Reviewing S.877

in

Here are some somewhat contemporaneous notes from a quick readthrough:

3(2)(d) - The "it's a newsletter, not spam" loophole. This section says a message must have sales or marketing as its primary purpose to be considered spam. I fear spammers may be able to use this to send emails that they claim are public service information and not marketing. I'm thinking of something like an email saying, "Notice: insurance laws to change" which sows the seeds of doubt, and just happens to have a handy company URL at the bottom.

5(a)(4) - Mandates opt-out rather than opt-in. This bill legalizes, rather than prohibits, spam. Spam with forged headers or sent through hijacked computers becomes illegal, but companies are permitted to spam you as much as they want. This law gives you the right to send opt-out messages requesting the spammers stop. This means you could end up sending hundreds of opt-out requests a day to all the companies advertising to you.

8(b)(1) - Nullifies any state laws on spam. The California law that outlaws spam and mandates opt-in mailing is gone. The Texas right to private action (the recipient can sue a spammer directly, albeit for a ludicrously small amount) is kaput. All state protections are gone and it's up to the government bureaucracy to bring action.

There is one part of the law I was surprised and pleased to find. Section 9(a) directs the FTC to setup a Do-Not-Spam list. Earlier versions of the law gave them permission to do so, but did not compel them to do so. The chair of the FTC is on record as opposing this, so I was fearful it would fall by the wayside. Hopefully if such a list is setup, it will contain a provision for domain-wide opt-out, so that, for instance, a company can protect all of its employees.

At first, I was concerned that although 5(a)(5)(A)(i) require an identifier for spam, it fails to specify what that identifier should be. The most common is an "ADV" tag in the subject, and people are starting to tune their spam filters to catch that. My fear is that spammers would do something such as use a mark like "AD\/" (that's A, D, backslash, forward slash) in the subject and claim that was complaint. Fortunately, section 11(2) directs the FTC to put fort a plan for spam labeling.

In summary, this bill is very disturbing because it legalizes opt-out spam, fails to provide a right to private action and supersedes state law. Some points in its favor, not currently addressed in the Texas spam law, are that it prohibits address harvesting and unauthorized relay and it mandates a Do Not Spam list. Nonetheless, this bill is very friendly to commercial emailers. That's why the marketing lobby likes it so much. It may have an effect on some of the very worst spammers, but the overall unsolicited email problem is likely to get worse.

Comments

Comments have been closed for this entry.

re: Reviewing S.877

I want to retract the second to last paragraph ("At first, I was concerned ..."). The more I think about it, the more I realize this is a terrible flaw in the bill. Come January 1 spam will be legal, but the protections (labeling, do-not-spam list, etc.) won't happen until months later. In essence, the floodgates are going to be opened before the levees are built. It's going to be a mess.

re: Reviewing S.877

Actually, address harvesting is only an aggravated violation and not by itself illegal. This seems to be a common misunderstanding of the law. In otherwords, it is completely legal to harvest email addresses as long as you are compliant with Section 5, subsection (a).