There's a few things to keep in mind as we go through this first Can-Spam spam experience. The law is not yet in effect, but if President Bush signs S.877 as expected, it will be the law of the land on January 1. So this is a beta test of sorts. But as Congress made no significant changes since the last version of the law I wrote about, it's pretty much a done deal that we'll be going live with all these issues in just a few short weeks.

And a word of warning: kids, don't do this at home. I have a setup whereby the worst that could happen to me in following the spam's opt-out instructions as far as I did was to get a little more junk in an old, heavily-trashed account. But very bad things, such as installing spyware or a virus on your computer, could happen if you follow the opt-out instructions of what could appear to be a S.877-aware spam. So when you get a message claiming to be Can-Spam compliant -- as you no doubt soon will -- just don't mess with it.

The spam I received was a garden-variety junk e-mail promoting a stock tip "newsletter" that supposedly had gotten my e-mail address from one of its partners. The subject line had no "ADV" label or anything else one could filter on, but S.877 doesn't require it to do so. In fact, the law also preempts the many state anti-spam laws that do require an ADV label on unsolicited commercial e-mail and forbids the FTC from doing anything more than studying the idea.

In studying the spam's headers, return address, etc., there was nothing I could prove was a violation of the Can-Spam Act. A few little things -- no postal address, for example -- could be considered a violation, but I would have to prove I did not have a prior business relationship with one of their partners. And how I would do that?

If I did not wish to get rich by receiving the spammer's hot stock tips, my only choice was to go through a convoluted double opt-out procedure. One has to follow a link the message provides to a "global unsubscribe list" where you submit your e-mail address. Then you're supposed to receive confirmation e-mail with yet another "validation" link you must click on to be unsubscribed.

This is all perfectly in accordance with the Can-Spam Act, which leaves it up to the spammer to specify the "Internet-based mechanism" the recipient must use to opt-out from receiving further e-mail from them. The law also says it's OK for the sender to make you negotiate your way through "more detailed options" when you're trying to opt out. If you choose not to trust the spammer's opt-out mechanism - for fear it might infect you with the next version of the SoBig virus, perhaps - then the sender can flood you with "commercial electronic mail messages" from now until doomsday with the full blessing of the laws of the United States.

Within an hour of trying to opt-out from this Can-Spam compliant e-mail, I had not received a confirmation message but I had gotten a dozen spams pushing a particular penny stock. Circumstantial evidence made it pretty clear these messages were sent by the same parties who sent the stock tip newsletter, but I certainly couldn't prove it without the help of legal authorities. And even if I could, I couldn't do anything except try to get the FTC (in which the law invests all real enforcement powers) interested in investigating and prosecuting the case.

Not only is that unlikely, I really wouldn't want the FTC or other federal agencies spending limited resources to go after guys like this. After all, out-and-out criminals are using spam to perpetrate major felonies like the "phisher" scams with virtually no fear of getting caught. As long as that's the case, it would be stupid for the FTC to spend one dime proving that some jerk selling male enhancement products is violating the Can-Spam Act.

So what's life with the "Yes, You Can Spam Act" going to be like come the New Year? Well, it's going to be pretty cool ... if you're a spammer. And if you're into spreading viruses, mobilizing Zombie computers, or orchestrating denial-of-service attacks, it appears 2004 will present you some wonderful new opportunities for hoodwinking e-mail recipients. But for those who'd like a more secure and more usable Internet, or even one that doesn't get appreciably worse, it looks like we're in for a very bad year.

--------------------

Post your comments about this column below or write me directly at Foster@gripe2ed.com. To receive this column every week in my free e-mail newsletter, please go to my subscription page and follow the instructions to opt-in for the EdFoster mailing list.