|George W Bush is expected to sign the CAN-SPAM act on 1 January 2004|
The US Congress passed the CAN-SPAM Act on Monday 8 December, which is expected to be signed into law by President Bush and take effect on 1 January 2004.
While end-user frustration with spam is at an all time high, many members of the email community including Sophos, a world leader in protecting businesses against viruses and spam, believe that the legislation has the potential to create confusion and encourage even more companies to send unsolicited emails.
The bill, known as CAN-SPAM ("Controlling the Assault of Non-Solicited Pornography and Marketing") proposes an 'opt-out' standard rather than the more vigorous "opt-in" process proposed by anti-spam experts such as Sophos.
"There is no indication that the CAN-SPAM Act will actually reduce the number of unwanted messages received by email users, particularly given the difficulty of tracking spammers and thus enforcing the legislation," said Jesse Dougherty, director of anti-spam development at Sophos. "The 'opt-out' provision actually stands to increase the number of unwanted messages received by email users because it essentially permits senders to legitimately send unsolicited commercial email as long as they provide recipients with a way to "opt-out" of future correspondence."
Under the terms of the proposed law, certain forms of spam will be legal. The bill states that spammers may send as many "commercial electronic mail messages" as they wish - provided that the messages are obviously advertisements with a valid US postal address, and an unsubscribe link is present at the bottom. It would then be the responsibility of every individual to unsubscribe from any mailing list they did not wish to receive spam from, rather than only legalising email from mailing lists to which users have explicitly chosen to "opt-in".
Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.