A year after it went into effect, the federal CAN-SPAM Act is a "miserable" failure, a messaging security firm that monitors compliance with the anti-spam legislation says.
A year after it went into effect, the federal CAN-SPAM Act is a "miserable" failure, a messaging security firm that monitors compliance with the anti-spam legislation said Tuesday.
"CAN SPAM has done a miserable job," said Scott Chasin, the chief technology officer of Denver, Colo.-based MX Logic.
For 2004 as a whole, said Chasin, an average of just three percent of unsolicited e-mail complied with the legislation's requirements, which ranged from legitimate return addresses to a way to opt-out of further messages.
"Clearly [CAN-SPAM] has had no meaningful impact on the flow of spam," said Chasin. "In fact, the volume of spam increased in 2004 and we fully anticipate continued growth in 2005." Throughout 2004, MX Logic measured spam as accounting for 77 percent of all e-mail traffic.
Not only is CAN-SPAM not working, it "was never designed to work," said Chasin. "CAN SPAM was design to regulate e-mail marketing, it was never designed to actually 'can spam.'"
The only substantial impact that CAN-SPAM has made, alleged Chasin, is to make it easier for Internet service providers to go after spammers and bring them into court. "Service providers have had the best opportunity to leverage CAN-SPAM to file lawsuits on those who spam using their networks," said Chasin, "but you need deep pockets to field an army of attorneys."
Among the companies that used CAN-SPAM were Microsoft, EarthLink, Yahoo, and America Online. One of the biggest cases of 2004, however, was tried under a state anti-spam law. In November, Jeremy Jaynes, thought to be one of the world's top 10 spammers, was sentenced to nine years in prison under Virginia legislation.
But while ISPs may be getting something out of CAN-SPAM, users are not. They'll continue to face ever higher spam volumes, said Chasin.
America Online recently announced a dramatic drop in the amount of spam sent to its network -- due to its anti-spam efforts, AOL said -- Chasin was quick to point out the reality of the numbers.
"We'll see about 35 billion messages traverse the Internet daily in 2005, but AOL's network only does about 450 million a day. That's a drop in the bucket. No doubt, we'll see an escalation in spam volume in 2005."
MX Logic did track an all-time high for CAN-SPAM compliance in December 2004, with about 7 percent of the 10,000 randomly-selected unsolicited messages analyzed meeting the law's requirements. That followed a slow uptick during the previous two months, when November's numbers showed a 6 percent compliance rate and October a 4 percent rate.
"There's definitely a trend of some compliance," said Chasin. "But we've seen the numbers come up and go down before.
"When you put it all in perspective, the amount of spam continues to climb."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?