CAN-SPAM not seen to be effective

Some anti-spam activists claim that the law has actually aided spammers rather than victims

Spammers, apparently in response to CAN-SPAM, changed tactics this year, said Andrew Lochart, director of product marketing at Postini. More spammers are using so-called zombies networks -- computers hijacked with Trojan horse programs -- to send spam, and spammers are using increasingly sophisticated directory harvest attacks to spam corporate mail servers, he said.

About 30 percent to 50 percent of spam came through zombie spam relays in April, MX Logic estimated. In a three-week survey in November and December, the company found 69 percent of spam sent through zombies.

"I think CAN-SPAM caused spammers to change their tactics significantly," Lochart said. "The spammers got even more creative at hiding, and they've always been pretty good at it."

Although CAN-SPAM hasn't resulted in less spam, the law gives law enforcement agencies a new tool in the fight spam, Lochart said. "It's a good thing we have a law, so when we find some of these roaches, we can prosecute them," he said. "It's a good thing that the federal government recognizes how important spam is.”

ISPs and law enforcement agencies have used CAN-SPAM provisions, including requirements to include a valid postal address and an unsubscribe option in commercial e-mail, to go after spammers. Four large U.S. ISPs filed hundreds of lawsuits against spammers this year, and the U.S. Federal Trade Commission filed criminal CAN-SPAM charges against two companies in April.

Despite these efforts, antispam vendors predict more spam in 2005, not less. "Even from a service provider perspective, after all the lawsuits and convictions, we still have not seen a deterrence effect happen," said Scott Chasin, chief technology officer at MX Logic. "Spam has continued to increase and saturate inboxes, and we've not seen a decline whatsoever. From that perspective, CAN-SPAM is pretty toothless."

Chart: CAN-SPAM key events during 2004

Compiled by MX Logic

January

-- The CAN-SPAM Act goes into effect on Jan. 1. While the law does not prohibit unsolicited commercial e-mail, it does require that senders of unsolicited commercial e-mail senders:

-- Identify themselves in the "from" line of e-mail

-- Include a subject line that's consistent with the e-mail's message

-- Include a valid postal address

-- Include a mechanism that allows recipients to opt out of future e-mail from the sender

March

-- Hypertouch, a California ISP, files the first civil lawsuit under CAN-SPAM against the owner of BobVila.com.

-- America Online Inc., EarthLink Inc., Microsoft Corp. and Yahoo Inc. file the first major ISP lawsuits under CAN-SPAM.

April

-- The first criminal prosecution under CAN-SPAM Act happens in Michigan. Arrest warrants are issued for four men charged with sending out hundreds of thousands of fraudulent unsolicited e-mail messages advertising a weight loss product.

May

-- The U.S. Federal Trade Commission (FTC) requires all unsolicited e-mail with sexually oriented content to include the label “SEXUALLY-EXPLICIT:” in the subject line.

June