Less than 1% of spam complies with new US law

Less than 1% of spam e-mail sent to US inboxes this month complies with a national antispam law that went into effect at the...

Less than 1% of spam e-mail sent to US inboxes this month complies with a national antispam law that went into effect at the beginning of this month.

Spam filtering companies Commtouch Software and MX Logic  both found that more than 99% of spam e-mail they checked through late last week did not comply with one or more provisions of the Controlling the Assault of Non-Solicited Pornography and Marketing  (Can-Spam) Act of 2003.

A third spam filtering firm, Audiotrieve, found just over 10% of unsolicited commercial e-mail complying with Can-Spam requirements in a survey of e-mail it conducted over the weekend.

 "There's been no reduction in the volume of spam," said Scott Chasin, MX Logic's chief technology officer. "In fact, the exact opposite -- our spam rates are actually going up."

MX Logic classified 77% of its customers' e-mail as spam on Monday, up 6.5% from 1January. 

Can-Spam requires that spam e-mail include a working return e-mail address, a valid postal address for the sending company, a working opt-out mechanism and a relevant subject line. The law also directs the US Federal Trade Commission (FTC) to study setting up a national do-not-spam list, similar to the national do-not-call telemarketing list now in effect in the US.

The national spam law alone will not cut the amount of spam being sent, but enforcement could have an impact, with multimillion-dollar fines and jail terms allowed in Can-Spam for some spamming activities, said Avner Amram, executive vice president at Commtouch. "Legislation is the first step, enforcement is the second."

Commtouch and the other companies tout antispam technology as an essential partner in the fight against spam. "While legislation helps, it's not the answer," Chasin said. "We applaud the intent of the legislation. Any step in the direction of trying to stop spam is a good road to go down."

MX Logic, which provides spam and virus filtering services,  looked at 1,000 randomly selected pieces of spam received during the first seven days of January and found only three that complied with the law. In cases where the spam includes a physical address, it may be the address of a bulk e-mail company and not the actual company marketing the product, Chasin said.

Audiotrieve collected e-mail messages using so-called "honey pot" accounts on 10 and 11 January, and found 102 of 1,000 messages analysed contained all of the information required by Can-Spam.  Physical addresses were missing from all of the remaining 898 spam messages.

Commtouch, which uses its  Recurrent Pattern Detection technology to identify and filter massive spam attacks, has analysed millions of e-mail addresses since 1 January and found less than 1% that complied. Eighty per cent of the spam e-mail did not include valid return e-mail addresses and more than 40% contained subject lines unrelated to the text of the e-mail.

Grant Gross writes for IDG News Service

Read more on IT legislation and regulation