CAN-SPAM Act - Is it working? You Decide.
April 1st, 2007 by Tom Adelstein
As I delete spam from my Gmail spam folder, I notice the volumes increasing. A year ago, I would see about five to ten emails a day in that folder. This morning, I woke up to 56 items. The volume of spam has grown, no doubt.
The acronym CAN-SPAM comes from the Congressional legislation's name: Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003. The FTC has the responsibility of policing the Act. Of course, we all know what that means, the FTC will do little or nothing to enforce the legislation.
All I see in the world of spam is compliance by the major corporations. They do follow the rules and that puts a refreshing light on some things, such as taking the act seriously. But then, I see hundreds of thousands of emails from foreign and US based people who continue to pummel mail boxes across the world.
What are the rules? Following are the basic rules:
The bill permits e-mail marketers to send unsolicited commercial e-mail as long as it contains all of:
* an opt-out mechanism;
* a valid subject line and header (routing) information;
* the legitimate physical address of the mailer; and
* a label if the content is adult.
Billy Bob OEM Software complies with none of the above. You probably will not see an opt-out mechanism or a legitimate physical address. Though I did see an opt-out link at the bottom of an email from an Insurance Company getting their mailing list off of job boards like Monster, Dice, ComputerJobs and so on.
I hate those emails that say: We reviewed your resume and have the perfect opportunity for you, Mr. Edelsteen. I clicked the opt-out link and got a web page that did nothing. I also found no physical address.
Speaking of the job boards, I did find out another interesting factoid. If a recruiter obtains a job order, let's say from IBM, he or she sends out a search bot through the job boards, then turns around and emails everyone that has a fresh resume up. The recruiter or staffing firm doesn't keep a database any more. So, don't waste your time. (Or should I have written waist your time?)
If you use Monster for example, repost your resume everyday and you'll notice people sending you emails and calling. The older the resume, the less likely recruiters will attempt to reach you. You'll also notice an offer for $1000 or so to refer someone to the recruiter.
A little over a month ago, I started receiving emails and phone calls from what seemed like a couple of dozen firms. They all had the same job requirement: A technical writer for IBM in McKinney, Texas.
I speak a little Hindi and found out that many of the recruiters called from places like New Delhi. One had an email address from a firm in San Francisco and another from Boston. I bet you already know that an opt-out mechanism didn't exist.
(Off topic note:) I also find it humorous that the recruiters from New Delhi have names like Brandon and Chad. Then, my DSL support group also operates out of New Delhi and I've heard the phrase, "This is Susie, can I be helping you?" I be telling you, those girls names probably are not Susie, Claire, Melissa, Sally Ann or Jennifer. But then again, that's for you to decide.
Do you consider all this email off the job boards as spam? I do. Fortunately, I found a job quickly and pulled my resume. The spam from the recruiters stopped almost instantly. But or should I use another word? But, the spam from the recruiters had a fast replacement. Now, I'm getting spam from all the job boards on which I posted my resume and other job sites about whom I have never heard.
We need a new strategy for spam. We should replace the CAN-SPAM Act of 2003 and delegate the authority to Texas. We can call that the Death Penalty for Spammers Act of 2007. We could put former republican judges in charge. Two strikes and your out eh.
Of course, those folks who merely send confirmations of purchases made over the Internet would have an exemption. Also, if a company followed the rules stated above for the Federal Act could also have an exemption.
But Fuzzy OEM software guy blasting out second chance notices on auctions from eBay should fall under an extradition treaty with Texas which would allow the perpetrators a ticket to our facilities in Guantanamo Bay first for a tribunal hearing.
That's all I have to say about that, except, isn't this the 1st day of April? Run Forrest, Run.
__________________________
Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer
Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.
Delicious
Digg
StumbleUpon
Reddit
Facebook
Post to TwitterSubscribe now!
The Latest
Newsletter
Tech Tip Videos
Recently Popular
From the Magazine
July 2009, #183
News Flash: Linux Kernel 3.0 to include an on-the-go Expresso machine interface! Ok, maybe not, but Linux is definitely going mobile, from phones to e-readers. Find out more inside about Android, the Kindle 2, the Western Digital MyBook II, The Bug, and Indamixx (a portable recording studio). And if you've gone mobile and you been wanting more Emacs in your life then check out Conkeror.
