On 25 November 2003, the U.S. Senate overwhelmingly passed a bill to regulate junk commercial e-mail, or spam. The House of Representatives must reapprove the revised bill before it goes to President Bush, who is expected to sign it. The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM):

• Would override all state anti-spam laws although state consumer protection and privacy laws will still apply
• Requires that the marketing e-mail provide a valid "opt-out" mechanism. It does not give consumers a right of action if opt-outs are not upheld
• Advises, but does not require, the Federal Trade Commission to report to Congress on the feasibility of creating a "do not spam" list similar to the federal "do not call" list
• Requires e-mail advertising to be identified as such by including "ADV" in the subject line
• Requires the advertised product be identified in the subject line
• Requires pornographic e-mail to have a warning label in the subject line

The CAN-SPAM bill will affect several groups. E-mail marketers will be absolved from complying with the maze of state anti-spam laws, but enterprises, Internet service providers (ISPs) and vendors filtering inbound e-mail will have to rely on increasingly sophisticated technology and policy solutions.

E-mail marketers: The new law would eliminate the need for e-marketers to comply with 36 state anti-spam laws, many of them more stringent than the new federal law. In part because they would need to comply with one U.S. law only, the Direct Marketing Association and e-marketers strongly support the bill. Although the bill requires a valid opt-out mechanism, it does not well define who should be responsible for upholding the unsubscribe or do-not-contact request.

ISPs: Some state laws required marketers to comply with ISP policies; however, this bill does not require that. Much ADV-labeled e-mail will have been requested by the customer. ISPs can't simply block such e-mail wholesale, without risking subscriber churn. Instead, they will need to use increasingly sophisticated spam blocking methods.

Enterprises: Some enterprises will be tempted to block ADV-labeled e-mail. Doing so, however, means that business-critical e-mail, such as industry newsletters, may be blocked. Enterprises should weigh the risks of overly stringent spam filtering.

Anti-spam vendors: Spam will not increase (or decrease) as a result of this legislation, and enterprises will still need spam-filtering technology. However, filtering technology should include the ability to switch the ADV blocking feature on and off.

.

Disreputable spammers: Disreputable spammers will find no need to comply with the legislation; fraudulent e-mail is built on deception. Should spammers feel at risk, the spam e-mail will be sent through an offshore ISP, outside U.S. jurisdiction.

Bottom Line

Enterprises should not expect federal legislation to solve their inbound spam filtering problem. CAN-SPAM will likely not change spammer behavior. However, it will cause increased scrutiny of all e-mail. Enterprise spam protection lies in good e-mail management processes and the judicious use of spam-filtering technology.

Analytical Sources: Maurene Grey, Lydia Leong, Arabella Hallawell, Adam Sarner and Anthony Allan, Gartner Research

Recommended Reading and Related Research

• "Spam Filtering Works Better With a Management Policy" — When you deploy spam filtering software, you must consider business issues. By Maurene Grey and Arabella Hallawell
• "E-Mail Opt-In Laws Won't Stop Spam" — Although many governments worldwide are passing anti-spam laws; they won't solve the spam problem. By Arabella Hallawell

(You may need to sign in or be a Gartner client to access all of this content.)