Anti-Spam Law Has Yet to Stem the Tide

Anti-spam laws won't bring relief any time soon, so IT managers must enforce company policies.

According to tracking performed by anti-spam companies Commtouch Software Ltd. and Finjan Software Ltd., CAN-SPAM has not yet had an impact on the amount of spam traveling the Internet.

On Jan. 8, Commtouch reported that the companys detection centers saw no significant change in the number of spam attacks through that date. The company began measuring the daily spam volume in December, before CAN-SPAM became effective, and continued after CAN-SPAM went into effect.

Further, of the examined e-mail that Commtouch marked as spam, only one message in 1,000 contained a valid unsubscribe e-mail address and a postal address, as required in the CAN-SPAM legislation.

Separate numbers from Finjan did find less spam after the legislation was enacted than before, but Shlomo Touboul, founder and CEO of Finjan, chalks that up to a temporary regrouping.

"Weve seen a slight decrease according to our own labs and customers, but we believe it will be very short and very temporary," said Touboul. "This slowdown period is probably the result of companies regrouping to find ways to comply with ... CAN-SPAM, and not the result of spammers giving up."

Identifying spam

How the generally accepted definition of spam differs from CAN-SPAMs, and why the difference matters to IT managers

Generally accepted definition of spam

  • Its bulk Spam is a single message that is sent to thousands or millions of e-mail addresses. Its a problem because it wastes bandwidth, cuts employee productivity and increases storage costs.
  • Its commercial Most spam is sent with the purpose of getting money from the recipient. In eWEEK Labs anti-spam tests, we almost exclusively see messages that promise a product or service in exchange for money.
  • Its unsolicited The recipient did not initiate the communication. Spammers send unsolicited messages to ill-gotten e-mail addresses.

The CAN-SPAM definition

  • Bulk doesnt matter CAN-SPAM never actually refers to "spam" in the body of the act. Even so, the biggest difference between our definition of spam and the one found in the CAN-SPAM Act is bulk. The number of messages sent is used only to set penalties.

Why it matters

  • According to CAN-SPAM, it doesnt matter whether an e-mail campaign contains one message or 1 million—its still spam in the eyes of the law if it doesnt meet the CAN-SPAM requirements. IT managers will have to stay in close contact with their companys marketing and advertising departments to make sure that all e-mail complies.

eWEEK Labs editors, reporters and analysts likely receive more spam than most businesspeople because eWEEK is published in multiple languages, with staff e-mail addresses published liberally throughout the Web. However, a spam filter is in place at Ziff Davis Media Inc., eWEEKs publisher, and our unscientific survey of eWEEK e-mail post-CAN-SPAM confirms that spam hasnt slowed.

With figures from e-mail security company Postini Corp. Also showing that the spam rate is not slowing down, it is clear that IT managers wont be getting any near-term relief in the spam battle.

eWEEK Labs strongly urges that IT managers take time to reinforce e-mail guidelines that prohibit responding to the unsubscribe link found in the body of many e-mail messages. Even though CAN-SPAM requires an opt-out mechanism, we find it hard to believe that spammers with less-than-scrupulous intentions will actually comply. In fact, we think it is very likely that unscrupulous spammers will take advantage of users expectations that the unsubscribe link will now actually work in order to confirm that the e-mail address is valid.