Virginia's spam uncured

On April 29, 2003, with great fanfare, Virginia Gov. Mark Warner signed into law what he called the "toughest-in-the-nation-anti-spam bill." Unfortunately, the reality of this law does not even approach the hype.

Despite the hoopla, the new law merely increases the potential penalties for violating a preexisting and seriously flawed Virginia law. The original 1999 statute made it a crime to transmit unsolicited bulk e-mail over a computer system in contravention to the system owner's terms of use. Typically, these terms, and other generally applicable laws, already prohibited the transmission of false or misleading messages, irrespective of any anti-spam statute.

As I noted in a June 1999 column, the Virginia statute did not extend the pre- existing law allowing owners of computer systems to set and enforce rules for their use in any appreciable way, and it would do nothing to curtail spam. Four years later, Virginia lawmakers acknowledged those facts and tried again. However, the supposed fix merely changes the potential penalties without addressing the substantive issues. This is no fix at all.

The central problem of unsolicited bulk e-mail is the overwhelming volume. Undoubtedly, many spam messages are deceptive, but very few users are taken in by these petty frauds. However, we are all affected by the huge volume of unsolicited e-mail messages, which are unwelcome regardless of their accuracy.

Coincidentally, the day after Warner signed the new law, the Federal Trade Commission released a report analyzing the incidence of possible false claims in typical spam messages. According to the report, the FTC found that up to 40 percent of spam includes one or more "hallmarks of falsity," a concept that is broadly defined. They include such things as "from" lines that are blank or otherwise altered or disguised, subject lines that are blank or suggest relationships or content that may be inaccurate, and message text that could mislead the reader.

Clearly, a statute such as Virginia's that focuses on deceptiveness is going to miss the majority of unsolicited commercial e-mail and will have a negligible impact on the most disruptive aspect of spam today — its sheer volume.

I receive more than 150 spam e-mail messages a day on my home computer in Northern Virginia. Even if the Virginia statute worked perfectly and every e-mail with "hallmarks of falsity" as described by the FTC suddenly disappeared, I still would receive nearly 80 spam e-mail messages every day. That might be progress in some theoretical sense of the word, but practically speaking it would not have much of an impact. It looks like the spammers won again in Virginia.

Until the state gets its act together, I'll continue to rely on the commercial spam filtering tools that I have been using to segregate the junk from the legitimate messages. In my experience, the best by far is Network Associates Inc.'s McAfee SpamKiller. I'd recommend it to anyone — even Virginia's governor.

Peckinpaugh is senior counsel for Computer Sciences Corp. in Reston, Va. This column represents his personal views.


  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected