NEW YORK - While it\u2019s an important first step, the federal anti-spam law\u00a0signed this week\u00a0is unlikely to reduce spam noticeably, and companies will have to find other ways to fight it, a panel of experts agreed Wednesday.Speaking at Network World\u2019s \u201cSpam Forum: The Future of E-mail\u201d in New York, the panelists indicated that the legislation is nothing more than an initial swipe at a problem that is much bigger than the attempted solution (Hear the audio Webcast).One issue is that the Federal Trade Commission, which has been charged with enforcing the law, has too much on its plate to effectively build many cases against criminal spammers, said Eileen Harrington, associate director for marketing practices at the FTC\u2019s Bureau of Consumer Protection.\u201cIt really is a stretch for us,\u201d she said. \u201cSpam investigations are very resource-intensive.\u201d The law gives the FTC new responsibility without new funding, and the organization has other high priorities, like tracking identity theft and enforcing the new National Do Not Call Registry.As for state anti-spam efforts, the states are in worse shape, with extremely tight budgets, Harrington said.Another issue is that the definition of spam is still quite fuzzy. The new law limits the definition to unsolicited commercial bulk e-mail, leaving out political bulk e-mail, for instance.But to some, spam is any e-mail they don\u2019t want.\u201cIt doesn\u2019t matter how government defines [spam],\u201d because in the end, what customers want to receive is what counts, said Mary Youngblood, manager of ISP Earthlink\u2019s Abuse Team. Earthlink gives its customers several different options for spam filtering, so they can choose their preferences.Yet another issue is that the law allows \u201copt-out\u201d marketing - that is, a company can send e-mail users unsolicited advertising until the users tell the company to stop.\u201cEverybody gets a bite at the apple,\u201d said Ted Gavin, founding trustee, secretary and chief financial officer of the SpamCon Foundation, a non-profit group organized to preserve e-mail as a viable communications medium. \u201cThe problem is that it\u2019s an expensive apple, and the person paying for it isn\u2019t the one biting the apple; it\u2019s the one holding the apple.\u201dThe benefitsOn the plus side, the experts agreed that the law raises awareness of the spam scourge among law enforcement and starts to spell out how e-mail advertising might be done legally and ethically.\u201cIt provides a framework for the good guys,\u201d said David Silver, vice president of business development and strategy at Responsys, an e-mail marketing firm. \u201cFor legitimate marketers, [the federal law] is less confusing than the [state] laws that were evolving and changing.\u201d\u201cDefinition of the crime had to start someplace,\u201d said Wilson D\u2019Souza, vice president of the global collaboration and directory services team for Merrill Lynch.The panelists agreed that specifying directory-harvest attacks as a crime, for instance, was impressive. Directory-harvest attacks are a spammers\u2019 technique for gathering valid e-mail addresses. They work by bombarding e-mail servers with large numbers of messages aimed at fabricated addresses. When a message gets through, the spammer notes that the address used is active.\u201cThat practice is now a violation of federal law,\u201d said the FTC\u2019s Harrington. \u201cHopefully [spammers who conduct the attacks] will be criminally prosecuted. But if not, certainly the FTC will go after them in a civil suit.\u201dAnother good inclusion in the law is a provision that companies can be liable for spam crimes even if they hired another firm to do their e-mail marketing for them, SpamCon\u2019s Gavin said. That should help authorities prosecute companies that use spamming firms outside of the U.S.Only part of the solutionThe panel clearly recognized, however, that there is only so much the U.S. government can do. \u201cSpam is really a global problem,\u201d Harrington said. \u201cThe U.S. has put its marker down.\u201d The FTC is working with other governments to track down spammers, \u201cbut it\u2019s very slow going,\u201d she said.In addition to legislation, technical tools and education for marketing companies and e-mail users are needed, the panel agreed.Postini CEO and President Shinya Akamine promoted his company\u2019s anti-spam services, saying that Postini uses its technology to find the attributes of good e-mail and let that through to its customers. He also said anti-spam companies like his are now \u201cbigger than the spammers\u201d and can react more quickly than ever to new spammers\u2019 techniques for getting through filters.The panel discussed techniques for making spam a financially less attractive option for marketing. Currently, marketing through e-mail costs very little to the marketer.Gavin said that a \u201cmicropostage\u201d option, where senders pay a little for each message sent, has been around for a while, but has had no success.Earthlink\u2019s Youngblood said the ISP can use technology to identify spam-like behavior and have the ISP\u2019s switches deny traffic from a spammer once a threshold has been reached.Certainly, waiting for a do-not-spam list isn\u2019t really an option. The panelists roundly criticized the idea of keeping a central database of e-mail addresses of people who don\u2019t want to receive e-mail, a concept similar to the current federal anti-telemarketing do-not-call registry.Responsys\u2019 Silver pointed out that the database would have to be very specific about what e-mail is acceptable to a user and what isn\u2019t. Akamine said that the database \u201cwould be the biggest target in the world for hackers.\u201d And D\u2019Souza said the database would be \u201cpushing the problem offshore again,\u201d as spammers move operations to locations where do-not-spam lists don\u2019t apply.The FTC\u2019s Harrington put it all in perspective when she noted that it took 10 years for the do-not-call registry to go from concept to reality, as the commission tried to determine any unintended consequences. \u201cThat would be the approach we would take\u201d with the do-not-spam registry, she said.