True Heart of the Spam Problem

The true heart of the spam problem is American businesses insisting they should have the right to spam.

NOTE: Pictured here is the delicious pork shoulder and ham product from the good people at  Hormel called Spam, not the nasty form of mass unsolicited e-mail named for the Monty Python sketch.

It’s a definition problem. The 2003 CAN-SPAM Act is aptly named, because it defines as "not-spam" most of the spam corporations want to send.

Here it is, direct from the FTC’s own Web site:

Here’s a rundown of the
  law’s main provisions:

• It bans false or misleading
    header information. Your email’s
                 "From," "To," and routing information – including the originating domain name and email
    address – must be accurate and identify
  the person who initiated the email.
• It prohibits deceptive subject  lines. The subject line cannot
                      mislead the recipient about the contents  or subject matter of the message.
• It requires that your email  give recipients an opt-out method.
        You must provide a return email address  or another Internet-based response mechanism  that allows a recipient to ask you not to send future email messages to that  email address, and you must honor the  requests. You may create a "menu" of choices to allow a recipient to opt  out of certain types of messages, but  you must include the option to end any
        commercial messages from the sender.

Here in the real world we know that if you try to "opt-out" of real spam you are, in fact, "opting-in" to everyone’s. This reality is deliberately ignored in the law. It’s perfectly legal under CAN-SPAM for a corporation to send mass e-mails, so long as it follows these rules. The same provision ignores the problem of "spoofing," in which crooks pretend to be real companies in order to steal your money or identity. We’re supposed to "trust" the "real" companies that have "valid" opt-outs — why?

It is against this backdrop that we have the AOL Goodmail controversy. Many who have looked at the program, including Esther Dyson, whom I consider the "godmother" of the early commercial Internet, have said it is perfectly fine. When I expressed skepticism over Goodmail on the Dave Farber list recently, she wrote me:

Goodmail is completely dependent on an opt-in model, and has its own
auditing system to ensure that its  sender-customers behave.

On what
are you basing your assertions?

The short answer, Ms. Dyson, is U.S. law.

Goodmail and AOL insist that they are not trying to charge people for
e-mail. What they are trying to do is guarantee that valid corporate
e-mails, sent in bloc, like (say) stock trade confirmations, get
through. They charge senders to whitelist this traffic, and everything
else will go through.

But we have been trained, as an Internet Culture, to distrust this. As
sure as God made little green apples, CAN-SPAM legal spam from Goodmail
clients is going to be coming into our inboxes, with clients paying to
guarantee delivery. At the same time, we’re certain, small opt-in
newsletters like A-Clue.Com will be "accidentally" blocked.

There is just no reason to assume trust when by definition and practice
you have proven yourself untrustworthy. This is true for corporations,
and for all of us.

Oh, what would be a real solution? Demand opt-in audits of every list larger than a certain threshold.