FTC Celebrates CAN-SPAM With Spam Suits

At the two year anniversary of the CAN-SPAM act, the U.S. Federal Trade Commission announced legal actions against spammers, including joint operations with state attorneys general and the Canadian government.

On Tuesday, the FTC said it filed complaints against three spam operations accused of violating CAN-SPAM, and said Canada's Competition Bureau and attorneys general in Florida, North Carolina and Texas took action against or settled cases against five others.

Legal actions such as those announced Tuesday, coupled with new "best practices" mandated by CAN-SPAM have reduced the amount of spam Internet users receive, according to an FTC report on the act released Tuesday.

However, spam experts say that the law has had a negligible affect on the overall amount of spam, and that greater international cooperation is needed to stamp out the problem.

On the legal front, the FTC said it took action against three spam operations that it accused of violating CAN-SPAM provisions.

The agency filed CAN-SPAM complaints in U.S. District Court for the Northern District of Illinois against Brian McMullen of BM Entertainment and Zacharay Kinion. Both men are charged with misrepresenting the source and subject of e-mail solicitations, and failing to provide an "opt out" link or physical mailing address.

The FTC worked with Proxypot.org to collect information on the spammers, according to Alan Curry of Logansport, Indiana, who founded the service. Proxypot sets up insecure computers to act as "honeypots" for spammers, who try to use them to forward spam messages.

The computers do not forward the messages, but capture information on the spammers, including the original source of the messages, Curry said.

Proxypot forwarded detailed information on two spammers onto the FTC, including CDs of spam messages sent through proxypot machines and the IP addresses from which the messages originated, he said.

Joining the FTC was the Canadian Competition Bureau, that country's consumer protection agency.

The agency said that it settled cases against two spammers that operate out of that country.

Canada does not have a law akin to CAN-SPAM, but goes after e-mail marketers it believes are misleading consumers, said Andrea Rosen, assistant deputy commissioner of the Competition Bureau, in an interview with eWEEK.

"We have a borderless crime here. [Spam] activity can go on in either country and victimize consumers in either country. It's better for us to work together to eliminate deceptive e-mail," she said.

Canada is one of the "top 10" sources of spam e-mail, but spamming activity there is "miniscule" compared to what goes on in the U.S., Rosenn said.

In a separate report on the effectiveness of CAN-SPAM, the FTC concluded that the act has been effective in forcing "best practices" on legitimate commercial e-mail senders. It has also provided ISPs with new tools to bring suits against spammers.

To date, more than 50 spammers have been brought against spammers by the FTC, the U.S. Department of Justices, state Attorneys General and ISPs using provisions of CAN-SPAM, the FTC said.

Those actions, coupled with better antispam technology have reduced the amount of spam consumers receive, or caused it to level off, FTC said.

The FTC study also noted limitations to CAN-SPAM. For example, illegitimate e-mail senders continue to thrive, often operating outside U.S. borders. E-mail with malicious file attachments are becoming more common and spammers often take advantage of loose domain registration practices to disguise their identity, FTC said.

At Sophos PLC, researchers have observed a steep reduction in U.S. based spam in the last year, said Gregg Mastoras, a senior security analyst at the U.K.-based firm.

According to Sophos's figures, the U.S. now produces around 26 percent of the world's spam, compared to 46 percent last year, he said.

However, the decline in the U.S. has been accompanied by a steep increase in spam from countries like South Korea and China during the same period, Mastoras said.

"We're seeing more spam in non-English languages. It's still unwanted and it's still clogging e-mail boxes," he said.

Cross-border arrangements with Canada are nice. However, the U.S. government needs to partner closely with governments in other major spam producing countries to have an affect on the volume of unwanted e-mail, he said.

The U.S. government should also fund the FTC better so that it could increase actions against spammers, said Jordan Cohen, Director of ISP and Government Relations at Epsilon Interactive.

"The FTC is underfunded. They need the resources to file civil cases," he said.

In its report, FTC recommended that the U.S. Congress pass the US SAFE WEB Act, which would improve the FTC's ability to use CAN-SPAM to pursue spammers outside U.S. borders. The agency also advocated better user education and technology to stop spam, the FTC said.

However, no legal remedies will totally eliminate the problem, Cohen said.

"E-mail is an easy channel. The real focus needs to be on technology that can make sure the e-mail doesn't get through," he said.

Check out eWEEK.com's Security Center for the latest security news, reviews and analy-sis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Cen-ter Editor Larry Seltzer's Weblog.

Copyright © 2005 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.