FTC says federal spam law has worked

Security firms report spam increase--but the FTC says 2003 law regulating junk e-mail is effective.

Anne Broache Staff Writer, CNET News.com
Anne Broache
covers Capitol Hill goings-on and technology policy from Washington, D.C.
Anne Broache
5 min read
WASHINGTON--About 70 percent of the world's e-mail messages continue to be spam. But the number is leveling off, which federal officials on Tuesday cited as evidence that a law enacted two years ago is working.

At a press conference here, the Federal Trade Commission released a report (click here for PDF), delivered last week to Congress, that said the so-called Can-Spam Act is "effective in providing protection for consumers."

Can-Spam has permitted the agency to pursue lawsuits against spammers and has spurred adoption of commercial e-mail "best practices," such as including an "opt out" link and the sender's postal address in any unsolicited message, said Lydia Parnes, director of the FTC's Bureau of Consumer Protection.

What remains unclear, however, is how effective the law has been. Statistics compiled by antispam companies show that the total number of junk e-mail messages has leaped 62 percent in the last year. At the same time, filtering technology has dramatically improved, which could account for in-boxes not completely overflowing.

Some critics of Can-Spam, which requires an opt-out approach rather than a stricter "opt in" standard, have even suggested that the law may have increased the amount of junk e-mail. That's because Congress intentionally killed tougher state laws, such as one in California that had required recipients to opt into commercial mailing lists.

The FTC's Parnes acknowledged that it was problematic to attribute a cause-and-effect relationship to the 2003 law. "I think it's difficult to parse out the effectiveness of the law versus the technological advances in reducing spam," she said.

Parnes also warned that the nature of spam content appears to be growing increasingly malicious, and spammers continue to evade law enforcement by registering with domain name registrars under false names. The FTC encouraged improvements in spam-busting technology and in "domain-level authentication," as well as a continued effort to educate consumers about the Web bane.

The FTC drew its conclusions based on its own experiences with enforcing the legislation and interviews with "scores of individuals," including consumer group representatives, e-mail marketers, Internet service providers, law enforcers and computer scientists.

The agency used data from e-mail security company MX Logic, among others, to conclude that the number of spam messages is leveling off or even declining. That company calculated that in the past year, an average of 68 percent of the messages it screened fell into the spam category--down from an average of 77 percent last year.

But because the overall number of e-mail messages is rising, a slightly smaller percentage of a much larger number means that spam continues to grow. To derive its numbers, MX Logic evaluates a random sample of 10,000 messages each week from its roughly 7,000 business clients.

"We would not make the statement today that spam has completely declined," said Scott Chasin, the company's chief technology officer. "What we can say, and what we believe, is that spam has declined as far as reaching the consumer's in-box. I think it's a big difference from saying overall spam volumes are down."

The FTC also said the number of legitimate commercial e-mailers complying with Can-Spam is on the rise. MX Logic, however, reported that only 3 percent of the total messages it screened last year and 4 percent this year actually met those standards--that is, providing a subject line that jibes with the body of the message, a postal address, an opt-out link, and, in the case of adult-oriented e-mail, the FTC-mandated "SEXUALLY EXPLICIT" label in the subject line.

"I think largely the most compliance has come from the legitimate e-mail marketers that are desperately trying to find their own identity for their content because they, too, are suffering from deliverability issues due to spam-filtering at the end point," Chasin said.

Jordan Ritter, chief technology officer of Cloudmark, another e-mail security company, said it's tough to measure whether spam is actually on the decline--and, if so, what role the Can-Spam Act actually plays.

For its part, Cloudmark reported a 62 percent increase in the number of spam messages in the past year. In mid-December of this year, its users have flagged about 3.5 million messages per day as spam, whereas they designated 2.2 million at the same time last year. (The percentage of spam messages flagged, however, barely changed, as the total number of messages the company checked also grew from 450 million per day last year to about 800 million this year.)

"I think different organizations and different constituencies see different things," Ritter said. "I can definitely say from our technology, as well as the many ISPs we work with, that the process has worsened and the burden is becoming more expensive to carry."

More spam lawsuits
Also on Tuesday, the FTC announced that it's in the "early stages" of litigating cases against three more alleged U.S. spam operators, while attorney generals in Florida, North Carolina and Texas filed their own suits against three additional spammers.

The cases--part of what the FTC calls "Operation Button Pusher"--involve alleged scams related to mortgages, online pharmaceuticals and a product called Fuel Saver Pro that claims to boost vehicle fuel efficiency and reduce emissions. A spam database kept by Microsoft tipped off the U.S. government in each instance.

The Canadian government also has joined the crackdown operations. Andrea Rosen, assistant deputy commissioner for the Canadian Competition Bureau, appeared at the press conference to announce two recent settlements with spammers who promoted Fuel Saver Pro. An estimated 400 victims in Canada, the United States, the United Kingdom, France and Australia fell for the claims, Rosen said.

Since Can-Spam was adopted in 2003, the FTC, Department of Justice, state attorneys general, and Internet service providers have brought more than 50 cases against suspected spammers. Parnes admitted that she had "no idea" what percentage of the world's spammers those prosecutions represent.

The FTC still contends that Congress doesn't need to change Can-Spam.

But, citing concerns over its ability to fight spam that originates abroad, the agency renewed its call for a piece of legislation that would beef up its ability to share information with international enforcement agencies. The proposal was approved by the U.S. Senate Commerce Committee last week, but it was unclear when it would proceed to consideration by the full Senate.

CNET News.com's Declan McCullagh contributed to this report