Virginia's spam uncured

On April 29, 2003, with great fanfare, Virginia Gov. Mark Warner signed into law what he called the "toughest-in-the-nation-anti-spam bill." Unfortunately, the reality of this law does not even approach the hype.

Despite the hoopla, the new law merely increases the potential penalties for violating a preexisting and seriously flawed Virginia law. The original 1999 statute made it a crime to transmit unsolicited bulk e-mail over a computer system in contravention to the system owner's terms of use. Typically, these terms, and other generally applicable laws, already prohibited the transmission of false or misleading messages, irrespective of any anti-spam statute.

As I noted in a June 1999 column, the Virginia statute did not extend the pre- existing law allowing owners of computer systems to set and enforce rules for their use in any appreciable way, and it would do nothing to curtail spam. Four years later, Virginia lawmakers acknowledged those facts and tried again. However, the supposed fix merely changes the potential penalties without addressing the substantive issues. This is no fix at all.

The central problem of unsolicited bulk e-mail is the overwhelming volume. Undoubtedly, many spam messages are deceptive, but very few users are taken in by these petty frauds. However, we are all affected by the huge volume of unsolicited e-mail messages, which are unwelcome regardless of their accuracy.

Coincidentally, the day after Warner signed the new law, the Federal Trade Commission released a report analyzing the incidence of possible false claims in typical spam messages. According to the report, the FTC found that up to 40 percent of spam includes one or more "hallmarks of falsity," a concept that is broadly defined. They include such things as "from" lines that are blank or otherwise altered or disguised, subject lines that are blank or suggest relationships or content that may be inaccurate, and message text that could mislead the reader.

Clearly, a statute such as Virginia's that focuses on deceptiveness is going to miss the majority of unsolicited commercial e-mail and will have a negligible impact on the most disruptive aspect of spam today — its sheer volume.

I receive more than 150 spam e-mail messages a day on my home computer in Northern Virginia. Even if the Virginia statute worked perfectly and every e-mail with "hallmarks of falsity" as described by the FTC suddenly disappeared, I still would receive nearly 80 spam e-mail messages every day. That might be progress in some theoretical sense of the word, but practically speaking it would not have much of an impact. It looks like the spammers won again in Virginia.

Until the state gets its act together, I'll continue to rely on the commercial spam filtering tools that I have been using to segregate the junk from the legitimate messages. In my experience, the best by far is Network Associates Inc.'s McAfee SpamKiller. I'd recommend it to anyone — even Virginia's governor.

Peckinpaugh is senior counsel for Computer Sciences Corp. in Reston, Va. This column represents his personal views.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.