Dear FTC,

I am employed by a large ISP (Internet Service Provider) in the Network Operations area, as such I deal with a large volume of the fall-out from Unsolicited Commercial Email.

I am familiar with free speech and fully support and understand the Supreme Court's decision regarding on-line free speech as being equivalent to 'every person owning a printing press.'

The Court's decision was powerful and empowering language. However the problem here is a 'time place manner' problem. Spam, or UCE, does not exist in a vaccuum. Internet provider resources, from disk space and especially bandwidth and RAM memory, are exhausted by both the spammer's efforts as well as complaints about that spam from outraged consumers.

This is because while "every desktop can be a printing press," not every desktop has the resources to deliver mail to millions of recipients. 

For that, the resources of the network have to be used.

It is these resources that unsolicited mail senders are currently stealing, by megabytes per day.

Spammers currently take advantage of the global and in some cases archaic nature of the original internet: by using open mail relay hosts (many located overseas in perhaps unsuspecting third-party machines) the spammer can 'relay' his mail back to the US, concealing his identity in the process.

What amounts to lying on the return address and company name, or committing what I believe would be mail fraud if it were done with paper mail, is the daily modus operandi of the commercial emailer today.

If spammers were required to

1) never forge an email header, i.e. the mail account that sent it be the one that also received complaints or replies, with no company name but their own listed;

 

2) never relay mail off a third party machine that did not have a contractual relationship to the original mailer;

 

3) always adhere to the policies of the dial-up plant they used to connect to the net;

 

4) all mail that is commercial needs to have a flag set that identifies itself.

Then I believe a majority of the current problem would be solved.

What is happening today is the resource of E-Mail is being taken to its' lowest common denominator by spammers, in a re-enactment of that historical phenomenon known as 'the tragedy of the commons.' When a commonly shared resource is left to completely unchecked market forces, the resource eventually becomes full of least-common denominator content. This has happened with Usenet News, and it is happening with E-Mail as well.

Blocking technologies as they currently exist are fairly useless because spammers hop around with faked domains and faked third party senders quite a lot. Often their web site (contained in the spam) is hosted off-shore, or else it's hosted by a company that is slow to enforce their policies against illegal sales sites. Or there are multiple web sites, with 'gateway' entrances, constantly being moved. For every technological solution an ISP or consumer can think up, the spammer can easily originate a new method of getting his spam out. What is needed is real law enforcement instead.

I believe that existing laws against fraud and illegal sales, pyramid schemes, etc, are sufficient if they are actually enforced. It is often the internet service provider that gets stuck with the hours and hours of tracking down of illegal spammers. The spammers know that usually they will escape because a lot of ISPs just don't have the person-hours to track down hundreds of spams a day. Occasionally one gets shut down -- he is soon back up and operating with a new mail-drop account, a new faked domain return address, and a new mail relay to bounce the mail off of.

In a republic it is the job of the government to establish and enforce existing laws.

Do not be deluded by the Internet Direct Marketing Association's pleas for things as "opt-out" and "opt in." These are code words for policies which, if enacted, would force the consumer to make the effort to get himself removed from the UCE mailer lists. Any single spam might be removed, but 100s more would still be (and currently are) generated as a result. The spammer knows that a 'live' email account replied, and thus the spammer sends still more mail to that person under new account names marketing new business schemes.

The commercial marketer steals the resource of the consumer's mailbox, for which they pay pennies on the dollar to use. They then send out thousands of mails per hour, taking up many third party resources in the process. This devalues both the resource of the consumer's mailbox as well as the resources of network providers (whose policies they are in violation of, but who have little more than to cancel one account until they pop right up again with a new account, and knowing full well they will not be taken to court in most cases due to lack of resources/time on the part of the ISP)

So to conclude this, I do not think more laws are needed, I do feel existing laws if properly and rigorously enforced, laws relating to mail fraud and consumer protection, would go far towards shutting down the current flood of unsolicited email. Internet providers cannot be expected to do much more than close down particular account names and provide contact information to law enforcement; forcing internet providers to do more (as the current set-up is, de facto) is in effect saying the government has no enforcement power and it's up to citizens to arm and defend themselves. This doesn't sound much like a Republican form of government to me.

David Dennis
Seattle Washington

CC: FTC.SMTP("dennisd@best.com")