Spam Slayer: Spammers Find More to Love in Antispam Law

Tip of the Month

Remember to Update! Microsoft issued an update to Outlook 2003's junk e-mail filter in December 2003 that makes it easier to keep your antispam weaponry fresh. It gives Outlook 2003 users a direct link to updates on the latest definition of messages that are considered spam. If you're not sure your version of Outlook includes this, check the Outlook 2003 Junk E-mail Filter Update: KB832333 page to be certain you have the most current spam stopping tools.

The Federal Trade Commission has given spammers another reason to love the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) law. That's because on June 15 the commission gave a thumbs down to a proposed Do Not E-Mail registry, which was modeled after the Do Not Call registry, giving junk e-mailers the green light to spam away.

It's been more than six months since the purportedly spam killing CAN-SPAM Act was signed into law and little has changed: Spam is still a huge problem in our in-boxes. That's in stark contrast to the effect the Do Not Call telemarketing list has had. I used to screen my calls regularly to avoid telemarketers. Today, the only calls I screen are ones from my boss.

The proposed Do Not E-Mail registry was part of a CAN-SPAM provision that ordered the FTC to report on the feasibility of allowing people to place their e-mail addresses on a Do Not E-Mail list, similar to the Do Not Call registry. In both cases, the services were designed to address consumers annoyed by a deluge of nagging commercial pitches.

The idea of a Do Not E-Mail registry sounded ingenious at first. But at second glance it was a dud, and the FTC called it.

Telemarketers Buzz Off

When the Do Not Call registry was initiated, the FTC had both the funding and the technology to take a serious crack at clamping down on telemarketing calls. The Do Not Call registry was a joint effort of the FTC and the Federal Communications Commission. The agencies worked together for two years to fine-tune the registry and spent considerable time leading up to its October 2003 launch raising consumer awareness.

Violators of the Do Not Call registry can be fined up to $11,000 per call. Telemarketers are required to check the Do Not Call registry every three months to update their own lists.

What's more, Congress appropriated $18 million for the first year alone, to launch and enforce the Do Not Call registry. In the end, 50 million consumers signed up with the FTC to block all telemarketing calls. The registry is considered one of the most popular citizen-participation programs ever.

FTC Says, 'No Can Do'

The CAN-SPAM law was pushed through at the tail end of a congressional session. Not marketers, the public, nor the FTC had time to chime in and make suggestions or prepare for the law. In the end, CAN-SPAM allowed politicians to appear as if they were cracking down on spam and making real strides to protect our in-boxes. But in reality what we got was a flawed law and more spam.

In interviews with the FTC, I have been told no that additional funding was earmarked as part of CAN-SPAM for the agency to enforce the law or to develop a Do Not E-Mail registry. Unlike the Do Not Call registry, for which the FTC received funding, time, and support from the FCC, with the Do Not E-Mail registry the FTC was simply told to come up with a feasibility study in six months.

The FTC recently concluded that a Do Not E-Mail registry might actually help spammers find legitimate e-mail addresses. The agency figures junk e-mailers might abuse the registry and use it to develop lists of working e-mail addresses to spam.

So much for the peppy campaign slogans from politicians like Senator Charles Schumer (D-New York), who has been a vocal proponent of the Do Not E-Mail registry.

A Different Problem

Technology is part of the reason that it is much simpler to enforce a Do Not Call registry than its e-mail counterpart. Telephone company records show if a telemarketer makes a call to a number on the Do Not Call registry, so companies in violation of the law are easily identified and fined.

However, spammers can deceive e-mail recipients and ISPs to make it extremely hard to trace spam back to senders. CAN-SPAM's fatal flaw is its assumption that spammers are all reputable U.S.-based marketers that won't try to mask their identities--and many do, frequently.

The genius of the Do Not Call registry is that all people have to do to opt out of receiving telephone calls is to register once.

The problem with CAN-SPAM, in the absence of a Do Not E-Mail registry, is that people must opt out of receiving e-mail from every single marketer. Using spam opt-out mechanisms can be problematic. It's especially so if an unscrupulous company is behind the spam, and will just use your opt-out message as a way to verify your e-mail address is valid.

Just a Sound Bite

A Do Not E-Mail registry is a good idea in theory, because we would all love to be able to tell spammers to stop sending e-mail to us. But it simply falls apart in any attempt to bring it to reality. It appears that a Do Not E-Mail registry is really just a sound bite for politicians, not a project that can be implemented in the real world.

Our best hope to curb spam is the power of law, which enables companies and state attorneys general to sue spammers who violate CAN-SPAM. Major Internet e-mail providers, including America Online, EarthLink, Microsoft, and Yahoo, have each gone after spammers in court, hoping high-profile prosecutions will be deterrents.

So far, however, lawsuits haven't been effective. And the FTC has said it lacks sufficient resources to aggressively go after spammers--with or without a Do Not E-Mail registry.

More promises of antispam efforts are coming from major ISPs and technology vendors. Several companies are working on a unified approach to authenticate the source of e-mail, which should help to deter spam. This would enable ISPs and law enforcement agencies to identify spammers who violate CAN-SPAM and prosecute them.

Until these spam fighting technologies and antispam laws truly deliver on their promise of squashing spam, all we can do is keep hitting that Delete key.


Q. What is behind all the e-mail I am receiving lately about very inexpensive, state-of-the-art software? I feel it's a scam, but would like to see some background information.

--David B.

A. You aren't alone. Recently there has been a deluge of spam pitches for mainstream software at absurdly low prices. Most of these pitches point back to online stores selling pirated software. A lot of the programs are advertised as OEM software, which is preloaded onto systems and licensed for distribution with that hardware only.

Don't be fooled. Instead of getting great deals, it's more likely you'd be doing business with a software pirate selling illegally copied software. E-mail filtering firm SurfControl says spam promoting pirated software accounted for one in every 20 e-mail messages earlier this year. The trade association Business Software Alliance reports as many as four out of every ten software titles sold on the Web are counterfeit or illegal copies.

Send gripes, questions, and tips for the spam wars to Tom Spring. Go to the Spam Watch page for spam fighting articles and downloads.
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon