Can-Spam Act Can't Can Spam

Anti-spam vendors say the new law isn't slowing the torrent of electronic junk mail.
A month after the federal Can-Spam Act went into effect, most anti-spam vendors say that the new legislation hasn't cut down on the glut of junk mail in users' in-boxes.

According to numbers released this week by Brightmail, Postini, and Commtouch, three providers of message-filtering and anti-spam solutions, the amount of spam they've intercepted since the law took effect on Jan. 1 has increased, went unchanged, or fallen by an insignificant amount.

Postini rolled out its January 2004 data on Wednesday, and said that new law or not, spam is still clogging in-boxes. In January, spam accounted for 79% of all the messages that Postini processed for its 2,000-plus business customers, a tiny fall-off from the 80% logged in December 2003.

"The CAN-SPAM Act appears to have had little immediate effect on the amount of unwanted E-mail," said Andrew Lochart, Postini's director of product marketing.

Other anti-spam vendors paint an even more distressing picture of Can-Spam's first month.

Brightmail released its January numbers earlier this week, and said that the amount of spam it stopped increased over the previous month. In January, Brightmail tagged 60% of the messages it processed as spam, a 2% climb over December.

Brightmail's numbers derive from its 300 million users in both businesses and those served by Internet service providers, the company said, as well as its Probe Network, a collection of more than 2 million decoy accounts used to attract spammers.

"We certainly haven't seen a decrease [in spam] since December," said Francois Lavaste, Brightmail's VP of marketing. "But that's not a big surprise."

Expectations of Can-Spam's impact shouldn't be set too high, he said, since legislation is just one component of an anti-spam strategy that should include user education, revised best practices by large commercial mailers, and technology such as anti-spam filters at the gateway.

"Legislation can deter some spammers," said Lavaste. "But at the same time, everyone should realize that spammers have been using deceptive practices for years." They're good at it, he added, and they'll continue to get better, at least for the foreseeable future.

"I don't expect spammers to give up this year," Lavaste said, noting that they're already reacting to Can-Spam by moving more mailings to remote servers overseas.

Likewise, anti-spam supplier Commtouch noted Wednesday that it saw no change in the amount of spam from January and December.

"The month of January clearly shows that spammers didn't take seriously the Can-Spam legislation, and that the legislation didn't affect the number of spam outbreaks, number of spam messages, and the methods spammers use to get into user inboxes," executive VP Avner Amram said.

In fact, Commtouch has seen spammers turn to new techniques to get their messages through increasingly sophisticated filters. One new method relies on letter substitution in headers, subject lines, and message bodies to blow past content-based anti-spam solutions.

In this new approach, spammers substitute other letters or characters for actual letters of the alphabet, modifying the words enough to slip by filters but not enough to confuse users, who can easily decipher the messages. In such substitutions, spammers may replace "A" with "@," "B" with "8," and scramble other letters.

Still, there are glimmers of hope. "The law is a good start," said Brightmail's Lavaste, but he went on to say that since enforcement is such as crucial aspect in any taming of spam, it may not be until a major spammer is hauled off to jail or fined before spammers wake up and smell the coffee.

"They'll think twice only if the [economic] roadblocks are strong enough," he said, "and when there are direct attacks against them. Down the road, spam will become a non-issue--it will be put back where it belongs, a nuisance rather than a threat against corporate communication--but that's going to take a lot more effort by legislation and filtering technology alike."

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing