CAN-SPAM Act Fails To Slow Junk Mail

According to numbers released this week by Brightmail, Postini and Commtouch--three providers of message filtering and antispam solutions--the amount of spam they've intercepted since the Jan. 1 debut of CAN-SPAM has increased, went unchanged or fallen by an insignificant amount.

The Redwood, Calif.-based Postini, for instance, rolled out its January 2004 data on Wednesday, and said that spam is still clogging inboxes, CAN-SPAM or no CAN-SPAM.

In January, spam accounted for 79 percent of all the messages that Postini processed for its 2,000-some enterprise customers, a tiny fall-off from the 80 percent logged in December 2003.

"The CAN-SPAM Act appears to have had little immediate effect on the amount of unwanted e-mail," said Andrew Lochart, Postini's director of product marketing.

id
unit-1659132512259
type
Sponsored post

Other antispam vendors paint an even more distressing picture of CAN-SPAM's first month.

Brightmail, for instance, released its January numbers earlier this week and said that the amount of spam it stopped actually increased over the previous month. In January, Brightmail tagged 60 percent of the messages it processed as spam, a two percent climb over December.

Brightmail's numbers derive from its 300 million end-users in both enterprises and those served by Internet service providers, the company said, as well as its Probe Network, a collection of more than 2 million decoy accounts used to attract spammers.

"We certainly haven't seen a decrease [in spam] since December," said Francois Lavaste, Brightmail's vice president of marketing. "But that's not a big surprise."

Expectations of CAN-SPAM's impact shouldn't be set too high, he said, since legislation is just one component of an antispam strategy that should include end user education, revised best practices by large commercial mailers, and technology such as antispam filters at the gateway.

"Legislation can deter some spammers," said Lavaste, "but at the same time, everyone should realize that spammers have been using deceptive practices for years." They're good at it, he added, and they'll continue to get better--at least for the foreseeable future.

"I don't expect spammers to give up this year," Lavaste said, noting that they're already reacting to CAN-SPAM by moving more of their mailings to remote servers overseas.

Likewise, the Mountain View, Calif.-based antispam supplier Commtouch noted Wednesday that it saw no change in the amount of spam between January and December.

"The month of January clearly shows that spammers didn't take seriously the CAN-SPAM legislation and that the legislation didn't affect the number of spam outbreaks, number of spam messages and the methods spammers use to get into user inboxes," said Avner Amram, executive vice president at the firm.

In fact, Commtouch has seen spammers turn to new techniques to get their messages through increasingly sophisticated filters. One new method relies on letter substitution in headers, subject lines, and message bodies to blow by content-based antispam solutions.

In this new approach, spammers substitute other letters or characters for actual letters of the alphabet, modifying the words enough to slip by filters but not enough to confuse users, who can easily decipher the messages. In such substitutions, spammers may replace "A" with "@," "B" with "8," and scramble other letters to come up with something that reads:

"It deosn't matter in what oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and the lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm."

Still, there are glimmers of hope, even for CAN-SPAM. "The law is a good start," said Brightmail's Lavaste. But he went on to say that since enforcement is such a crucial aspect in any taming of spam, it may not be until a major spammer is hauled off to jail or fined before spammers wake up and smell the coffee.

"They'll think twice only if the [economic] roadblocks are strong enough, and when there are direct attacks against them," he said.

"Down the road, spam will become a non-issue--it will be put back where it belongs, a nuisance rather than a threat against corporate communication. But that's going to take a lot more effort by legislation and filtering technology alike," Lavaste concluded.

*This story courtesy of Techweb.com.