Federal anti-spam law gets mixed results


A year after CAN-SPAM's passage, unsolicited e-mail has not been reduced.

The first federal law targeting spam has done little to unclutter in-boxes, dissuade spammers or make the Internet a safer place; in fact the problem is only getting worse. However, the law has created a framework for prosecuting spammers, as well as producedunexpected benefits for businesses and consumers.

Despite passage of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, which went into effect Jan. 1, the amount of spam landing in mailboxes continues to rise. As spammers become more sophisticated and team with fraudsters and virus writers, their messages have evolved from annoying to dangerous. CAN-SPAM embraces the opt-out model, which says organizations can send e-mail to any recipient except for those that expressly ask not to receive such messages. Although this method is less stringent than the opt-in model, which says companies can send e-mail only to recipients who ask for it, hopes were high among proponents that the act would shrink the amount of spam and expose the criminals profiting from it.

The Federal Trade Commission (FTC) has filed five suits under CAN-SPAM, while Massachusetts and Washington each have brought a case under the federal law, and four major ISPs have collectively gone after hundreds of spammers. While these efforts show some headway, the prosecutions pale in comparison to the amount of spam out there, largely because spammers can take advantage of technology to hide their identity, or send their messages from outside the country.

Meanwhile, the volume of spam during the first month the act was in effect actually increased, and has been on a steady climb since. The Radicati Group predicts the number of spam messages sent worldwide will increase to 35 billion in 2004, more than double the 15 billion sent in 2003.

"CAN-SPAM has done nothing, and the spam problem is much worse today than it was a year ago," says Paul Hoffman, director of the Internet Mail Consortium.

The FTC says the goal of the act was never to cut down on spam but to give recipients control via the opt-out component, which the law says every commercial e-mail must contain. "The act is really not drafted in a way to diminish the amount of e-mail that individual consumers receive, but to empower them to limit the flow on a sender-by-sender basis," says Katie Harrington-McBride, a staff attorney with the FTC.

The act has created a unified framework for prosecuting spammers, as opposed to the patchwork of state laws that existed before. Because the federal law supercedes state laws, states now can focus on devising legislation that builds on top of CAN-SPAM to get tougher on spammers, says Matthew Prince, CEO of Unspam, an anti-spam consulting firm. "CAN-SPAM has forced states to experiment," he says. Eventually these tougher restrictions could find their way into new federal laws.

For example, Michigan and Utah have crafted laws saying e-mailers must ensure a recipient is not a child before sending adult content - including pornography and ads for alcohol or drugs - by checking the recipients' e-mail addresses and screen names against a state-maintained registry. "This draws a really bright line," Prince says. "If you're General Motors this law won't bother you. But if you're sending out this stuff, you have a slightly higher duty to check the list. With CAN-SPAM, there's still room for state governments to experiment and clean up the worst aspects of the spam problem."

CAN-SPAM also has given legitimate e-mailers guidelines - such as the inclusion of an opt-out option and a mailing address with each e-mail - to distinguish themselves from spammers, Harrington-McBride says.

While it might be tedious and represent additional costs for e-mailers to maintain "clean" lists of recipients that don't include people who have opted out, legitimate businesses benefit by being able to target consumers who actually may have an interest in their product or service, says Cathie Meyer, an attorney with law firm Pillsbury Winthrop, who advises corporations on privacy and related matters.

"Most businesses that are legitimately using e-mail to reach out to their customers don't want to continually barrage them with annoying e-mails," Meyer says. "CAN-SPAM has a back-handed benefit, it allows business to more effectively target those who don't opt out, it gives you more effective lists to work with."

To limit the amount of spam received, the FTC would need to devise a "do-not-e-mail" list, much like its successful "do not call" list that keeps marketers from dialing numbers of the list's members, Harrington-McBride says. In June, the agency said it wouldn't create such a list in the absence of the adoption of sender authentication technology, she says.

But even with sender authentication and a do-not-e-mail list in place, as long as spammers can manipulate technology to hide their identity or send spam from outside the U.S., the problem will continue.

"CAN-SPAM has allowed [authorities] to start to prosecute spammers when found, and we're starting to see some state laws on top of the federal one with jail time, but we still have this overarching problem that we can't find these people, so how do we hold them to the law?" says Brian Niles, CEO of TargetX.com, provider of e-mail marketing software and services.

Learn more about this topic

Microsoft files suits against smut spammers

IDG News Service, 12/02/04

CAN-SPAM law: Little impact so far

IDG News Service, 05/20/04

Two companies face CAN-SPAM, other charges

IDG News Service, 04/29/04

Microsoft sues eight alleged spammers

IDG News Service, 06/11/04

Buyer's guide: Anti-spam systems

Our regularly updated online buyer's guide features more than 50 anti-spam products and services.

Spam research center

The latest news, reviews, how-tos and more.

Must read: 11 hidden tips and tweaks for Windows 10
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies