Comments:

Re: CAN-SPAM Act Rulemaking, Project No. R411008 Dear Commissioners, All responsible business people applaud the efforts of the commission in fighting the problem of unsolicited bulk email (SPAM). I am very concerned however about the proposal to require merchants to maintain suppression lists. While on the surface this may seem to be a good idea, I'm afraid that the potential for disaster is too great. The fact that this would put a large burden on the backs of responsible but very small business people is a big issue. An even bigger issue is; from a technology standpoint it is easy, using bots and sniffers, to harvest (hijack) these types of lists once created. These lists will certainly be stolen and used for ill purpose (More SPAM) magnifying the problem. I implore you to consider this matter carefully and extensively from the perspective of the responsible small businessperson before you act. They're not who CAN-SPAM was designed to put out of business, but even well meaning rules carelessly applied could have that effect. Not only is this an issue for legitimate Web publishers but also it will most likely cause irreparable harm in the area of Customer Relations Management for all responsible online business people. Imagine explaining to your customer, after they trusted you, how their information ended up in the hands of spammers. Further, consumers themselves stand to be harmed. If this goes into effect, when they opt-out of a given list they will unknowingly be added to a huge list that will snowball, propagated at light speed, only to be harvested by the very people we are trying to stop. I cannot convey in this short message all of the potential problems and costs I see associated with the act. I do see many dangerous ambiguities, for example; Section 5(a)(1)(b): a `from' line (the line identifying or purporting to identify a person initiating the message) that accurately identifies any person who initiated the message shall not be considered materially false or materially misleading; Does this mean that ONLY a person's name satisfies this aspect of Section 5(a)(1)? What about a bona fide company department attended by a real person? Or does it mean; if a person's name is accurately specified that they cannot be considered in breach of this section but that they have not necessarily run afoul if a person's name is not specified? Once again, I urge you to look at these matters closely and from the perspective of the responsible small businessperson before rules are set. Specifically, I hope you'll decide against the implementation of the suppression list requirement. With respect, Rick Hope California, USA