A year after it went into effect, the federal CAN-SPAM Act is a "miserable" failure, a messaging security firm that monitors compliance with the anti-spam legislation says.
A year after it went into effect, the federal CAN-SPAM Act is a "miserable" failure, a messaging security firm that monitors compliance with the anti-spam legislation said Tuesday.
"CAN SPAM has done a miserable job," said Scott Chasin, the chief technology officer of Denver, Colo.-based MX Logic.
For 2004 as a whole, said Chasin, an average of just three percent of unsolicited e-mail complied with the legislation's requirements, which ranged from legitimate return addresses to a way to opt-out of further messages.
"Clearly [CAN-SPAM] has had no meaningful impact on the flow of spam," said Chasin. "In fact, the volume of spam increased in 2004 and we fully anticipate continued growth in 2005." Throughout 2004, MX Logic measured spam as accounting for 77 percent of all e-mail traffic.
Not only is CAN-SPAM not working, it "was never designed to work," said Chasin. "CAN SPAM was design to regulate e-mail marketing, it was never designed to actually 'can spam.'"
The only substantial impact that CAN-SPAM has made, alleged Chasin, is to make it easier for Internet service providers to go after spammers and bring them into court. "Service providers have had the best opportunity to leverage CAN-SPAM to file lawsuits on those who spam using their networks," said Chasin, "but you need deep pockets to field an army of attorneys."
Among the companies that used CAN-SPAM were Microsoft, EarthLink, Yahoo, and America Online. One of the biggest cases of 2004, however, was tried under a state anti-spam law. In November, Jeremy Jaynes, thought to be one of the world's top 10 spammers, was sentenced to nine years in prison under Virginia legislation.
But while ISPs may be getting something out of CAN-SPAM, users are not. They'll continue to face ever higher spam volumes, said Chasin.
America Online recently announced a dramatic drop in the amount of spam sent to its network -- due to its anti-spam efforts, AOL said -- Chasin was quick to point out the reality of the numbers.
"We'll see about 35 billion messages traverse the Internet daily in 2005, but AOL's network only does about 450 million a day. That's a drop in the bucket. No doubt, we'll see an escalation in spam volume in 2005."
MX Logic did track an all-time high for CAN-SPAM compliance in December 2004, with about 7 percent of the 10,000 randomly-selected unsolicited messages analyzed meeting the law's requirements. That followed a slow uptick during the previous two months, when November's numbers showed a 6 percent compliance rate and October a 4 percent rate.
"There's definitely a trend of some compliance," said Chasin. "But we've seen the numbers come up and go down before.
"When you put it all in perspective, the amount of spam continues to climb."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.