To compliment the mobile we've got the stationary: parsing command line options with getopt, checking your Ruby code with metric_fu, and building a secure Squid proxy. How is this stationary you ask? What can we say? It's not. We just wanted to see if anybody actually read this part of the page :) .
All this and more, and all you have to do is get your hot sweaty hands on the latest copy of Linux Journal.
Speaking of the job boards,
On November 25th, 2008 tokmik (not verified) says:
Speaking of the job boards, I did find out another interesting factoid. If a recruiter obtains a job order, let's say from IBM, he or she sends out a search bot through the job boards, then turns around and emails everyone that has a fresh resume up. The recruiter or staffing firm doesn't keep a database any more. So, don't waste your time.
Car Glass Repair
This tread
On October 14th, 2007 ag tile (not verified) says:
talking of devil..
I just have 2 words for whoever is responsible for this tread:
wipe-out the-spam.
thanks
Spam Emails Are The Work Of The Devil
On October 12th, 2007 Green Hotels (not verified) says:
Is phishing considered spam? Like a subset of spam or something else? Anyway. I've been noticing more and more sophisticated phishing attempts in my inbox lately. I am very "internet savvy" so I'm able to tell what they are but... I worry about folks who are not so aware of these things. For example I got one recently from the "Internal Revenue Service" that claimed they wanted to give me a refund. It really looked quite legit until you looked at the link and saw that it was taking you to a site with a .UA extension... UA being UKRANIAN. yeah... Somehow I doubt that the IRS is running their website off a Ukranian address. The thing is... a lot of less internety people just dont look at stuff like that.
SPAM
On October 12th, 2007 Alsbuddy (not verified) says:
They can pass all the bills they want, but it still hasnt made a difference. I still get one spam mail after another, every single day. There has to be a better way!
J.L. Graham
Core Creative Group
http://www.corecreativegroup.com
long way to go...
On September 26th, 2007 Gail J. (not verified) says:
spam is like any movie's villain side kick...annoying yet unchargeable for any crime the villain does...
They Should Do Something Worthwhile
On September 20th, 2007 Legalize Marijuana (not verified) says:
All of this CAN SPAM stuff is a total waste of time. It's completely ineffective. I get more spam email than ever. There's more spam on message boards than ever. There's more spam on MySpace.
They should do something worthwhile with their time like legalizing marijuana. That's something I could get down with.
At the most spam can be
On September 28th, 2007 Blogger (not verified) says:
At the most spam can be reduced. I use an anti-spam software that covers 80%. Still the 20% exists.
Run Forrest, Run
On September 18th, 2007 Pozycjonowanie stron www (not verified) says:
Spam was, is and will be. We need a new approach.
spam will never go away.
On September 14th, 2007 seo tips (not verified) says:
Spam is here to stay because spammers it is easy money. Not to mention many of them or in fdifferent countries and the money is too easy for them. I delete my spam folder without looking at it but some still make it into the inbox. With those catchy subject lines, people are still opening them.
it's hard for me to believe.
On September 19th, 2007 Blog Directory (not verified) says:
I have a hard time believing that people really fall for those spam emails but I have to remember I've been online for a long time. 12 years now. some people are still just getting on.. you know they are more gullible.
Tougher sentence
On September 14th, 2007 hell angels (not verified) says:
Tougher sentences for spammers are needed.The problem is many of them surf the internet anonymously to remain safe and avoid prosecution from the authorities
Kid Safe Find
On September 14th, 2007 Kid Find (not verified) says:
We need a global approach.I'm often disgusted with the material that comes through to my children.Kids need to be able to find what they need without being subjected to dirty pictures, bad langauge and inappropriate material that is sometimes hidden in dirty spam.
Latin News
On September 14th, 2007 E Latina (not verified) says:
I know what you mean and when it's translating in espaniole or Spanish it is very hard for the latin american community to communicate it's news through mail.I have been searching for a good filter.We need to do something about this spam.
Spam Filters
On September 14th, 2007 The Puppy Knows (not verified) says:
I keep searching,searching,searching for a really intelligent spam filter but I still haven't found one.
Outlook or Mozilla Filters
On September 15th, 2007 Swarovski Havaianas (not verified) says:
We had struggled to keep up with spam however with Mozilla yuo can effectively reduce 90% of the reoccurring spam easily. If you havent tried it its worth the download. Similar to Outlook aswell.
