Vendors, users dispute FTC report on spam

Spam issue isn't shrinking, they say

WASHINGTON -- Some antispam vendors and computer users don't see the same picture the U.S. Federal Trade Commission saw when it reported yesterday that many people are receiving less unsolicited commercial e-mail in their in-boxes now than they were two years ago.

The spam problem isn't shrinking, said Ray Everett-Church, counsel for the Coalition Against Unsolicited Commercial Email and author of the new book Fighting Spam for Dummies.

"Technology has improved incrementally in the last year, but spam volumes remain at all-time highs by most measures," Everett-Church said.

The FTC, in a report to Congress, said antispam filtering technology and a 2-year-old federal law have contributed to less spam showing up in in-boxes (See "FTC: Computer users seeing less spam; law helped"). The total amount of spam being sent appears to be "leveling off," if not declining, and spam filters are catching most of it, the FTC said.

The CAN-SPAM Act, passed by Congress in late 2003, has also helped in the fight against spam by setting standards for mass e-mail marketing and by making possible about 50 lawsuits against spammers that were filed by the FTC, law enforcement agencies and Internet companies in the last two years, the FTC said. CAN-SPAM has given law enforcement agencies and Internet service providers "tools to deal with outlaw spammers," said Lydia Parnes, director of the FTC Bureau of Consumer Protection.

The FTC report focused largely on spam-filtering technology as a major reason computer users may be seeing less spam. Asked which has had a bigger impact, the CAN-SPAM act or better spam filters, Parnes said yesterday she didn't know.

"It's very difficult to parse out the effect of the law vs. the technological advances," she said. "The act has given us a set of best practices for companies that use commercial e-mail. That is very important."

Others questioned the FTC's conclusions.

"The FTC might be seeing less spam, but I'm not!" wrote Don Smutny, a Web site administrator and software developer, in an e-mail reacting to the FTC report. "I get just as much spam today as I did two years ago, it's just not all from people that want to sell me pharmaceuticals. Now, they want me to give them bank account and credit card information to 'verify my account.'"

Smutny, who lives in Kansas City, Mo., said he has seen a big increase in "phishing" e-mail, which tries to trick recipients into giving up their personal information. Smutny's employer uses spam-filtering technology that catches about 75% of spam, but the amount of spam coming into the company has not decreased, he said.

"I don't know just how the FTC measured the amount of spam being sent, but they didn't measure it at the ISP level," Smutny added. "This is where a tremendous portion of spam is filtered out, and the ISPs' customers never even see it. That doesn't mean it wasn't sent, however."

While the FTC focused more on the amount of spam hitting in-boxes instead of the total amount of spam being sent, the unfiltered volume of unsolicited messages is a problem, Everett-Church said.

Filtering has provided incremental improvements for end users, but it doesn't make the problem go away," he said. "The costs are still there, being borne by the ISPs and businesses."

Everett-Church called for technology vendors to push harder for efforts to add user authentication to e-mail systems.

"Today's technology improvements are eking a few more horsepower out of an already overworked engine," he said. "We need a new, better engine, but nobody is willing to make the investment yet."

Two antispam vendors agreed with the FTC that filtering is largely working, but they questioned the effectiveness of CAN-SPAM, short for Controlling the Assault of Non-Solicited Pornography and Marketing. It's difficult to argue CAN-SPAM had "any kind of real impact" on the volume of spam, said Scott Chasin, chief technology officer at MX Logic Inc.

MX Logic found that 68% of e-mail traffic it scanned in 2005 was spam, down from 77% in 2004. But only 4% of unsolicited commercial e-mail complied with CAN-SPAM in 2005, up from 3% in 2004, the company said earlier this month. CAN-SPAM requires that commercial e-mail include several items, such as a working return e-mail address, a valid postal address for the sending company, a working opt-out mechanism and a relevant subject line.

"Overall, the majority of [e-mail] traffic on the Internet is still spam-related content," Chasin said.

Chasin said CAN-SPAM is necessary, adding that is has helped educate legitimate e-mail marketers about acceptable practices.

Jordan Ritter, founder and chief technology officer of antispam vendor Cloudmark Inc., agreed, but noted that only legitimate marketers have followed CAN-SPAM's rules. Although the FTC said no changes to CAN-SPAM are needed, Ritter called for additions to the law to better define spam and good practices.

"The problem is the people who aren't following the law can't be found," Ritter added.

Chasin, however, said better technology is the answer to continued spam problems."The road map from the technology side in fighting the spam problem will continue to evolve," he said. "However, the road map of the spammers will continue to evolve as well."

Copyright © 2005 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon