Download our in-depth report: The Ultimate Guide to IT Security Vendors
WASHINGTON -- A legislative "silver bullet" to curb spam was all the talk Wednesday at a Senate Commerce Committee hearing on unsolicited bulk commercial e-mail. More specifically, there was consensus opinion that there was no such thing.
Since the 108th Congress convened in January, there have been more than a half dozen proposals for federal laws to slow the growth of unwanted e-mail from the CAN SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act) to the REDUCE Spam Act (Restrict and Eliminate Delivery of Unsolicited Commercial E-mail).
The public and business outcry against the flood of spam has prompted lawmakers to demand action now, but, as the Federal Trade Commission (FTC) found out in a three-day Spam Forum last month, there are no easy answers.
"While most agree that something should be done about spam, it is clear that legislation alone will not solve the problem," Commerce Committee Chairman John McCain (R.-Ariz.) said. "The fact that there may be no silver bullet to the problem of spam does not mean, however, that we should stand idly by and do nothing about it."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
FTC Commissioners Mozelle W. Thompson and Orson Swindle told the committee a legislative silver bullet was not likely to solve the problems of increasing volume, increasing costs, and increasing international effects of spam.
The commissioners said the problems with spam include the fact that "deception and fraud appear to characterize the vast majority of spam," and the volume of spam, which is multiplying at a rapid rate, is presenting infrastructure problems that may lead to "significant disruptions and inefficiencies in Internet services and may constitute a significant problem for consumers and businesses using the Internet."
Thompson and Swindle told the panel, "Solving the problem of bulk unsolicited commercial e-mail will likely necessitate an integrated effort involving a variety of technological, legal, and consumer action, rather than one single solution."
Almost all of the legislative actions currently being proposed call for bulk e-mailers to contain valid "from" addresses, legitimate subject lines and mandate consumers be given an opt-out provision. FTC evidence, however, indicates those alone are not likely reduce spam.
The FTC has brought more than 53 law enforcement actions against spammers, including spammers who used deceptive content, those who used deceptive "remove me" options, spammers who "spoofed," or used deceptive from addresses, and those who used deceptive subject lines.
To compliment its law enforcement actions, the FTC has studied various aspects of spam and researched the problems it poses. An effort by the FTC and international partners to test whether spammers were honoring "remove me," or "unsubscribe," options found that 63 percent of the removal links did not function.
In a "spam harvest," the FTC examined which online activities place consumers at risk for receiving spam.
"The examination discovered that one hundred percent of the e-mail posted in chat rooms received spam; one received spam only eight minutes after the address was posted," The FTC stated in official testimony before the Commerce Committee. "Eighty-six percent of the e-mail addresses posted at newsgroups and Web pages received spam, as did 50 percent of addresses at free personal Web page services, 27 percent from message board postings, and 9 percent of e-mail service directories."
An analysis of false claims in spam by the FTC staff found that nearly 66 percent of the spam appeared to contain deception, either in the content, in the subject line, or in the from line. The staff found that 20 percent of the spam they reviewed contained offers for investment or business opportunities; 18 percent offered adult-oriented products or services; 17 percent involved finance, including credit cards, mortgages, refinancing and insurance.
"An astonishing 90 percent of the investment/business opportunity category of spam contained indicia of false claims," the testimony states. "This Spam Study confirms the Commission's earlier belief that fraud operators, who are often among the first to exploit any technological innovation, have seized on the Internet's capacity to reach millions of consumers quickly and at a low cost through spam."
The testimony adds, "Not only are fraud operators able to reach millions of individuals with one message, but they also can misuse technology to conceal their identity. The Commission believes the proliferation of fraudulent or deceptive spam on the Internet poses a threat to consumer confidence in online commerce and, therefore, views the problem of deception as a significant issue in the debate over spam."