If it is inevitable that email is going to be micromanaged by government, we must push for the most reasonable regulation possible. In this case, that means pushing for the federal law which, while no panacea, puts much less burden on the innocent web site operators and is preferable to laws such as California’s SB-186 and the copycat laws that will follow.
Why is the California law so scary? There are many reasons. California is ripe with opportunistic trial lawyers who make their careers extracting money from legitimate concerns. Just as we know the hard core spammers will be unfazed, we know that we, the honest ones, will be the ones’ who foot the bill.
California's definition of spam is vague and arbitrary. In California’s law, there is no threshold. A single unrequested email sent to a single recipient meets California's definition of spam and the new law gives the recipient the right to sue the sender for $1,000 per incident.
This is something we need to be concerned with because our PostNuke sites are full of traps.
If someone visits your website and sends an email to their friend via the Recommend Us module or decides to send this story to a friend, you’d be liable for $1,000 each email because it’s coming from your server and you have no permission from the recipient!
If you’re subscribing users to newsletters, chances are tens, if not thousands of your newsletters will meet the definition of spam under SB-186. If you send out a weekly newsletter to 1,000 people who you can’t prove specifically requested each and every newsletter, you could be liable for each incident which, in this case, would add up to a sobering $52 million per year!
If you notify users when someone responds to a forum, you might be liable. If one of your users uses someone’s real email address for their fake address you might be liable for spam received by the owner. Same goes for those innocent Registration and Lost Password transactions, which send email without verifying who is actually requesting the email?
So how can we you protect ourselves? If California's law and the expected copycat laws aren’t preempted, we can’t. It doesn’t matter that you’ve never been to California because SB-186 not only covers all email sent to California residents, but also email accessed from California computers or billed to a California address. That could include anyone and, even if you could go through all your users and pick out the accounts that appear to have a California nexus, you only have to miss one to feel the hurt.
Regardless of your integrity, that one user with the hotmail account you missed could cost you thousands, if not tens of thousands, of dollars! So please get involved. Review the alternatives and I’m sure you will want to join me in (holding our noses and) urging President Bush to sign the federal CAN-SPAM act.