Did Congress commit a Freudian slip by calling the new anti-junk e-mail law the CAN-SPAM Act, instead of the CAN'T-SPAM Act? I hope not.

The act, formally known as "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003," went into effect at the start of the new year and with it, users need a new vigilance. That's because while the law is a positive step, it may be counterproductive in some ways.

The CAN-SPAM Act requires each commercial electronic message sender to provide an opt-out capability in every message. If you opt out, the sender must take you off his list within 10 days and send you a confirmation that you've been removed. On the surface, that seems great; but it is dangerous because it may cause you to let down your guard, even though the act makes it ever more important for you to keep your guard up.

Unfortunately, the act doesn't require a particular method of opting out. So the sender can take you on a joy ride during the opt-out process, which in many cases is a simple nuisance. In more severe cases, it could expose you to viruses or other more serious threats while you're in the opt-out process. For instance, you can be defrauded into downloading a spyware application while on the opt-out Web page.

That spyware application could then log and report your keystrokes to the spammer. Or you could be tricked into giving personal information during that visit, or a subsequent visit, thereby allowing a vicious criminal element to profile you, steal from your bank or credit accounts, or steal your identity. It is already not unusual for spammers to trick their prey using false opt-out links and claims.

While the CAN-SPAM Act may reduce the amount of spam from "considerate" spammers such as companies that belong to the Direct Marketing Association, it is unlikely to have much impact on power spammers who have been using the technique to steal or to commit other acts that are illegal according to other laws.

A credible vendor, one you already know, will take you off his list immediately to comply with the act. It's also good for customer relations. But suppose the message is coming from an impostor posing as that vendor. He will dupe you into clicking on a fake opt-out link and visiting his fake opt-out Web site instead of really pulling you from his list. He knows that you have no enforcement rights under the CAN-SPAM Act, and that if his case is sent to the Federal Trade Commission, which is the designated enforcement authority, it will take years to enforce -- if the FTC even takes the case.

According to the FBI, 66 percent of identity theft cases start with an e-mail solicitation. And the CAN-SPAM Act can lull you into doing something that breaches your personal privacy or security. It is still safer to disregard the unsubscribe links than it is to risk the perils of clicking on them. If I see a noticeable difference in safety of these links after the new law goes into effect, I'll let you know.

The Radin CAN-SPAM Experiment

Let's conduct an experiment. If you operate a Web site and you're willing to place a dummy e-mail link on one or more pages to see whether it gets spammed, send an e-mail to david.canspamtest@spamslicer.com with your name, Web site, and contact information (which I'll keep private). We'll collect the statistics over several months and report the results here.

In my next column: How your company can inadvertently run afoul of the CAN-SPAM Act, even if you don't send unsolicited spam, and how to stay legal.