CAN-SPAM law: Little impact so far

The chairman of a U.S. Senate committee called for more federal enforcement of a new antispam law amid reports Thursday that the amount of spam sent to U.S. consumers may be rising, not dropping, since the law went into effect in January.

Senator John McCain, chairman of the Senate Commerce, Science and Transportation Committee, questioned why the U.S. Federal Trade Commission (FTC) hasn’t focused on the companies using spammers to advertise their products while that agency attempts to enforce the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act.

The FTC and federal law enforcement officials brought CAN-SPAM and other charges against two alleged spamming companies in late-April, but McCain urged the FTC and the Federal Bureau of Investigation (FBI) to step up their enforcement efforts against spammers, including child pornography spammers, during a hearing on the effectiveness of CAN-SPAM.

“If the FTC can’t find the spammers, it should do the next best thing: go after the businesses that knowingly hire spammers to promote their goods and services,” said McCain, an Arizona Republican. “At a minimum, the FTC could put thousands of businesses — many of them online pornography retailers — on notice that using anonymous spam is an illegal means of driving consumer traffic to their Web sites.”

But bulk e-mailers trying to comply with the law — by using their own IP (Internet Protocol) addresses instead of forging headers, and by including their company names and postal addresses in the text of the e-mail — are being punished by ISPs (Internet service providers) like America Online Inc. (AOL), said Ronald Scelson, president of, a bulk e-mail company based in Montgomery, Tex. Scelson’s company has stopped using common spamming techniques in order to comply with CAN-SPAM, but AOL and other ISPs are still blocking his company’s e-mail, Scelson said. Scelson told the committee he could go back to using forged headers and defeat most spam filters. “Does the government want us to mail legal or not?” Scelson asked. “As long as we’re doing it the right way and we’re going to get blocked, interfered with and shut down, people are going to go around it.”

While senators called for more enforcement of CAN-SPAM, representatives of the FTC and FBI said their agencies are working hard to combat spam. The FTC has more than 50 staffers working on CAN-SPAM enforcement, said FTC Chairman Timothy Muris. The FTC is still working on some rules related to CAN-SPAM, and Muris promised that the agency will deliver a plan for a national do-not-e-mail registry by CAN-SPAM’s June 16 deadline. He noted that an FTC rule requiring sexually explicit e-mails to be labeled just went into effect this week.

“We’ve already begun searching for enforcement targets,” Muris said of the sexually explicit rule.

Representatives of spam-filtering service Postini Inc. and the Consumers Union told the committee that the amount of unsolicited commercial e-mail continues to rise after CAN-SPAM became law. Postini, which processes about 1.3 billion e-mails a week, has seen the percentage of spam in that e-mail processed increase from 78 percent to 83 percent since CAN-SPAM went into effect.

Still, CAN-SPAM was a positive step in fighting spam because it set the ground rules for what is acceptable behavior, said Shinya Akamine, president and chief executive officer of Postini. The increase in the amount of spam may have been higher without the CAN-SPAM law, he said.

“We think that it’s a great law,” Akamine said. “It prohibits illegal activity, now we believe it’s the role of the private sector to actually go out and secure (e-mail).”

Akamine and Hans Peter Brondmo, senior vice-president of e-mail marketing vendor Digital Impact Inc., disagreed on what technological measures can be effective in blocking spam. Postini is blocking close to 99 per cent of its customers’ spam, Akamine said, but Brondmo said the only way to get rid of spam is to adopt sender-authentication protocols proposed by large ISPs including Microsoft Corp. and AOL.

AOL on Thursday announced during the hearing that the amount of spam e-mail hitting its subscribers’ in-boxes declined by 20 per cent to 30 per cent in the last year, through a variety of spam-fighting initiatives. CAN-SPAM helped AOL and other ISPs sue hundreds of spammers in early March, said Ted Leonsis, vice-chairman of America Online and president of the AOL Core Service.

“You did a great service to the online medium and tens of millions of online consumers,” Leonsis told the committee. “CAN-SPAM was the right bill at the right time for all the right reasons, and we look forward to measuring its success with more time.”

While Leonsis and Scelson argued over whether AOL was blocking Scelson’s e-mails, James Guest, president of the Consumers Union, said the debate missed the point: that consumers don’t want unsolicited commercial e-mail.

CAN-SPAM requires all commercial e-mail to have a working opt-out mechanism and requires senders to include valid postal addresses. The law also includes a criminal penalty of up to a year in jail for sending commercial e-mail with false or misleading header information, plus criminal penalties of up to five years in prison, for some common spamming practices, including hacking into someone else’s computer to send spam.

But the law forces consumers to opt out of commercial e-mail, instead of requiring e-mailers to get opt-in permission, and Guest urged the committee to change the opt-out requirement. Spam can come from thousands of sources, and a consumer would have to send an opt-out request to each sender to cut off all spam, Guest said.

E-mail users should have the same protections as phone owners do under the national do-not-call list, which the do-not-e-mail list proposal is modeled after, he said. “Obviously, this is an absurd burden to place on people,” he added. “Congress should put the burden on spammers to get permission, not on consumers to fend off the intrusion.”