Can-Spam Law 'Big Disappointment' - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:17 PM

Can-Spam Law 'Big Disappointment'

Nearing its third anniversary, the law hasn't slowed the rising tide of junk e-mail, says spam researcher.

As the federal Can-Spam Act nears its third anniversary, a spam researcher calls it a "big disappointment" and says it hasn't been a deterrent to junk e-mailers, who have stepped up their efforts in the last few months to flood inboxes with an unprecedented volume of spam.

"Can-Spam has provided more prosecutorial teeth, but it hasn't had a huge deterrent effect," says Scott Chasin, the chief technology officer of MX Logic. "It's been a fairly big disappointment."

To be fair, Chasin says, Can-Spam was never meant to stop spam, only regulate it. But even at that job, the law has been a dismal failure. According to MX Logic's data, no more than 7% of all spam was ever compliant with the legislation's requirements. And that was within the act's first year. This year, compliance ran at all-time lows, never once reaching 1%.

"It's just another reminder that the legislative leg is not having a lot of impact," Chasin says.

Anti-spam researchers -- Chasin included -- have watched as spam volumes jumped in October, then soared again in November. Spammers haven't looked back since. "[Spam] traffic has doubled or in some cases even quadrupled," says Chasin. IronPort, an MX Logic rival in the e-mail security market, recently said that the amount of spam increased by 35% in November over October, and doubled in the 12 months ending in October 2006.

Can-Spam never was equipped to stop the flood of junk mail, says Chasin, who adds that its approach has been made moot by an explosion in botnets, collections of compromised PCs that spammers use to send billions of unwanted e-mail messages a month.

In fact, Chasin is pessimistic about efforts to control or even contain the rising tide of spam. He scoffs at calls to cut off botnets from spammers, and calls such proposals unrealistic. "We don't even know what we're dealing with. The [botnet] detection capabilities are rudimentary at best. And now we're encountering polymorphic 'queen bots' that understand antivirus engines and exploit the signature release windows of [antivirus] vendors. It makes detection very difficult."

Queen bots can easily reconfigure themselves, often on the fly, as they seed a new victim PC, escaping detection by the reactive antivirus companies that must create and distribute a new signature, or fingerprint, for each morphed version of the bot.

The only way to stem the rapidly rising volume of spam, says Chasin, is for Internet service providers to wall off systems by refusing to allow computers obviously owned by consumers to send massive amounts of junk mail. Such PCs are almost always bot-controlled.

"It's got to come down to containment," says Chasin, who recognizes that there are problems with the practice, including privacy issues. "I think the focus [in 2007] will shift from Microsoft and back to ISPs."

Even so, he has low expectations for a solution any time soon. Although Bill Gates' infamous promise in January 2004 that "two years from now, spam will be solved" has been relegated to the technology equivalent of "Dewey Defeats Truman!" the war against spam will be long and hard.

"That was simply wishful thinking," says Chasin. "We're going to be dealing with spam for some time. We're going to be reactive, that's what the security industry does.

"We have a long way to go."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll