CAN-SPAM Gets Mixed Reviews in Senate Testimony

Less than five months after the passage of the CAN-SPAM Act, government and industry representatives expressed a variety of opinions on the act’s effectiveness at a Senate Commerce Committee hearing this week in Washington.

Representatives of the Federal Bureau of Investigation, the Federal Trade Commission, America Online, email security service Postini, and email service provider Digital Impact and Consumers Union testified at the hearing. Ronald Scelson, who claims to comply with CAN-SPAM but was once a proud spammer, also testified. Its purpose was to examine the effectiveness of the CAN-SPAM Act, which became law in January of this year.

Opinions were mixed, though overall the comments tended to suggest that five months into its implementation, the act is not an unqualified success. Sen. John McCain, R-Ariz., the chairman of the committee, cited a Pew Internet & American Life Project survey released in March that found 77 percent of email users are receiving the same amount of spam or more since CAN-SPAM was passed.

In contrast, Ted Leonsis, vice chairman of America Online, said substantial progress has been made in fighting spam and “there has been a downward trend in the amount of spam in AOL members’ inboxes.”

Leonsis mentioned spam-fighting efforts undertaken under the auspices of the act including the filing of the first major industry lawsuits under the CAN-SPAM Act in March by AOL and fellow ISP giants EarthLink, Microsoft and Yahoo

In a theme echoed by other players who testified at the hearing, Leonsis mentioned the difficulty of identifying spammers. “In order to radically reduce spam, we must know who the senders are.” In that direction, Leonsis said, AOL is working on a number of technological initiatives.

The Federal Trade Commission has formed a special task force of federal and state enforcers to fight spam, Timothy Muris, the FTC’s chairman, said in testimony.

The task force is co-sponsored by the FTC and the Attorney General of Washington. It has 136 members representing 36 states, several units within the Department of Justice, and the FTC. The FTC trains task force members in investigative techniques for tracking spammers. It also has monthly conference calls on spam trends, technologies, investigative techniques, targets and cases, Muris said.

Muris also noted that the FTC sought public comments from interested parties on a plan and timetable for establishing a national Do Not E-Mail registry. “The staff has held meetings on the record with more than 80 interested parties representing more than 60 organizations to explore all aspects of the concept from as many viewpoints as possible,” Muris testified.

The CAN-SPAM Act has increased law enforcement interest in pursuing spam-related cases, according to Jana Monroe, assistant director of the Cyber Division of the Federal Bureau of Investigation. Before the act was implemented, enforcement “lacked the legal tools to address the spam problem directly,” she said.

“To date, the CAN-SPAM Act has had no substantial impact on the flow of spam,” said Shinya Akamine, president and CEO of email security firm Postini. “In the four months since CAN-SPAM went into effect, spam has increased from 78 to 83 percent of the messages processed by Postini.”

The CEO said CAN-SPAM is a good law, he said, but “most spammers are criminals who are unconcerned about breaking the law.” He touted spam-blocking offerings like those of his company as the solution.

Hans Peter Brondmo, SVP of email services provider Digital Impact, said, “The CAN-SPAM Act is an important contribution to the war on spam.” However, he said, “While modifying the code of law to impact the behavior of spammers is necessary, it is not sufficient.

“Spam continues to persist because it is impossible to trust the origin of email and therefore impossible to determine with certainty whether an email is from a bad or good source,” Brondmo said, citing a theme mentioned by others in their testimony. Brondmo has long pushed for identity authentication in email.

Ronald Scelson, principal of Scelson Online Marketing, who was once known as the “cajum spammer” said, “While small companies are often thwarted in their attempts to follow the laws of the land and the rules of the ISP, which do not align at this time, they are hard-pressed to stay in business.” Scelson was referring to the fact that CAN-SPAM doesn’t outlaw unsolicited email, as long as it fulfills certain requirements, while ISPs are very aggressive in blocking incoming mail that users might consider spam.

When his company mails under the new law, Scelson said, his company’s CAN-SPAM-compliant information such as “From” addresses, subject lines, company information, disclaimers and IP address, is used by ISPs to block the mail.

James Guest, president of Consumers Union, said that consumers are not getting less unsolicited commercial email since CAN-SPAM went into effect. Guest pointed out that “this is a dynamic process” and said Congress will need to update the act to keep abreast of new technological developments and catch elusive spammers.

Consumers Union suggests that the CAN-SPAM model be changed from “opt-out” to “opt-in” as the core improvement needed. “The law as it stands puts too much burden on consumers to block spam and makes it too difficult to hold spammers legally accountable,” Guest said.

Related reading