January 1 marked three years since the implementation of the cleverly named federal law on Controlling the Assault of Non-Solicited Pornography and Marketing, better known as CAN-SPAM. But according to companies that combat unwanted email, electronic spam has an even longer shelf life than the luncheon meat.
The act “has had no impact on lowering the volumes of spam,” maintains Scott Chasin, chief technology officer of MX Logic, an email security company that has observed a steady drop in compliance with the act.
Among its provisions, CAN-SPAM requires that commercial email messages must not contain deceptive information in the “from” or “subject” lines; must offer a functioning email address that allows recipients to “opt out” of receiving future messages from the sender; must contain clear and conspicuous notice that the email is, indeed, an advertisement or solicitation; and must include a valid postal address for the sender.
Regarding these seemingly straightforward measures, maintains MX Logic, only 7 percent of commercial emails were in compliance as of the end of 2004. In 2005, compliance ranged between 2 and 5 percent, and in 2006, it never reached 1 percent, according to the company. Chasin adds that during the last two months of 2006, spam traffic on the Internet doubled, and during spike periods, quadrupled.
Email security company Postini noted the same spike; by its reckoning, spam accounted for more than 93 percent of all email messages last December. That month alone, Postini asserts, it blocked more than 25 billion unwanted commercial messages, 144 percent more than in December 2005. The rising tide of spam “is threatening the viability of email for businesses that are not properly protected and is sapping the productivity of hundreds of millions of workers around the world,” maintains Postini executive vice president of marketing Daniel Druker.
Part of the problem, explains MX Logic’s Chasin, is simply due to the evolution of email from a narrowcast medium — friend to friend, family member to family member — into a broadcast medium in which nine out of ten messages carry a marketing pitch. Trust in email continues to fall, he adds, and as the level of “pollution” increases, the value of email as a means of communication continues to fall as well.
Chasin acknowledges that legislation is no “silver bullet” for the problem but insists that the United States could do much better. Most other countries that have adopted anti-spam legislation, he observes, follow an opt-in model — which, in its simplest form, requires individuals to sign up before commercial email messages can be sent their way. CAN-SPAM follows an opt-out model, in which recipients must unsubscribe to stop the junk from coming; that’s “backward,” insists Chasin.
John Reid, of the nonprofit Spamhaus Project, puts it less kindly. The act “said people in the United States are allowed to spam if they follow certain criteria,” maintains Reid. “It’s a joke law.”
Who’s spamming, and how, has also changed dramatically in the past three years. When the law was adopted, says Postini’s Druker, most of the troublemakers were unethical marketers, operating solo; they used their own computers and their own Internet connections to distribute spam, so they were relatively easy to track down. Once criminals saw the profit potential, he adds, organized spammers began sending junk email though “zombie networks” of millions of PCs that were electronically hijacked, generally without the knowledge of the owners. The character of the messages has changed, too; today they often facilitate criminal activity such as identity theft, fraud, or pump-and-dump stock schemes, Druker observes.
For spammers, the economic model has become much more attractive. “Because they’re stealing other people’s computers to do this, their cost to send out spam is zero,” notes Druker. And the payoff? The ROI for stock fraud schemes can be 6 percent in a single day, he maintains.
While most companies invested in countermeasures long ago — by implementing email security systems available from MX Logic, Postini, and dozens of other providers — many companies also allow their employees to communicate through other channels, such as instant messaging, wireless devices, and other personal technology used for business purposes. That newer electronic territory is relatively clutter-free today, but where there’s a dollar to be made, you can be sure that spammers will follow.