Loopholes Closed by FTC in CAN-SPAM Act Rules

The U.S. FTC has updated its regulations regarding the CAN-SPAM Act (PDF) to require:

(1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender;

(2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements;

(3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and

(4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

— FTC Approves New Rule Provision Under The CAN-SPAM Act, Press Release, FTC, May 12, 2008

These changes appear to tighten up what is required of marketers; they have to say who they are and they can't weasel out by claiming a corporation is not a person.

However, it's not clear to me why it's opt-out that's required; why not opt-in? I never trust a spammer to process an opt-out; I assume they're just collecting more addresses. Plus the spammer still has ten days to process opt-out requests.

-jsq

Outsourced Blog Spam

After outsourcing call centers, rote financial work, and programming, why not comment spam? This reporter's blog comment filter was working, yet:

...so far it's stopped 10,000 spams while allowing 377 human comments. So why had this got through? The electronic trail explained: the "captcha" (Completely Automated Public Turing test to tell Computers and Humans Apart) had been filled in.

The captcha is the junk filter's last resort. Because it's easy and cheap to program machines to post any sort of junk on blogs, a captcha (which puts numbers or letters in an image, which a machine in theory can't read) shows whether you've got a real live person giving their thoughts, or just a dumb machine trying to up some spammer's search-engine ranking.

If the captcha was filled in, it must have been done by a person; if it had been done by a machine, the spammers would have cracked the problem of solving captchas and would be busily spamming every blog they could find.

The price of humans who'll spam blogs is falling to zero, Charles Arthur, The Guardian Thursday November 23, 2006

Who dunnit?