Back in December, with great fanfare, Congress passed and President Bush signed into law the Controlling the Assault of Non?Solicited Pornography and Marketing Act of 2003, unofficially known as CAN-SPAM. The idea was to solve a huge problem, but things haven't exactly worked out as planned.
A hundred and seventeen million Americans use email. It's the most popular online application there is, but 70 percent of US email users said that spam made being online unpleasant or annoying according to the folks at the Pew Internet in American Life Project. Back in August, according to Brightmail, the amount of spam had increased to the point where it accounted for almost half of all email.
That was irritating to individuals, but costly to businesses. Ferris Research found that American businesses lost nine billion dollars in 2003 because of spam.
The idea was that the law would reduce the spam in your email box. It's been in place since January 1, so you probably see less spam in your email box, right? Well, not exactly.
By December, just before the bill took effect, spam had climbed from fifty percent in August up to fifty-eight percent of email, again according to Brightmail. It should have dropped in January when the new law took effect, but it didn't.
Instead sixty percent of email in January was spam. In February the figure was sixty-two percent. Are you picking up a pattern here? Maybe CAN-SPAM law has become part of the problem
Congress figured it had a sure thing with CAN-SPAM. An election year was coming up and so they needed to "look busy" by passing important laws. They knew that spam was an important problem. And they knew that everybody knew what spam was and that everybody hated it. Were they right? Well, not exactly.
To begin with, not everyone agrees on a definition of spam. Some folks define spam as any email they get that they didn't actually request. Other folks think that spam is limited to any email they really don't want to receive - mostly things like pornography and offers for Viagra or some sort of scam. Still others define spam as unwanted commercial email. That's the tack that Congress wound up taking.
And not everybody hates spam. Lots of folks, according to the Pew Internet in American Life Project, don't see it as much of a problem at all. A third of the folks they surveyed have clicked on a link in unsolicited email. Seven percent of the people Pew interviewed bought something based on an unsolicited email.
Well, this turned into a case of "we're the government and we're to help." Congress took those flawed premises and drafted what may be the single weakest law to receive this much publicity in my lifetime.
Part of the problem is that there are loopholes in this thing big enough to lasso a galaxy with. To understand them, we've got to take a look at some of the things that the law says.
The CAN-SPAM law says that the email you receive from any commercial entity should not have a deceptive subject line and there should be no fake routing information. It should have a physical address in the email that people can reach if they want to contact the company in some way other than email and the email should include a way to get off the mailing list.
But the law only applies to email from businesses. Email from individuals, or charities, or churches and other non-profit organizations, legitimate or otherwise, simply isn't included. They can send you all the spam they want. And if a business wants to send you spam, the bill actually says that's okay as long as the business complies with the law's fairly simple requirements.
The CAN-SPAM law supercedes the anti-spam legislation of more than thirty states. In most cases, the national law weakened or eliminated provisions in the state laws. Weakening provisions is not something you want to do when you're dealing with spammers, some of the most recalcitrant folks who have ever drawn breath.
And, even the limited, simple provisions of the law aren't drawing much compliance. In February, MX Logic found that only three percent of the email it surveyed complied with all the provisions of the law. The Federal Trade Commission (FTC) reported that almost two-thirds of removal requests are simply ignored.
Right about now you might be thinking that the law might be weak, at least we can prosecute people under it and that should have an effect. Unfortunately, the prospect of prosecutions doesn't give us much hope, either.
Last week, a number of the largest and most important players in the email world (folks like Yahoo, Earthlink, Microsoft, and AOL) filed suit against two hundred twenty-two alleged spammers. Sounds good, right? Not exactly.
Look a little closer and you find this. 97 percent of the folks being prosecuted are "John Does." That means that the folks doing the suing don't exactly know who the spammers are, because they haven't been completely identified. That sure doesn't give us much hope for successful prosecution.
It seems that, even after the new law, we're left with the problem of dealing with spam ourselves. It's a difficult problem.
John Levine, one of the world's premier anti-spam experts, likens it to curing cancer. He says that you've got to find a way to get rid of the stuff you don't want without harming the overall system. That's why it might "not exactly" be a good idea to depend only on filters and other spam-blocking software.
The filters and spam-blocking material that's out there can do a pretty good job of blocking spam that comes from a known spammer address. Alas, the spammers are smarter than that. They use all kinds of different email servers and services to get their annoying job done.
The filters and spam-blocking material that's out there can do a pretty good job of blocking spam that has specific words in the subject line. An example might be Viagra. Alas, spammers are resourceful folks. They just start spelling Viagra as Vi@gra and wait for the filters to catch up.
We can tighten up our filters to get rid of more and more of the spam, but when we do that we usually wind up blocking other important email as well. Some folks on the mailing list for this newsletter have done that.
They may not get this letter because it uses the word "Viagra." They also won't receive email from a physician responding to a question about the drug. Some research by Return Path, in fact, uncovered the fact that almost twenty percent of requested commercial email was blocked as spam by most filters.
There is no answer to the spam problem that's going to be easy or simple. Most folks and companies that do a reasonably effective job at it tend to follow a triage-kind of strategy that uses filters to sort incoming email into three piles.
Pile number one is the white list. That's the email from folks you know and want to receive email from. It should show up in your email box, ready to be read and dealt with.
The second pile would be the black list. Here the filter takes things that you feel are almost sure to be spam and immediately moves them into the trash. This can be mail from specific addresses, or email using specific words in the subject line or just about anything that you can come up with.
The while list and black list combined should handle most of the email you receive. That leaves a bunch of email still to be dealt with.
That email goes in a review pile. Someone (that means a person, not magic software) has to go through the emails on that list and determine what stuff goes in the trash and what stuff gets read and dealt with. It's a labor intensive process and it takes lots of attention.
At the end of the day, you can't exactly leave this up to the Government or anyone else. You can't exactly leave it in the hands of technology. What you can do is do the best you can with the tools available. It's not great, but it's all we've got.
