[ news_security_news ]
CAN-SPAM Has Minimal Spam Impact
David Utter
Staff Writer
2006-11-29
 Insider Reports RSS Feed
About three years after the debut of the CAN-SPAM act, very little impact has been made on the volume of spam deluging inboxes, a problem that has worsened each year.
Since CAN-SPAM was enacted on January 1st, 2004, firms in the US have been required to obey its provisions. Since most spammers are criminals, they don't feel particularly compelled to follow the law, something that feel-good types tend to forget about criminals.
MX Logic CTO Scott Chasin, creator of the Bugtraq security discussion list now owned by SecurityFocus, said in a phone conversation with SecurityProNews that there has been "very little compliance" with CAN-SPAM.
The most frequent violations have to do with the opt-out requirements of CAN-SPAM. Missing email links or postal addresses for consumers to reach someone with an opt-out request persist. "CAN-SPAM regulates this," Chasin said, "but it does not stop it."
Ever since reaching a compliance level of seven percent in December 2004, CAN-SPAM compliance has dropped. It wavered from two to five percent in 2005, while at times fell below one percent in 2006, based on samples examined by MX Logic.
As we have noted many times, botnets drive the majority of spam. Chasin confirmed this in our conversation as well. I asked him if the spammers or the credulous people who purchase things from spam are a bigger problem; from his perspective with MX Logic, which provides email management services to block spam, the spammers are the bigger problem.
Volumes of spam continue to increase, and Chasin noted that an infrastructure has to be established to stop spam from overwhelming everything that touches the Internet. "Email is very sick right now, due to botnets," he said.
Those botnets have grown in sophistication, using peer-to-peer, encryption, and propagation technologies to persist and spread. Stopping spam now is important, as Chasin sees it as a "gateway" to other malicious activities like dropping keyloggers onto systems.
Consumers have become the real victims, as email's reputation continues to suffer damage and people have to constantly manage the flow of junk at the expense of their productivity. Stopping spam may ultimately have to happen at the ISP level, where Chasin thinks they could do a lot more if they watched the outbound flow of email from compromised machines on their networks.
Until then, businesspeople will likely start turning to solutions like MX Logic to stem the tide. Since I'd speculated that 2007 will be the year demand for spam-fighting solutions hits critical mass, I asked Chasin about the typical SMB client for his company.
He characterized that as a 100-person or less firm, likely with limited in-house IT services. They probably have tried some type of internal antispam solution, but quickly found it needed the kind of constant attention a minimal IT presence could not provide.
Customers have tended to be reactive rather than proactive this way, and MX Logic has been pushing against the perception of spam as being mostly harmless for about four and a half years. In 2007, growth in interest in antispam solutions will mirror the threat spam poses, said Chasin.
---
Tag: CAN-SPAM
Add to  Del.icio.us |  Digg |  Reddit |  Furl
Bookmark IFN - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
