SPAM - Unsolicited Commercial E-Mail

Top News

• Federal Regulators Win Injunction Against Prescription Drug Spam Ring. Today, the Federal Trade Commission obtained a temporary injunction against an international network of individuals responsible for billions of unsolicited commercial emails. The spammers allegedly used a world-wide network to barrage email users with deceptive offers for prescription drugs, including Viagra and weight loss medication. Federal regulators seek to shut down the network permanently, and recover monetary damages, which they estimate to be substantial. Four companies are accused of masterminding the spam plot, including two US firms, Tango Pay Inc. and Click Fusion Inc., as well two New Zealand entities. EPIC has advocated for restrictions on unsolicited commercial email, and supported substantial monetary penalties in federal regulatory actions. (Oct. 15, 2008)
  
  
• Federal Court Applies Anti-Spam Protections to Web Site. Today, a federal court in Washington state allowed a spam lawsuit to proceed, even though the claimant is not an internet service provider. In Haselton v. Quicken Loans Inc., the web site Peacefire.org sued an alleged spammer for the harm inflicted by spam on Peacefire's online services. The court ruled that Peacefire, a web site that provides anti-censorship tools, is an "Internet access service," and therefore entitled to press its case under the CAN-SPAM act, the primary federal anti-spam law. The court further held that monetary damages are not limited to e-mail service providers. The ruling is consistent with other recent opinions that authorized anti-spam suits by Internet social-networking services such as Facebook and MySpace. EPIC has advocated for stronger anti-spam measures before Congress, state legislatures, and federal regulators. (Oct. 14, 2008)
  
  
• EPIC Testifies Before the District of Columbia Council on Spam Legislation. EPIC Staff Counsel John Verdi testified before the District of Columbia Council on Bill 17-34, the District of Columbia Spam Deterrence Act of 2007. The bill would prohibit the transmission of false or misleading commercial email, create a civil cause of action and criminal penalties, and establish a private right of action for consumers. EPIC supported the legislation, noting that it provides stronger consumer privacy protections than the federal CAN-SPAM Act. (Mar. 12, 2008)



• FTC Releases Spam Report. The Federal Trade Commission released a report today that showed that spam filters and email address masking were effective in preventing spam generated by automatic email address harvesters. The study also showed that emails placed on web pages were more susceptible to harvesting than those posted on message boards or in newsgroups. (Nov. 28, 2005)
  
  
• PIC: E-mail Users Should Be Able to Opt-Out from List Brokers. In comments to the Federal Trade Commission on the CAN-SPAM Act, EPIC argued that individuals should be able to prevent direct marketing "list brokers" from selling lists containing their e-mail addresses. List brokers sell tens of thousands of lists containing e-mail addresses and other personal information, and are the driving force behind unwanted spam, telemarketing, and junk mail. For more information, see the EPIC Consumer Profiling page. (June 27, 2005)
  
  
• EPIC Comments on E-Mail Authentication. The Federal Trade Commission will hold a summit on e-mail authentication for spam prevention on November 9-10, 2004. In comments, EPIC has urged the Commission to carefully consider whether authentication schemes will erode e-mail users' anonymity. (Sept. 28, 2004)
  
  
• FCC Imposes Rules on Internet Telephony; Bans Wireless Spam. The Federal Communications Commission has tentatively determined (pdf) that Internet phone calls are subject to wiretapping by law enforcement under the Communications Assistance for Law Enforcement Act (CALEA). EPIC had filed comments (pdf) earlier this year explaining that Internet telephony should not be subject to CALEA. Consistent with comments filed by EPIC in April, the Commission also ruled (pdf) that marketers cannot send commercial e-mail to wireless devices without the explicit consent of the consumer, a much stronger protection against spam than that provided by the CAN-SPAM Act passed by Congress last year. (Aug. 5, 2004)
  
  
• EPIC Advocates Opt-In Privacy for Wireless Devices. In comments to the Federal Communications Commission, EPIC urged the agency to create opt-in protections against "mobile service commercial messages," spam that is sent to cellular phones and other wireless devices. EPIC argued that without protections from these messages, individuals would be less likely to adopt wireless devices and that the cost of the messages would be transferred onto the device user. (Apr. 30, 2004)
  
  
• EPIC Comments on Do Not E-mail Registry. In comments to the Federal Trade Commission, EPIC supported the creation of a Do Not E-mail Registry. If created, the Registry should list domain-level information rather than individual e-mail addresses. (Mar. 31, 2004)

Introduction

Spam is unsolicited commercial e-mail. It is sent, usually in bulk, through "open-relays" to millions of persons. Spam is cost-shifted advertising. It takes a toll on Internet users' time, their resources, and the resources of Internet Service Providers (ISP). Most recently, spammers have begun to send advertisements via text message to cell phones.

Spammers get e-mail addresses in three ways: by scavenging, the practice of automatically collecting e-mail addresses listed or posted on webpages and electronic bulletin boards; by guessing, where the spammer uses dictionary terms or randomly-generated strings to develop e-mail addresses; and by purchasing e-mail addresses through list brokers.

"Remove me" options on spam are often fake. That is, if you respond to request removal, you very well may be subjecting yourself to more spam, because by responding, the sender knows that your e-mail account is active. A 2002 study performed by the FTC demonstrated that in 63% of the cases where a spam offered a "remove me" option, responding either did nothing or resulted in more e-mail.

In December 2003, Congress passed 108 S. 877, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, known as the "CAN-SPAM" Act. The Act creates new penalties for sending deceptive spam advertising, but does not "can" truthful unsolicited commercial e-mail.

The Act defines spam as any message where the "primary purpose" is the "commercial advertisement or promotion of a commercial product or service." "Transactional or relationship" messages, that is, messages for account maintenance, product recall or safety information, or those necessary to complete a sale initiated by the recipient, are exempted from some provisions of the Act.

Under CAN-SPAM, unsolicited commercial messages must include notice that the message is an advertisement or solicitation, an opt-out notice, and a valid postal address of the sender.

CAN-SPAM prohibits falsification of transmission information and deceptive subject headings. The Act creates criminal prohibitions against those who knowingly transmit spam through others' computers without authorization. Also, the Federal Trade Commission may pursue individuals who knowingly hire others to send deceptive spam. However, these and other criminal provisions are encumbered by unusually burdensome litigation requirements. For instance, the prohibition on deceptive subject headings would require the government to prove in court that the sender knew that the message would mislead a reasonable recipient.

Spam with "sexually oriented" material must be labeled with a notice that will be developed by the Federal Trade Commission and the Attorney General in 2004.

The Act gives the Federal Trade Commission the authority to create a do-not-spam registry. The agency must issue a report to Congress on the feasibility of such a registry mid-year 2004, and may implement it in fall 2004.

Enforcement of the Act is limited to the Federal Trade Commission, state attorneys general, and Internet Service Providers. Some individuals may be able to qualify as Internet Service Providers, and bring lawsuits under the Act. But, damages are capped, and spammers can obtain a reduction in fines if they can show implementation of "reasonable practices" to avoid violation of the Act. In November 2003, the Internet Committee of the National Association of Attorneys General described this reduction in fines as "unprecedented in consumer protection law" and "an additional barrier to enforcement."

States have been much more aggressive in passing spam laws. Approximately 35 had anti-spam legislation prior to the passage of CAN-SPAM. CAN-SPAM supercedes most of those state laws, making them invalid. Most notably, California's spam law which was set to go into effect on January 1, 2004, was preempted. That law would have created opt-in protections against spam.

David Sorkin, author of Technical and Legal Approaches to Unsolicited Electronic Mail, catalogs a complete list of enacted state spam laws and pending federal legislation online at Spamlaws.com. Thus far, state spam laws have been upheld in at least two cases: Ferguson v. Friendfinders, Inc. 94 Cal.App.4th 1255, 115 Cal.Rptr.2d 258 (Cal.App.1st Dist. 2002); and State v. Heckel, 143 Wash. 2d 824, 24 P.3d 404 (2001).

Technological approaches have been somewhat successful in stemming spam. ISPs have engaged in filtering, especially when encountering bulk transmissions of e-mail, that has made it more difficult for spammers to reach users. Users have engaged in filtering, and the use of white and black lists. Perhaps the best approach to spam is to create a legislative framework to give individuals more control over their inbox, and to employ technological tools to stem the tide of spam.

