NOTE: This article is an archived copy for portfolio purposes only, and may refer to obsolete products or technologies. Old articles are not maintained for continued relevance and accuracy.
November 17, 1997

A Call to Arms

Lately, spam has been in the news quite a lot. Most recently, the owners of the FLOWERS.COM domain have won a civil case against Craig Nowak, a spammer who was using FLOWERS.COM as the return address for his bulk mailings. This resulted in the FLOWERS.COM web site being deluged with bounced mail, as well as a flurry of "energetic" responses from people who didn't particularly appreciate the services being offered.

Also in the news is that SimpleNet is pushing for criminal charges to be brought against a collection of spammers who used SimpleNet's mail servers to relay outbound mailings. This caused SimpleNet's mail servers to crash, and also impeded SimpleNet's customers ability to use the Internet, because some sites created mail filters that blocked all mail coming from the SimpleNet domain.

Meanwhile, America On-Line, CompuServe, and the other majors are keeping their names in the papers by suing spammers for a variety of other, very specific reasons.

The common element of these legal efforts is that they are all focused on specific actions, and are not broad suits that have the capability of stopping all forms of spam entirely.

For example, the winning logic of Roger Williams, attorney for FLOWERS.COM, was that by using the FLOWERS.COM domain name as the reply-to address, Nowak essentially dumped his garbage onto FLOWERS.COM front yard, effectively "trespassing" on his client's property. This suit will certainly provide a good precendent for other sites who find their domain names have been abused, but it won't stop the problem of spam outright. Williams agrees, referring to the suit as "a rifle shot and not a shotgun" approach.

SimpleNet's criminal suit is also unique in that they are seeking criminal charges, as well as the more common civil damages. Criminal charges are a relatively new aspect of the spam wars, and haven't been used that much to date. Criminal charges are being brought because "the named defendants have orchestrated an intricate and highly deceptive plan to defraud SimpleNet and its customers," says SimpleNet.

Like the FLOWERS.COM case, this is another instance of an ISP taking a rifle-shot approach to fighting spam by using a single, highly-focused argument, and not a broad fight against spam in general. Even though they sound scarier, criminal charges actually may not be as effective as civil charges, as they require that an attorney general or district attorney press charges on your behalf. "With criminal charges, you have to get somebody else to fire the rifle," says Williams.

The Need for Nukes

While I applaud all these suits for whatever effect they do have, I fear that the fine-point suits are only serving to prolong the cat-and-mouse game of spammer-v-spammie. When one of these narrow beams comes into focus, it does not stop all spam, but instead only stops one spammer from doing the one act that got them into trouble. So while one particular fool may not use FLOWERS.COM as a Reply-To: address in the future, some other fool may, regardless of what happened to the first fool. Furthermore, either fool may choose to use one of my domain names (or your domain name for that matter), erroneously believing that I won't sue.

Want proof? After AOL successfully sued a company that sent spam to AOL users from a fictitious domain, George Vradenburg, AOL's legal counsel, said that "the days of no accountability for spammers are over. We will make sure that spammers like Prime Data are held accountable to the law." Bullshit. I still get loads of mail with fictitious domain names. While AOL may have defeated a couple of spammers, there are thousands more that are still going about their business like nothing ever happened.

I wish that we could just end the charade outright, and simply eliminate all forms of spam entirely. That's the only way to put an end to this problem.

Now some of you think that this isn't right, that banning spam is unconstitutional, or that any form of government interference is too much. Being republican (like you didn't know), I tend to lean towards the latter by nature myself. But in this instance, I think a little bit of regulation would benefit the common good moreso than a flurry of individual court cases that have isolated impact. I'm all for having a law that bans spam totally.

Why Spam Sucks

But is spam so bad that we have to do this? Absolutely! It's not just some inconvenient annoyance, but instead is a plague that threatens the fundamental usefulness of the Internet as a medium. There are several arguments that support this position.

Spammers like to say that they have a first amendment right to speak their mind, and to a certain degree, this is true. There have been many cases where the government has said that advertising is a key part of the capitalist culture, and vendors should be allowed to promote their products freely. However, the courts have always stopped at the consumer's doorstep, saying that advertising is only considered to be free speech when a consumer has the ability to avoid it.

So, for example, I can choose to ignore the advertising on TV by simply changing the channel. I can ignore the advertisements in the newspaper by simply turning the page. However, I do not have this option with faxes, nor do I have it with telemarketers, which is why congress passed the Telephone Consumer Protection Act (TCPA) of 1991 [PDF], placing restrictions on these transactions. This is also true of electronic mail, in that I have to read it to see whether it's legitimate or spam. Therefore, I do not have the option of avoiding it, and so it is not protected by the first amendment.

