The good news, if you dare to call it that, is that spam compliance with the U.S.’s CAN-SPAM Act is now at a whopping… 6 percent, the highest monthly compliance level since the law took effect. The bad news: The law is all but useless in stopping spam, even if it gives tools for recourse against criminal spammers.
That’s the word from email security company MX Logic, which said in its monthly report that 75 percent of all email analyzed by its threat center in November was spam.
“Nearly a year after President Bush signed the CAN-SPAM Act, compliance remains marginal, while the overall volume of spam has increased steadily,” said MX Logic chief technology officer Scott Chasin, announcing the report.
The company also said that within the first three weeks of the prime online holiday shopping season, spam going through zombie networks – unsuspecting computers commandeered by spammers looking for new ways to flush their messages around cyberspace – hit as high as 69 percent in a single day’s activity.
“The CAN-SPAM Act might have deterred some part-time spammers,” Chasin continued. “However, our data indicate that the act has had little impact on sophisticated spammers, who continue to leverage networks of hijacked PCs, as well as other tools to disseminate unsolicited and often fraudulent email.”
No one outside the federal government necessarily expected CAN-SPAM to do much of anything. Well-known spamfighting group Spamhaus has been critical of the law since before it was passed, especially over the law’s lack of an opt-in provision. CAN-SPAM’s opt-out, which still allows spammers to reach email users at least once, provoked Spamhaus to call the law the YOU-CAN-SPAM Act.
“While the law is invaluable in providing tools to seek criminal and civil recourse against spammers, no one expected the law to solve the spam plague,” Chasin added. “We need continued progress in anti-spam technology, industry cooperation in improving authentication and security protocols, as well as end-user education. At the end of the day, an educated end-user is the first line of defense against spam and other email threats.”
CAN-SPAM’s lowest compliance level – meaning, spammers who use proper labeling and return addressing as required under the law, as well as no deceptive subject lines – was found to have been 0.54 percent in July, among messages MX Logic analyzed.
