CAN-SPAM Act? What CAN-SPAM Act?
As expected, the CAN-SPAM act, which was signed into law last month, has had little effect. Only 10% of the spam reviewed by anti-spam vendor Audiotrieve contained the information required by the CAN-SPAM law, including an e-mail address, physical address, relevant subject line and a way to unsubscribe.
Things are even worse than they appear. Of that 10%, it is likely that the information included in most of the messages had been forged. In other words, Audiotrieve did not verify that the e-mail address was legitimate, that the unsubscribe method worked, or that the physical address even existed. As anyone who has ever tried to unsubscribe from a "newsletter" or reply to the sender of unsolicited e-mail knows, the addresses and Web sites are almost always dead ends.
Another analysis by anti-spam vendor Commtouch Software revealed that less than 1% of the spam sent obeys all of the guidelines of the CAN-SPAM law. The Commtouch analysis attempted to validate return addresses and found that 80% of those were forged. 40% contained irrelevant subject lines.
Anti-spam software vendor Brightmail has released their analysis of spam trends for 2003. As the document notes, spam surpassed legitimate e-mail this past year. Yet another member of the booming anti-spam business, MX Logic, claims that spam now accounts for 77% of the mail sent to its customers. This is up 6.5% from January 1st of this year.
The Brightmail analysis showed that e-mail fraud was stronger than ever this past year. The guidelines we posted last year at this time still apply. In brief, don't trust e-mail, which means don't click anything in an e-mail, don't open any attachments sent via e-mail, and definitely don't type anything into an e-mail form. The only exceptions are those messages which you're expecting from a trusted source. Even then, use caution.
A relatively new phenomenon was the advent of what Brightmail terms "Blended Threats." These are e-mail based viruses and worms which are, ostensibly, released by spammers. Last year, viruses attacked anti-spam services and sites, shutting down many such sites permanently. It is believed that other viruses were written to usurp home owner's computers and turn them into spam servers.
Blended threats, e-mail fraud and identity theft turn spam from a mere annoyance to a serious threat to people and businesses, as well as the computers and networks they use. The only chance the CAN-SPAM law has at this point is through enforcement. To this extent, we await the first charges leveled against a spammer using the CAN-SPAM law.