Print
Close Window
From: www.itworld.com
CAN-SPAM still gets mixed reviews
March 31, 2008 —
When the U.S. Federal Trade Commission announced a $2.9 million settlement
with online marketing firm ValueClick this month, it was a record monetary settlement
under the 4-year-old CAN-SPAM Act.
That announcement came just days after so-called spam king Robert Soloway pleaded
guilty in Seattle to a number of criminal charges. Soloway, who faced one count
related to CAN-SPAM in addition to mail fraud, wire fraud and other charges,
faces up to 26 years in prison.
But despite these recent court cases, some critics don't see a lot of value
in CAN-SPAM, short for Controlling the Assault of Non-Solicited Pornography
and Marketing.
"CAN-SPAM has had virtually no impact on the spam problem at large,"
said Ray Everett-Church, a longtime spam fighter and director of policy and
professional services at Habeas, a company that provides e-mail authentication
services. "It has enabled the FTC to take action against a few bad actors,
and that has worked to deter some otherwise legitimate companies from playing
fast and loose with the rules."
But spam is as big of a problem as ever, and the worst spammers "remain
unfazed and undeterred" by CAN-SPAM, Everett-Church said. Everett-Church
and other antispam activists criticize CAN-SPAM for allowing marketers to send
unsolicited commercial e-mail until people opt out.
Harvard University technology security officer Scott Bradner called spam prosecutions
and settlements "all too rare" in
a recent column at Network World. "To say that the FTC has been careful
in its approach to enforcing this act would be misleading -- a better word would
be 'lethargic' or maybe 'comatose,'" he wrote.
Officials with the FTC and the U.S. Department of Justice say criminal spam
cases can be difficult to investigate because spammers often hide their identities
through falsified e-mail headers, offshore servers, and affiliate senders and
payment processors. Still, the DOJ has prosecuted about a dozen criminal spam
cases in the past four years, and the FTC has taken civil action in 31 CAN-SPAM
cases, according to officials at both agencies.
Including cases before CAN-SPAM passed, the FTC has taken action in more than
90 spam cases, involving more than 250 defendants. In addition, CAN-SPAM allows
state attorneys general to file lawsuits against spammers, and several have
done so.
At the DOJ, CAN-SPAM has helped prosecutors build cases against spammers, and
in some cases, the spam charges have led to other charges, DOJ officials said.
Among the cases: The DOJ in January indicted 11 people, including alleged master
spammer Alan Ralsky, accusing them of using a sophisticated and extensive spamming
operation that fueled a stock pump-and-dump scheme. The defendants allegedly
used spam to tout Chinese penny stocks, driving up the price of the stock and
selling it at artificially inflated prices, according to the DOJ.
In June 2007, a federal jury in Phoenix convicted two U.S. men on charges of
conspiracy, fraud, money laundering and transportation of obscene materials,
in a case in which the defendants were accused of sending pornographic images
in millions of pieces of unwanted e-mail. The case, which began as a CAN-SPAM
investigation, escalated to include other charges, and the DOJ found that children
had received some of the "hardcore" e-mails, a DOJ official said.
CAN-SPAM allowed the DOJ to investigate the defendants for falsifying headers
on their e-mail and their domain name registrations, said a DOJ official. That
led investigators to find other illegal behavior, she said.
The FTC sees a couple of large benefits from CAN-SPAM, said Lois Greisman,
associate director of the FTC's Division of Marketing Practices. The law set
the rules for legitimate marketers: Commercial e-mail must have a working opt-out
mechanism, must include a valid postal address for the sender, and cannot contain
falsified header information or deceptive subject lines, among other rules.
CAN-SPAM and FTC rules also require pornographic e-mail to be labeled as such.
CAN-SPAM "set out, in black and white, what the rules of the road are,"
Greisman said.
In addition, the law gives the FTC the power to seek civil penalties against
spammers, authority the agency doesn't have under the FTC Act, the law that
prohibits unfair business practices and governs most FTC action. The ValueClick
settlement and other large CAN-SPAM settlements should put other spammers on
notice, Greisman said.
In November, the FTC announced a $650,000 settlement with Adteractive, which
sent spam promising free gifts such as Xboxes and television sets. And in January,
the FTC announced a $200,000 settlement with Member Source Media, which promised
free iPods, gift cards and other products in its e-mail messages.
"Our ability to obtain civil penalties there, I think, will have an effective
deterrent impact," Greisman said.
The FTC doesn't need additional spam-fighting tools, she said. CAN-SPAM can
be used in conjunction with the FTC's other powers, including the ability to
seek asset freezes and injunctions in court, Greisman said. "We can walk
into federal court, and with the right set of facts, shut down fraudulent operations,"
Greisman said. "That's a powerful tool." In addition, spam filters
are largely working, even if the amount of spam that's sent isn't going down,
she said. "It's less the bombardment than it used to be," she said.
Antispam vendors say CAN-SPAM's had no real impact on the amount of spam being
sent, however. In 2003, 35 to 40 percent of all e-mail was spam, and now that
number is 80 to 90 percent, said Matt Sergeant, senior antispam technologist
at MessageLabs. But at the same time, MessageLabs has gone from blocking about
90 percent of spam to 99 percent, he added.
But CAN-SPAM has provided some benefits, added Eytan Urbas, vice president
of products for Mailshell, another antispam vendor. CAN-SPAM created rules for
the "good guys" to follow and allowed the prosecution of the "biggest
and worst" spammers, he said. "Spam is growing, but I don't blame
CAN-SPAM for that," he added.
Many smaller spammers continue to get away with it, however, Urbas said. "In
most cases, [spam] is not the highest priority for law enforcement," he
added.
And much of the spam in U.S. inboxes comes from outside the country, he said.
"It's hard enough to extradite major criminals, or violent criminals, but
there's no extradition for spam," he said.
IDG News Service