The Web: Feds flop at stopping spam

"The CAN-SPAM Act has been largely ineffective," said Edward Naughton, an intellectual-property law partner with the firm of Holland & Knight, based in Boston. "Most of the data, and my own experience, indicates that the volume of spam has increased since the statute became effective."

A private-sector study released this week confirms the attorney's intuitive read of the spam situation.

"Predictions of the impending death of spam are premature," said Scott Chasin, chief technology officer at MX Logic Inc., a Denver-based provider of e-mail defense software.

The research indicates that phishing scams -- fake e-mail, sent out as spam to dupe unsuspecting consumers -- have increased in frequency and sophistication during 2005. In recent months MX Logic's threat-assessment team has seen a 14-percent increase in spam, and the firm notes that 68 percent of all e-mail sent this year has been spam.

Another recent report by Sophos Inc., an IT-security company based in Lynnfield, Mass., indicates that new threats from malware -- viruses, worms, etc. -- spread by spam has increased 48 percent in 2005, with November being the worst month ever for viruses on the Internet. Sophos said that one in every 44 e-mails sent during 2005 contained a virus -- and that this increases to one in every 12 e-mails during a "major outbreak."

There are several theories as to how this acceleration of spam can be curtailed, experts tell The Web.

Only about 4 percent of all e-mails are compliant with the CAN-SPAM regulations, which, for mass e-mail, require that an "unsubscribe" link be included. Some Internet service providers have prevailed in court against spammers, including EarthLink, whose efforts led to the prosecution of the so-called Timeshare Spammer and a $15.4 million judgment against a spam consortium.

But the feds themselves don't appear to be as hard-nosed as the ISPs in attacking the spam threat -- and therein may lie part of the problem with the proliferation. "The FTC should increase its enforcement efforts, or Congress should consider providing citizens a private right of action," said Jim Cashel, an intellectual-property attorney with the firm of Montgomery, McCracken, Walker & Rhoads, based in Philadelphia. "The key to the effectiveness of laws such as CAN-SPAM is enforcement."

Increased federal vigilance may not happen anytime soon, however, experts tell The Web. That's because the CAN-SPAM Act itself was a massive compromise piece of legislation, based on a melding of the interests of 34 different states, which were already enforcing their own state laws against unwanted e-mail missives. This continues today, as states like California and Texas have requirements for the subject lines of "adult" content e-mail that differ from those of the federal law.

"Even though system administrators are spending a fortune in additional disk space and on filters, generally most e-mail users are so numb to spam they hardly notice anymore," said Peter Vogel, an attorney with the Dallas office of the law firm of Gardere Wynne Sewell.

Another problem remains with rogue overseas spammers. "It is difficult to control off-shore spam," said Vogel, "which is why there has been so little enforcement of the CAN-SPAM Act."

That being said, many domestic e-mail marketers, like ExactTarget, have had to become well-versed in compliance issues since CAN-SPAM was passed in 2004, because their customers require them to do so.

According to e-mail marketing expert Chip Cummings, author of the book "Stop Selling and Start Listening -- Marketing Strategies That Create Top Producers," the honest companies have already complied with the law, meaning that the severe problems remaining on the Internet are being caused by scofflaws. Until the feds really crack down on spammers, Cummings recommends that computer users take matters into their own hands. He suggests that users have separate e-mail addresses for business, personal and shopping transactions. Never post your primary e-mail on blogs or chat rooms. "If you must post an e-mail address online, use an image of the address, instead of a link, to avoid automated harvesting programs," Cummings told The Web. "The government can claim a few victories in the war against unsolicited e-mail marketing, but the overall effect has been negligible at best."

Copyright 2005 by United Press International