Spammers Would Feast on this List

Spammers Would Feast on this List

Metchis Op-Ed in the Chicago Sun Times
November 11, 2003

Bolstered by the widespread popularity of the national Do Not Call Registry, the Senate recently passed an anti-spam bill, the CAN-SPAM Act of 2003, which directs the Federal Trade Commission to create a Do Not E-Mail list. The concept sounds great: Put your e-mail address on a list, and the government will ban spammers from sending you junk mail. But while Do Not Call really can limit the number of telemarketing calls you receive, Do Not E-Mail would not only be ineffective, it could make the spam problem even worse. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

Telemarketers are not renowned for their respectability, but they are on the whole more responsible than e-mail marketers. Spammers frequently peddle pornography and questionable ''medications,'' and they routinely hide their identities and place the blame for their actions on other Internet users. Telemarketers are allowed to download unencrypted copies of the Do Not Call list to remove names and numbers from their calling lists. Granted the same access to a Do Not E-Mail list, many e-mail marketers would treat it as a fresh contact list and would purposely send spam to the forbidden addresses instead of avoiding them.

Spammers could flout the Do Not E-Mail list with little risk. The chances of getting caught for breaking an anti-spam law are very low, since spammers excel at using advanced tools to remain anonymous on the Internet. Unlike phone calls, which can be traced with relatively high accuracy, the source of an e-mail is easily hidden. Most spammers already hide their identities because many of their ads are in violation of anti-spam laws in 36 states as well as federal anti-fraud laws. Adding a new law will not convince these repeat offenders to change their ways and may even encourage them.

To keep spammers from abusing the Do Not E-Mail registry, the FTC would have to encrypt the names and addresses on it. E-mail marketers could not be allowed access to the list at all, since downloading a copy would allow unscrupulous spammers to work hard to break the encryption. The exact implementation of the registry has not yet been decided, but in most proposals, marketers would have to submit their own mailing lists to the FTC and receive a ''clean'' list in return -- also encrypted to avoid a comparison with the list that was originally submitted. This would be extremely costly and difficult to administer.

In addition, creating a Do Not E-Mail list could divert resources away from tracking down spammers who break other anti-fraud and anti-spam laws. FTC Chairman Timothy Muris has said that the agency does not have sufficient funds to create and administer such a list. With more limited enforcement, even more spammers will ignore the law and send marketing e-mails without checking the Do Not E-Mail list.

Meanwhile, the registry would be a potential gold mine for unscrupulous spammers, since it would hold millions of accurate e-mail addresses checked on a regular basis by real people. Most mailing lists used by spammers have a high percentage of expired, fake and spam-catching addresses. The FTC's registry would immediately become a prime target for hackers out to make a buck by spamming or selling the addresses to spammers.

The Do Not E-mail list does resemble the proposed Do Not Call list in one important feature: its uncertain legality. The court battle over the Do Not Call Registry is ongoing. Some experts argue that the Do Not Call list is unconstitutional because it limits speech based on its content: Only marketing calls are banned, not calls from politicians, charities and other groups. The Do Not E-Mail list proposed in the CAN-SPAM bill is vulnerable to the same arguments, and might eventually be declared unconstitutional. Until the courts issue a final decision on the Do Not Call program, the FTC should not invest time and money in an equally questionable Do Not E-Mail program.