Not Working
On September 14th, 2007 Wild Solos (not verified) says:
It's not working we need a new approach.
My mail is always getting
On September 14th, 2007 Florida Bungalow (not verified) says:
My mail is always getting clogged up.It wastes so much time.I miss excellent property investments because of my filters.
CAN-SPAM
On September 11th, 2007 Dan Fish (not verified) says:
The CAN-SPAM act is not a perfect law. It is a start and has given companies like AOL the legal teeth to go after spammers. The threat of imprisonment will not be enough to stop spammers since we can see parallels in other criminal arenas as well (organized crime for instance.)
What the laws help to do is deter some people from starting down that road, however there is a basic problem that laws do not overcome, people are always going to seek a quick buck and there will be people who do it regardless of the consequences. The more expensive you make the proposition the less likely someone will engage in that sort of behavior, but it will then boil down to risk analysis, how much of a risk do I run doing X in order to gain Y, a process with which I am sure many reading this column are familiar.
These spammers have lots and lots of money and can fend of legal trials for years and years, and unless someone going into the effort has even more money and can make the spammers use lawyers (which causes them to burn through some of that cash) jail time and criminal penalties under this law are much more helpful to have in place.
I do agree that the DMA approach is not sonsumer friendly and an opt in approach should be taken, however if the government creates a do-not-email list that list will simply be used by the same spammers to send more spam. They will simply start shifting all their efforts off-shore for more protection if not shifting themselves off-shore as well. This wil be the real problem in the future. Then we will have to deal strictly in the technological realm.
Overwhelming Spam
On September 6th, 2007 New York Hotels (not verified) says:
There are some email accounts I don't even check anymore because of all the spam we get. It's insane! You can't put your email address on your website without just getting added to countless spam email lists.
Forum Spam
On September 6th, 2007 An Internet Marketer (not verified) says:
I hate email spam with a passion... but I actually hate forum spammers even worse. I don't know if Can Spam has anything to do with that... but if it does then it definitely doesn't work. Forum spam is EVERYWHERE! I run quite a few forums and it's extremely frustrating how often I have to deal with spam...
I agree (forum spam)
On September 12th, 2007 Baby Forum (not verified) says:
Forum spam has been killing our baby forum ... then we finally got it fixed (a better anti spam mod) when suddenly our forum started being hacked into - and spammers would put all of their spam links on the very top of the forum and actually break the forum in the process! Argh. Running a forum is a difficult thing because of spammers... Email spam sucks too but it's at least easier to ignore?
Spam
On September 4th, 2007 PS3 Advisor (not verified) says:
It wastes so much of my time.Besides that I often miss important emails because of my filters.It's not getting better!I think we need a united global approach
Spam e-mails...
On September 12th, 2007 factory (not verified) says:
Spam e-mails should be, should not be outlawed - Or: can, can not be outlawed, are examples of persuasive speech topic variants.
As much spam as ever.
On August 31st, 2007 Weird Biz (not verified) says:
Personally I get as much spam as ever. My Yahoo email accounts don't do much at all about it... but Gmail does a good job.
GMail controls spam better...
On September 2nd, 2007 Goa (not verified) says:
Its the same case with my emails too... Gmail has made a better attempt to cater the issue of spam than other services. I just directly delete the spam folder without looking at the subject.
Regarding getting rid of spam; there is only one way i feel, spammers should not be encouraged by various firms and webmasters (since the ill effects are well known to all). Its a easy way out these days for marketing products at cheap rates. SPAM should be curbed!
Gmail Putting My Real Emails In Spam Folder
On September 6th, 2007 Weird Guy (not verified) says:
I've been having this problem lately: GMail Putting My Real Emails In Spam Folder... Overall I love GMail because they filter out so much more spam than Yahoo (for example) BUT I've missed some really important emails because they were mistakenly put in the spam folder... so now I have to check the spam folder too... that really sucks. And yeah when I do check the spam folder - there are just... TONS of new spam emails so I don't think Can Spam has done much of anything.
It's not working
On August 31st, 2007 Ringtones (not verified) says:
I would have to say it's not working. I still get plenty of email spam on a daily basis. In fact, my day starts with clearing out my inbox. I've become very efficient at hitting the delete button.
My spam's increasing
On August 10th, 2007 Artifexus.net (not verified) says:
The spam I get just keeps increasing. It's getting ridiculous. I'm also getting a lot of pdf spam, which seems to be a new trend. A lot of this spam is getting past my filter too. Grrr.
You need to have two emails,
On September 18th, 2007 Boquete Panama (not verified) says:
You need to have two emails, send out email from example one and have the return email address something else. then check the one 1 time per week and the other is usually pretty safe.
Easy Solution
On September 3rd, 2007 asp.net (not verified) says:
The US government can't control people in other countries, so it's definitely not the answer to the problem. At some point you need to give in and signup for a real spam filtering service like MXLogic or OnlyMyEmail. For $5/month you can solve your problem.
opt-out link
On August 6th, 2007 Car Guy (not verified) says:
I have used the opt-out link several times and have yet to successfully stop spam from those sites. In fact some of them seemed to have increased after going through their opt-out process. I've since become a master in creating outlook message rules and I can weed out all spam except those sneaky ones that use only images.
Opt out
On July 11th, 2007 Camp Latieze (not verified) says:
Unfortunately, using the opt out usually only tell them that they have a valid email address to send more spam to.
And as for having a valid email address, they just use someones address from their list to put in the From.
Until legislature forces the IP that are used to send the spam to use the email address that it was sent out with, there will be no way to track back to the real spammer.
Opt out
On July 11th, 2007 Camp Latieze (not verified) says:
Unfortunately, using the opt out usually only tell them that they have a valid email address to send more spam to.
And as for having a valid email address, they just use someones address from their list to put in the From.
Until legislature forces the IP that are used to send the spam to use the email address that it was sent out with, there will be no way to track back to the real spammer.
Death Penalty for Spammers Act of 2007
On July 9th, 2007 Romance Book Download (not verified) says:
Now that might actually work :)
Spam
On July 4th, 2007 Dwayne (not verified) says:
Ridding us of spam requires effort, money and cooperation. There seems to be very little interest in expending any of this.
Even if there was an effort to really do something about this (by the countries that can afford it), people would just use spamming services from countries that are not enforcing the regulations. No enforcement, no penalties, no end to the spam.
Really, what are you going to do to a low income country to convince them to put any effort forth to stop spam from originating in their country. They don't have the money to put into it, and they don't have the desire to cut off the money that the spamming brings into the country.
gmail can't stop spam
On July 2nd, 2007 cel (not verified) says:
and I do not know that can stop spam
can-spam
On June 27th, 2007 Justin Cook (not verified) says:
Personally, I don't think CAN-SPAM will ever stop spammers, it's up to good anti-spam solutions to do that. However, it will ensure that good mailers that abide by the rules get delivered
Yes, you're right.
On October 12th, 2007 forum (not verified) says:
Yes, you're right.
You all right
On June 17th, 2007 Qioto (not verified) says:
You allways right. Write more articles because i likes read your information.
Resources are too cheap
On June 7th, 2007 Tobias Schwarz (not verified) says:
As long as resources are that cheap the spam problem will not be solved. You all can see that not only mailspam increased during the last years. Phone-flats become more and more popular all over the world and fax-, phone- and sms-spam is also increasing. Charges for services are not always bad... but somehow mails are free and charges for other services decrease quickly...
stop spam by sting operations
On April 3rd, 2007 masiar (not verified) says:
You cannot stop spam - if people reply to it, someone will keep sending it.
What is needed is to make *replying* to a spam a misdemeanor, with small fine - like $20. You clicked, your ISP charges your fine to your next bill.
And then, spam police will run sting operations. People will be afraid to respond to anything what looks like a spam, because it might be from spam police and if you respond, you pay fine. Spammers are out of business. :-)
Not legal in the USA, but I like the idea
On April 4th, 2007 Anonymous (not verified) says:
The problem is that you'd need to wiretap and analyze the traffic. You can wiretap, fine; my government does it all the time (the Bush Administration merely got caught, that's all). But if you do so, you have to have a search warrant for wiretapping in order for the evidence to be valid in a USA court. Otherwise, it's not admissible.
But I like the idea. :-)
stop spam by sting operations
On April 3rd, 2007 Anonymous (not verified) says:
The FTC already fines and puts people in jail. The penalties run in the tens of thousands of dollars per email.
