[ISN] Open Up a Can of Spam

From: InfoSec News (isn@private)
Date: Fri Jan 16 2004 - 06:04:42 PST

  • Next message: InfoSec News: "[ISN] GAO Faults 'Inconsistent' Online Security Programs"

    http://www.wired.com/news/politics/0,1283,61928,00.html
    
    By Joanna Glasner
    Jan. 16, 2004 
    
    A federal law intended to curb the scourge of junk e-mail appears to
    have had little effect so far in discouraging spammers from deluging
    inboxes.
    
    In the two weeks since the Can-Spam Act, a U.S. law barring
    unscrupulous bulk e-mailing practices, took effect this year,
    providers of spam-filtering software say they're blocking more
    messages than ever. Spammers, they say, are either ignoring the law or
    pretending to comply with guidelines for legitimate e-mail marketing.
    
    "We certainly haven't seen any drop in the volume of spam," said Karl
    Jacob, chief executive of Cloudmark, a developer of tools for blocking
    junk e-mail. "It's still the same lock-step day-over-day,
    minute-over-minute increase."
    
    If anything, Jacob said, spammers are getting smarter. In an attempt
    to outfox filters, they've created programs that rapidly morph the
    content of messages, so that only three or four identical e-mails are
    sent out at a time.
    
    With the advent of Can-Spam, Jacob said spammers are also increasingly
    guilty of "faux compliance," exploiting a caveat in the law that
    permits unsolicited e-mails from legitimate marketers who allow
    recipients to opt out of future mailings. Unscrupulous junk mailers
    are pretending to go along with the guidelines by including false
    return addresses for opting out.
    
    Cloudmark, which provides spam blocking primarily to businesses and
    government agencies, estimates that 45 percent to 50 percent of
    messages it handled this month were spam, about on par with December.
    
    At Brightmail, which filters spam from close to 300 million e-mail
    inboxes for Internet service providers and businesses, the portion of
    junk messages was somewhat higher. The company estimated that 61
    percent of all e-mails it filtered in the first week of January
    qualified as spam. In December, prior to Can-Spam's enactment, about
    58 percent of the 80 billion messages were deemed spam.
    
    "We're not expecting a significant drop in spam overall this year,"  
    said Francois Lavaste, Brightmail's vice president of marketing. He
    noted that earlier efforts, including antispam legislation passed in
    Europe and a law targeting mobile-phone spammers in Japan, also have
    yet to put a discernible dent in junk-message volumes.
    
    Ed English, CEO of Intermute, maker of a blocking application called
    SpamSubtract, said he's filtering out a record level of junk mail from
    his home and office inboxes. While it's too early to tell whether
    Can-Spam can succeed in deterring the most unscrupulous of spammers,
    English expects no immediate slowdown in demand for filtering tools.
    
    "It's good that the government is doing something about it, but
    there's a fair amount of loopholes and wiggle room that still allow
    spammers to operate," he said, adding that many spammers will likely
    evade the law by moving offshore.
    
    John Mozena, spokesman for the Coaliton Against Unsolicited Commercial
    Email, doesn't expect the antispam law to have much impact until
    someone gets arrested.
    
    Bu once the Federal Trade Commission, the agency charged with
    enforcing the Can-Spam Act, makes an example of someone, Mozena thinks
    other spammers may get spooked enough to quit.
    
    A key scare tactic is the stiff sentencing guideline the Can-Spam act
    lays out for hard-core spammers. Under the law, first-time offenders
    can face fines and prison sentences of up to three years. Serial
    spammers could face imprisonment for up to five years.
    
    But Mozena remains skeptical that the FTC will have the resources to
    crack down on spam in a meaningful way. At the moment, he said, the
    agency has not publicized how consumers can report unlawful spammers.
    
    Mozena and other antispam activists, including the London-based
    Spamhaus, are also concerned that the Can-Spam Act will lead to an
    increase in unsolicited mail from otherwise reputable companies.
    
    Prior to the law's enactment, Spamhaus warned that the statute would
    permit all U.S. businesses to begin spamming American e-mail addresses
    as long as they give users a way to opt out. If this happened, the
    group predicted, "opting out of spammers' lists will very likely
    become the main daytime activity for most U.S. e-mail users in 2004."
    
    Even if Can-Spam is effective, Mozena predicted, the law's main impact
    will be to change the content, not the quantity, of unwanted e-mail
    messages.
    
    "The pornographers, the herbal Viagra merchants, the relatives of dead
    Nigerian dictators -- it may get rid of them," he said. "But the
    legitimate marketers now have a federally mandated stamp of approval.  
    They can send each of us as much e-mail as they want until they're
    asked to stop."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jan 16 2004 - 09:25:05 PST