identified, an application is available for download on the site.

This downloaded application enables them to securely transmit their lists to both registries, created and maintained by Utah-based Unspam. Once scrubbed, the lists are automatically returned to businesses, altered to contain only those e-mail addresses not included in the registry.

"We're averaging that the scrubbing process right now is taking less than a minute to complete," said Unspam CEO Matthew Prince. "We have assured the state that we'll be able to do it in less than an hour at absolute full load, but we will continue to scale the system to ensure that responses are delivered back as quickly as possible."

We're Not Talking Spam

In 2003, Bishop introduced a bill proposing a Do Not E-mail Registry much like the national Do Not Call Registry, which would minimize unsolicited spam to e-mail addresses protected by the list. The "anti-spam" bill would have prevented mass spammers from sending any commercial e-mail to addresses on a list created and maintained by a third party.

The same year, Congress passed the national Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, which required e-marketer advertisements to include a clear subject line, an easy-to-find opt-out option, accurate header information and a verifiable physical address.

In addition, Section 9 of the CAN-SPAM Act requested that the FTC study the feasibility of creating a national registry because of the FTC's successful, nationwide Do Not Call Registry.

According to the FTC's report, presented to Congress in June 2004, "Spammers have demonstrated and continue to demonstrate that they will do whatever it takes to send out their UCE [unsolicited commercial e-mail] and will not police themselves."

Given the evidence of non-compliance, the FTC said it doubted the effectiveness of an e-mail registry. "Perhaps most tellingly, notwithstanding the CAN-SPAM Act, most spammers continue to disguise their e-mail to bypass filters and engage in obfuscatory tactics to conceal their identities," the FTC's report said.

This raises a question about how legislation can prevent mass commercial e-mails from reaching e-mail addresses belonging to minors if the senders can't be found.

"A lot of the undesirable material comes in spam, but not all of it does," said Anne Mitchell, president of the Institute for Spam and Internet Public Policy.

Therein lies the confusion, she said. Legitimate companies also send e-mails that may comply with the CAN-SPAM Act, but still contain adult content not suitable for children -- Playboy and Budweiser are just two examples.

"These are not laws about spam; they were never laws about spam," she said. "These are laws about exactly what they say they're about: keeping undesirable material away from kids -- which is actually a huge problem."

She used the analogy of laws preventing advertising to minors in print, on television and the radio -- stating that you'd never see an ad for Marlboro in Highlights, a magazine for children.

Double-Blind Security ... Or Is It?

The FTC's report said a national Do Not E-mail Registry raises serious concerns about security and privacy. When Michigan and Utah sought the ideal solution for their child protection registries, security was also a concern.

"We wanted to make sure -- absolutely certain -- that this technology would encrypt people's e-mail addresses so that it was secure," said Shurtleff. "We finally feel like we're there."

The technology uses a form of hashing -- called MD5 -- to take an arbitrary length of data and transform it into an unrecognizable 27-character code.

"You can take the complete works of Shakespeare, put them into the hashing algorithm and you'd get a 27-character long code. Or you could take a single letter, the letter

Sherry Watkins  |  Contributing Writer