Click the comments link on any story to see comments or add your own.
Subscribe to this blog
29 Dec 2005
In the CAN SPAM act, the Congress told the FTC to report back and tell them how it was working. Last week, the FTC sent out a press release about some anti-spam projects they're doing with the states and the Canadian competition bureau and mentioned, oh, by the way, we released this report, which says that CAN SPAM is working pretty well. I certainly haven't seen any drop in the amount of spam showing up at my mail server. Has the FTC lost their minds? Nope, but this reminds me that CAN SPAM was intended to do many things, but stop spam was not one of them.
The first part of the report discusses at length the law's effect on legal spam, that is, unsolicited commercial e-mail that is not fraudulent. It mandated a bunch of mild requirements on all commercial e-mail such as including an opt-out link that works and a postal mailing address. The report says that legal mailers do indeed comply with those rules. I agree, they do comply, and most of the legitimate lists I'm on from airlines, bookstores, and the like do include the CAN SPAM items, but since solicited mail isn't the problem and never has been, who cares? There is a tiny trickle of non-fraudulent UCE, and I believe that they may well follow the rules, too, but it's not enough to care about.
They then go on to say that consumers are getting less spam, but if you read carefully, that is due entirely to ISPs doing a better job of spam filtering than they did last year. They cite some numbers from MX Logic that purport to show that the overall amount of spam sent is dropping, but I don't believe them, and even if they're true, the change isn't significant. What is significant is that spam filtering is a major ``tax'' on any mail provider, one that contributes to nothing except perhaps to vendors of anti-spam software that wouldn't exist in the first place if we could get spam senders to stop. The FTC also opines that spam increasingly is entwined with malware, and that mail authentication could be helpful, both of which I agree with.
They list all of the cases they've filed, which have indeed shut down some spammers. The rest of the report is about international enforcement issues, noting that tons of spam comes from computers outside the US, even if the responsible party is inside the US. The FTC's ability to pursue international cases is limited, largely because they haven't had to deal with cases that hop from country to country before so they don't have much authority to work with other governments.. They propose a US SAFE WEB act that more or less gives the FTC the same international enforcement and cooperation powers as other agencies who already do international work, like the SEC. Assuming that the authority they're asking for is indeed similar to the SEC's, that seems reasonable.
So is the FTC being disingenuous? Only because the Congress told them to. The FTC is a creature of Congress, and if the Congress tells them that they can't go after spam per se, they won't. For now, the vast majority of spam is fraudulent in one way or another, so for practical purposes going after crooked spammers is nearly the same as going after all spammers, including going after them overseas. It's telling that rather than sending out a press release for the report itself, the FTC tagged it onto a release about international spam enforcement, giving us a strong hint that the only part of the report they really care about is the international enforcement and in particular, their plea for the US SAFE WEB act.
Should they get the crooks under control (I'm not holding my breath, but you never know) then we'll need to come back and figure out what to do about the stuff that's just spam because it's unsolicited.
My other sites
© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.