Will it soon be illegal to send unsolicited email unless recipients have given express consent?

Are you getting enough spam yet? After the long holiday weekend, I checked the email in just one of my mail accounts, and the server reported 76 messages waiting to be delivered. In fact, 38 of them were unsolicited junk mail advertising all kinds of things I don't need, such as an as-seen-on-TV cure for snoring. I don't get nearly as much junk mail in my postal mailbox as I do in my electronic mail boxes, yet I've never opted into anyone's electronic advertising campaigns.

All online advertisers should include a link or email address that we can use to remove our names from their distribution lists (DLs). However, spam sources often use such contact points not to remove names from lists but to verify that a particular email address is valid—which only increases the amount of junk mail I receive.

A few years ago, in a television commentary, Andy Rooney joked that he accumulates piles of his postal junk mail, then ships it all back to the sender with a note that says, "Please throw this away for me." The idea struck me as hilarious, and it might be effective, but I doubt it would work with electronic junk mail.

We can use spam filters to eliminate unwanted email traffic, but keeping the filters effective isn't simple. The task becomes expensive over the long run through filtering software costs and the security-related maintenance hours required. But some relief might be in sight. Recently, the Senate Commerce Committee passed Bill S.630, which, if it becomes law, would make it illegal to send unsolicited email unless recipients have given express consent to receive such communications. In a nutshell, the new law would eliminate "opt out" in favor of "opt in" policies. The proposed law would also let those who receive unsolicited communications file class-action and independent lawsuits against offenders to collect monetary damages. You can read about the bill in the related news story, "Spammers Beware: New Law Seeks Criminal Enforcement".

On another security-related subject—do you have trouble hiring and keeping security professionals in your company? A recent article in CIO Magazine, "How to Staff Up for Security", notes that employers have trouble filling available positions because of a lack of skilled and experienced workers in the field: On average, employers fill 1 in 13 available positions.

The article lists several ways to attract, hire, and keep quality security people on your staff, including

  • knowing your needs and matching them to a candidate
  • using specialized headhunters and employment agencies
  • making cutting-edge technology available to your security staff
  • offering incentives such as yearly training and conference attendance
  • considering training inhouse staff for security positions
  • paying them well

You probably already know that security professionals don't come cheap. The article states that salaries in the field can range from $60,000 up to $180,000 per year, depending on several factors, including level of responsibility. Be sure to read the article.