Stop Messenger Spam, Messenger Service, Stop Spam, Spam Filter

Stop Messenger
Spam 1.0 Released

Why aren't there laws against spam?

When Mark Ferguson first posted his email address on several genealogy bulletin boards, he hoped to be contacted by people who had information about his family. The people who contacted him, however, were mostly spammers.

"In one week, I got 1,400 [messages], which is roughly 200 a day," Ferguson told "CyberCrime."

So, Ferguson decided to take on the spammers. He used a California law in effect at the time to sue one of the companies whose advertisers were flooding his email inbox with spam. The ill-fated law -- Section 17538.4 of the California Business and Professions Code -- made it illegal to send out mass commercial email without labeling it as such in its subject line, and the law required that spammers honor email recipients' opt-out requests.

The California law was not the first of its kind. For the last four years, state legislators from across the country have been looking to wage a war on spam. Nevada became the first of these states in July 1997 when it revised Sections 41.705-41.735 of its state code. The new Nevada laws make it illegal to send unsolicited commercial email unless it is labeled as an advertisement and includes the sender's name, street address, and email address, along with opt-out instructions.

There are currently 16 states besides California and Nevada that have attempted to institute laws governing the use of mass commercial email campaigns. Colorado's Junk Email Law, enacted in June of 2000, prohibits the sending of unsolicited commercial email containing false or missing routing information and mandates that unsolicited email must be labeled as such in the subject line. Spam sent in Colorado must also include the sender's email address and opt-out instructions.

In Idaho, a law approved in April of 2000 requires that unsolicited email messages include an email address for opt-out requests and requires senders to honor opt-out requests. A Pennsylvania bill approved in June of 2000 requires unsolicited commercial email containing sexual materials to be labeled with the term "ADV-ADULT" in the subject line.

Meanwhile, a Washington state law enacted in March 1998 and amended in May 1999 went so far as to grant law enforcement agents the power to prosecute spammers who not only send spam from within Washington, but also spammers from outside the state who know that the recipient is a Washington resident.

Despite state lawmakers' best efforts, however, several of these new laws, including the California law under which Mark Ferguson filed his lawsuit and the Washington state law, have been struck down as unconstitutional.

The California law violated the dormant commerce clause of the US Constitution, which prohibits states from placing undue burden on interstate commerce, according to the California superior court judge hearing Ferguson's lawsuit. The judge dismissed the case, finding that since commercial email sent from one state to another is considered interstate commerce, no state has the power to make laws restricting that email.

"The problem is that email, by its very nature when it goes over the Internet, doesn't happen within any state's borders," says attorney Ira Rothken, who defended the company accused of spamming against Ferguson's suit. "There's no way to tell where somebody is physically located when they're either sending or receiving an email. And so if each state decided to legislate in that area, you'd have balkanized rules and balkanized laws, and you wouldn't know whose laws to follow. It would stifle the Internet as a whole."

Ferguson is currently appealing the judge's ruling. But the decision does foreshadow the fact that any laws seeking to regulate commercial email will have to be drafted at the federal level.

So, what are federal legislators doing to remedy the situation? There are currently several major pieces of federal legislation concerning spam pending before congress. Bills HR 1910 in the House and S 759 in the Senate would prohibit the falsification of header information in emails and would require senders of commercial email to honor opt-out requests.

HR 2162, also known as the Can Spam Act, would allow ISPs to take action against spammers and would impose criminal penalties for those who use unknowing third party servers to send spam. HR 113, the Wireless Telephone Spam Protection Act, would prohibit the use of wireless messaging systems to send unsolicited advertisements.

And two identical bills, HR 718 and HR 95, also known as the Unsolicited Commercial Electronic Mail Act of 2001, would require unsolicited commercial email messages to be labeled and to include opt-out instructions.

To date, however, no federal legislation regarding email spam has been enacted, and state laws continue to meet resistance from the courts. So what can you do to protect yourself until lawmakers find a way to regulate spam? In the next part of our "CyberCrime" investigation, we offer some of the best methods email recipients can use to keep their inboxes clear of spam.

Several state laws regulating spam have recently been struck down by courts as violating the dormant commerce clause of the US Constitution, which prohibits states from placing undue burden on interstate commerce. Meanwhile, no federal law has yet been enacted regulating commercial email. So how can you protect yourself from spam until congress does enact legislation? Here are some ideas.

Maintain a spam email account. Web-based email accounts are free and easy to set up. Get one that is intended specifically for spam. Don't use it for personal and work communications, but give it out when signing up for mailing lists, posting to newsgroups, or shopping online.

Don't give out your real email address. If you don't have a spam email account, leave the space for your email address blank when filling out online registration forms. If the site requires you to enter an email address, you can fill in a phony one. Make an address up, or if you want to be especially sly, supply the email address of your favorite spamming company.

Don't reply. Never reply to spam. Replies are how spammers verify that an email address is active. If you reply to a spam email, you are practically asking to receive more spam.

Don't even open spam. Some spam messages are programmed to contain Web bugs, which notify the messages' sender when an email he or she has sent has been opened. Spammers use these Web bugs to tell that your email address is valid and active. They can do this even if you don't reply to the email; opening one is enough. If you know an email message is spam, delete it without opening it.

Screen for spam. You can program your email client to filter out certain messages, including those that don't have your correct email address, have subject lines in all caps, have a lot of dollar signs or exclamation points, or have words like "unsubscribe," "X-priority," "adv," "bulk email," "authenticated sender," or "make money fast" in the subject lines. You can also note the domains from which you receive a lot of mass email and block messages from those domains.

Get a spam filter. Many ISPs now come with a spam filter that can be added to your existing email client. Earthlink offers one called Spaminator, and Hotmail provides one called InBox Protector. You can also purchase Novasoft's SpamKiller for $30, or download one for free from Spam Bouncer.

Mung. Address munging, also known as spam blocking or spoofing, refers to altering your email address when posting to newsgroups and bulletin boards so that spam bots will either not recognize your email or send spam to an illegitimate email rather than to yours. For example, you can change cybercrime@techtv.com to cybercrimeATtechtvDOTcom, or to cybercrime@zechzv.com (replace t with z), or even see_my_sig@for.my.real.address. For more information, visit this extensive FAQ on address munging.

Get unlisted. Contact Internet directories such as WhoWhere and 411 and ask them to remove your name, email address, and personal information from their databases.

If you know of any other ways Internet users can avoid spam, let us know. And make sure to watch our look at spam legislation on this week's episode.

You can also find an overview of the current federal, state, and international laws concerning spam at Spam Laws, John Marshall Law School's spam law resource, and junkemail.org.

For more general anti-spam resources, visit suespammers.org, emailabuse.org, SpamCop, the Coalition Against Unsolicited Commercial Email, and Scam Busters.