Antispam laws: CAN SPAM, will spam

By Matt Whipp

Posted on 10 Dec 2003 at 12:59

The global problem of spam has prompted new laws aimed at curbing the scourge of the Net, but they will not bite, warns Sophos.

This week will see Congress dotting the i's and crossing the t's of its Can Spam Act, before it gets the signature of President Bush, and tomorrow marks the introduction of EU antispam directives into UK law.

The CAN SPAM Act, or the rather contrived Controlling the Assault of Non-Solicited Pornography and Marketing Act, means that unsolicited email must have an opt-out option, a valid 'from' address, a subject line that fairly reflect the nature and content of the email and the physical address of the sender. A further, and useful amendment, means that businesses advertised in spam email which contravenes the new legislation will also be subject to FTC penalties and enforcements.

Using virus-infected computers to send spam by proxy will also be criminalised.

Graham Cluley, senior technology consultant at Sophos, berated the limp measures afforded by the US legislation, rendering the tougher terms of the UK laws ineffective: 'The UK is taking a tougher stand against spam than some countries, but this is toothless without buy-in from the rest of the world. The vast majority of spam originates from the USA, where CAN-SPAM laws mean you *can* spam. Spam is a global issue and needs a global solution. Many users will be experiencing more junk email than ever this Christmas, and a spam-filled 2004.'

However, the UK legislation is far from perfect. While it mandates recipients of spam email must explicitly 'opt in' to receive such correspondence, those with an 'existing relationship' with customers can continue to send unsolicited mail. As such businesses may still find themselves subject to the spam menace on that basis: we've spammed you before, so we can keep on doing it.