• 108 S. 877, The CAN-SPAM Act of 2003, THOMAS Database.
• Letter from the NAAG Internet Committee Objecting to CAN-SPAM (PDF).

News

• SEC Reaches Deal in Spam Fraud Case, CNET News.com, May 19, 2003.
• Draft of Bill on Mass E-mail Called Weak, Washington Post, May 13, 2003.
• Congress Moving to Combat Spam E-mail, Associated Press, May 4, 2003.
• Spam Looms for Cell Phone Users, Reuters, May 1, 2003.
• States Object to Spam Legislation, Technews.com, April 30, 2003.
• FTC Dissects Spam Problem, Washington Post, April 29, 2003.
• Email Service Providers Unite in Bid to Stop Spam, The New York Times, April 28, 2003.
• Blacklisted Emailers Sue Anti-Spam Groups, The Washington Post, April 26, 2003.
• Marketer Challenges Anti-Spam Crusader, Washington Post, April 7, 2003.
• States Still Trying to Stop Spam, Wired News, February 7, 2003.
• Anti-Spam Laws a "Tough Cell," Wired, September 27, 2002.
• California Sues Marketing Firm for Spamming, Siliconvalley.com, September 26, 2002.
• A Cybersage Speaks His Mind, CNET, September 19, 2002.
• FEC Decision Could Jump-Start SMS Political Ads, Washington Post, August 22, 2002.
• Short-Text Messaging May Get Boost as Political Ad Vehicle, Washington Post, August 22, 2002.
• Equifax to Acquire Naviant, Equifax Press Release, August 15, 2002.
• The New Frontier of Mobilespam, Wired, August 5, 2002.
• Europe outlaws spam, but the junk mail keeps on coming, Siliconvalley.com (AP), August 4, 2002.
• How One Spam Leads to Another, Wired, July 3, 2002.
• Spam: An Escalating Attack of the Clones, New York Times, June 27, 2002.
  
• Making Spam Go Splat: Sick of Unsolicited E-Mail, Businesses Are Fighting Back, Washington Post, June 9, 2002.
• Yahoo! sneaks in yet more spam, MSNBC, March 29, 2002.
• Spam and web-visible email addresses Bait a spammer and see the results, DSLReports, February 2002.
• Spam Oozes Past Border Patrol, Wired, February 23, 2001.
• CA Appeals Court Upholds Spam Law, Slashdot, January 3, 2001.

Resources

• Junkbusters.
• FTC Spam Resources.
• Fight Spam on the Internet! Campaign.
• The Coalition Against Unsolicited Commercial E-mail (CAUCE).
• David E. Sorkin, Technical and Legal Approaches to Unsolicited Electronic Mail, 35 U.S.F. L. Rev. 325 (2001).
• John Marshall Law School Spam Resources.
• Findlaw E-Mail Primary Materials.
• Legislation Pending, 108th Congress
• Public Opinion on Spam: Harris Poll, January 3, 2003.
• The Dark Side of E-Commerce: The Email Spam Epidemic, U.S. Senator Charles E Schumer, April 2003.
• False Claims in Spam, FTC, April 29, 2003.
• Spam Control: Problems and Opportunities, Ferris Research, January, 2003.
• Report on Spam, Commission Nationale Informatique et Libertés, October 2002.
• "Remove Me" Survey Results, FTC, April, 2002.
• Report to the FTC, Ad-Hoc Working Group on Unsolicited Commercial Email, July 1998.
• Why Am I Getting All this Spam, CDT, March 19, 2003.
• Resolution on Unsolicited Commercial Electronic Mail, Trans Atlantic Consumer Dialogue, May 2001.
• Internet Society.
• Spamhaus.
• Tagged Message Delivery Agent (TMDA).
• Spamcop.
• Brightmail.
• Mail Abuse Prevention System.

Some Spam-Fighting Technologies

• EPIC Tools for Protecting Online Privacy. Has links to products that purport to enhance privacy. Please note that EPIC does not lobby for, consult, or advise companies, nor do we endorse specific products or services.

