Dissecting a Major Flaw in CAN-SPAM

The column, “Canada’s Anti-Spam Bill Would Put a Chill on B2B E-Mail” by Bill McCloskey caught my attention.

I respect Bill but it should not come as a surprise to regular readers that I am very much at odds with his take on the proposed law’s requirement for permission. It is, and has always been, my contention that the lack of a requirement for express consent in the CAN-SPAM Act is a major flaw — and this is at the heart of my differences with Bill’s position.

It’s ironic that Bill pointed out that politicians usually exempt themselves from such laws. He then argues for the same exclusion for himself by claiming that B2B (define) e-mail is different from B2C (define)e-mail and so should be excluded.

Unsolicited e-mail is unsolicited e-mail. It matters little what product, service, scam, or political viewpoint is being hawked or the address being used to deliver the pitch. I recall a company that started spamming me at a made-up address it had purchased. Its e-mail footer read, “You’re receiving this e-mail because our marketing plan calls for us to send blah blah blah.” And I thought, “Then fix your marketing plan. If you can’t be successful without spamming me you don’t deserve success.”

The term, B2B, is a distinction only in intent. In this case, the intent is that a mailing’s target audience is business people and the mailing is about their business role. But there is no clear separation between business and consumer addresses. This is particularly true for small and medium-sized businesses. Many businesses use consumer domains such as AOL, Hotmail, and Gmail. Many ISPs serve both home users and small businesses. Finally, many business people use the exact same address for business and personal e-mail. At the end of the day, I don’t see how a clear distinction could be made in law between illegal B2C spam and legal B2B permission-less solicitations. The U.K. anti-spam law attempts to make this distinction and has been criticized for it.

Bill McCloskey said no one wants to see the fraud and bombardment that occurred in e-mail pre-2003; I fully agree. However I have some news — the bombardment has not stopped. In fact it’s ongoing and increasing. CAN-SPAM has pushed spammers underground. The techniques they are now forced to use have made them easier to spot and hence easier to block. In addition filters have become better and better, resulting much less spam in our inboxes.

Though that sounds great, I see more and more B2B spam in my inbox. This is quasi-legitimate, unsolicited, and typically poorly targeted, spam. Companies are thriving in the gray area; CAN-SPAM permits them to exist due to its lack of requirement for permission.

Some outfits spam on behalf of other companies. They often use shell companies and techniques such as snowshoeing to hide their operations. They maintain their Internet connectivity by staying just inside the letter of the CAN-SPAM Act and spreading their operations to tread lightly (hence the term showshoeing) so as not to show up on blocklists. When one domain or company is exposed, it’s shut down and switched to another.

Others are supposedly legitimate companies that are making money by harvesting e-mail addresses from Web sites and even making up addresses based on likely naming conventions. They then buy and sell these “leads” to unsuspecting businesses. I receive a constant flow of e-mail from an infoUSA subsidiary to an address harvested from our company Web site in 2008. They’re trying to sell me e-mail addresses of other businesses.

The final group consists of naive companies that have bought such addresses without ever understanding the dubious circumstances under which those addresses were collected, or in some cases, made up.

Bill lumped cold calling and unsolicited e-mailing together. However unsolicited bulk e-mail is not like individual cold calling where the caller pays and the rate of calls is limited by the number of sales people. Rather unsolicited e-mail pushes costs onto recipients and can be done en masse resulting in the bombardment we all want to avoid. This bombardment undermines e-mail’s value. We see this happening with B2C and B2B social networking systems such as Facebook and LinkedIn implementing in-network e-mail and users adopting it.

Arguing that B2B spam is special and should be permitted is short sighted and liable to poison the well for the future. The lack of a requirement for express consent in CAN-SPAM is allowing these shady organizations to continue with shady practices. I just wish that the United States had understood this in the way the Canadians (albeit, with several more years experience) apparently do.

Until next time,


Related reading

Flat business devices communication with cloud services isolated on the light blue background.
Vector illustration with a magnifying glass focusing on a pie chart, a graph line trending upwards, and other metrics symbols.