messages, with a real return address.
- Employ some method of monitoring your return address to watch for opt-out notifications. The
common practice of stating, "Don't reply to this mail because it's unmonitored," probably doesn't comply with the law—
not to mention that it annoys recipients.
- Include a valid postal address in your commercial mailings. This practice doesn't seem to be necessary for individual messages to consumers, but it's definitely required for mass mailings.
- Consider moving to an all-opt-in system for your mailings. Although sending messages to your existing customers is perfectly legal, sending messages to people who aren't already customers might not be OK. For example, the common practice of sending messages to people whose addresses you collect at trade shows or conferences might not be legal under the new law. Opt-in mailings give you perfect safety at the cost of some hassle and additional expense.
The big problem for Exchange administrators is that Exchange doesn't offer built-in tools for CAN-SPAM compliance. Because the law is fairly new, very few products and services offer compliance tools, although I expect such tools to arrive on the market at a rapid clip. Companies such as EmailLabs offer hosted mass-mailing services that provide CAN-SPAM compliance. If you anticipate a high volume of mailings, these services probably offer the most cost-effective route to compliance.
The Future of Spam
A few weeks after the law passed, two spam-filtering companies carried out an informal sampling and found that less than 1 percent of the spam their filters caught complied with the new law. That finding isn't surprising. It will take time to determine whether the new law will have the intended effect. Because the law's viability depends so much on enforcement, I suspect that a few high-profile cases against major spammers will help encourage others to comply with the law, but until then you shouldn't expect any major changes. In the long run, this law will probably help, although perhaps not as much as some of the stronger state antispam laws that it superseded. However, it won't solve the spam problem on its own.
To achieve success, we need a continuing process of building technical solutions (e.g., Microsoft's "Caller ID for E-Mail" specification, which you can find information about at http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx), legal pressure, and—most important—financial incentives. If spam becomes unprofitable, spammers will vacate the business. Until then, we'll have to keep an eye on the consequences of this law. For now, you can help protect your legitimate mailings by taking a few simple measures to comply with the law's provisions.
End of Article
Prev. page
1
2
[3]
next page -->
