5 Reasons Why the CAN-SPAM Act Has Failed to Stop Unwanted Spam Emails

Summary

The CAN-SPAM Act was created to protect consumers from unsolicited emails, or spam. But despite its existence, spam emails remain rampant. So why hasn't the CAN-SPAM Act been able to stop spam?


To understand why, one must first know what the CAN-SPAM Act is and how it works. The Act, created in 2003, establishes requirements for commercial email messages, gives consumers the right to opt out of unwanted emails, and outlines penalties for companies that do not comply. The Act applies to all types of commercial emails, including those for promotional and marketing purposes.

The reasons for why the CAN-SPAM Act has failed to stop spam are numerous. First, the legislation was meant to regulate emails sent from the United States, but much of the spam comes from overseas, making it difficult to enforce in international markets. Additionally, the law relies heavily on consumers to report spam emails, but many are reluctant to do so, likely due to the sheer volume of emails they receive.

Meanwhile, spammers are increasingly using sophisticated tactics to bypass anti-spam filters, such as using dynamic IP addresses and image-based messages to fool spam filters. Additionally, spammers are utilizing more sophisticated techniques to target consumers and disguise their messages, making it difficult to identify spam emails.

Finally, the penalties outlined in the CAN-SPAM Act are not severe enough to deter spammers. The Federal Trade Commission (FTC) can only pursue civil penalties, meaning that there is no criminal punishment for those who violate the law.

In sum, the CAN-SPAM Act has failed to stop spam emails due to a lack of enforcement and weak penalties for violators. Additionally, spammers are using increasingly sophisticated techniques to evade anti-spam filters and target consumers. Until laws are strengthened and more resources are devoted to enforcement, spam emails will remain a problem.
 

The CAN-SPAM Act

In 2003, the United States Congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, or the CAN-SPAM Act, in an attempt to control the massive amount of unsolicited emails, commonly known as 'spam,' that were circulating by the millions. While this effort was a substantial step forward to limit the waves of these advertising emails, it was not entirely successful in achieving what was intended. Despite the enactment of the CAN-SPAM Act, the amount of spam has not decreased at all, and in fact, may have even increased.

The Need for Better Regulations

The main issue with the CAN-SPAM Act is that it fails to address the root of the problem. Without enforcing harsher punishments for those who make use of deliverability tools to send these emails, nothing will improve. The current regulations are simply not strict enough, and penalizing criminals who use these tools is the only way to effectively reduce the problem. Without stiffer penalties, the problem of spam emails will continue to increase, and businesses will continue to be at risk of facing legal action.

Stopping Unsolicited Emails

In order to effectively limit the amount of spam that reaches the inbox of users, it is important to create laws and regulations that will not only make it difficult for delivery tool users to send out emails, but also make it difficult to acquire and use such tools in the first place. Additionally, laws should be enacted that will allow individuals to report any suspicious emails they receive, and enable companies and organizations to take action against any potential violations.

The Rights of Consumers

The CAN-SPAM Act was a significant step forward in protecting consumers from the barrage of unsolicited emails. It has established the rights of consumers to opt out of receiving certain types of emails, and has given them the authority to file complaints against anyone who is sending unsolicited emails. However, it is clear that the CAN-SPAM Act has not been successful in curbing the amount of spam emails that are sent, and as such, more stringent actions must be taken in order to protect consumers from this type of marketing.

Enforcing Strategies

Although the CAN-SPAM Act has established regulations to protect consumers from receiving unsolicited emails, it is clear that those regulations are not enough to truly curb the problem. In order to fully address the issue, harsher penalties must be implemented to deter criminals from using deliverability tools to send out spam emails. Additionally, stricter regulations should be put in place to make it more difficult to acquire and use these tools. Furthermore, awareness campaigns should be created to ensure that consumers are aware of their rights and the proper steps to take in order to protect themselves.

<<The spam problem appears to be a simple one. Just make it illegal to distribute unsolicited email. But go deeper, and one finds problems facing efforts to police, control, or manage spam. In large part, it's a technology issue. But not far behind are the legal issues of free speech and the genuine efforts of business America to market and advertise its products and services.

In the pre-January 2004 world, it was legal for anyone to try and sell anything via email, no strings attached. In that world, two technologies arose to assist both the purveyors of email and those of us trying to keep them at bay. The first involved algorithms designed to scour cyberspace and cull every available email address. These compiled lists have been used to blitzkrieg millions of consumers with notices for selling everything from aardvarks to zooplankton extract.

More focused efforts compiled email lists by subject or topic and sold those lists to companies or marketers who used them to create more focused spam campaigns. In the end, consumers often received more than 100 unsolicited email messages per day. Go on vacation, and you could come back to more than a thousand email messages or an in-box so inundated, it was no longer accepting messages. Faced with this kind of deluge, many people simply abandoned their email addresses.

