1998: The First Attempts to Outlaw Spam in America
By 1998, the average American internet user’s inbox had become a landfill. Unsolicited emails advertising everything from miracle weight-loss pills to get-rich-quick schemes to pornography flooded in by the dozens, then hundreds, per day. The internet was barely mainstream — AOL had only hit 10 million subscribers the year before — and already the email system was choking on garbage. Something had to be done. The question was what, and by whom.
The States Move First
Washington state fired the first shot. In March 1998, Governor Gary Locke signed a law making it illegal to send unsolicited commercial email with misleading subject lines, false headers, or deceptive routing information to Washington residents or through Washington-based internet service providers. Violators faced fines of up to $500 per message, with a $25,000 cap per day.
The law wasn’t perfect — it was narrowly tailored to misleading spam rather than all unsolicited email — but it was a start. California followed with its own law later that year, as did several other states. By the end of 1998, a patchwork of state anti-spam statutes was forming across the country.
The problem was immediately obvious. Email doesn’t respect state lines. A spammer in Florida sending messages through a server in Texas to recipients in California, Washington, and New York was simultaneously subject to zero, one, or multiple state laws depending on how you read the jurisdictions. For legitimate businesses trying to use email marketing, the compliance nightmare was already beginning.
Congress Takes a Swing
Senator Robert Torricelli of New Jersey introduced one of the first federal anti-spam bills in 1998, and he wasn’t alone. Representatives Chris Smith and Frank LoBiondo, also from New Jersey (apparently the Garden State had a particular hatred of spam), introduced companion legislation in the House. The bills proposed creating a federal “do not email” list — modeled on the “do not call” registry concept — that would allow consumers to opt out of commercial email entirely.
The concept was elegant in theory and absurd in practice. Managing a national list of email addresses that spammers would be required to honor assumed that spammers — many of whom were already breaking fraud laws — would voluntarily comply with yet another regulation. Critics pointed out that a “do not email” list would essentially become a verified database of active email addresses, a spammer’s dream.
The bill died in committee. But it started a legislative process that would grind on for five more years.
The Industry Fights Back (Sort Of)
The Direct Marketing Association (DMA), the trade group representing legitimate marketers, found itself in an awkward position. Its members were getting tarred with the same brush as Nigerian prince scammers and pill pushers. The DMA opposed most legislative proposals, arguing that industry self-regulation was sufficient. They promoted their own “Email Preference Service” — a voluntary opt-out list that member companies agreed to honor.
The problem was that the vast majority of spam wasn’t coming from DMA members. It was coming from fly-by-night operators using hijacked servers, fake identities, and throwaway domains. Self-regulation was like asking law-abiding citizens to stop crime by being extra well-behaved.
Meanwhile, ISPs were drowning. By 1998, AOL estimated that spam accounted for nearly 30% of all email traffic on its network. The company employed a full-time anti-spam team and spent millions on filtering technology. CompuServe, EarthLink, and other providers faced similar burdens. Some began filing their own lawsuits against spammers under existing fraud and trespass laws, with mixed results.
The Legal Tangles
One of the most significant early anti-spam cases came from CompuServe, which had actually sued a bulk emailer named Cyber Promotions back in 1997. The court ruled that sending unsolicited email through CompuServe’s servers constituted trespass to chattels — essentially, the spammer was using CompuServe’s property without permission. The ruling was a creative application of a centuries-old property law to a brand-new technology.
But court victories were whack-a-mole. For every spammer that got sued, ten more popped up. The economics were simply too favorable. Sending a million emails cost virtually nothing. Even if only 0.001% of recipients bought something, the spammer turned a profit. And if a court in Virginia issued a judgment, the spammer could simply relocate operations to a server overseas.
The Long Road to CAN-SPAM
Between 1998 and 2003, Congress introduced more than two dozen anti-spam bills. They carried names like the “Unsolicited Commercial Electronic Mail Act,” the “Inbox Privacy Act,” and the “Anti-Spamming Act.” Most died in committee. The ones that advanced got tangled in debates over opt-in versus opt-out requirements, First Amendment concerns about commercial speech, and lobbying from businesses that feared any regulation of email marketing would hurt legitimate commerce.
The standoff wouldn’t break until December 2003, when the CAN-SPAM Act finally passed. By then, spam accounted for an estimated 45% of all email traffic worldwide. The law that eventually passed was weaker than what consumer advocates had wanted — it created an opt-out framework rather than the opt-in standard that the EU had adopted — but it established the first uniform federal rules for commercial email.
The early anti-spam efforts of 1998 were messy, contradictory, and largely ineffective. But they established a principle that would endure: unsolicited commercial email was a problem that society was willing to use the force of law to address. The specific laws would evolve, but the conversation that started in state legislatures and congressional committees in 1998 continues to shape email regulation around the world today.
Wondering if your email copy might trigger spam filters that evolved from these early battles? Run it through our Spam Word Checker to catch problematic language before you hit send.
Infographic
Share this visual summary. Right-click to save.
Related Events
Frequently Asked Questions
What was the first anti-spam law in the United States?
Washington state passed the first state-level anti-spam law in 1998, making it illegal to send unsolicited commercial email with misleading subject lines or forged headers. Several other states followed with their own laws that same year.
Why did early anti-spam laws fail to stop spam?
Early state-level anti-spam laws failed because email crosses state and national borders instantly. Spammers could operate from states without anti-spam laws, or from other countries entirely. The patchwork of different state laws also created confusion about which rules applied to which emails.
What happened before the CAN-SPAM Act of 2003?
Before CAN-SPAM, over 30 states passed their own anti-spam legislation with varying rules. Congress introduced multiple federal anti-spam bills starting in 1998, but none passed until CAN-SPAM was signed into law in December 2003.