Modernizing Authentication — What It Takes to Transform Secure Access
It's now one year later and time for a party to celebrate the success of the CAN-Spam Act and its powerful role in wiping away spam as an irritant from our day-to-day lives.
Unfortunately, as I write this, the dance floor is empty and my carefully crafted hors d'ouvres made out of Hormel's finest blue-tinned offering are uneaten and growing cold.
Sadly, it seems there are very few people who think the CAN-Spam Act has been a success in stopping spam.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i But if you look at the real purpose of the Act, it actually has been wildly successful in accomplishing the main goal its supporters had in mind: preventing a real anti-spam law from taking effect.
Touted as legislative relief for millions of consumers and businesses besieged by unwanted and unsolicited bulk commercial email -- more commonly called spam -- the CAN-Spam Act was the product of fevered lobbying by direct marketers and spammers in the waning days of 2003.
Why, after nearly six years of hemming and hawing about the spam problem, did Congress finally get its collective buttocks in gear? Was it the estimated $10 billion that spam cost businesses in 2002? Was it the projections for another outrageous growth in spam, phishing, and other malicious email for 2004?
Oh no, of course not!
What finally lit a fire under Congress was the fact that the California state legislature was about to finally ban spam. You see, a few years earlier, California had tried to set up a regulatory framework for legalizing spam: If you follow certain guidelines about truthfulness, honoring unsubscribe links, and so forth, spammers can send as much garbage has they desire.
Far from curtailing spam, California's law -- which was eventually emulated by nearly three dozen other states -- had little, if any, discernable effect on the spam problem. So, doing what many thoughtful legislators might do, California declared the previous approach to be a failure and in the fall of 2003 enacted a complete ban on spam.
This was a shot across the bow of spammers and their sympathizers. Because California represents a huge part of the American, and indeed the global, economy, when California's legislature acts, the world has to pay attention. From auto emission laws to pesticide regulations, when an economy as large as California's says you must play by its rules, business listens.
Luckily for the spammers, Congress owes more than a few favors to the leading industry trade group for those who want to fill your phone, mailbox, and email inbox with ads. Showing their appreciation for the millions of dollars in financial contributions that members of the Direct Marketing Association funnel their way, Congress acted in an uncharacteristically swift fashion and enacted the CAN-Spam Act.
Thanks to the foresight of America's Founding Fathers, when Congress decides to act in an area of policy, even a state as powerful as California has to sit down and shut up. Pulling this trump card, the authors of CAN-Spam specifically overrode all other state anti-spam laws, rendering California's new law moot before it could even take effect.
In public statements made on the day the bill was signed into law, the principal co-authors of the CAN-Spam Act, Montana Senator Conrad Burns and Oregon Senator Ron Wyden, promised that hard-core spammers would inevitably violate the law and would eventually be brought to justice. Such enforcement actions would ''send a clear message to the kingpin spammers that the game has changed''.
So, one year later, how has the game changed?
It is true that the CAN-Spam Act has been cited in most of the several dozen lawsuits brought against spammers by the major ISPs in the past year. In addition, the Federal Trade Commission (FTC) also has cited the CAN-Spam Act in a number of enforcement actions against fraudulent operations that use spam to promote their schemes.
But in many of these legal cases, provisions of the CAN-Spam Act are only some of many illegalities of which spammers are being accused. In fact, anti-spam lawsuits in 2004 are little different from lawsuits brought in the 1990s. So while CAN-Spam has given spam haters one more arrow in their quiver, the quiver was pretty packed before.
When the law was passed last year, I wrote a column suggesting that the best we could hope for is that CAN-Spam would have little effect on the spam problem. In the meantime, I suggested, the world will continue to seek other methods of controlling the flood of junk e-mail.
One year later, that seems to have been the way things have panned out. Hurray...
Ray Everett-Church is a principal with ePrivacy Group, a privacy and anti-spam consultancy. He is a founder of CAUCE, an anti-spam advocacy group, and he is co-author of ''Internet Privacy for Dummies.''