Can-Spam Law 'Big Disappointment' - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
12/28/2006
02:17 PM
50%
50%

Can-Spam Law 'Big Disappointment'

Nearing its third anniversary, the law hasn't slowed the rising tide of junk e-mail, says spam researcher.

As the federal Can-Spam Act nears its third anniversary, a spam researcher calls it a "big disappointment" and says it hasn't been a deterrent to junk e-mailers, who have stepped up their efforts in the last few months to flood inboxes with an unprecedented volume of spam.

"Can-Spam has provided more prosecutorial teeth, but it hasn't had a huge deterrent effect," says Scott Chasin, the chief technology officer of MX Logic. "It's been a fairly big disappointment."

To be fair, Chasin says, Can-Spam was never meant to stop spam, only regulate it. But even at that job, the law has been a dismal failure. According to MX Logic's data, no more than 7% of all spam was ever compliant with the legislation's requirements. And that was within the act's first year. This year, compliance ran at all-time lows, never once reaching 1%.

"It's just another reminder that the legislative leg is not having a lot of impact," Chasin says.

Anti-spam researchers -- Chasin included -- have watched as spam volumes jumped in October, then soared again in November. Spammers haven't looked back since. "[Spam] traffic has doubled or in some cases even quadrupled," says Chasin. IronPort, an MX Logic rival in the e-mail security market, recently said that the amount of spam increased by 35% in November over October, and doubled in the 12 months ending in October 2006.

Can-Spam never was equipped to stop the flood of junk mail, says Chasin, who adds that its approach has been made moot by an explosion in botnets, collections of compromised PCs that spammers use to send billions of unwanted e-mail messages a month.

In fact, Chasin is pessimistic about efforts to control or even contain the rising tide of spam. He scoffs at calls to cut off botnets from spammers, and calls such proposals unrealistic. "We don't even know what we're dealing with. The [botnet] detection capabilities are rudimentary at best. And now we're encountering polymorphic 'queen bots' that understand antivirus engines and exploit the signature release windows of [antivirus] vendors. It makes detection very difficult."

Queen bots can easily reconfigure themselves, often on the fly, as they seed a new victim PC, escaping detection by the reactive antivirus companies that must create and distribute a new signature, or fingerprint, for each morphed version of the bot.

The only way to stem the rapidly rising volume of spam, says Chasin, is for Internet service providers to wall off systems by refusing to allow computers obviously owned by consumers to send massive amounts of junk mail. Such PCs are almost always bot-controlled.

"It's got to come down to containment," says Chasin, who recognizes that there are problems with the practice, including privacy issues. "I think the focus [in 2007] will shift from Microsoft and back to ISPs."

Even so, he has low expectations for a solution any time soon. Although Bill Gates' infamous promise in January 2004 that "two years from now, spam will be solved" has been relegated to the technology equivalent of "Dewey Defeats Truman!" the war against spam will be long and hard.

"That was simply wishful thinking," says Chasin. "We're going to be dealing with spam for some time. We're going to be reactive, that's what the security industry does.

"We have a long way to go."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll