Spam Still Flowing Despite New Law

A one-year-old law that was supposed to regulate sexually explicit, unwanted e-mails has done little to stem the flow of pornographic spam (search), industry-watchers say, and even spammers in compliance with the rules are still sending out more dirty e-mails than ever.

Currently, 77 percent to 80 percent of all e-mails received daily are some type of spam, and as much as 20 percent of that is sexually explicit, according to Michael Osterman of Osterman Research (search), a Seattle-based market research firm specializing in anti-spam and other technology.

Of all spam e-mails sent, only about 7 percent — at the most — comply with U.S. law, he said.

"I would say it's getting to the point where something needs to be done about it," Osterman told

Officials with the Federal Trade Commission (search), which is tasked with enforcing the Controlling the Assault of Non-Solicited Pornography and Marketing Act, say something is being done. In December, FTC officials busted six businesses and one other operation that send pornographic advertisements through e-mail. The lawsuits are the first under CAN-SPAM (search) and more are to come.

"I think we should see more lawsuits in the future," said FTC staff attorney Michael Goodman, "and over time the results will have a deterring effect."

Angry consumers have reported more than 100 million spam e-mails to the FTC's database since the law went into effect on Jan. 1, 2004. Goodman acknowledges that since then, the volume of daily complaints hasn't let up. He said that's partly because the awareness is up about the FTC's role in spam regulation, but also because the law never promised to stop spam altogether.

"CAN-SPAM was an important step for providing the tools to let law enforcement go after malicious spammers, but it was never intended to halt all spam," said Mark Blafkin, spokesman for the Association for Competitive Technology (search), an advocacy group representing technology companies.

But so far, said Mark Rotenberg, executive director of the Electronic Privacy and Information Center (search), not even the regulatory mission is working. When the law was being debated on Capitol Hill, Rotenberg testified before Congress in favor of a tougher bill. He said he was disappointed with the legislative outcome.

"I testified and said it was a very weak bill," he said. "Evidence indicates that spam is on the increase today. (It's) a problem for most users with an [Internet Service Provider]."

What CAN-SPAM Does Do

The bipartisan CAN-SPAM bill was designed to address unwanted solicitations, or spam, in general, as well as offer special provisions for sexually explicit e-mails. Among its functions, the bill:

— Prohibits fraudulent or deceptive subject lines, headers, return addresses and other labels;

— Prohibits the use of e-mail addresses that are harvested from other Web sites without the users' knowledge;

— Creates an "opt-out" mechanism in which users can contact the sender to get off of their mailing list. The sender must also include a real snail-mail address. FTC regulators are still debating whether a P.O. Box will do;

— Criminalizes sexually explicit e-mails that are not properly labeled in the subject line as such. It also makes it a crime to send pornographic photos in the body of an e-mail;

— Allows the FTC and states attorneys to impose criminal penalties on the spammers and the companies that hire them. It also allows private ISPs (search) to sue violators who use their network to send the spam.

Anne Mitchell, an attorney and policy expert with the San Francisco-based Institute for Spam and Internet Public Policy (search), said she understands why people are disappointed that spam — particularly that of a pornographic nature — has not dissipated.

Mitchell said the legitimate adult porn industry seemed to comply right away with the law by placing "sexually explicit" in the subject line of spam e-mails. Illegitimate operators "aren't going to comply anyway" and so have found ways around prosecution.

Among those outs is to move offshore or to mask their activities. They have also tripled their output, using what are called "zombie networks" that hijack Internet connections and e-mail addresses.

Mitchell said the FTC is doing its best with the resources it has. Major ISPs — like Microsoft, which has launched over 80 lawsuits against spammers since the CAN-SPAM law went into effect — need to continue to be tough. Smaller ISPs need to get on board too, she said.

"There are thousands of ISPs in this country and they need to start going after spam."

Rotenberg said some arguments have been made for a "do not mail" list similar to that used to block telemarketers from calling phone numbers. That federal registry now has some 80 million telephone numbers on it. The counterargument is that it is too risky to hand spammers huge lists of people's e-mail addresses and ask them not to spam them.

A stronger argument has been made for an "opt-in" provision, where users would only get mail from companies after they have given their permission. That was not included in the final bill.

Goodman said the FTC is continuing to clarify the reach of the law through additional rulemaking, and is looking at other solutions, like creating a "bounty" system in which users can turn in major spammers, and a required labeling of all commercial e-mail. A final report on the effectiveness of CAN-SPAM is due in December.

Blafkin said that ultimately, spam could be stopped if government prosecutors, ISPs and emerging technology work together to address the problem. "When all these factors come together in a perfect storm is when you might see a real decline in spam."