You Have 9,870 Unread Messages
Spam represents nearly half of all global email traffic, from obnoxious ads to dire warnings of impending account closures to absurd invitations to join the Illuminati (just ask our podcast producer). It is a constant, annoying part of online life, but does it have to be that way? Understanding the efforts to address spam in the early 2000s offers lessons for how we might regulate technologies such as artificial intelligence today.
On this episode, host Jason Lloyd is joined by Rebecca Coyne, who recently received her master’s degree in public policy from the University of Michigan. Coyne wrote about spam policy in the Spring 2026 issue, in an article titled “Spam Policy and the Myth of the Ungovernable Internet.”
Resources
- Read “Spam Policy and the Myth of the Ungovernable Internet” by Rebecca Coyne, from our Spring 2026 issue.
- Learn more about the early internet by reading “A Prehistory of Social Media” by Kevin Driscoll, and listen to his podcast episode.
- Check out Spam: A Shadow History of the Internet by Finn Burton for more on the history of spam, and read this article to learn about the vigilante hijinks during the “spam wars.”
- For more on AI regulation, read “The Mirage of AI Deregulation” by Alondra Nelson in Science and “Moratoriums and Federal Preemption of State Artificial Intelligence Laws Pose Serious Risks,” a report from the Center for American Progress.
Transcript
Jason Lloyd: Welcome to The Ongoing Transformation, a podcast from Issues in Science and Technology. Issues is a quarterly journal published by the National Academy of Sciences and Arizona State University.
Every morning, I spend a few minutes sifting through dozens of ads, donation appeals, job offers, warnings of impending account closures, and notices for packages I haven’t ordered and parking tickets from places I’ve never been. Spam is an annoying fact of online life, but it doesn’t have to be, and understanding the efforts to address spam in the early 2000s offers lessons for how we might regulate technologies such as artificial intelligence today.
I’m Jason Lloyd, managing editor of Issues. I’m joined by Rebecca Coyne, who recently received her master’s of public policy from the University of Michigan. In our spring 2026 issue, Rebecca wrote about spam in an article titled “Spam Policy and the Myth of the Ungovernable Internet.” Rebecca, thank you so much for joining us.
Rebecca Coyne: Thank you so much for having me.
Lloyd: So, I wanted to start with how you became interested in spam policy.
I first became interested in spam policy just because I was so annoyed by it.
Coyne: I first became interested in spam policy just because I was so annoyed by it. This is kind of embarrassing to admit, but I checked a personal email account today that I rarely use and it had 9,870 unread messages. Those are not important messages from my friends and family. They’re ads for Ozempic and car insurance and fundraising emails from politicians who don’t represent me and special offers and warnings that various accounts of mine have been hacked and all manner of nonsense that’s not particularly relevant to my life. And it’s not really just email, it’s everywhere I go online. So that made me wonder how things got to be this way in the first place. And then that made me wonder why we just kind of accept it and keep brushing spam off every day as if there’s nothing that can be done.
Lloyd: Yeah. So you mentioned a few different kinds of spam that you experience on a day-to-day basis, and I think most of us can relate to that, or all of us kind of internet users can certainly relate to that. So could you just talk a little bit about what spam is, what the definition of it is?
Coyne: Yeah. So as you mentioned, spam is a common experience and because it’s so everywhere. Most people kind of know it when they see it, but it’s a little bit trickier when you try to pin down an actual definition. The best description I’ve seen is from a book by Finn Brunton that came out in 2013 called Spam: A Shadow History of the Internet. So he says there are two things that make spam unique. First, spam is a violation of the salience of a space. So it kind of interrupts whatever it is you’re actually trying to do on the platform that you’re using. It’s not relevant to the purpose of the platform.
And second, spam violates norms of quantity. There’s just so much of it. So those are the two elements that I think make spam unique. And though it might feel trivial to deal with spam on a day-to-day basis, there are concrete harms. It kind of makes us jaded against material that we aren’t expecting or aren’t familiar with. We’re immediately suspicious. A lot of fraud disproportionately targets vulnerable people like older people and the aggregate waste of time and energy is pretty staggering. Just because spam costs so little to send, it’s about 160 billion emails per day, which it represents about 50% of all email traffic.