Another key part of the TCPA is that it addresses the cost-shifting nature of faxes. Because fax machines use paper and ink, they cost the fax recipient hard money for those resources. This is separate from the intangible costs of time and effort, such as that used to throw away physical junk mail that appears in the mailbox. Although it is more difficult to show how e-mail recipients incur an increased cost from spam (especially with flat-rate access pricing), it is fairly easy to show how the ISPs who have to route mail on to the recipients do incur costs through a need for additional CPU, storage, and bandwidth resources.

Also addressed by the TCPA is the issue of timely delivery of desired information. If a fax user recieves so many unsolicited advertisements that their fax machine runs out of paper or memory, then the recipient will not be able to recieve the faxes that they do want. While it is hard to show a direct correlation with spam at the end-user level, it is fairly easy to show how this can be a problem with ISPs and corporations who have to store and process spam for hundreds or thousands of downstream recipients.

I know of one university that has a stated goal of delivering e-mail to its destination within five minutes of receipt. When McDonalds starts promoting Big Macs to the 30,000+ students at that university, do you think that these messages will get delivered within that five minute window? What about all the other messages that are waiting for delivery? Will they make it in that five minute window? Now multiply this scenario, taking into consideration that Gillette may want to advertise their new shaving cream, and that Citibank may want to promote their student credit cards, ad nauseum.

This is where the true danger of spam shows itself most. The future problem of spam is not in the "see horney women" junk mail that we get today, but in the "new from McDonalds" advertisements that will be distributed by legitimate organizations in the future. If spam isn't stopped, it will slowly become used by so many firms that eventually it will clog the net, and no mail will get through at all.

This may seem far-fetched, but I already get junk mail from such "legitimate" sources as Microsoft, Novell, and dozens of other companies whose web sites I've visited at one time or another. What's to stop Disney, GM, or Proctor & Gamble from doing the same thing? Nothing. Nothing at all. And that's the problem that must be addressed.

As so many have shown, the cost of sending out mass electronic mailings is of such an insignificant cost that it does not act as it's own filter. It's cheap enough for any idiot to do, and so every idiot does, soon to be followed by marketing whiz-kids who don't see any problem with it. By liberating the masses, we have unwittingly invited these same masses into our homes. Better move the couch!

New Approaches

There's been a lot of noise made about new laws and regulations being needed to address spam in particular. One particularly creative approach that's been offered would be to label spam as advertisements, either in the subject or in the message body. This won't work for two reasons: no self-respecting spammer would dare to do this, and the cost burden is still shifted to the recipient.

I mean, c'mon!, does anybody actually believe that any spammer is going to go through the trouble of labelling his ad when he knows it'll just get filtered out by the mail servers at ISPs and corporations? If he's forging domain names and Reply-To: addresses, then what makes anybody think he's going to be respectable about labelling ads? This is a joke.

Regarding the cost-reversal aspect of these labels, note that I would still have to receive the spam before I could filter it out, meaning that the mail server still has to recieve and process the messages, so there would still be a cost incurred in hard resources. Why should I pay good money so that somebody can send me unwanted junk? This is like asking me to buy a separate fax machine for unsolicited faxes, and is just as ludicrous and distasteful. Let's just cut spam off at the source and be done with it, rather than forcing everybody to accomodate it.

Another proposal currently making rounds is to establish a central registry where citizens can list themselves as not wanting to recieve spam. This is also ludicrous. This would be like registering with the local bully asking not to get punched in the gut. Why can't we just ban gut-punching instead?

In some instances, these lists are actually used to build spam attacks. On the AntiSpam.org web site, the following now greets people who wish to retrieve their registry: "Due to misuse the remove list is no longer available for download, you must apply for it, using the link above. We will need to check that you intend to use it for the correct purpose and that you are not intending to send Spam to the people listed on it." Spammers aren't good citizens; we should never give them the benefit of the doubt in anything.

Yet another proposal that's received some attention is to establish a micro-payment model that would charge people for each message being sent. This is also fundamentally flawed in that it punishes the good so that the bad can keep abusing the system. This is absurd. I already pay for the connection, and am in no mood to pay for each service on top of that. Why should I? Punish the spammers, not me!

Even worse than these flacid suggestions is the fact that many states are introducing similar laws or worse on their own. Having fifty different laws is no better than having no laws. We only need one good law, not fifty bad ones.

