The Act came into force on 1st January 2004. It established a
framework of administrative, civil and criminal tools to tackle
unsolicited commercial email.
It provides for a national Do-Not-Spam list; requires that spam
sent to consumers includes a means of opting-out of the mailing
list used by the sender; bans the sending of fraudulent emails or
unmarked sexually oriented emails, and provides for civil and
criminal sanctions for those spammers who breach the rules.
The penalties may amount to fines of $6 million and five years
in prison in the most severe cases.
But the Act has been severely criticised over the fact that it
fails to actually "can" spam. There is no ban on sending
unsolicited commercial e-mail or text messages.
Despite this, the FTC yesterday published a report to Congress,
concluding that consumers are receiving less spam now than they
were receiving in 2003.
The report
The report, “Effectiveness and Enforcement of the CAN-SPAM Act,”
looks at research provided by email filtering firm MX Logic. This
reveals that spam accounted for 67% of all emails sent in the past
year, down 9% on the previous year.
“The volume of spam sent over the internet has begun to level
off, and, even more significantly, the amount reaching consumers’
inboxes has decreased, due to enhanced anti-spam technologies,”
reads the report. “There has been a significant decrease in the
number of spam messages containing sexually-explicit material. And,
legitimate online marketers have complied with CAN-SPAM in large
numbers.”
But the FTC finds it hard to ascribe responsibility for the
drop.
According to Lydia Parnes, Director of the FTC’s Bureau of
Consumer Protection, “We’re using technology and teamwork in the
battle against illegal spam”.
“Taken together, they are helping us combat the outlaw spammers
who disregard laws designed to prevent fraud and protect consumers’
rights,” she added.
The report states that the Act is effective in providing
protection for consumers, and that state and federal law enforcers
and the private sector are enforcing the Act aggressively. The FTC
alone has brought 21 cases under CAN-SPAM and another 62 cases
targeting spam before the enactment of the law.
The report observes that the Act codifies “best practices” that
legitimate marketers are following and notes that technology
advancements may be the most useful tool in combating outlaw
spammers.
But the report also finds some troubling signs.
“There has been a shift toward the inclusion in spam messages of
content that is increasingly malicious,” says the report. “Rather
than merely advertising products and services, spam messages now
sometimes include “malware” designed to harm the recipient.”
The report also highlights spammers’ use of “increasingly
complex multi-layered business arrangements” and the fact that
'Whois' databases frequently contain inaccurate information, as
causes of concern.
“As Congress found when enacting CAN-SPAM, the spam problem
cannot be solved by legislation alone; technological approaches and
international cooperation are key,” concludes the report.
It sets out three steps that could improve the impact of the
CAN-SPAM Act:
- The enactment of the “US SAFE WEB Act,” to improve the FTC’s
ability to trace spammers and sellers who operate outside of the
United States. This Act was recently approved by the Senate
Commerce Committee, but has yet to be debated by the full
Senate.
- Greater efforts to make consumers aware of the various ways
they can protect themselves from spam, spyware, and
sexually-explicit material.
- Continued improvement of anti-spam technology, and in
particular, tools that prevent spammers from operating
anonymously.
Reactions
The Direct Marketing Association (DMA) welcomed the report,
noting that legitimate firms are trying to comply with the
requirements of the Act.
"CAN-SPAM is a necessary part of the cooperative effort that
government, businesses and consumers must undertake to combat
spam,” said Jerry Cerasale, the trade group’s senior vice president
for government affairs. “The law provides the enforcement muscle
that complements what email providers, legitimate marketers and
ISPs are doing to keep ahead of constantly-evolving
technologies."
Graham Cluley, senior technology consultant for security firm
Sophos, agreed that CAN-SPAM has been successful in some respects,
particularly in obtaining the conviction of some of the most
notorious US spammers.
"Improved corporate and consumer security measures and
cooperation between internet service providers have combined with
the CAN-SPAM act to reduce the percentage of spam being relayed
from the USA," he said.
However, according to Sophos, the US still leads the chart of
spam-relaying countries, accounting for 26.8% of all spam.
"The unfortunate truth is that spam is a lucrative global
business, driven by criminal intent, and well beyond the ability of
CAN-SPAM to control," said Cluley. "Individuals and corporations
who do not take proactive measures to protect themselves from the
onslaught are certain to fall victim to the detrimental effects of
spam in one form or another."
In his opinion, by placing the responsibility on individuals to
opt-out of email lists rather than require email marketers to only
send messages to individuals who have opted in, CAN-SPAM has
created a large loophole, through which large volumes of spam can
still flow.
