Spam filter failure: Selling physician emails equals big $$


Despite the best efforts of my institution’s spam filter, I’ve realized that I spend at least 4 minutes every day of the week removing junk email from my in basket: EMR vendors, predatory journals trying to lure me into paying their outrageous publication fees, people who want to help me with my billing software (evidently that .edu extension hasn’t clicked for them yet), headhunters trying to fill specialty positions in other states, market researchers offering a gift card for 40 minutes filling out a survey.

If you do the math, 4 minutes daily is 1,460 minutes per year. That’s an entire day of my life lost each year to this useless nonsense, which I never agreed to receive in the first place. Now multiply that by the 22 million health care workers in the United States, or even just by the 985,000 licensed physicians in this country. Then factor in the $638 per hour in gross revenue generated by the average primary care physician, as a conservative, well-documented value.

By my reckoning, these bozos owe the United States alone over $15 billion in lost GDP each year.

So why don’t we shut it down!? The CAN-SPAM Act of 2003 attempted to at least mitigate the problem. It applies only to commercial entities (I know, I’d love to report some political groups, too). To avoid violating the law and risking fines of up to $16,000 per individual email, senders must:

  • Not use misleading header info (including domain name and email address)
  • Not use deceptive subject lines
  • Clearly label the email as an ad
  • Give an actual physical address of the sender
  • Tell recipients how to opt out of future emails
  • Honor opt-out requests within 10 business days
  • Monitor the activities of any subcontractor sending email on their behalf

I can say with certainty that much of the trash in my inbox violates at least one of these. But that doesn’t matter if there is not an efficient way to report the violators and ensure that they’ll be tracked down. Hard enough if they live here, impossible if the email is routed from overseas, as much of it clearly is.

If you receive email in violation of the act, experts recommend that you write down the email address and the business name of the sender, fill out a complaint form on the Federal Trade Commission website, or send an email to, then send an email to your Internet service provider’s abuse desk. If you’re not working within a big institution like mine that has hot and cold running IT personnel that operate their own abuse prevention office, the address you’ll need is likely abuse@domain_name or postmaster@domain_name. Just hitting the spam button at the top of your browser/email software may do the trick. There’s more good advice at the FTC’s consumer spam page.

The people not violating the law, though, are wasting my time every bit as flagrantly. How are they getting my email address in the first place?

The answer came, ironically, to my email inbox in the form of one of those emails that did indeed violate the law.

Conference attendees list

I rolled my eyes and started into my reporting subroutine but then stopped cold. Just 1 second. If this person is selling lists of email addresses of conference attendees, somebody within the conference structure must be providing them. How is that legal? I have never agreed, in registering for a medical conference, to allow them to share my email address with anyone. To think that they are making money from that is extremely galling.

Vermont, at least, has enacted a law requiring companies that traffic in such email lists to register with the state. Although it has been in effect for 2 years, the jury is out regarding its efficacy. Our European counterparts are protected by the General Data Protection Regulation, which specifies that commercial email can be sent only to individuals who have explicitly opted into such mailings, and that purchased email lists are not compliant with the requirement.

A quick Google search gives 120 million hits on ways to purchase physician email lists.

Anybody have the inside scoop on this? Can we demand that our professional societies safeguard their attendee databases so this won’t happen? If they won’t, why am I paying big money to attend their conferences, only for them to make even more money at my expense?

Dr. Hitchcock is assistant professor, department of radiation oncology, at the University of Florida, Gainesville. She reported receiving research grant money from Merck. A version of this article first appeared on

Next Article: