|Received:||8/16/2004 7:27:21 PM|
|Agency:||Federal Trade Commission|
|Rule:||Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act (NPRM)|
Comments:This definition of commercial spam excludes many of the scams and just plain stupid spam that is not promoting a product or service. An example would be the "inspirational stories" that are supposed to pass on to everyone in your address book. By getting rid of the commercial spam, this might be at a level that is tolerable. The subject line focus is pretty meaningless as misleading subject lines are the norm anymore. But the proposed definition does provide an OR clause based on the actual content - that's good. It doesn't distinguish between unsolicited e-mails, e-mails from companies that you have or have had a business relationship with, e-mails from individuals, or e-mails sent as a result of you not marking the "don't flood me with your stupid ads" box when registering on a website. I think those, and others, are important considerations - but this notice does say that it is only concerned with defining what is a commercial e-mail message. Supposedly, once an e-mail is categorized as being commercial in nature it will then pass to a second tier of processing to determine if it remains actionable. I will be interested in seeing the proposed rulemaking notice on compliance issues. We are walking a fine line since current e-mail technology permits savvy senders to forge and hide the origins of the message. I'm opposed to passing e-mail standards that require every e-mail be traceable. While that might be nice for going after spammers and virus makers (who are also not included in this legislation, but they are presumably dealt with separately) I don't like the level of government surveillence of individuals it would allow. Since the commercial spam being discussed almost has to have some way of buying the product or service being advertised, it should be traceable to the source that way. What I would recommend is that there be a spam database built up consisting of e-mails that are forwarded by recipients who feel they are spam. Perhaps an even better source would be the ISP anti-spam filters. They could have a filter level that determines if a blocked message should be reported to the FTC. In this case, I would want the recipient's e-mail address stripped from the e-mail headers - of course identifying information might be in the e-mail body, but stripping that would be hard to automate. The FTC could develop analysis tools to group the reported spams together according to the probability that they are originating from the same source. The group with the greatest number of e-mails in the last so-many days becomes the number one priority for investigation and potential enfocement action. This would not only focus attention onto the worst offenders, but it would also minimize the likelihood that innocent people will be caught up in the net. Will spammers figure out a way to disguise their e-mails so that they don't get grouped together too easily? Sure. But it will increase the difficulty and the cost of advertising this way. Plus, the FTC analysis tools will grow in sophistication as well. Another thought I had would be having a "requested e-mail" tag in the header - just as there is currently the "received confirmation" tag that some e-mail programs recognize. This would be an ISP level application that permits software to recognize an e-mail that is based on an established relationship with the recipient (or at least claiming to be) and let it through the spam-filters. But, before doing so, it would send the sender a confirmation e-mail that must be responded to (automatically is fine) before it is sent around the filter. This ensures that, should someone use this to get spam around the filter, that some level of traceability has been established. Then the e-mail is sent on to the recipient with a wrapper letting them easily report an e-mail that was not actually requested. Senders of e-mails abusing this tool would be high on the list of offenders targetted for enforcement action.