One part of a solution: have your own mail server
On April 2nd, 2007 Anonymous (not verified) says:
Here's how I solved my personal spam problem. I stood up a GNU/Linux mail server and put OpenBSD's SPAMD in front of it. SPAMD tarpits--and rejects--the spammers very effectively, and my spam went down from 150 per day to--maybe--10 per week. Enough people start doing that, it will cost the spammers money (they get paid based on high volume). Right now, it doesn't cost them anything out of their personal wallets to spam people, and that includes these recruiting firms. That's why they spam--nothing to lose, everything to gain.
http://www.openbsd.org/spamd
ISP's should be using it, too, including the likes of Yahoo! Mail, HotMail, Google's GMail, etc.
Finally, all ISP's should do two other things:
1.) Block TCP 25, both directions, on all of their dynamically-assigned IP address blocks...except to that ISP's own SMTP gateway.
2.) Actually start disconnecting the lines of folks whose machines are sending out spam.
Number 1 is something that Cox already does now in at least parts of the USA. Number 2 should also be done. Will that cause some collateral damage? Sure! That's the point. A whole lot of spam comes from infected American "bots" owned by so-called innocent people who don't bother to either run a decent OS (read: *NOT* MS Windows), or don't bother to keep their machines properly protected if they do. Maybe they'll be more motivated to keep up on their security updates and anti-malware programs if ISP's started doing this. Aww, can't get the updates since your box is rooted? Take that computer to the repair store, then, 'cause you ain't getting back on *our* network with that infected box! Every ISP agreement I've ever seen gives that ISP the ability to terminate the connection "for any reason," so during their next meeting on the golf course together, they could easily make this happen.
admin@cmosnetworks.com
spamd works extremely well, and now greylists by default
On April 4th, 2007 Peter N. M. Hansteen (not verified) says:
spamd works. the blacklisting with one byte per second replies is fun to watch, but it works even better with greylisting (which is enabled by default starting with OpenBSD 4.1) and greytrapping.
what you and I see only indirectly via our logs is that effective countermeasures like spamd is apparently having the effect that the spammers are already trying harder. our traplist data seem to indicate that the general trend is that the number of spam sending hosts is increasing. all this while spamd rids us of 95% or more of the chatter, with the rest fed to our by now lightly loaded spamassassin and clamav systems.
In addition to the tutorial at the homepage url, I can recommend Bob Beck's NYCBSDCon 2006 presentation http://www.ualberta.ca/~beck/nycbug06/spamd (and of course see other refs at http://www.openbsd.org/events.html).
Just wrote an article on this very subject
On April 11th, 2007 Terrell Prude' Jr. (not verified) says:
Part 1 is now available on NewsForge.com. Part 2 to come very soon.
http://www.linux.com/article.pl?sid=07/03/28/1522252
Please use the info here (if useful), or whatever other tool you wish, and help to fight spam at its source. Happy reading!
Part II of said article
On April 12th, 2007 Terrell Prude' Jr. (not verified) says:
And here's Part II, where we discuss how to actually do it.
http://applications.linux.com/applications/07/03/28/1631206.shtml?tid=115
What's needed is an ISP
On April 1st, 2007 Neal (not verified) says:
What's needed is an ISP alliance, where ISPs band together to track down the sources of spam, then firewall those sources out of their systems.
We shouldn't have to deal with thousands of junk emails from known spammers; those spammers should be firewalled out of all ISPs' networks. Systems with IRC servers that are known to support spammers' botnets, for example, should be firewalled out of ISPs' networks.
We should not be relying on governments to stop spam. Governments will not, and cannot, do so. We have to do it ourselves, just as we could handle those hundreds of credit card offers we get: put everything in the postage-paid reply envelope and send it back to the originator. When the cost of that postage (2-3 times the cost of first-class postage) eats up a significant portion of their profits, the credit card offers will stop. Similarly, spammers will stop when they find they can no longer send email (or connect to any systems on the internet, for that matter).
What's needed is an ISP
On April 2nd, 2007 Anonymous (not verified) says:
Not a bad idea. I personally think vigilantly action would work too.
What is really needed :
On April 9th, 2007 Billy Bob (not verified) says:
Is a TAX on email. Or in light of that a complete overhaul of email in general into a truly effective communication medium.
I like the Texas bit though in lieu of a Tax.
Post new comment