Time to can the CAN-SPAM Act

Anyone who hated spam also hated the CAN-SPAM Act of 2003. Its core opt-out policy doomed it for failure. It superseded stronger state laws, made it impossible for individual lawsuits, and provided woefully inadequate penalties when applied in the court. And worse, by following a few simple rules, it literally made spam … er … "unsolicited commercial e-mail" legal.

It’s been two years now. Who was right, the critics or the Congress?

As part of the CAN-SPAM Act, the Federal Trade Commission (FTC) is required to report to Congress on the Act's success. The 116-page report looks like one of those first-year-of-college essays in which the writer uses big margins and abnormally large line spacing (I’m not kidding about this) to say a lot of nothing. It’s obvious the preparers were reaching for something good to say, and even then could not find much to brag about.

Sadly, Congress won’t read the Patriot Act, much less the CAN-SPAM report. More sadly, mainstream media bought the success stories touted by the FTC. The three-page Executive Summary actually concludes by saying that the CAN-SPAM Act needs no modification. Hey, now we can all sleep better at night.

If you don’t have time to read the FTC’s report, let me give you my Executive Summary of whether CAN-SPAM has led to a decrease in spam: No!

Gee, I didn't even need multiple pages to say that.

The real question is whether or not the percentage of spam as compared with total e-mail sent is decreasing. Although several entities report drops in the amount of spam reaching end-users because of improved filtering capabilities, the real rate of spam is leveling off at between 50 percent and 70 percent of e-mail traffic, depending on which statistics you read.

And if spam reaching the end-user has decreased because of better filtering devices, then the CAN-SPAM Act has had no part in any so-called success. The CAN-SPAM Act did not dictate spam filtering techniques or technologies. If anything, as predicted, the CAN-SPAM Act led to more spam being considered legal unsolicited e-mail.

Phishing, targeted e-mail attacks, and spam bots were up enormously in 2005. The criminals are still doing their thing, and a few dozen lawsuits under the statute haven’t changed that. In fact, every spammer caught has cloaked his or her defense in the cloth of the CAN-SPAM Act.

According to every statistic I can gather, today’s spam levels still haven’t fallen to pre-CAN-SPAM levels. When the Act took effect in January 2004, MessageLabs, which processes Internet e-mail for 12,000 clients, reported that spam accounted for 50 percent of all e-mails. It immediately shot up for the next year and a half: Today, although spam is “leveling off,” the total spam percentage is 68 percent, or 18 percent higher than it was before the act.

Maybe the FTC found some good news in Brightmail's break-even analysis. Brightmail reported a 60 percent spam rate in January 2004. Acquired by Symantec in June 2004, Brightmail/Symantec’s spam detection rate in June 2005 was 61 percent -- just a minor increase.