Spam still presents technology and enforcement challenges
- By William Jackson
- Jul 01, 2004
In case you had not noticed it, spam has not disappeared in the six months that the CAN-SPAM Act has been in force.
By various estimates, spam now accounts for well over 80 percent of all e-mail and still clogs servers and in boxes.
According to the spam filtering company Commtouch Inc. of Mountain View, Calif., the number of spam outbreaks per day increased by 43 percent during the first half of 2004, from 350,000 each day to 500,000.
The CAN-SPAM Act outlaws the use of deceptive marketing in unsolicited commercial e-mails and requires senders to provide accurate 'from' addresses, postal addresses and an unsubscribe function.
In a report on spam activity from January through June, Commtouch said that 10 percent of the millions of spam messages it has examined complied with these requirements.
'Legislation is a good thing, but it's not a panacea,' said Mike Rothman, vice president of marketing for CipherTrust Inc. of Alpharetta, Ga., an anti-spam technology company. 'The reality is, it is difficult to enforce.'
The Federal Trade Commission, which enforces the anti-spam law, filed the first criminal suits in April, against two companies and four individuals charged with selling phony diet patches.
The law also allows civil suits to be filed by private entities. In March, four large service providers, EarthLink Inc. of Atlanta; America Online Inc. of Dulles, Va.; Yahoo Inc. of Santa Clara, Calif.; and Microsoft Corp. banded together to file the first lawsuits. Microsoft has filed 51 anti-spam lawsuits, including eight in June.
'These guys are being aggressive,' Rothman said. 'They've got deep pockets and they're starting to litigate against these people and that's a good thing.'
But too often, the plaintiffs do not know whom they are litigating against. Most of the Microsoft suits name unidentified 'John Doe' defendants.
The Internet supports anonymous communication, and the FTC noted that inability to identify spammers is a major problem in fighting the flood of spam.
'If the cloak of anonymity were removed, however, spammers could not operate with impunity,' the agency concluded last month in its report to Congress in which it rejected the idea of a national do-not-spam registry. 'ISPs and domain holders could filter spam more effectively, and the government and ISPs could more effectively identify and prosecute spammers."
A number of standards are in the works for authenticating the origin of e-mail. Microsoft recently announced it would combine its proposed Caller ID for E-mail protocol with the Sender Policy Framework into a single technical specification. Yahoo is working on Domain Keys, a public-key infrastructure scheme, and the Internet Engineering Task Force has established a working group that expects to propose an authentication standard this year.
'None of these standards has been widely tested, and each is still in development,' the FTC said. They also would not authenticate the identity of a sender, only the second-level domain from which an e-mail was sent.
Widespread adoption of any of these technologies still is years away, although Rothman said government adoption could spur acceptance.
'I think the government is in a spot to drive a lot of this,' he said.
In the meantime, we probably will have to continue fine tuning spam filters rather than fine-tuning legislation, Rothman said.
'I don't know how you could make the law better,' he said. 'It's a profit thing, and you can't legislate out profit. This is a situation we've created. As long as people respond to these offers, we're going to continue getting them.'
William Jackson is a Maryland-based freelance writer.