"The Internet has emerged as a vital civic and commercial space . . . but the rising tide of unsolicited commercial e-mail threatens to erode user confidence in the medium and place a drag on the growth of the digital economy."
-- How to Can Spam: Legislative Solutions to the Problem of Unsolicited Commercial E-Mail, Progressive Policy Institute, Nov. 1999.
So went our warning about the potential harms of spam over three years ago, and unfortunately those warnings went unheeded. Though several legislative proposals have been introduced since then, Congress failed to pass an anti-spam law due to fierce opposition by the financial services industry and direct marketers and indifference by technology companies reluctant to set a precedent of regulating the Internet. Since then, the problem of spam has grown completely out of control. When we released our original policy brief, America Online reported that one-third of email received on their servers was spam, or 24 million messages per day. Now AOL reports that they block well over half of the email that enters their servers, a total of about 780 million spam messages per day. In 1999 we estimated that Internet users were receiving between five and 10 spam messages per week; a recent study shows that a typical user now receives almost seven spam messages per day. And it is not only the number that is getting worse, it is also the content: Many spam messages are fraudulent and many contain pornographic subject lines and messages that are likely to be viewed by children. The problem is becoming so severe that before long, email -- by far the most popular use of the Internet -- may become unusable as a communications tool.
Though the entirely predictable growth of this problem was not enough to move Congress to action, the reality of this plague has finally created political momentum for a legislative solution. There is now widespread agreement from Internet service providers (ISPs) like AOL, technology companies like Microsoft, and advertisers represented by the Direct Marketing Association that Congress needs to pass legislation quickly. Agreement on the need for action, however, does not mean that all the players agree on the language of effective spam legislation. Even some of the policy recommendations in our 1999 policy brief -- such as mandating that messages contain a method to opt-out of further mailings -- are no longer effective because of the explosive growth of spam and the public's reaction to it.
The primary controversy in the spam debate is whether to take a limited approach that does little more than criminalize false header information, as advocated by Rep. Bob Goodlatte (R-Va.), or to take a more comprehensive approach to the problem, as advocated by Rep. Heather Wilson (R-N.M.) in the House and by Sens. Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.) in the Senate. Our belief, discussed in more detail below, is that criminalizing false header information is an important step, but not enough to effectively control spam. Even the more comprehensive bills, however, are mired in unnecessary controversies (such as private right of action for spam recipients) without taking the straightforward steps necessary to manage the problem. Of course, the most comprehensive solution would be to ban spam altogether (as Congress did with junk faxes), but we believe that a law with effective protections can mitigate the spam problem without eliminating email as a marketing tool.
Congress should pass a spam bill this year that contains, at a minimum, the following provisions:
Impose criminal penalties for falsifying header information. Header information is simply the information in the "From:" line and routing data that indicates where an email originated. Spammers tend to falsify this information so their email cannot be easily traced back to them. Criminalizing this act is the primary provision of the Goodlatte proposal -- along with penalties for creating software that falsifies header information -- and as we said in our 1999 report, it is a necessary step toward ending the spam menace. However, simply requiring an accurate return address will not be enough to stop spam, because it is too easy for spammers to change addresses. What is needed are tools to empower users and ISPs to stem the flow of spam for themselves.
Require a standard identifying label such as "ADV" in the subject line of all unsolicited commercial email. This proposal, offered as an amendment by Rep. Adam Schiff (D-Calif.) during a 2001 House Judiciary Committee markup of a spam bill, is perhaps the most important weapon in the fight against spam. By requiring a standard label -- not just a notice that the message is spam, but a single standard identifier -- both email users and ISPs can easily configure software to reject spam. Spam with adult content should be required to carry an additional standardized label (e.g., ADLT) indicating that the message inside is not appropriate for viewing by children. Because spam, like junk faxes, shifts costs onto the recipient, it is only appropriate that spammers be required to make filtering as simple and inexpensive as possible. Given changes in technology that avoid automated filters, standard labels are not a silver bullet, but they will go a long way toward solving the problem.
Create a "universal opt-out" by authorizing and appropriating funds for the Federal Trade Commission to create a Do Not Spam list. In our 1999 report, we called for further study of the idea of a "wash list" -- a list of email addresses that cannot be legally spammed -- because we felt that such a drastic step was premature. Since then, two things have happened to make a Do Not Spam list necessary. First, unscrupulous spammers have included supposed opt-out statements in their spam that serve only to verify the validity of an email address. Many email users now understand that clicking on an opt-out link in a spam message is a surefire way to get more spam, and rightly refuse to do so. Second, the FTC is moving ahead with a Do Not Call list to limit telemarketing calls into the home. Because mandatory opt-out procedures are no longer effective, and because the FTC will have experience in creating a wash list, now is the time to build the Do Not Spam list. This will enable email users to opt out of all spam, and would likely prove to be just as popular as the Do Not Call list. Of course, the list would not be made available to the public, but rather spammers would be required to "wash" their recipient lists against the FTC list to remove any addresses that have requested not to receive unsolicited email. Failure to comply with the wash list requirement should result in criminal penalties at a minimum on par with the false header penalties.
Preempt state laws regulating spam. State legislatures can hardly be blamed for acting to curb spam when Congress proved unwilling to do so, but the state level is the wrong level to solve this problem. Because of the inherently cross-border nature of email, and because of the high cost of compliance with 50 separate state laws regarding unsolicited commercial email, Congress should alleviate the burden on email marketers by giving them a single set of rules to follow. If a federal spam law contains the provisions listed above, it would be more effective than any existing state law on spam, so preemption would not hurt consumers.
Work with other countries to establish a unified strategy for dealing with the spam problem. Many critics of spam legislation contend incorrectly that it will be ineffective because spammers will simply move out of the United States and spam from overseas. Though simply using offshore email servers will not be sufficient for U.S. spammers to avoid complying with the law, it is true that spam originating overseas will represent a larger portion of the problem as federal laws reduce the amount of homegrown spam. Efforts are underway in many countries to deal with the spam problem, but it will take a coordinated effort to ensure that we are not flooded with spam from overseas and -- just as important -- that other countries that act to curtail spam aren't flooded with spam from the United States. Congress should call on the FTC to work closely with other nations to develop a unified spam strategy.
There is little doubt that outrage over spam, both from the corporate sector and from individual email users, will put intense pressure on Congress to act this year. But there is a tremendous risk that an ineffective spam law will fail to stem the flow of spam, decreasing the usefulness of email itself. It would be unfortunate if the most successful Internet application was slowly strangled to death by the weight of spam. Congress has the opportunity to ensure that doesn't happen, and should use this chance to pass an effective law that will save email by drastically curtailing spam.