It's a definition problem. The 2003 CAN-SPAM Act is aptly named, because it defines as "not-spam" most of the spam corporations want to send.
Here it is, direct from the FTC's own Web site:
Here's a rundown of the law's main provisions:
- It bans false or misleading header information. Your email's "From," "To," and routing information – including the originating domain name and email address – must be accurate and identify the person who initiated the email.
- It prohibits deceptive subject lines. The subject line cannot mislead the recipient about the contents or subject matter of the message.
- It requires that your email give recipients an opt-out method. You must provide a return email address or another Internet-based response mechanism that allows a recipient to ask you not to send future email messages to that email address, and you must honor the requests. You may create a "menu" of choices to allow a recipient to opt out of certain types of messages, but you must include the option to end any commercial messages from the sender.
Here in the real world we know that if you try to "opt-out" of real spam you are, in fact, "opting-in" to everyone's. This reality is deliberately ignored in the law. It's perfectly legal under CAN-SPAM for a corporation to send mass e-mails, so long as it follows these rules. The same provision ignores the problem of "spoofing," in which crooks pretend to be real companies in order to steal your money or identity. We're supposed to "trust" the "real" companies that have "valid" opt-outs -- why?
It is against this backdrop that we have the AOL Goodmail controversy. Many who have looked at the program, including Esther Dyson, whom I consider the "godmother" of the early commercial Internet, have said it is perfectly fine. When I expressed skepticism over Goodmail on the Dave Farber list recently, she wrote me:
Goodmail is completely dependent on an opt-in model, and has its own auditing system to ensure that its sender-customers behave.
On what are you basing your assertions?
The short answer, Ms. Dyson, is U.S. law.
Goodmail and AOL insist that they are not trying to charge people for e-mail. What they are trying to do is guarantee that valid corporate e-mails, sent in bloc, like (say) stock trade confirmations, get through. They charge senders to whitelist this traffic, and everything else will go through.
But we have been trained, as an Internet Culture, to distrust this. As sure as God made little green apples, CAN-SPAM legal spam from Goodmail clients is going to be coming into our inboxes, with clients paying to guarantee delivery. At the same time, we're certain, small opt-in newsletters like A-Clue.Com will be "accidentally" blocked.
There is just no reason to assume trust when by definition and practice you have proven yourself untrustworthy. This is true for corporations, and for all of us.
Oh, what would be a real solution? Demand opt-in audits of every list larger than a certain threshold.