Eye on Spam, Part 2: Go Ahead, Sue Me

Read Part One of this article

As the rising tide of spam threatens to swamp email recipients and drown out the messages of legitimate marketers, some are hoping that the government — in the form of Congress and the Federal Trade Commission — will take meaningful action. In the second part of this series on the state of the spam problem, we look at what legislative and judicial action is currently being taken.

So far, existing laws have proven to be helpful in some cases. As most marketers are by now aware, a number of spammers have been successfully defeated in court by ISPs and even by solo recipients of unsolicited email.

A number of early examples involved Cyber Promotions, a major bulk emailer of the mid-’90s. Cyber Promotions filed suit against AOL in 1996, after AOL received complaints of spam and blocked its messages. The spammer sued the ISP, arguing that it had a first amendment right to send junk email and that AOL was in violation of the constitution. The court ruled in AOL’s favor in two separate decisions. Shortly thereafter, CompuServe filed an injunction against Cyber Promotions and won.

“In 1996 and 1997, the most important were the suits by AOL and CompuServe against Cyber Promotions,” said Junkbusters executive director Jason Catlett. “They established that there’s no first amendment right to spam and that ISPs could take actions on behalf of their customers’ privacy.”

Since then, AOL has filed a huge number of injunctions against spammers, and other ISPs have followed its lead. It’s hard to know how many, because ISPs rarely publicize the information and because many complaints are now settled out of court. However, these lawsuits and settlements have done little to curb the flow of spam, mainly because it’s so easy for a chastised spammer to turn around and spam again.

“The real problem is that it’s trivially easy to create a new identity, send millions of spams, then disappear,” according to professor David Sorkin of the John Marshall Law School. Sorkin believes that a simply worded federal law making it illegal to send unsolicted bulk email would help. Problem is, no such law exists.

State Laws: 19; Federal Laws: Zero

Laws with implications for spam have been passed in almost half of the United States, and have accounted for the most dramatic court actions taken against spammers so far in the U.S. In Washington state, Bennett Hasselton was handed four well-publicized victories in small claims court last December.

Hasselton, who heads Web advocacy nonprofit Peacefire.org, is in the process of assembling a guide to suing spammers under Washington law.

“I’m hoping that if enough Washingtonians file lawsuits against spammers, it will become too risky and expensive for people to spam,” Hasselton said. “And the amount of spam received by everybody will go down.”

Hasselton is now organizing a class action suit, naming one defendant and 50 plaintiffs. The strategy, if it works, is to seek higher damages for a larger base of spam recipients and thereby increase the deterrent for would-be bulk emailers.


While there are no national laws in the U.S. regulating unsolicited email, several bills are pending before the House. H.R.718, identical to two previous bills, would require unsolicited commercial email to be labeled, to include opt-out instructions, and to use accurate header information.

But many Web activists say the laws so far under consideration are too weak. Anne Mitchell, director of legal and public affairs for Mail Abuse Prevention System (MAPS), would rather see an absolute legal standard — specifically, universal opt-in with verification, which she refers to as “confirmed opt-in.” The FTC has so far implicitly supported the “opt-out” standard, a premise she rejects.

“Any scheme which gives an air of legitimacy to opt-out simply exacerbates the problem,” she says, pointing out the difficulty in proving which recipients have signed up and which have simply been crawled. “And that is assuming that the lists actually honor the unsubscribe requests, which many… do not.”

Standard or no, the issue is clearly becoming a priority to Congress, if the number of bills being introduced is any indication. But even more important than getting a federal bill passed is the issue of enforcement. How well equipped is the FTC to follow up on the thousands and millions of reports of illegal marketing activity that will follow passage of an anti-spam bill?

Regulatory Wrangling

The Federal Trade Commission, which has historically kept out of the spam battle, underwent a shuffle in its leadership in 2001. Timothy Muris was sworn in as chairman in June — replacing Robert Pitofsky, a chairman who had promised much and delivered little in the privacy wars. Additionally, December saw the appointment of commissioner Orson Swindle to a key security and privacy review post. Jointly, the two have announced a plan to crack down on those using fraudulent headers.

