Virginia's spam uncured

On April 29, 2003, with great fanfare, Virginia Gov. Mark Warner signed into law what he called the "toughest-in-the-nation-anti-spam bill." Unfortunately, the reality of this law does not even approach the hype.

Despite the hoopla, the new law merely increases the potential penalties for violating a preexisting and seriously flawed Virginia law. The original 1999 statute made it a crime to transmit unsolicited bulk e-mail over a computer system in contravention to the system owner's terms of use. Typically, these terms, and other generally applicable laws, already prohibited the transmission of false or misleading messages, irrespective of any anti-spam statute.

As I noted in a June 1999 column, the Virginia statute did not extend the pre- existing law allowing owners of computer systems to set and enforce rules for their use in any appreciable way, and it would do nothing to curtail spam. Four years later, Virginia lawmakers acknowledged those facts and tried again. However, the supposed fix merely changes the potential penalties without addressing the substantive issues. This is no fix at all.

The central problem of unsolicited bulk e-mail is the overwhelming volume. Undoubtedly, many spam messages are deceptive, but very few users are taken in by these petty frauds. However, we are all affected by the huge volume of unsolicited e-mail messages, which are unwelcome regardless of their accuracy.

Coincidentally, the day after Warner signed the new law, the Federal Trade Commission released a report analyzing the incidence of possible false claims in typical spam messages. According to the report, the FTC found that up to 40 percent of spam includes one or more "hallmarks of falsity," a concept that is broadly defined. They include such things as "from" lines that are blank or otherwise altered or disguised, subject lines that are blank or suggest relationships or content that may be inaccurate, and message text that could mislead the reader.

Clearly, a statute such as Virginia's that focuses on deceptiveness is going to miss the majority of unsolicited commercial e-mail and will have a negligible impact on the most disruptive aspect of spam today — its sheer volume.

I receive more than 150 spam e-mail messages a day on my home computer in Northern Virginia. Even if the Virginia statute worked perfectly and every e-mail with "hallmarks of falsity" as described by the FTC suddenly disappeared, I still would receive nearly 80 spam e-mail messages every day. That might be progress in some theoretical sense of the word, but practically speaking it would not have much of an impact. It looks like the spammers won again in Virginia.

Until the state gets its act together, I'll continue to rely on the commercial spam filtering tools that I have been using to segregate the junk from the legitimate messages. In my experience, the best by far is Network Associates Inc.'s McAfee SpamKiller. I'd recommend it to anyone — even Virginia's governor.

Peckinpaugh is senior counsel for Computer Sciences Corp. in Reston, Va. This column represents his personal views.


  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected