FTC says federal spam law has worked

WASHINGTON--About 70 percent of the world's e-mail messages continue to be spam. But the number is leveling off, which federal officials on Tuesday cited as evidence that a law enacted two years ago is working.

At a press conference here, the Federal Trade Commission released a report (click here for PDF), delivered last week to Congress, that said the so-called Can-Spam Act is "effective in providing protection for consumers."

Can-Spam has permitted the agency to pursue lawsuits against spammers and has spurred adoption of commercial e-mail "best practices," such as including an "opt out" link and the sender's postal address in any unsolicited message, said Lydia Parnes, director of the FTC's Bureau of Consumer Protection.

What remains unclear, however, is how effective the law has been. Statistics compiled by antispam companies show that the total number of junk e-mail messages has leaped 62 percent in the last year. At the same time, filtering technology has dramatically improved, which could account for in-boxes not completely overflowing.

Some critics of Can-Spam, which requires an opt-out approach rather than a stricter "opt in" standard, have even suggested that the law may have increased the amount of junk e-mail. That's because Congress intentionally killed tougher state laws, such as one in California that had required recipients to opt into commercial mailing lists.

The FTC's Parnes acknowledged that it was problematic to attribute a cause-and-effect relationship to the 2003 law. "I think it's difficult to parse out the effectiveness of the law versus the technological advances in reducing spam," she said.

Parnes also warned that the nature of spam content appears to be growing increasingly malicious, and spammers continue to evade law enforcement by registering with domain name registrars under false names. The FTC encouraged improvements in spam-busting technology and in "domain-level authentication," as well as a continued effort to educate consumers about the Web bane.

The FTC drew its conclusions based on its own experiences with enforcing the legislation and interviews with "scores of individuals," including consumer group representatives, e-mail marketers, Internet service providers, law enforcers and computer scientists.

The agency used data from e-mail security company MX Logic, among others, to conclude that the number of spam messages is leveling off or even declining. That company calculated that in the past year, an average of 68 percent of the messages it screened fell into the spam category--down from an average of 77 percent last year.

But because the overall number of e-mail messages is rising, a slightly smaller percentage of a much larger number means that spam continues to grow. To derive its numbers, MX Logic evaluates a random sample of 10,000 messages each week from its roughly 7,000 business clients.

"We would not make the statement today that spam has completely declined," said Scott Chasin, the company's chief technology officer. "What we can say, and what we believe, is that spam has declined as far as reaching the consumer's in-box. I think it's a big difference from saying overall spam volumes are down."

The FTC also said the number of legitimate commercial e-mailers complying with Can-Spam is on the rise. MX Logic, however, reported that only 3 percent of the total messages it screened last year and 4 percent this year actually met those standards--that is, providing a subject line that jibes with the body of the message, a postal address, an opt-out link, and, in the case of adult-oriented e-mail, the FTC-mandated "SEXUALLY EXPLICIT" label in the subject line.

"I think largely the most compliance has come from the legitimate e-mail marketers that are desperately trying to find their own identity for their content because they, too, are suffering from deliverability issues due to spam-filtering at the end point," Chasin said.

Jordan Ritter, chief technology officer of Cloudmark, another e-mail security company, said it's tough to measure whether spam is actually on the decline--and, if so, what role the Can-Spam Act actually plays.

For its part, Cloudmark reported a 62 percent increase in the number of spam messages in the past year. In mid-December of this year, its users have flagged about 3.5 million messages per day as spam, whereas they designated 2.2 million at the same time last year. (The percentage of spam messages flagged, however, barely changed, as the total number of messages the company checked also grew from 450 million per day last year to about 800 million this year.)

"I think different organizations and different constituencies see different things," Ritter said. "I can definitely say from our technology, as well as the many ISPs we work with, that the process has worsened and the burden is becoming more expensive to carry."

More spam lawsuits
Also on Tuesday, the FTC announced that it's in the "early stages" of litigating cases against three more alleged U.S. spam operators, while attorney generals in Florida, North Carolina and Texas filed their own suits against three additional spammers.

The cases--part of what the FTC calls "Operation Button Pusher"--involve alleged scams related to mortgages, online pharmaceuticals and a product called Fuel Saver Pro that claims to boost vehicle fuel efficiency and reduce emissions. A spam database kept by Microsoft tipped off the U.S. government in each instance.

The Canadian government also has joined the crackdown operations. Andrea Rosen, assistant deputy commissioner for the Canadian Competition Bureau, appeared at the press conference to announce two recent settlements with spammers who promoted Fuel Saver Pro. An estimated 400 victims in Canada, the United States, the United Kingdom, France and Australia fell for the claims, Rosen said.

Since Can-Spam was adopted in 2003, the FTC, Department of Justice, state attorneys general, and Internet service providers have brought more than 50 cases against suspected spammers. Parnes admitted that she had "no idea" what percentage of the world's spammers those prosecutions represent.

The FTC still contends that Congress doesn't need to change Can-Spam.