We Need to Amend the TCPA

Let's face it: fine-point lawsuits just aren't going to work, and watered-down laws that attempt to "protect" the spammers are only promulgating the problem. We already have a good law in the TCPA, one that takes the side of the consumer. Let's just amend it so that it also addresses the problem of spam as well.

A few people have already tried to use the TCPA as the central argument of their anti-spam lawsuits. However, all of these cases have been settled out of court, or had the argument changed in mid-stream. Nobody has successfully used the TCPA in this manner to date.

Furthermore, the FCC has yet to take a formal position regarding the applicability of the TCPA to spam in general. While some argue that the current definition of a "fax machine" in the TCPA's language is broad enough to encompass PCs and e-mail in general, the FCC says that the definition is not specific to a PC, and as such does not apply well enough to hold up in court.

However, ammending the TCPA to include a rule regarding spam is not impossible. It only requires that a petition be presented to the FCC requesting such. This would result in a formal review process whereby industry groups and individuals would state their cases, and a decision would then be rendered. Hopefully, the right one.

Granted, there are some issues that need to be thought out prior to implementing such a law, but that's not a significant enough problem to warrant not doing it. For example, there is some concern that the law could be abused. Somebody reading this newsletter may consider it to be spam, or may dislike me enough to seek some form of punishment. In order to prevent this, I just need to be responsible, and make sure that I only send it to the people that want it.

Another argument against this proposal has to do with its domestic nature. By implementing such a law, the argument goes, spammers would simply move off-shore and bulk mail from somewhere in South America. This is easily overcome by looking at the source of the content rather than focusing on the SMTP transaction. If the beneficiary of the spam is a domestic operation, then they would be in violation, regardless of where the spam was sent from.

But enough with these arguments. The TCPA is our best bet, and we should do the best we can to see that it is amended to cover spam.

the Smith Bill (aka, the Netizens Protection Act)

Rep. Smith from New Jersey has proposed doing just that: amending the TCPA to include a provision against all forms of spam, exactly the kind of law that's needed in order for consumers to enjoy the 'net without being harrassed by unscrupulous bulk mailers. The full text of the bill is available online at ftp://ftp.loc.gov/pub/thomas/c105/h1748.ih.txt, but is also included here because of it's small size and simplicity:

HR 1748 IH
1st Session

To amend the Communications Act of 1934 to ban the transmission of
unsolicited advertisements by electronic mail, and to require that
sender identification information be included with electronic mail

                            May 22, 1997

Mr. SMITH of New Jersey introduced the following bill; which was
referred to the Committee on Commerce

                              A BILL

To amend the Communications Act of 1934 to ban the transmission of
unsolicited advertisements by electronic mail, and to require that
sender identification information be included with electronic mail

[Italic]   Be it enacted by the Senate and House of
Representatives of the United States of America in Congress
assembled, [Italic]


This Act may be cited as the `Netizens Protection Act of 1997'.

Section 227(b)(1) of the Communications Act of 1934 (47 U.S.C.
227(b)(1)) is amended—

      (1) by striking `or' at the end of subparagraph (C);
      (2) by redesignating subparagraph (D) as subparagraph (E);
      (3) by inserting after subparagraph (C) the following new
          (D) to use any computer or other electronic device to
          send an unsolicited advertisement to an electronic mail
          address of an individual with whom such person lacks a
          preexisting and ongoing business or personal relationship,
          unless such individual provides express invitation or
          permission; or'.

Section 227(d)(1) of the Communications Act of 1934 (47 U.S.C.
227(d)(1)) is amended—

      (1) by striking `or' at the end of subparagraph (A);
      (2) by striking the period at the end of subparagraph (B) and
          inserting `; and'; and
      (3) by inserting at the end the following new subparagraph:
          (C) to use a computer or other electronic device to send
          an unsolicited advertisement to an electronic mail address
          unless such person clearly provides, at the beginning of
          such unsolicited advertisement, the date and time the
          message is sent, the identity of the business, other 
          entity, or individual sending the message, and the return
          electronic mail address of such business, other entity, or

That's it! Simple, yet effective, and our best hope. In order for this bill to succeed however, you must do your part as well. Please contact your congressional representative and let them know of your support for this bill. Without feedback from constituents like yourselves, the goverment has no way of knowing what is or is not a good law. Only you can prevent bad legislation.

-- 30 --
Copyright © 2010-2011 Eric A. Hall.