The first federal law targeting spam has done little to unclutter in-boxes, dissuade spammers or make the Internet a safer place; in fact the problem is only getting worse. However, the law has created a framework for prosecuting spammers, as well as producedunexpected benefits for businesses and consumers.

Despite passage of the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, which went into effect Jan. 1, the amount of spam landing in mailboxes continues to rise. As spammers become more sophisticated and team with fraudsters and virus writers, their messages have evolved from annoying to dangerous. CAN-SPAM embraces the opt-out model, which says organizations can send e-mail to any recipient except for those that expressly ask not to receive such messages. Although this method is less stringent than the opt-in model, which says companies can send e-mail only to recipients who ask for it, hopes were high among proponents that the act would shrink the amount of spam and expose the criminals profiting from it.

The Federal Trade Commission (FTC) has filed five suits under CAN-SPAM, while Massachusetts and Washington each have brought a case under the federal law, and four major ISPs have collectively gone after hundreds of spammers. While these efforts show some headway, the prosecutions pale in comparison to the amount of spam out there, largely because spammers can take advantage of technology to hide their identity, or send their messages from outside the country.

Meanwhile, the volume of spam during the first month the act was in effect actually increased, and has been on a steady climb since. The Radicati Group predicts the number of spam messages sent worldwide will increase to 35 billion in 2004, more than double the 15 billion sent in 2003.

"CAN-SPAM has done nothing, and the spam problem is much worse today than it was a year ago," says Paul Hoffman, director of the Internet Mail Consortium.

The FTC says the goal of the act was never to cut down on spam but to give recipients control via the opt-out component, which the law says every commercial e-mail must contain. "The act is really not drafted in a way to diminish the amount of e-mail that individual consumers receive, but to empower them to limit the flow on a sender-by-sender basis," says Katie Harrington-McBride, a staff attorney with the FTC.