Lloyd: Okay. Yeah. It does feel like spam kind of grew up with the internet, like it’s sort of always been there. And I was wondering if you could talk a little bit about the earliest spam or major spam event from the 1990s.
Coyne: Yeah. So in 1994, there were two lawyers, Laurence Canter and Martha Siegel, who posted a message to over 5,500 discussion forums on the early internet. And the message had the headline “Green Card Lottery – Final One?” So the purpose of the message was to advertise their legal services where they would file green card lottery entries, of course, for a fee. Even in the simple example, you can identify some of the hallmarks of spam that we were just talking about. There’s fear tactics going on. There’s sort of distortion of a legitimate program. It targets vulnerable individuals and of course just the sheer volume of the messages that they sent.
So in the wake of this, users were so furious that they crashed the internet service provider’s mail servers multiple times with the volume of their complaints. Over the following days, they also made threats to Canter and Siegel and sent them fake magazine subscriptions. One person created a cancel bot with the sole purpose of finding and deleting their messages.
What struck me was just the level of collective outrage… And it’s so different from the kind of resigned feeling that we often have towards spam today.
So when I was reading about this, what struck me was just the level of collective outrage. People were just like, “How could they possibly have done this and violated the spaces that we rely on?” And it’s so different from the kind of resigned feeling that we often have towards spam today. We really expect it. We think it’s a legitimate feature of the spaces that we occupy online. It’s also important to note that the early internet was not like the internet of today. It was a public infrastructure of networked research computers. It was more decentralized and had more local character, but this all happened right before the Clinton administration privatized the internet in 1995. And with that privatization, the ban on commercial activity that had previously been in place was lifted. So the green card lottery spam event really represents this changing of an era on the internet. It was kind of a glimpse into the types of commercial spam that this new privatized structure would really unleash.
Lloyd: Yeah. And so you touched on this a little bit, but the response, I mean, clearly there was outrage from the users. For early internet users who experienced this, maybe not the green card lottery, but any kind of spam that they might’ve come across, what were some of the ways that users tended to deal with this type of messaging or these types of advertising or spam emails?
Coyne: Yeah. So a lot of people, as I was saying, reacted in anger. So there was a lot of spamming the spammers, vigilante justice efforts. So that could involve harassment, ostracism, kicking people off the platforms, other kinds of ad hoc social sanctions. Other people had more of a technological approach. They built software to try to block spam. And we see the legacy of that approach pretty much surviving today in the prominence of spam filters and the idea that spam filters are the dominant way that we should be dealing with spam as a problem.
But at the same time, some groups of users organized to create broader structural changes, either developing community standards for dealing with spam within their platforms or advocating for external government regulation. So the main issues that were being negotiated were not just about how the problem of spam should be addressed, but also who should have the authority to address it, whether that’s users themselves, private companies or the broader public through local or state or federal governments.
Lloyd: And state and local governments did pay attention to this in the late 1990s. What were some of their efforts to regulate spam? What did those look like?
Coyne: In response to public concerns about the deluge of spam that was flooding into the early internet, 36 states passed anti-spam laws and there was a lot of variation in the approaches they used and the tools they authorized to fight spam. Several states required labeling like the letters ADV for advertisement at the beginning of each subject line. 26 states allowed for a private right of action, which means that individuals or businesses could sue their spammers to receive compensation. Two states, California and Delaware banned unsolicited commercial email outright and required spammers to seek permission from users before sending any marketing emails of any kind.
So overall, there was this wide variety in approaches, this sense of possibility and experimentation, states are often referred to as laboratories of democracy and I think that was really playing out at this moment as states tested out different policies and tried to respond to the genuinely tricky problem of spam and the public harms that it was causing. But there was this general sense that this is a place for state governments to get involved and an issue of public concern that was worth dealing with through regulation and policy.
Lloyd: And then the federal government steps in. So I wanted to talk a little bit about the CAN-SPAM Act of 2003, but first I wanted to say that CAN-SPAM is an acronym and it is Controlling the Assault of Non-Solicited Pornography And Marketing or CAN-SPAM. I guess it’s probably helpful to have pornography in there for passing legislation, but I was hoping you could talk a little bit about just what was in the legislation and how it was influenced and ultimately ended up being written into law.
If you look a little bit closer, it becomes clear that this law really reflected the priorities of a federal government that was more focused on making the internet safe for business and advertising than actually protecting users from spam.
Coyne: CAN-SPAM, at first glance it seems like it shares a lot of the features of the state laws that preceded it. It prohibited deceptive subject lines. It banned certain transmission and email harvesting methods that are associated with spam. It required advertisers to include an opt-out message and a physical address in each email and it gave the Federal Trade Commission the authority to enforce these provisions. So looking at that list, it all seems pretty straightforward, but if you look a little bit closer, it becomes clear that this law really reflected the priorities of a federal government that was more focused on making the internet safe for business and advertising than actually protecting users from spam. So looking at who was kind of behind the passage of this law, senators and lobbyists from the Digital Marketing Association both raised concerns that the differences between state spam laws would be simply unworkable for a technology like email because email doesn’t respect state borders and they also raised the concern that differences between state regulations would be too costly for “legitimate email advertisers” to have to navigate.
So this is where we get back to that idea of who is a legitimate email advertiser and how are they trying to separate themselves from spammers that are criminals or really bad actors in the space. So CAN-SPAM superseded and replaced all state laws that conflicted with its provisions. That meant restricting who could bring lawsuits about illegal spam and getting rid of the opt-in framework that California and Delaware had been piloting. It also meant limiting the definition of spam to commercial email alone. So those were kind of some of the main differences and features of CAN-SPAM itself.
Lloyd: So Digital Marketing Association seems like a pretty powerful lobbying group with respect to influencing CAN-SPAM legislation. Did they represent, I don’t know, email marketers or were there larger companies involved?
Coyne: I’m not sure. I think some of the bigger companies on the early internet were places like eBay, but I think it was a broad range of interests. And I do know that the Clinton administration and the Bush administration were really excited about the prospect for these companies to get into the digital space. And so I think Clinton said that he wanted the internet to be a free trade zone. So there’s this kind of prevailing notion of free market forces and this new space is kind of an opportunity for profit and an opportunity for innovation and growth in the business sector. So I think the Digital Marketing Association is kind of like a new interest that rises up in this era and one that the government is really concerned with protecting and nurturing and integrating them into this new space of the internet.
Related Reading
Lloyd: So CAN-SPAM was passed in 2003. Can you tell us what effect it had on spam?
Coyne: Not much of an effect at all. So reports from around that time show that 97% of spam continued to violate the terms of CAN-SPAM about a year after it was passed. And there were very few lawsuits overall that were brought against spammers in the wake of the act. So part of this is because it’s genuinely difficult to hold spammers accountable because they’re so slippery and the tricks of the trade are constantly evolving so it’s hard to keep up with all of that. But CAN-SPAM did very little to aid grassroots and anti-spam efforts. It did not empower individuals or businesses that were most harmed by spam to take legal action and its restrictive definition of spam did not allow regulators to respond to the ways that spam evolves and multiplies over time across different and new platforms like all of the types of spam we have today from text messaging spam to social media bots.
So overall, CAN-SPAM also codified an opt-out framework, which I know I mentioned earlier, but we’re still dealing with that framework today in a lot of spaces including digital privacy policy where the burden is on users to constantly be hitting that unsubscribe button. And we know from experience that opting out isn’t really like a free choice in the way that I have a choice about whether to buy this product or this product. Whether you’re trying to get out of email lists that you never signed up for or trying to find the button that will stop websites from tracking your data, there’s a notable power imbalance between you and the need for you to continuously perform this kind of menial mindless labor and whoever it is that wants to advertise at you or harvest your data, they get to do that automatically and you have to be the one that says no.
So even though CAN-SPAM was largely ineffective, the anti-spam movement kind of just dissipated after this point after it passed. And without the possibility of further state level regulation, these stronger visions of governing the internet or mediating the relationship between users and businesses kind of faded from public view.
Lloyd: Which is really interesting how that energy dissipated and then 20 years later the problem is as bad or worse than it has ever been. I know I spend a lot of time hitting that unsubscribe link and it doesn’t seem to decrease the amount of spam in my inbox. So like I said, more than two decades after the passage of the CAN-SPAM Act, we’re still dealing with spam. It’s now been kind of supercharged with artificial intelligence, making it much easier to send vast quantities of email or scam texts or posts on various platforms. And so I wanted to talk a little bit about artificial intelligence both in respect to how it will potentially change the nature of spam, but also how you see either lessons or warnings from efforts to regulate spam in current efforts to regulate artificial intelligence.
Coyne: Yeah. So kind of going off the second part of your question to begin with, I think this moment in AI regulation shares a lot of similarities with the period just before CAN-SPAM was passed. You see all of these states experimenting with these different AI policies that reflect their unique set of values and concerns. Some states have laws prohibiting algorithmic discrimination, for example, and other states are more concerned with creating regulatory sandboxes or regulatory free spaces for AI innovation to happen more in their states. And like with the spam policy debate, lawmakers and companies are also threatening to preempt these local efforts. So we have an executive order recently coming out of the Trump administration called Ensuring a National Framework for Artificial Intelligence and that creates a task force specifically to challenge any state law that they decide is too onerous for AI companies to comply with, or that conflicts with federal priorities like making sure that state laws are not requiring “ideological bias” in their models. So heavy air quotes there.
One big lesson from the spam policy story is that there’s this recurring myth of ungovernability, which is kind of the idea that some technologies just have these intrinsic qualities that make it difficult if not impossible to regulate them and especially to regulate them at the local level or the sub-national level. This idea keeps coming up as part of the argument against regulation and it keeps being articulated by people that want to resist regulation. So when AI companies and the Trump administration talk about how a disjointed patchwork of 50 different regulatory regimes is just unmanageable or impossible to deal with, it’s important to note that they sound exactly like the policymakers and digital marketers that pushed for CAN-SPAM over 20 years ago.
So we often think about AI as this entirely new thing and the AI debate and AI regulation as a completely new set of dynamics that are happening, but these narratives are really part of an older playbook. I’m not saying that there’s nothing to these arguments. We hear about the need for regulatory coherence and standardization, but I also just think we should be kind of suspicious because they do tend to serve the interest of technology companies maybe over and above the interests of users.
Whatever happens with the future of AI policy and governance, it won’t be an inevitable consequence of how the technology works itself. It will be because of political choices that we are making in the present.
The other big lesson is about how fleeting political attention can be and how small and precious the opportunities for action really are. So as we talked about in the early days of the internet, there was a window of time where attention was really concentrated on the problem of spam. Everyone was talking about it and thinking about it as something that the government could and should address. It seemed like spam regulation and life on the internet in general during this time could develop in any number of different ways, but now we often accept the conditions of life online that ended up prevailing as though they’re inevitable, including the need to wade through spam every day of our lives.
So similarly, drawing that back to AI, from our current vantage point, we can kind of see several different paths for the future of AI regulation. And also similarly, it feels like AI is all people ever talk about and so at least it seems that way to me. So it’s really hard to imagine us stopping that discussion anytime soon, but that is what happened with spam. So if we don’t take this opportunity for action and allow public debate to close, for instance, through accepting a federal preemption of state regulation, we could end up in a similar state of resignation, similar to how we feel about spam these days. So that could look like just kind of accepting whatever harms AI causes as if there was never anything that governments could have done to stop it. So the story of spam is an important reminder of those stakes. Whatever happens with the future of AI policy and governance, it won’t be an inevitable consequence of how the technology works itself. It will be because of political choices that we are making in the present.
Lloyd: Well, that is a very rousing call to action, I think that’s a great place to end. Thank you so much, Rebecca. This was really fascinating. I’ve learned a lot from your piece and from talking to you today.
Coyne: Thank you so much. It was great to be here.
Lloyd: Learn more about spam policy by reading Rebecca Coyne’s Spring 2026 piece, Spam Policy and the Myth of the Ungovernable Internet. You can find links to this and more in our show notes. Thanks to our podcast producer, Kimberly Quach, and our podcast editor, Shannon Lynch. I’m Jason Lloyd, Managing Editor of Issues. Thanks for listening.