Previous Top News

• Senate Approves Weak Spam Bill. The Senate has passed the CAN Spam Act. EPIC earlier testified before the Senate on the need for strong, effective measures to reduce spam. EPIC favors "opt-in" mailing lists, a private right of action for consumers, and freedom for states to pursue spammers, combined with technical measures and international cooperation. Members of the Privacy Coalition also announced a "Framework for Effective Spam Legislation."  For more information, see EPIC Spam page.(Oct 23, 2003)

• Pew Releases Spam Survey.  The Pew Internet and American Life Project has released a report (pdf) entitled "Spam: How it is hurting email and degrading life on the Internet."  The report found, among other things, that spam has had an increasingly negative effect on email usage, but that it effects personal email more than work email.  For more information, see the Pew Internet and American Life Project web site and the EPIC Spam page. (October 22, 2003)

• Groups Announce Spam Policy Framework. Members of the Privacy Coalition will announce today a "Framework for Effective Spam Legislation." See press advisory and EPIC Spam page. (Jul 18, 2003)

• Senate to Consider Spam. The Senate Commerce Committee will explore Unsolicited Commercial Email, or "spam," at a hearing on May 21st. EPIC Executive Director Marc Rotenberg's testimony will focus on the need for strong, effective measures to reduce spam. EPIC favors "opt-in" mailing lists, a private right of action for consumers, and freedom for states to pursue spammers, combined with technical measures and international cooperation. For more information, see EPIC Spam page. (May 20, 2003)

• "Buffalo Spammer" Arrested. In a rare criminal case against an alleged spammer, New York authorities have arrested a man accused of sending at least 825 million unsolicited emails. The man was charged with stealing the identities of two individuals to open Internet accounts through which he sent unsolicited bulk email. The Internet Service Provider Earthlink won a $16.4 million civil judgment against the same spammer in federal court earlier in the month. (May 14, 2003)

• FTC Finds Two-thirds of Spam Fraudulent. A Federal Trade Commission analysis of a random sample of 1,000 pieces of unsolicited email, found that 66 percent of the spam contained false claims. The report follows two previous studies that found that 86 percent of email addresses posted to websites and newsgroups received spam, and that 63 percent of email address removal requests were not honored. The agency released the report as it launched a three-day forum designed to explore solutions to the problems associated with spam. (April 29, 2003)

• European Parliament Vote in Favor of Surveillance of Communications. Despite a successful campaign organized by a group of 60 civil liberties organizations from 15 countries with wide endorsement by more than 16,000 individuals from 73 countries, the EP has approved data retention. The European directive now makes it much easier for police to collect from Internet service providers and telephone companies a wide range of traffic data of their subscribers' phone calls, emails and Internet communications. On the other hand, the measure bans almost every future 'spamming' unless the addressee 'opts-in', and restricts the use of 'cookies'. For more details, see the new EPIC's data retention page. Meeting minutes and vote results are available. (May 30, 2002)

• FTC Chairman Announces Privacy Agenda. Timothy Muris, Chairman of the Federal Trade Commission (FTC), today released a new privacy agenda for the agency. The agenda calls for a 50% increase in privacy resources, improved privacy complaint handling, more protection for consumers from spam, telemarketing, pretexting and ID theft, and increased enforcement of privacy policies and existing laws such as the Fair Credit Reporting Act (FCRA) and the Children's Online Privacy Protection Act (COPPA). The Chairman concluded, however, that it was "too soon" to recommend broad-based online privacy legislation. (Oct. 4, 2001)

• ReverseAuction.com Settles Privacy Violation Charges. In FTC v. ReverseAuction.com, the Federal Trade Commission charged in its complaint that the auction site had pursued "unfair and deceptive" practices in collecting email addresses from eBay customers and sending spam containing false information about the status of their accounts. The settlement will require ReverseAuction.com to inform all the users they deceived, allow these customers to remove their registration information, and delete all email addresses unfairly obtained from eBay's site. (Jan. 6, 2000)

Last Updated: October 24, 2008
Page URL: http://www.epic.org/privacy/junk_mail/spam/default.html