Modernizing Authentication — What It Takes to Transform Secure Access
One year ago, the Federal CAN-SPAM Act went into effect to help curb the tide against unsolicited commercial e-mail. But, according to e-mail security vendor MX Logic, 97 percent of spam failed to comply with the law.
The company has been measuring a random sample of 10,000 pieces of spam each week since the law went into effect. It discovered that there were varying levels of CAN-SPAM compliance during the course of 2004.
July marked the low point of the year with only 0.54 percent of spam complying with the law. The last part of the year, however, saw a marked turn in CAN-SPAM compliance with 7 percent compliance in December, 6 percent in November and 4 percent in October.
"While we applaud the intent of the CAN-SPAM Act, clearly it has had no meaningful impact on the unrelenting flow of spam that continues to clog the Internet and plague inboxes," said Scott Chasin, CTO of MX Logic, in a statement. "In fact, the overall volume of spam increased in 2004, and we fully anticipate continued growth in 2005."
CAN-SPAM's intent was never to eradicate spam altogether, however, or even make it illegal.
"There is a common misperception that the CAN-SPAM Act outlaws spam," Chasin told internetnews.com. "The CAN-SPAM Act does not prohibit spam; it regulates it."
The act requires that the marketers include a legitimate "real" physical address, a functioning e-mail address, an opt-out mechanism and a proper subject line that accurately indicates what the message is about.
Though CAN-SPAM compliance levels as measured by MX Logic are quite low, they did admit that the law has helped to provide enforcement capabilities.
Among the companies that used the act is Microsoft, which, in September, filed suit against an operation known as cheapbulletproofhosting.com. The site boasted it could protect spammers against legal action such as CAN-SPAM.
In December Redmond went a step further and filed seven lawsuits against alleged violators of the federal CAN-SPAM law that violated various provisions of the act, including the new "brown paper wrapper rule."
"Spam is a complex problem that requires a multi-faceted solution," said Chasin. "In addition to enforceable anti-spam legislation, a comprehensive spam solution must include technology solutions, industry cooperation on improving identity and security protocols and end-user education."