“I’m actually very impressed with what Muris and Swindle have been doing in the first months of their tenure,” said Junkbusters’ Catlett. “The FTC has been mumbling aloud since 1997 about their authority to prosecute spammers for fraudulent headers and data. Under Pitofsky, nothing was done, so it’s very welcome to see some action even five years later.”

But others lack Catlett’s faith in the FTC’s power to crack down on bulk emailers. According to MAPS’s Mitchell, the FTC lacks the resources to prosecute even a fraction of those who use fraudulent headers.

“The problem… is obvious,” according to Mitchell. “There is so much [spam with bogus header information”, and while the FTC can expend resources tracking down and prosecuting a few mailers, it will do little to nothing to stem the flow.”

Professor Sorkin sees the FTC as completely irrelevant to the spam debate. “The FTC is concerned with misrepresentation and deceptive practices,” he said. “That’s their mandate, but it’s not the spam problem. They just happen to come into contact with spam as they’re investigating fraud.”

But Catlett is not so quick to write off the commission’s role, which he admits to seeing as a primarily symbolic one. He imagines the agency prosecuting a limited number of high profile cases. The bulk of the problem, he says, could be solved with very specific laws about accurate header information and return addresses, combined with a private right of action for consumers and ISPs.

Catlett says, “I have said for years that a law giving individuals who are spammed the right to sue spammers is essential to keeping spam down to a tolerable level.”

Industry Stands Quietly By?

The nation’s top digital marketers, meanwhile, have already entered the complex legal debate surrounding spam. Many, such as the leadership of the Direct Marketing Association (DMA), are eagerly trying to save the reputation of ethical marketing online and if possible, to preempt the need for government regulation of the process.

As we have seen, however, efforts at self-regulation have thus far been fruitless. The bad actors, after all, aren’t members of organizations like the DMA. And while the DMA’s president and chief executive H. Robert Wientzen has come out strongly against legislation, there are indications that he may be at odds with his constituency.

“Hopefully there’s going to end up being some real federal legislation,” says Rodney Joffe, founder of Web hosting firm Genuity, president of CenterGate Research, and a DMA member.

Joffe is angry that Weintzen has consistently defended the right of marketers to send unsolicited email to Web users. He believes that the credibility of legitimate marketers has been seriously harmed by the lack of a federal spam law. And he believes that a large number of DMA members feel the same way.

“Basically, he’s tried to hold back the tide and protect that field for marketers,” Joffe said. “The problem is that he ends up representing the attitude of the little spammers all over America.”

“My membership fees, a good portion of them, go towards lobbying against legislation that I support,” he continued. “It’s an old-boys network.”

So what kind of law does Joffe want? “Some kind of opt-in,” he said. “There has to be a process that lets a Web user say, ’Hey, I want your information.’ It can’t be done by sending an email that says, ’Hey, do you want my email?’ In 1994, when the first spam occurred, we never even thought about issues of scale. Now we have to.”

It wasn’t possible for us to determine whether a majority of the DMA’s 5,000-plus members disagree with the organization’s public stance, but if Joffe’s claim turns out to be even partly correct — and the DMA’s lobbying efforts change as a result — then the chance that a federal law will pass in 2002 is that much greater.

Global Jurisdiction

If and when the U.S. passes laws aimed at stemming the flow of unsolicited email, there will remain the formidable challenge of blocking spam that originates beyond international borders. Unfortunately, this is probably an issue for the more distant future.

“What has to happen in the long term is for all countries to ban spam,” says Junkbusters’s Jason Catlett. “This will happen in the same way that international copyright treaties ban counterfeiting and copyright infringement.”

Until then, spam fighters will focus on trying to control the domestic situation. Catlett insists that the largest part of the problem can be tackled in that manner. “The vast majority of spam,” he said, “is still sent from the U.S. to the U.S.”

Related reading