But, citing concerns over its ability to fight spam that originates abroad, the agency renewed its call for a piece of legislation that would beef up its ability to share information with international enforcement agencies. The proposal was approved by the U.S. Senate Commerce Committee last week, but it was unclear when it would proceed to consideration by the full Senate.

CNET News.com's Declan McCullagh contributed to this report

[markdoiron]

Opt-Out Link is Near Useless

spammers are not and never were the business to whom you purposefully gave your e-mail address and from whom you now wish to stop receiving e-mails. you wouldn't have given them your e-mail address in the first place if you didn't expect them to respect your request to stop sending e-mail--can spam or not.

yet can-spam acts as if an opt-out link isn't a valuable commodity to true spammers--those scum-bags who are still clogging in boxes with offers of free stock tips (i get dozens a day), etc, and for whom an opt-out link is a payment because it verifies your e-mail address is legit. i wish our congress had learned something about spam and spammers before writing this law. :-(

mark d.

mark d.

[milliehc]

no unsubscribe----

When you get an answer please let me know----Millie Cummins...

[lcftn]

Follow the money

The can-spam act works just like everyting else in Washington.

Juat follow the DMA lobby money.

(Direct Marketing Association) the *real* power behind spam. http://www.the-dma.org

[milliehc]

No unsubscribe???

Thank you for giving me the oppunity to ask this question that I have been wanting to ask for a long time---When I started with the computer every e-mail that was sent to my in-box without my knowledge had a place where i could unsubscribe but now this is not possible why??? And why don't we have a law to make this happen???Thank you Millie Cummins milliehc@earthlink.net---

[rcrusoe]

Re: No unsubscribe

It appears a large portion of spam these days is sent from
privately owned Windows computers that have been hijacked by
spammers. Since the spammers have already broken the law in
order to take over these computers, what is the chance they
would comply with an opt out law?

Some time ago I researched the source on the spam received at
our company. At that time tons of the domestic spam we were
receiving came from the big cable ISPs. IMO, the only solution
to this and a lot of virus programs is for the ISPs to scan their
networks and block any customer with an infected computer
until they have fixed their PC.

But considering that, according to many sources, 90% of the
world's Windows computers are infected with spyware and/or
viruses, that would mean the ISPs would be alienating almost all
their customers. And what good would that do since most
Wintel machines are doomed to be re-infected in a short time.

So until the world's email technology evolves into a more secure
system (in the far distant future) it looks like everyone will need
to become a spam filtering expert, or subscribe to a third party
service that does it for them.

[SeizeCTRL]

What's their email address?

I would like to FWD them a few things I get daily that I cannot get rid of.

Currently trying out BlueFrog in hope that it works.

[amigabill]

Yea, and I'm a Chinese jet pilot...

And Iraqi Information Minister Muhammed Saeed al-Sahaf kept telling the people of Iraq that America was doing extremely poorly in the war, America wasn't anywhere near the airport, and that the old Iraqi military was extremely close to killing every American in that hemisphere.

Sure, just because someone says something doesn't mean he's right. Either the yardstick used to measure this success rate is slightly flawed, bent in half, or they haven't seen very many inboxes lately.

I still get a lot of spam in my hotmail account. 99% of what I get there is spam. It's rare to see one with a remove-me link at all, but like Hotmail's usage guidelines indicate, don't risk the ones that are there to actually work as they usually don't. But that's precisely why I have a hotmail account, that's what I use when ordering stuff so they won't spam or sell to spammers my "real" email addresses.

I occasionally get viagra sales pitches and other spam leaking into my work email or my "real" home email. They don't have remove-me links. Sorry dudes, I can't see that as proof that the CAN-SPAM law works, as the empirical evidence I see says the law simply does NOT work.

Any reductions or limits to spam I get compared to previous years I credit to the IT depertment at work or the filters in my email client learning enough tags to get good at what they do. And these filter technologies existed before CAN_SPAM, so the lawmakers deserve zero credit for that, the IT guys and email client programmers deserve that credit, which would be true if CAN-SPAM never happened.

To anyone that's seen a reduction in spam entering their inboxes, thank the guys at your ISP for keeping the filters running as well as they can and thank whoever programs your email software. To the guys that wrote, voted on, passed, and market the CAN-SPAM law, thumb your nose at them, as that's all the thanks they deserve from what I can see from what still happens in my own email accounts.

[rcrusoe]

CANSPAM is working . . .

and the check is in the mail, and of course I'll respect you in the
morning. The only reason many users have less spam in their
Inbox is due to blacklists, graylists, and a lot of work by email
administers using tools like Spamassassin. The CANSPAM
legislation was good for a laugh, but that's about it.

Perhaps the FTC would like schedule a "Spam a Fed" day. All us
administrators could redirect the output from our spam filters to
the FTC's email servers for 24 hours.

Then they may get a clue how well the "Federal Spam Law has
(not) Worked".

[Seaspray0]

Get their attention

I'm tired of spam just like you are. But what can we do about it? We're the little guys, remember? The lawmakers passed the useless CAN SPAM act to make it look like they actually were doing something but it was so weak, spam is still exploding! I just wish they could get a taste of how annoying all this spam is. Hmmmm... What do you think would happen if everyone forwarded their spam to their representatives in the federal government and continued to forward it until they actually did something about this? When you add up all of "the little guy" that would be alot of spam sent their way. Is this what it would take to make them notice?

