Can-Spam Law 'Big Disappointment' - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
12/28/2006
02:17 PM
50%
50%

Can-Spam Law 'Big Disappointment'

Nearing its third anniversary, the law hasn't slowed the rising tide of junk e-mail, says spam researcher.

As the federal Can-Spam Act nears its third anniversary, a spam researcher calls it a "big disappointment" and says it hasn't been a deterrent to junk e-mailers, who have stepped up their efforts in the last few months to flood inboxes with an unprecedented volume of spam.

"Can-Spam has provided more prosecutorial teeth, but it hasn't had a huge deterrent effect," says Scott Chasin, the chief technology officer of MX Logic. "It's been a fairly big disappointment."

To be fair, Chasin says, Can-Spam was never meant to stop spam, only regulate it. But even at that job, the law has been a dismal failure. According to MX Logic's data, no more than 7% of all spam was ever compliant with the legislation's requirements. And that was within the act's first year. This year, compliance ran at all-time lows, never once reaching 1%.

"It's just another reminder that the legislative leg is not having a lot of impact," Chasin says.

Anti-spam researchers -- Chasin included -- have watched as spam volumes jumped in October, then soared again in November. Spammers haven't looked back since. "[Spam] traffic has doubled or in some cases even quadrupled," says Chasin. IronPort, an MX Logic rival in the e-mail security market, recently said that the amount of spam increased by 35% in November over October, and doubled in the 12 months ending in October 2006.

Can-Spam never was equipped to stop the flood of junk mail, says Chasin, who adds that its approach has been made moot by an explosion in botnets, collections of compromised PCs that spammers use to send billions of unwanted e-mail messages a month.

In fact, Chasin is pessimistic about efforts to control or even contain the rising tide of spam. He scoffs at calls to cut off botnets from spammers, and calls such proposals unrealistic. "We don't even know what we're dealing with. The [botnet] detection capabilities are rudimentary at best. And now we're encountering polymorphic 'queen bots' that understand antivirus engines and exploit the signature release windows of [antivirus] vendors. It makes detection very difficult."

Queen bots can easily reconfigure themselves, often on the fly, as they seed a new victim PC, escaping detection by the reactive antivirus companies that must create and distribute a new signature, or fingerprint, for each morphed version of the bot.

The only way to stem the rapidly rising volume of spam, says Chasin, is for Internet service providers to wall off systems by refusing to allow computers obviously owned by consumers to send massive amounts of junk mail. Such PCs are almost always bot-controlled.

"It's got to come down to containment," says Chasin, who recognizes that there are problems with the practice, including privacy issues. "I think the focus [in 2007] will shift from Microsoft and back to ISPs."

Even so, he has low expectations for a solution any time soon. Although Bill Gates' infamous promise in January 2004 that "two years from now, spam will be solved" has been relegated to the technology equivalent of "Dewey Defeats Truman!" the war against spam will be long and hard.

"That was simply wishful thinking," says Chasin. "We're going to be dealing with spam for some time. We're going to be reactive, that's what the security industry does.

"We have a long way to go."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll