Legend:  new window    outside link    tools page  glossary link   

Classic spam: Is CAN-SPAM spam not spam?

The bottom line: Spammers continue to claim compliance with CAN SPAM as a rationalization for their unsolicited mailings. However, as in this case, the perps are usually not in full compliance with CAN SPAM (typically due to header forgery). Even if they were sticking to the letter of the law, however, this doesn’t mean that they aren’t sending spam, or that I can’t report such behavior to the providers involved.

Since the CAN SPAM act was passed into law at the end of 2003, we’ve begun to see a lot of unsolicited mail that claims to be compliant with the provisions of this new law (and therefore not spam). Indeed, it’s a good idea to be compliant with this law, otherwise you could get convicted, pay a fine, and go to federal pokey for as much as five years.

One question that some of us may have, however, is whether we should consider these new “legal” messages to be spam, and report them accordingly. Must we put up with them just because they’re “legal” (if in fact they are legal)? I will give you my own answer to this later on, but for now let’s look at a typical example of such a post-CAN SPAM message:

First, here’s the header:

Return-Path: hidden
Received: from ip3.com (217.65.26.222) by sc011pub.verizon.net
     (MailPass SMTP server v1.1.1 - 121803235448JY)
     with SMTP id <3-5213-125-5213-246034-1-1080587142>
     for mta018.verizon.net; Mon, 29 Mar 2004 13:05:46 -0600
Return-Path: hidden
From: hidden
To: hidden
Subject: peacockt, just a small email list = BIG Residuals
X-Priority: 3
Content-Type: text/html
Message-Id: <20040329190544.WXIE1414.mta018.verizon.net@ip3.com>
Date: Mon, 29 Mar 2004 13:05:48 -0600

<< stupid business sales pitch snipped >>

Now, here’s the tail end of the mail, with the CAN SPAM disclaimer, doctored to reveal links, and taken from a browser window (for readability):

Note that the foot of this message gives the sender’s own gloss of the requirements of CAN SPAM, but it is not completely consistent with the actual text of the law. For example, it leaves out the provisions regarding header tampering, and claims that the message must include the actual name of the sender (I can’t find this literal requirement anywhere in the CAN SPAM law).

In fact, this footer appears to be a case of protesting too much: by insisting over and over that the message isn’t spam, the senders are really making you suspect that it is. You will note the Freudian question mark in the following: “This message is in compliance with the new CAN-SPAM Bill 2003?”

OK, so let’s get out our CAN SPAM checklist and look for ourselves.

CAN SPAM says that you are sending forbidden “predatory and abusive commercial e-mail” if you do any of the following:

Furthermore, CAN-SPAM requires all commercial electronic mail messages (or CEMMs, as it calls them), to have

Finally CAN-SPAM lists a number of technical violations that are of less interest to us at present (such as a prohibition on “dictionary attacks” and address harvesting). We have no way to know whether HDTI, or Vitesse (or whoever sent the mail) did any of these things, so we’ll just pass over this section of the law.

So, as far as I can tell, this message flunks the CAN-SPAM test (due to header falsification, and to possibly unauthorized use of a “protected computer” to send the spam), and may contain other violations of the law that I am unable to verify from where I sit. Also, why should this operator whine about being compliant with CAN-SPAM when he’s (apparently) in the UK and beyond the reach of U.S. federal law enforcement? So much for this guy — go ahead and file him under “spammer.” Just because a pig wears a sign around his neck saying "I’m not a pig" doesn’t mean that he isn’t one.

But what if this message were squeaky-clean insofar as CAN-SPAM is concerned? Does this mean we couldn’t do anything about it? Here’s the way I look at it:

So, there you have it: it all comes down to my rule #2. Rule #2 rules!



 home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   


(c) 2003-2007, Richard C. Conner ( )

01514 hits since

Updated: Sat, 18 Aug 2007