In partial response to the preceding, technology-savvy users created spam-blocking applications. These blockers can sometimes be effective, but at what price? Often the algorithms on which blockers are based screen large numbers of genuine email messages along with the spam. And once spammers (those conveying spam) understand these applications, they create super-unsolicited email messages that circumvent the blockers.

The CAN-SPAM Act of 2003 was designed to address some of the preceding. Unfortunately, the Act couldn't outlaw unsolicited email, so in an effort to try to control the problem, it identified spam requirements and-provided you didn't comply with the Act's requirements-penalties.

In summary, the Act's requirements include that the origination information (e.g., "From" and "To" information) must be accurate, with valid domain names and email addresses, and properly identify the sender; the subject line must not be deceptive or misleading; and all email must provide a way to opt out of receiving future email from that sender. Spammers must respect the opt out for at least 30 days and cannot share the opt-out email address with other spammers. In addition, the email messages must be identified as advertisements and include the sender's valid postal address.

Under the Act, each violation of the preceding requirements could result in fines up to $11,000. The Act also reasserted the notion that deceptive commercial email is subject to the laws banning false or misleading advertising.

Of course, the preceding provides spammers with more loopholes than Swiss cheese. And as previously noted, to every technological problem there is a nefarious technological solution.

Now that the CAN-SPAM Act has been in effect for more than a year, how large a problem does unsolicited email remain? According to the aforementioned survey, it's a $21.58-billion problem.

On February 3, 2005, the Center for Excellence in Service at the University of Maryland's Robert H. Smith School of Business and Rockbridge Associates, Inc., released the results of a study entitled: 2004 National Technology Readiness Survey (NTRS). In part, the NTRS survey found that 78 percent of adult email users receive spam daily; 11 percent of those receive more than 40 unsolicited email messages a day; 14 percent open spam to see what it contains; 4 percent purchased a product or service hawked in an unsolicited email message; and 27 percent delete spam on a daily basis.

The NTRS survey found those who deal with spam spend at least three minutes per day on the problem. Multiplying that number by 169.4 million adult email users adds up to 22.9 million weekly labor hours spent managing spam. So the Act should impact those numbers, right? According to some analysts, the Act spawned more problems than it solved.

A Feb. 1, 2005, New York Times article declared "Law Barring Junk E-Mail Allows a Flood Instead" and found that two primary reasons spam continues to be a growing problem is because of the law itself and technological innovation. Ironically, some note that by complying with the Act's requirements, spam can be legal.

Still FTC is trying to assert its authority over cyberspace. On April 29, 2004, the FTC published a press release entitled "FTC Announces First CAN-SPAM Act Cases." That release outlined two suits brought by the FTC against Phoenix Avatar, purveyors of weight-loss patches, and Global Web Promotions, an Australian Company that tries to sell a variety of healthcare products, including a diet patch and human growth hormone supplements. In both instances, the touted emails' claims for these products were at best dubious.

On March 31, 2005, the FTC announced it had reached a settlement with Phoenix Avatar. The four key people referenced in the suit (officials from the company) will pay a combined fine of $20,000. Given that total sales from their diet patch spamming efforts yielded an estimated $230,000, the settlement appears to be a slap on the wrist, albeit a slap in the right direction.

The FTC's inability so far to successfully prosecute the Australian company illustrates one of the technological problems with the Act. Many of the unlawful instances of spam use, at least as covered by the Act, involve companies or individuals who have so far successfully skirted the law by using a variety of offshore websites, proxy servers, zombie networks, and similar obvious or obscure technological sleights of hand.

For example, Levon Gillespie has allegedly operated a number of offshore 'bulletproof Web hosting services'-primarily in China-as spam-friendly services for a variety of merchants. Using these services, he can promise his clients will not be shut down due to spam complaints.

Last September, Microsoft Corporation finally tracked Gillespie down in a Starbucks, where he had agreed to meet with them. While at Starbucks, Microsoft served him with a lawsuit accusing him of violating, among other laws, the federal CAN-SPAM Act. Unfortunately, that appears to be the last time Microsoft has seen the 21-year-old spam entrepreneur.

The CAN-SPAM Act of 2003 is the first Congressional effort to curb what has become for many a daily annoyance, draining valuable productivity from an already overburdened day. At best, the Act's effect has been modest; at worst, ineffectual. Perhaps that's why Senator Conrad Burns (R-Montana), one of the Act's authors, recently noted that "as we progress into the next legislative session, I'll be working to make sure the FTC utilizes the tools now in place to enforce the act and effectively stem the tide of this burden."

Stay tuned.