Old Content

The U.S. Federal Trade Commission believes that CAN-SPAM is working. The law, which went into effect in January of 2004, tried to strike a balance between sanity in users' inboxes and the desires of direct marketers everywhere. When it went into effect, the consensus among the technology community could be described as follows: CAN-SPAM is a waste of time. For the most part, that sentiment has not changed, although the law does have a few friends.

In a 116-page report to Congress entitled "Effectiveness and Enforcement of the CAN-SPAM Act," two essential points are made: CAN-SPAM is stopping (some) spam, and more work needs to be done. On these two points, who can disagree? Sure, CAN-SPAM does stop some spammers, especially more or less legitimate business engaging in spam. But the second point is the important one: whatever CAN-SPAM does, it's not doing it well enough. While the FTC takes pride in the fact that some 50 lawsuits are pending against spammers across the country, it is too quick to assess spam trends as having a causal relationship with CAN-SPAM. For example, the report lauds a 9 percent decrease in spam between periods analyzed in 2004 and 2005 (down to 67 percent of all e-mail traffic), but how much of that is attributable to better spam filtering, especially server-side? The fact that an MX Logic study shows that e-mails compliant with CAN-SPAM have only clawed their way to 4 percent, up from 3 percent last year, suggests that whatever good is happening, it's not particularly related to CAN-SPAM.

There's also a definitional problem. CAN-SPAM is based on the opt-out approach to marketing e-mail, and allows a broad range of marketers to contact you so long as they provide proper opt-out options. Most users see this e-mail as spam, but in the CAN-SPAM world, it's legitimate marketing e-mail (and we can hardly be surprised that they love CAN-SPAM). I think this is one of the reasons why trainable spam filtering is so popular; I'll decide for myself what is spam, thank you. I also think such filters can be identified for the improvements we've seen over the past few years.

Thankfully spam has not destroyed the promise of e-mail, but it certainly makes e-mail far less reliable. For instance, while we can applaud technological tools aimed at fighting spam, we must also light a candle for all of the "lost" e-mail eaten by spam filters. Hallmarks of idiosyncrasy, spam filters and their attendant "did you get it, be sure to check your spam filter" mantras have certainly made using e-mail that much more complex.

What's the solution? Technology, of course. The FTC says that progress in the fight against spam will come only when there is more assistance from the private sector, in terms of both technology and cooperation. Part of this, they hope, will be accomplished by moving to a sender authentication system akin to Domain Keys. It couldn't happen soon enough.

The FTC also recognizes that there needs to be cooperation on an international level, too. The FTC is putting its weight behind the so-called Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers Beyond Borders Act of 2005 (US SAFE WEB Act of 2005, get it?). The bill would seek to give the American government more teeth to go after international spammers. But let's not lose focus of the facts: the United States still leads the world in spam, both domestically, and abroad. It may seem like you only get spam from Nigeria, but chances are, most of your spam comes from the United States. And what you and the feds consider to be spam aren't necessarily the same thing.

Is CAN-SPAM doing enough? Can any legislation do enough?