Not only does the Can-Spam Act take an opt-out approach, meaning that each spammer can e-mail you until you ask them to stop, but it allows the spammer to dictate what steps you must take to get off their list. The recipient must opt-out "in a manner specified in the message" that can include replying to an opt-out email address or "other Internet-based mechanism." The spammer can also force the recipient to opt-out via "a list or menu from which the recipient may choose the specific types of commercial electronic mail messages the recipient wants to receive or does not want to receive from the sender" just as along as opting out from all e-mail from that sender is one of the choices.

So in other words, each and every huckster who sends you an e-mail can legally require you to go to a page on their website and endure their pop-up ads while you look for the right opt-out option. Otherwise, they can keep sending their junk. And think what a wonderful opportunity this will provide virus purveyors who want to trick the gullible into running an executable. (Sure, that would be illegal under the Can-Spam Act, but it's already illegal under all sorts of laws with stiffer penalties, and the viruses just keep coming.) And that's not to mention the fact that those of who get a lot of spam could not possibly take the time to read each message for its opt-out instructions, even if we were foolish enough to want to use them.

Enforcement has been the weak spot of many anti-spam laws, but the Can-Spam Act makes a mockery of any possibility that violators will actually suffer. Any real enforcement is left up to the Federal Trade Commission almost exclusively, which has admitted it can only take on a fraction of the cases that current fraud and data protection laws would already allow it to prosecute. The FTC is also saddled with the requirement to report back to Congress on the feasibility of a do-not-spam list or bounty system, both of which you can bet the FTC will not want to touch.

State law enforcement agencies are given some token rights to enforce the new law, but at the price of having tougher state laws - like California's recent opt-in law - rudely preempted. ISPs are given even more limited rights to sue spammers for damages they suffer. And businesses that suffer damage from spam attacks have no recourse under the Can-Spam Act whatsoever. Of course, you can file a complaint with the FTC or other agencies, but with all the criminal attacks that are going unpunished even now, don't hold your breath waiting for help.

The Can-Spam Act really shows its true colors when talking about companies that hire others to spam for them. Only the FTC can enforce the law's provisions against a business that knowingly hires a spammer that will be using false or misleading information in their transmissions. States and ISPs must prove "actual knowledge" on the part of offenders to do anything more than slap them on the wrist. The law also ties itself into complicated knots defining and re-defining the word "procure" just to emphasize that ISPs aren't really allowed to sue the companies that hire spammers.

Another demonstration of who really called the shots on the Act is that it's even weaker than the weak opt-out state laws that require an "ADV" label on unsolicited commercial e-mail. The Can-Spam Act says spam must be identified as an advertisement, but it doesn't mandate how. In fact, it very specifically precludes the FTC from making any regulations in that regard. Obviously, those who are actually responsible for this law don't want to make it easy for any of us to filter out spam.

In fact, it's hard to escape the conclusion that those who are responsible for the Can-Spam Act only want to make sure that they have unfettered right to market via e-mail as they choose. Congress, in either its infinite stupidity or infinite cupidity, has quiet simply sold us down the river. If, as is expected, the Senate gives final approval and President Bush signs it into law, we may well be witnessing the end of Internet e-mail.