Computer Crime Research Center

comp/cenz.jpg

The CAN-SPAM Act is working

Date: December 22, 2005
Source: Out-Law.Com


The CAN-SPAM Act – America's federal anti-spam law – is working, according to a Federal Trade Commission (FTC) report. Recent trends show a decrease in the amount of spam reaching inboxes, says yesterday's report.

The Act came into force on 1st January 2004. It established a framework of administrative, civil and criminal tools to tackle unsolicited commercial email.

It provides for a national Do-Not-Spam list; requires that spam sent to consumers includes a means of opting-out of the mailing list used by the sender; bans the sending of fraudulent emails or unmarked sexually oriented emails, and provides for civil and criminal sanctions for those spammers who breach the rules.

The penalties may amount to fines of $6 million and five years in prison in the most severe cases.

But the Act has been severely criticised over the fact that it fails to actually "can" spam. There is no ban on sending unsolicited commercial e-mail or text messages.

Despite this, the FTC yesterday published a report to Congress, concluding that consumers are receiving less spam now than they were receiving in 2003.
The report

The report, “Effectiveness and Enforcement of the CAN-SPAM Act,” looks at research provided by email filtering firm MX Logic. This reveals that spam accounted for 67% of all emails sent in the past year, down 9% on the previous year.

“The volume of spam sent over the internet has begun to level off, and, even more significantly, the amount reaching consumers’ inboxes has decreased, due to enhanced anti-spam technologies,” reads the report. “There has been a significant decrease in the number of spam messages containing sexually-explicit material. And, legitimate online marketers have complied with CAN-SPAM in large numbers.”

But the FTC finds it hard to ascribe responsibility for the drop.

According to Lydia Parnes, Director of the FTC’s Bureau of Consumer Protection, “We’re using technology and teamwork in the battle against illegal spam”.

“Taken together, they are helping us combat the outlaw spammers who disregard laws designed to prevent fraud and protect consumers’ rights,” she added.

The report states that the Act is effective in providing protection for consumers, and that state and federal law enforcers and the private sector are enforcing the Act aggressively. The FTC alone has brought 21 cases under CAN-SPAM and another 62 cases targeting spam before the enactment of the law.

The report observes that the Act codifies “best practices” that legitimate marketers are following and notes that technology advancements may be the most useful tool in combating outlaw spammers.

But the report also finds some troubling signs.

“There has been a shift toward the inclusion in spam messages of content that is increasingly malicious,” says the report. “Rather than merely advertising products and services, spam messages now sometimes include “malware” designed to harm the recipient.”

The report also highlights spammers’ use of “increasingly complex multi-layered business arrangements” and the fact that 'Whois' databases frequently contain inaccurate information, as causes of concern.

“As Congress found when enacting CAN-SPAM, the spam problem cannot be solved by legislation alone; technological approaches and international cooperation are key,” concludes the report.

It sets out three steps that could improve the impact of the CAN-SPAM Act:

* The enactment of the “US SAFE WEB Act,” to improve the FTC’s ability to trace spammers and sellers who operate outside of the United States. This Act was recently approved by the Senate Commerce Committee, but has yet to be debated by the full Senate.
* Greater efforts to make consumers aware of the various ways they can protect themselves from spam, spyware, and sexually-explicit material.
* Continued improvement of anti-spam technology, and in particular, tools that prevent spammers from operating anonymously.

Reactions

The Direct Marketing Association (DMA) welcomed the report, noting that legitimate firms are trying to comply with the requirements of the Act.

"CAN-SPAM is a necessary part of the cooperative effort that government, businesses and consumers must undertake to combat spam,” said Jerry Cerasale, the trade group’s senior vice president for government affairs. “The law provides the enforcement muscle that complements what email providers, legitimate marketers and ISPs are doing to keep ahead of constantly-evolving technologies."

Graham Cluley, senior technology consultant for security firm Sophos, agreed that CAN-SPAM has been successful in some respects, particularly in obtaining the conviction of some of the most notorious US spammers.

"Improved corporate and consumer security measures and cooperation between internet service providers have combined with the CAN-SPAM act to reduce the percentage of spam being relayed from the USA," he said.

However, according to Sophos, the US still leads the chart of spam-relaying countries, accounting for 26.8% of all spam.

"The unfortunate truth is that spam is a lucrative global business, driven by criminal intent, and well beyond the ability of CAN-SPAM to control," said Cluley. "Individuals and corporations who do not take proactive measures to protect themselves from the onslaught are certain to fall victim to the detrimental effects of spam in one form or another."

In his opinion, by placing the responsibility on individuals to opt-out of email lists rather than require email marketers to only send messages to individuals who have opted in, CAN-SPAM has created a large loophole, through which large volumes of spam can still flow.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo