Kodak settled a CAN SPAM suit with the FTC. Their Ofoto unit, which lets people upload digital photos and buy prints, sent two million commercial messages that didn't comply with the very mild requirements of CAN SPAM. In particular, they didn't include a notice that it was an ad, didn't include opt-out info, and didn't include Kodak's postal address. They paid the FTC $26,000, the revenue they got from the two million illegal messages.

Kodak claims (not altogether inplausibly) that it was a technical screwup. But $26K for two million messages does seem like a rather low response rate, doesn't it?

Reuters reports that a UK appeals court ruled that an English 18-year old who sent five million spams to a company who had fired him had indeed broken the law. The judge said that "while a computer user might consent to being sent some e-mails, that consent did not extend to receiving a barrage of such messages."

This may seem obvious, but it wasn't to a lower court, which now has to reconsider the case and what penalty to assess.

http://news.yahoo.com/s/nm/20060511/wr_nm/crime_britain_spam_dc

The CAN SPAM act required that the Federal Trade Commission report back after a year, which they did, releasing the report almost as an afterthought with a press release about some international anti-spam enforcement at http://www.ftc.gov/opa/2005/12/buttonpushers.htm.

The goals of the CAN SPAM act were to make life better for large bulk mailers, and to make it somewhat easier to go after the crooks. (Note that stopping UBE or UCE isn't in that list.) It did both of those reasonably well, as the FTC documents. They then go on to say that one thing it didn't do was to give them the authority to work closely with other governments to deal with spammers active in multiple countries, and they suggest some legislation to do so. We think it's fine to give the FTC better international enforcement powers, but it's no substitute for an actual anti-spam law.

One of the CAUCE board members has further thoughts in his blog at http://weblog.johnlevine.com/Email/ftcreport.html.

Australia has an excellent anti-spam law, the Spam Act 2003. The Minister for Communications, Information Technology and the Arts, Senator Helen Coonan has called for public submissions as part of a review of the Spam Act 2003, to be completed by April 2006.

"The Australian Spam Act is internationally recognized as a leading legislative model to crack down on the scourge of spam that is overloading people's in-boxes and causing great frustration," Senator Coonan said. "Since the Act came into effect, many professional spammers that had been based in Australia have either shut up shop or left the country."

Australia's Spam Act applies to commercial electronic messages which include spam sent via email, SMS, Instant Messaging and Multimedia Messaging Service.

For more info, see http://www.dcita.gov.au/ie/spam_home/spam_act_review.

In late September, California enacted a new SB 97, a new version of the 2003 spam law that was overridden by CAN SPAM before it went into effect. Both spam bills and the phishing bills were introducted by Sen. Kevin Murray, one of a handful of state legislators with an interest in online commerce.

The new law basically reconstitutes what it can of the old law that isn't preempted. CAN SPAM says states can make fraudulent e-mail more illegal, so that's what it does. If a commercial e-mail advertisement uses a third party domain name without permission, or has forged header information, or a misleading subject line, it's illegal in California. More interestingly, any of the recipient, the recipient ISP, or the Attorney General can sue for $1000 per message, up to a million dollars per incident.