|Received:||3/17/2004 3:23:14 PM|
|Agency:||Federal Trade Commission|
Several problems with CAN-SPAM - spamming companies can create shells or affliated companies, honor an opt-out request (assuming they do at all), and then immediately transfer the information to another shell or affiliated company to put on their database and renew the spamming. They can even do this after a mass mailing and claim they did not have the names when the opt-out was received. They can then get it back later and start over. This can be kept up for some time, particularly with agreements among spammers. This should be considered an aggravated offense. A Do-Not-Email registry will help block these tactics but a far simpler tactic is Opt-In. An opt-out can require you to go to a website where you have to enter your email address and other info. Companies are free to put in lots of information on this page and possibly obscure an agreement that you are not opting out. Or the company may not consider the opt-out final until you confirm via another email, which may be buried in advertising again. An opt-out must be an automated valid return email with no further action required; with a confirmation email that you have opted out and will not receive further communications. That email format should be strictly controlled - no ads, no obfuscation, no clickable links that could re-enable a "working relationship". In today's world, there is NO reason why this cannot be done within 24 hours or less. Responding to an opt-out verifies the email to the sender who can do the above or who can simply ignore the opt-out. If a Do-Not-Email registry is established, the registry should be copied on the email so a record is established. Opt-in should be the default. Recognizing that this probably won't happen, opt-out should be simple - plain return email, and companies are prohibited from passing on contact information to other companies. If companies sell mailing lists, they cannot include anyonethey must be held responsible for passing along opt-outs for anyone on their database. They cannot pass on or sell contact info with the intent of avoiding. A company must identify their corp headquarters, address, phone, and email addresses on commercial email at the beginning of the message and not obscure this information. A company must use the same subject and corp return email address for each materially identical campaign - e.g. not 1500 campaigns for the same thing designed to avoid spam rules. In general, there should be a catch-all like the IRS has that using tactics to evade the Act is also illegal even if they abide by all the rules but with the intent to carry on - for example, persuading others to perpetuate the advertising through multi-level marketing etc. A simple volume trigger can protect individuals - for example, someone who sends Tell-a-Friend emails is highly unlikely to do more than a few a day whereas a spammer will send thousands or millions a day. It should be a requirement that any Opt-In or Opt-Out must stand alone at the top of a page with wording specified by the FTC with clear line spacing before and after and no adjacent or obscuring ads. It should be illegal to bury opt-in or opt-out wording in license agreements and other long text which obfuscates the opt-in/out or place it at the bottom or middle of long pages with the same effect (intent or not) to obscure.