Some antispam vendors and computer users haven’t seen the same picture the U.S. Federal Trade Commission (FTC) was viewing when it reported Tuesday that many people are receiving less unsolicited commercial e-mail in their inboxes now, compared to two years ago.
The spam problem isn’t shrinking, said Ray Everett-Church, counsel for the Coalition Against Unsolicited Commercial Email and author of the new book, “Fighting Spam for Dummies.”
“Technology has improved incrementally in the last year, but spam volumes remain at all-time highs by most measures,” Everett-Church said.
The FTC, in a report to the U.S. Congress, said antispam filtering technology and a 2-year-old federal law have contributed to less spam showing up in inboxes. The total amount of spam being sent appears to be “leveling off,” if not declining, but spam filters are catching most of it, the FTC said.
The CAN-SPAM Act, passed by Congress in late 2003, has also helped fight spam, by setting standards for mass e-mail marketing and by allowing about 50 lawsuits against spammers that were filed by the FTC, law enforcement agencies and Internet companies in the last two years, the FTC said. CAN-SPAM has given law enforcement agencies and ISPs (Internet service providers) “tools to deal with outlaw spammers,” said Lydia Parnes, director of the FTC Bureau of Consumer Protection.
The FTC report focused largely on spam-filtering technology as a major reason computer users may be seeing less spam. Asked how much CAN-SPAM has helped compared to better spam filters, Parnes said Tuesday she didn’t know.
“It’s very difficult to parse out the effect of the law versus the technological advances,” she said. “The act has given us a set of best practices for companies that use commercial e-mail. That is very important.”
Others questioned the FTC’s conclusions. “The FTC might be seeing less spam, but I’m not!” Don Smutny, a Web site administrator and software developer, wrote in an e-mail reacting to the FTC report. “I get just as much spam today as I did two years ago, it’s just not all from people that want to sell me pharmaceuticals. Now, they want me to give them bank account and credit card information to ‘verify my account.'”
Smutny, from Kansas City, Missouri, said he’s seen a big increase in “phishing” e-mail trying to trick recipients into giving up their personal information. Smutny’s employer uses spam-filtering technology that catches about 75 percent of spam, but the amount of spam coming into the company has not decreased, he said.
“I don’t know just how the FTC measured the amount of spam being sent, but they didn’t measure it at the ISP level,” Smutny added. “This is where a tremendous portion of spam is filtered out, and the ISPs’ customers never even see it. That doesn’t mean it wasn’t sent, however.”
While the FTC focused more on the amount of spam hitting inboxes instead of the total amount of spam being sent, the unfiltered volume of unsolicited messages is a problem, Everett-Church said.
Filtering has provided incremental improvements for end users, but it doesn’t make the problem go away,” he said. “The costs are still there, being borne by the ISPs and businesses.”
Everett-Church called for technology vendors to push harder for efforts to add user authentication to the e-mail system. “Today’s technology improvements are eking a few more horsepower out of an already overworked engine,” he said. “We need a new, better engine, but nobody is willing to make the investment yet.”
Two antispam vendors agreed with the FTC that filtering is largely working, but they questioned the effectiveness of CAN-SPAM, short for Controlling the Assault of Non-Solicited Pornography and Marketing. It’s difficult to argue CAN-SPAM had “any kind of real impact” on the volume of spam, said Scott Chasin, chief technology officer for MX Logic Inc.
MX Logic found that 68 percent of e-mail traffic it scanned in 2005 was spam, down from 77 percent in 2004. But only 4 percent of unsolicited commercial e-mail complied with CAN-SPAM in 2005, up from 3 percent in 2004, the company said earlier this month. CAN-SPAM requires that commercial e-mail include several items, such as a working return e-mail address, a valid postal address for the sending company, a working opt-out mechanism and a relevant subject line.
“Overall, the majority of [e-mail] traffic on the Internet is still spam-related content,” Chasin said.
Chasin did call CAN-SPAM necessary, saying it has helped educate legitimate e-mail marketers about acceptable practices.
Jordan Ritter, founder and chief technology officer of antispam vendor Cloudmark Inc., agreed, but noted that only legitimate marketers have followed CAN-SPAM’s rules.
Although the FTC said no changes to CAN-SPAM are needed, Ritter called for additions to the law to better define spam and good practices.
“The problem is the people who aren’t following the law can’t be found,” Ritter added.
Chasin, however, said better technology is the answer to continued spam problems.”The road map from the technology side in fighting the spam problem will continue to evolve,” he said. “However, the road map of the spammers will continue to evolve as well.”
