Tech Industry

Can-Spam Act is a start

With Congress cracking down on spam, Brightmail CEO Enrique Salem says this is only a first step.

The U.S. Congress has given final approval to S.877, the so-called Can-Spam Act, which promises to crack down on unsolicited commercial e-mail by imposing stiff civil penalties and even prison sentences to people convicted of spamming.

The Can-Spam Act would also allow the Federal Trade Commission to investigate the creation of a "do not spam" registry, similar to the recently created "do not call" list.

There's little doubt that spam is a serious nuisance, but there is insufficient appreciation for how serious a threat it is to our economy. Spam now constitutes more than half (56 percent) of all Internet e-mail traffic, according to the data collected from the 300 million recipients my company, Brightmail, protects.

The staggering volume of spam threatens the viability of e-mail as a communications tool--for business and individuals. And as spammers venture outside of e-mail, they threaten to inhibit the adoption of new communications technologies, such as wireless SMS (short messaging service) or instant messaging.

But it's not just volume we need to be concerned about; spam is becoming increasingly fraudulent and offensive. My own company has found that adult content spam has increased 170 percent in the last 12 months while scams have nearly doubled in the same period.

Spam has grown from being a world-class annoyance to a darkening threat, so it is no wonder that the Can-Spam, or the Controlling the Assault of Non-Solicited Pornography and Marketing Act, has received such widespread support from members of Congress and interest groups that run the gamut of the political spectrum, from the Christian Coalition to New York Sen. Charles Schumer.

Critics of the bill say it will be challenging to enforce and the evidence supports that claim. Brightmail has found that the vast majority of spam is untraceable, and that spammers are employing increasingly sophisticated means of covering their tracks, including extreme randomization, origin concealment, filtering evasion and the use of open proxies. It's also true that legislation adopted in 29 states, Japan and the European Union has done little to slow the spread of spam.

The stiff civil penalties are a first step in creating a financial disincentive for spammers where none currently exists.
Nevertheless, this legislation is a critical step forward in the fight against spam. The stiff civil penalties are a first step in creating a financial disincentive for spammers where none currently exists. And fraudulent and habitual spammers need to feel the threat of prison time.

While legislation plays an important role in highlighting the seriousness of spamming, it is currently very difficult to enforce. Spamming is a global problem, with e-mail being routed around the globe and with wanton disregard for local regulations.

Governments cannot impose regional laws on assailants outside their boundaries. Even when legal authorities can catch a spammer within their jurisdiction, the burden of proof can be daunting to prosecuting attorneys.

It will be important to set expectations and educate the public that this legislation is but one part of a comprehensive solution, not a silver bullet. Consumers, Internet service providers (ISPs), businesses and marketers will all need to take an active role in the fight against spam.

Consider the parallels in the offline world. While there are many "laws of the road" for drivers, still the public wants the auto industry to build as many safety features into cars as they possibly can. Similarly, while "breaking and entering" is a felony crime, homeowners use locks, bars and alarm systems to protect themselves from robbery.

Even when legal authorities can catch a spammer within their jurisdiction, the burden of proof can be daunting to prosecuting attorneys.
The solution to spam will involve a coordinated effort by technology providers, ISPs, direct marketers and law enforcement agencies. The Can-Spam Act helps by laying the groundwork for criminal enforcement.

We will also need to establish guidelines that outline e-mail best practices, guidelines that will need to be followed by direct marketers. It will become important to be able to identify legitimate direct marketers and there will need to be improvements in how direct marketers manage their lists.

Finally, the Internet e-mail system was originally designed as an open, unsecured system that allowed scientists share research information. It was never designed to be used as it is today--as a mission-critical communications tool.

Within the next several years, we will need to address some of the underlying technological standards of the system to increase security and hinder the ability of one person to clog the system with indiscriminate and unwanted messages.

Can-Spam won't be a stake through the heart of spam, but it's an important part of a comprehensive solution.