Anti-Spam Law Ineffective

Can Spam...Can't.

On January 1, U.S. politicians took a crack at ending the scourge of spam when the Can Spam act went into full effect. Overnight the spam problem changed dramatically: It got worse.

According to the index, which ranks spam the way the S&P500 ranks stocks, the average for December, the month before Can Spam took hold, was 10,000. Towards the end of January, it had climbed to nearly 13,000. The index ranks the general level of spam—the higher the level, the more spam is being delivered.

Just as spam experts feared, illegitimate spam, including the online pharmacies and pleas for banking help from Nigeria—the very mail the act was supposed to eliminate—never missed a beat.

The new law is a bit like speed limits: No one except the truly conservative seems to care. Out of 1,000 spam messages sampled by security vendor MX Logic shortly after the act went into effect, only three followed the new guidelines.

And overall volumes have surged, according to some. "Most hardcore spammers are simply ignoring (the law), while some have moved offshore," says Jim Gildea, an executive with anti-spam vendor Intellireach. China, South Korea and Brazil follow the U.S. as top spamming nations, so it’s likely U.S. operations will move to those countries to sidestep the new law.

A law is only as good as its enforcement, and here the Federal Trade Commission, which is largely responsible for upholding Can Spam, is clearly outgunned. Spammers are too numerous, too anonymous, too technical and too dispersed for the FTC to make much of a dent.

Worse, the federal law supercedes states laws that had far sharper teeth, such as California’s proposed law that would require an opt-in before the spam is sent, and allow citizens to sue spammers privately, such as in small claims court. Can Spam allows users to opt-out after spam is sent, in essence legalizing at least the first spam message.

The good news? Some of the larger legitimate bulk e-mailers are complying. I recently received messages from United Airlines,, and several e-mail newsletters, all of which included opt-out options. Unfortunately, these were all messages I actually asked to receive.

So if the law can’t help, what can you do? Go back to basics:

 Report spam to the originating ISP, the FTC ( | “File a Complaint”), Congress and to organizations that maintain blacklists.

 Teach users how to use the controls built into mail clients, and to never respond to illegal spam.

 Opt out of spam you don’t want that you know comes from legitimate sources.

 Comply with Can Spam within your own marketing organization by using clear subject lines, legitimate source addresses and a working opt-out mechanism.

The bottom line: Don’t slacken your spam defenses, but increase them. The spam flourishing under Can Spam is the worst kind—illegal, offensive and so far, impervious to federal statute.

About the Author

Doug Barney is editor in chief of Redmond magazine and the VP, editorial director of Redmond Media Group.

comments powered by Disqus

Reader Comments:



Thu, Jan 22, 2009 Anonymous Anonymous


Thu, Jun 24, 2004 Rudolph New York

I use Outlook "Plug-In" that filters spam - Spam Bully , it is not free. It blocks all spams that I receive, after I learned spam filter from my email archive.

Thu, Mar 25, 2004 Mike B New York, NY

The best Ant-Spam product on the market is CommTouch ASAP.

Thu, Mar 25, 2004 Robert San Francisco

The real thing that needs to be done is SMTP needs to be modified so that addresses can't be forged and everyone needs to adopt IPv6 (no IP forging.) That will simplify tracking of the offenders and bring an end result to the 95-98% of all spam.

Mon, Mar 15, 2004 Anonymous Anonymous

Do you remember when SPAM used to be sold in a can? Seriously though I see a lot of SPAM email include a link which says click here to unsubscribe and so then the emila from that group stops but then you just start getting a bunch of email from a different group, so you are actually still be spammed but from a (I wonder) diffenent company. This is probably a bogus way of complying with the new spam law.

Sat, Mar 6, 2004 Jason Minnesota

If the ISPs are aware of the SPAM, then yes I think they should be punished. One day I think we'll win the battle against SPAM.

Fri, Mar 5, 2004 Anna Missouri, USA

I use SpamBayes too, and it works great. But it doesn't address the issue of clogging email servers and bandwidth because the filtering takes place on my harddrive. Jeff said his ISP shuts down spammers, but do all ISPs? Or are some letting spammers get away with it in order to make money? These ISPs are the ones who should be punished.

Fri, Mar 5, 2004 Jeff Ohio

I work for an ISP wholesaler. Punishing the ISP is not always a good solution either. We host over 100 isp's and sometimes a user does spam. We shut them down as soon as we are aware of the issue, but as we all know it takes very little time for the spammer to get 100's of thousands of messages out there. So we get punished by blacklist such as Spamcop. This affects all other legit users because of one spammer. Why should they be punished? By the way on our spam filter 95% of all email we recieve is spam. If we could get rid of spam I could reduce my mail hardware by 95%. So I would like to have a solution as well as anyone else but blacklisting is not the answer just a bandaid.

Thu, Mar 4, 2004 Alfredo Pasadena

I am tired at SPAM, why not to make ISPs responsible? Some countries have been targeted for hosting terrorists, and they have been suffering serious consequences for their acts, ISPs that allow or host spammers should be penalized, and then give them probation, and if they don't stop, then good bye from the Internet. The biggest problem is not having an International Authority with proportional representation from all countries in the planet that can control this type of issues that really damage the Internet traffic, this same organization could also help in other issues an viruses, worms, and crimes.

Thu, Mar 4, 2004 Joe New York

Just because it says it's US doesn't mean it is...however the majority I've traced is. I'm using now because I just got sick of tracing headers myself.

Thu, Mar 4, 2004 JRB Kentucky

I have several domains and with them all I get about 1000 spams a day. Of these 70% are selling stuff on web sites hosted in China, most originate from China, Europe and Brazil. So, for the most part it doesn't originate from the US. Of course that doesn't mean that the mail originating from overseas isn't sent from someone in the US logging into the networks over there.

Someone suggested we forward all the spam to Congress and the Senate. Let them see all this and see how they feel about it then.

Thu, Mar 4, 2004 John Chicago

I read a piece in MIT Tech Journal on spam that stated that the majority of spam (something like 80-90%) is estimated to come from less than 100 spammers. The worst offender is some ex-con confidence man from the Detroit area who has a bunch of servers set up in his basement just churning this stuff out.

Tue, Mar 2, 2004 Bob Australia

Hey Dude,
OK, so a very small amount of it's from Korea. I don't read each and every spam I get, but the non-Korean ones I've seen are ALL from the USA. Having deceptive headers means it's breaking the "You CAN Spam" "law". Therefore by definition they are criminals.

Mon, Mar 1, 2004 Dude Atlanta

Bob, if you think its just American criminals your crazy.

Sun, Feb 29, 2004 Bob Australia

Exactly! At least someone's being honest about the fact that this toothless new "law" has made no positive difference at all to the spam problem. It's doubly annoying for us outside the USA who have our mailboxes jammed to capacity with irrelevant US spam so real e-mail can't get through, and who accidentlly delete real e-mails mistaking them for spam. That happened to me again just yesterday, and like everyone else, I'm totally sick of this assault on my internet resources by American criminals. :-(

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.