May 1, 2003  ·  Lessig

Congresswoman Zoe Lofgren today introduced her REDUCE Spam Act. That Act is in part based upon the idea that I have bet my job on. This has led some friends to write that they hope the law is not passed — some because they believe it won’t work, some because they don’t like this or any regulation. To the first group, I appreciate the concern, but remain unworried. To the second, I understand the concerns, but remain convinced.

The general idea of the statute is that spammers must label UCE, and if they don’t, then the law enables a bounty system to pay people who hunt down those who fail properly to label. I’ve been getting lots of questions about how this would work, and as many are similar, it would obviously help to post a FAQ. It would be great to get more questions beyond the first wave, and a FAQ would certainly help.

This final draft does have a nice modification that was suggested by a particularly skeptical friend. The label requirement initially is a simple ADV: in the subject line. There are obvious problems with mandated protocols, and so the modification requires either an ADV: or “an identification that complies with the standards adopted by the Internet Engineering Task Force for identification of unsolicited commercial electronic mail messages.” This is a nice modification that both creates an incentive for the development of other protocols, but vests that process within a body that so far has resisted capture. I was originally worried that any industry standards group would be open to capture. But I have lots of confidence that the IETF will be able to suss out spammers.

The key to this idea is, as Congresswoman Lofgren puts it, that the Act would enlist a bunch of 18 year olds in the battle against non-complying spammers. “Between the 18 year olds and the spamsters,” as she puts it, “I’ll bet on the 18 year olds.”

Me too.

  • Jon Wynacht

    Is SPAM really that much of a problem for folks? Or did they start selling keyboards without the “Delete” key?

  • Xavier Shirin

    It is a problem when you check your email and you see almost 100 pieces of spam. This does happen regularly. I have had a few accounts where it became a very big problem. This will just make it easier to separate the wheat from the chaff.

  • doogieh

    this will have two good effects, and one bad one.

    first, there is the direct good effect of the threat of recovery for “stupid spammers” who can be caught based on headers.

    then, there is the indirect effect that should reduce spam over time since everyone will autodelete any e-mail with “ADV” or “UCE” and hence reduce its effectiveness.

    but there is a real chilling effect on otherwise protected commercial speech. if i’m not a spammer but, say, a salesman for a specialized industry such as chip manufacturing, and I get a new lead as to a potential buyer, is my unsolicited e-mail to the lead (not spam in the traditional sense as it is a legitimate and long-standing business practice in many industries) now illegal if I don’t put in the UCE or ADV tag?

    The biggest open question is mixed e-mails. What if the e-mail has both commercial AND non-commercial content, say an advocacy piece sponsored by Greenpiece with a link at the bottom requesting you contribute to the charity? An excerpt from a New York Times with a link to subscribe to the New York Times? Where do you draw the line?

    Its a good idea, but there are quite a few hypotheticals like these hiding at the margins, as is always the case when you try to regulate speech.

  • Zack Weinberg

    I don’t understand why this is better than an extension of the existing federal junk-fax law to apply to electronic mail. That law makes all unsolicited commercial faxes illegal, labeled or not, and gives recipients a private right of action against the senders (which is similar to your bounty proposal, although the numbers are smaller). It has no loopholes. Under your plan, I expect that email spammers will simply stick ADV: in their subject lines and carry on. Sure, this is trivially filtered out, but (a) not everyone has the ability to filter, and (b) the recipient still has to pay for the bandwidth, CPU time, and disk space consumed by accepting and discarding the message.

  • Jay Solo


    On spam, I get as few as 20 spam e-mails on a light day, and perhaps as many as 100. Much of it on account of being a domain holder of record. Kinda obvious when you setup an e-mail account domains@ your domain, and half the spam comes to that address. But I digress. It requires time and attention, even to delete them or block them, because I have to pay attention and not rid myself of wanted mail.

    It’s a conundrum, how to do this so it doesn’t preclude e-mail you actually want. I suppose you could call that SBE; Solicited Bulk E-mail. Heh. If my sales rep from the computer parts place sends me something with ADV: in it, and I block all ADV: mail, then I’d better be able to make exceptions easily. And that means even then the existence of spam costs time and attention.

    On the topic of fax spams, argh! Illegal or not, it still happens. I get at least a fax per day, that being the prime wear on the fax machine and use of paper. In effect, an entire toner cartridge was used for a few pages of legitimate faxes. A $31 cost, for a few pages, sucked dry by junk prematurely.

    I posted the fax number on my web site and it was harvested far faster than spammers harvest e-mail addresses. The first fax came within 24 hours of the number being public. That fast, whoever gathers the numbers had scanned the site and started the process. That level of efficiency would be admirable if not for such a diabolical application.

  • Bruce Moldovan

    I didn’t even get to page 2 of the proposed act before I saw the two things all new laws seem to require: A “to protect the children” clause/mission statement and an acronym-based name. I’m most certainly for the act getting passed, but I really do miss ye olde days when statutes didn’t have to expressly serve to “protect the children” and didn’t have to have idiotic names.

  • Brian W. Carver

    I have three problems with the Bill, discussed in greater detail on my Blog. Basically, how do we collect from overseas spammers, since when is vigilante justice a good thing, and don’t go giving such good ideas to the RIAA. We’ll see this next as a means to stop file-sharers, and while millions of people hate spammers, millions of people ARE file-sharers. Uh-oh.

  • whirlycott

    Some questions:

    Subject line requirements: how is one supposed to know if an email address is “within the United States”?

    I’m wondering if, under this law, it should be illegal to initiate from within the United States to anywhere or to initiate from within the United States to within the United States? How is it possible to know whether an address is owned by a person within the United States? Am I interpreting this too narrowly, but if I am a US citizen living abroad (or in the military serving abroad), does this law no longer apply?

    Is it worthwhile modifying sec 4.a.1.B to add an “X-UCE-status: true” (or similar) requirement? I think this would serve a few purposes:

    * It would serve as a template for other countries that don’t use English as a language (not sure if this is commonly done or not)

    * it wasn’t clear to me whether in sec 4.a if the Subject: header was required or if this section applied only if it was included in the mail message.

  • Bruce Moldovan

    As for spammers outside of the US, we can issue letters of marque and reprisal (despite treaties to the contrary).

  • sama

    I think that the spirit of the act is right. But there’s a practical hitch. Spammers are pretty good at hiding their tracks. But the spam itself almost invariably contains information designed to connect you to a “legitimate” business. In other words, if the spammer wants your money, he must provide a legitimate means by which you can contact him so you can give him your money. The bounty should cover this person too, not just the person sending the spam. After all, this is the person who paid to have the spam sent out, and this is the person ostensibly generating business out of the spam. And he’s much easier to track down. Fine him, stop him, and you’ll have stopped spam.

  • Martin

    This proposal only allows you do filter and dump the crap AFTER it has been through the mail server. Spam from foreign countries will be unenforceable.
    It basically means that anyone can Spam legally as long as the ADV: is there.
    Great….1 billion Spams an hour clogging up everyone’s mail servers, the internet backbones, just to be deleted by peoples personal mail filter.

    What a joke !!!

  • Anonymous