[Seaspray0]

I never signed up!

Now how can it be that I "subscribed" to receive all these spammers' emails? It's BS! and just another spammer's trick to make themselves look legit. You know they mine email addresses anywhere they're posted like mad. Yep, anytime you put your email address on the web, you can be assured a spammer somewhere is going to find it. I should report this terrible behavior to the president at comments@whitehouse.gov or even the vice president at vice_president@whitehouse.gov so they'll do something about it.

[aabcdefghij987654321]

The solution to SPAM

Is the same as it always has been. If everyone (yes, everyone) never purchased anything from spammers then they'd dry up and go away.

In fact it astonishes me that anyone would give their credit card numbers to someone like a spammer when it's obvious by the fact that they spammed you that the spammer has no respect for anyone except themselves.

The rule now and always will be NEVER, EVER BUY ANYTHING FROM A SPAMMER. That ought to be the first thing every ISP tells each and every new account holder and should be repeated often. Until people stop buying, spammers will continue selling no matter how many millions of garbage emails they have to send.

[Steve Jordan]

I've never bought from a spammer.

That doesn't stop them from continuing to spam me. Problem is, even if nobody buys, just opening a spam e-mail can send back info to spammers. That will keep them spamming, if only to get data to sell to others. The real solution is a rebuild of the e-mail system, from the ground up, giving it the security that the original e-mail system never had.

[Steve Jordan]

Out of Touch

Just goes to show you how out of touch the Fed is, when it comes to the Internet in general. They've clearly demonstrated their status as complete Luddites when it comes to technology issues, and are explicitly responsible for America's losing its tech edge and leadership to other countries.

[amydh03]

Guilty until proven innocent?

I understand SPAM is annoying and illegal. The problem is, anyone can accuse a person of spamming and that person is guilty until proven innocent. The fact is, I run a business from home and have never used SPAM to market or contact people, but I have been banned by some ISP's. I don't even know who complained or why. Everyone I have ever contacted has been a double opt-in recipient. Just because you don't remember giving consent to third party advertising doesn't mean that you didn't do it. Most of the email I receive comes from sources I recognize and have actual opt-out links that work.
All of this anti-spam phobia is just making life harder for legitimate business people. I can't send many emails at a time from my ISP, so I have to pay for another account for that. Spammers have so many ways to get around this and not be harmed because they don't care about breaking the law and they use "bullet proof" ISP's. Legitimate business people are the only ones being hurt. SPAM filters filter out everything based on a few words in the message. It's ridiculous. Quit whining and start deleting messages you don't want just like you throw away junk mail.

[Ringmaster1]

Make it easy to forward unopened spam!

Is it possible to just forward "unopened" spam to an agency for tracking and enforcing spam legislation?

[wbenton]

SPAM is for the MOST part UNWANTED!

I think this sums it up pretty well:

>>>"I think largely the most compliance has come from the legitimate e-mail marketers that are desperately trying to find their own identity for their content because they, too, are suffering from deliverability issues due to spam-filtering at the end point," Chasin said.<<<

Compliance has come from a small minority where as it's the majority whom are not compliant.

But SPAM in my E-mail box is still SPAM in my E-mail box. Filtering doesn't STOP spam... it only blocks it from getting into my In-Box... except that it occasionally blocks non-SPAM as well and thus it does NOTHING to solve the problem of the SPAM being sent in the first place.

Thus even if certain SPAM meets certain government rules/regulations as official SPAM... it's still none the less SPAM and as such is unwanted regardless of whether somebody else says it's OK because it meets certain criteria.

The ONLY criteria that should be required is IF I ASKED FOR IT OR NOT... thus OPT IN is the only real way to do that. And the OPT IN method must be non-refutable... thus if there is no way to confirm whether I really asked for that SPAM or whether somebody else pretending to me asked for that SPAM... then it should not be an official OPT IN method. ONLY irrefutable methods should be used.

And if there aren't any irrefutable methods... then that's though luck for them... they need to seriously start figuring out a way to make such an irrefutable method rather than try to legalize SPAM.

Bottom Line: It's unwanted... unnecessary... and continues regardless of whether figures say it's down or not.

Filtering is not the answer... compliance is not the answer. Thus the ONLY answer is to stop it at it's source. Make ISP's responsible for what comes out of their sites! And if they don't do that... then yank their ISP license!!! Lobbying for SPAM to be allowed is a waste of taxpayer's money!!!

Walt

[KYtransplant]

The FTC Spam Complaint page "can not be found"

Not only is the problem of spam a huge problem, when you try and report it to the FTC via the web, their online complaint form doesn't work :S

That is almost as frustrating as the spam itself. Something tells me if you can find a legitimate address for a spammer (UCE) rather than rely on government to get the job done, just call the Better Business Bureau. Better yet, use their online form since it WORKS (unlike the government's).