Remember the good old days, way back in December of 2003? Back then, when spammers told you they had the legal right to send you their junk e-mail, at least you knew it was a lie. Now, with enactment of the "Yes, You Can Spam Act," the spammer might well be telling the truth.

On the same day last week that AOL, Earthlink, Microsoft and Yahoo held their dog-and-pony show announcing lawsuits against named and unnamed spammers, a reader forwarded me what she considered a very disturbing piece of junk e-mail. The spam, touting the services of a bulk e-mail house supposedly located in Brazil, trumpeted that it was sent "in compliance with the CAN-SPAM Act of 2003, approved and signed by the president of The United States of America on Dec. 16, 2003. For this reason, this e-mail cannot be considered spam."

The reader was about to forward the message to the FTC's unsolicited commercial e-mail (UCE) complaint address (uce@ftc.gov) when it occurred to her that perhaps the spammer was right. "Hold on, does Can-Spam mean that I can't complain to the FTC about UCE now?" she wondered. The Brazilian spam provided a street address in Rio, she noted, plus a link to a website where she supposedly could have her e-mail address removed from the spammer's list. "They are following the letter of the law as far as I can prove. It looks like my choices are to keep receiving this spam or take a chance that the scumbags who sent it really have a legit remove-me page. No, I'm not such an idiot that I would go there, but what else can we do under Can-Spam?"

Well, not much. The Can-Spam Act gives spam recipients no recourse against spammers, even when a message does clearly violate the law's requirements for legal unsolicited commercial e-mail. Only government agencies and Internet Service Providers (ISPs) have any enforcement rights under Can-Spam. But then can't we at least take heart in the lawsuits the four big ISPs announced last week? Doesn't that mean Can-Spam is doing at least some good?

I don't think so. I'm not sure why AOL, Earthlink, Microsoft and Yahoo thought it politically correct to bill these actions as Can-Spam lawsuits. From their descriptions it's clear these lawsuits could have been filed without Can-Spam. They are very typical of the kind of lawsuits these and other ISPs have been bringing against spammers for many years, and with some success when they manage to identify the "John Does" involved. The worst spammers violate all kinds of laws, including federal and state statutes against computer fraud and data theft -- Can-Spam isn't really needed. It is ironic to note, though, that three of the four states in which these lawsuits are being filed (California, Virginia, and Washington) would have even tougher anti-spam laws to apply to these lawsuits if it weren't for the Can-Spam Act preempting them.

If we look closely, I think the ISP lawsuits actually demonstrate the real danger of how Can-Spam ultimately legalizes a whole class of everyday spam. Earthlink posted the filing for its lawsuit with its press announcement on the lawsuits, and in it Earthlink concedes that "some types of spam-related misconduct may comply with the Can-Spam Act." Earthlink therefore feels compelled to make the rather awkward argument that the Can-Spam Act only supplements "the various causes of action under which spam is already illegal" for any use that violates the ISP's posted policies against UCE.

Can-Spam isn't necessary for filing lawsuits against the spammers who break every law in the book, but what it does do is threaten the ability of ISPs to terminate the accounts of users who send out UCE. If an ISP's customer sends out UCE in compliance with the rules of the Can-Spam Act, can the ISP drop their account? Believe me, no ISP is going to want to put Earthlink's legal argument to the test. If paying customers are sending UCE in accordance with federal law, denying them access to their accounts is going to very problematic, no matter what the ISP's acceptable use policy says.

As I was writing this, I just happened to receive an unsolicited commercial e-mail for "Mortgage Loans Made Easy." In content it is very similar to a mortgage leads spam Earthlink cites in its lawsuit, except at the bottom it contains the increasingly common UCE claim that it's transmitted "in accordance with the Can Spam Act of 2003 Section S.877." And, as with our reader's Brazilian spam, I couldn't prove otherwise. It's spam, but it appears to be perfectly legal.

And this leaves me with an apology to make. Long-time readers may recognize the similarity between these "Can-Spam Compliance" claims and the "Murk" notices spammers have been using for years. The difference, of course, is that the Murk notices were lies because the Murkowski bill, a flawed attempt at anti-spam legislation in 1998, was never actually enacted. As one of those who railed against the Murkowski bill way back when, I guess I wish now we'd all held our tongues. As weak as it was, the Murkowski bill would have left us better off than we are under the "Yes, You Can Spam Act."

--------------------

Post your comments about this column below or write me directly at Foster@gripe2ed.com. To receive this column every week in my free e-mail newsletter, please go to my subscription page and follow the instructions to opt-in for the EdFoster mailing list.