|
March-April 2004
Home Page
E-Notes Home Page |
 |
|
The CAN-SPAM Act of 2003
Is Relief in Sight?
The convenience and efficiency of electronic mail are threatened by the extremely rapid growth in the volume of unsolicited commercial electronic mail. Unsolicited commercial electronic mail is currently estimated to account for over half of all electronic mail traffic, up from an estimated 7 percent in 2001, and the volume continues to rise. Most of these messages are fraudulent or deceptive in one or more respects.
CAN-SPAM Act of 2003
Signed into law on December 16, 2003, the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act is intended to provide relief from the sometimes unwanted and unsolicited commercial e-mail known as spam. Violators of the Act may be subject to fines of up to six million dollars and five years imprisonment.
Given the importance of e-mail communication, Federal action seems appropriate as spam threatens to choke the world's e-mail systems. In a press release heralding the passage of the CAN-SPAM act, co-sponsors Senator Conrad Burns (R-Mont.) and Senator Ron Wyden (D-Ore.) noted that about 13 billion spam e-mails are sent each day. Spam costs the global economy approximately $10 billion per year in anti-spam software and equipment, e-mail storage equipment, increased network traffic, and lost productivity.
Larry Fields, Product Support and Outreach Coordinator for University Information Services, maintains a Web site for the Georgetown University community on fighting spam. Though an anti-spam law is sorely needed, Fields, along with Georgetown University Information Security Officer Brian Reilly, warns users to remain vigilant. "One thing to keep in mind is that, at least in past cases, legislation always has a fairly slow effect over technology," says Reilly. Fields agrees, saying, "I think spam is here to stay just the way just the way junk mail sent through the postal service is here to stay."
Indeed, CAN-SPAM does not aim to eliminate unsolicited commercial e-mail. To quote "A Primer for the CAN-SPAM Act of 2003", produced by corporate law firm Perkins Coie LLP, "Overall, the CAN-SPAM Act is relatively business-friendly, providing a safe path for companies to communicate with their customers and prospective customers via email." The Act does not require companies to get a customers' permission to send them e-mail, but mandates instead that some opt-out mechanism be included. Valid and truthful headers, subject lines, "from" addresses, "reply-to" addresses and postal addresses must be also be included. The e-mail must be clearly marked as an advertisement, and, if it is sexually explicit, incorporate a warning label.
CAN-SPAM, cautions Reilly, "really doesn't have any impact on either the very illegitimate spammer such as one not tied to a national company, one not tied to a reputable group." Illegitimate spammers have long known how to hide their identities and continue to find unethical ways to carry out their work. Reilly explained that "a lot of the spam is being sent through computers that are actually compromised, either through some kind of network attack, through a virus, or worm, or backdoor." Many viruses are designed to allow attackers to control others' computers from a remote location, hijacking them as spam engines. An estimated one-third to two-thirds of spam, according to a February Associated Press article, is sent by compromised computers. "What this means for regular users is that it's still important to do all the right things from a computer security perspective," Reilly says, advising Georgetown computer users to adhere to the University's computer security guidelines on campus and at home.
Passage of the CAN-SPAM Act has not changed the advice University Information Services gives the Georgetown community on fighting spam. Though the Act mandates that every commercial e-mail include an opt-out mechanism, "people should never click on unsubscribe links or buttons at the bottom of an e-mail," says Fields, "even if the e-mail seems to be legitimate." Because "unsubscribe" links have long been a deceptive technique spammers use to verify e-mail addresses, Fields recommends that users instead visit the company's Web site and unsubscribe from there. Usually customers can unsubscribe by logging in to the account they created to make a purchase and updating their member profile. By visiting the Web site, the user can also confirm that the e-mail is not a fraudulent mimicry of an established company's e-mail messages.
Fields also advises Windows and Mac users to use Mozilla 1.6 as their e-mail client. "It includes a built-in spam filter, and there's instructions on the UIS web site on how to do spam filtering," he says. Users can also cut down on spam by using a free e-mail address in commercial correspondence; Yahoo or Hotmail are options.
Spam is an unfortunate byproduct of the freedom of communication promised by e-mail, and one that has no easy solution. Until the day when our technology and our laws catch up with all spammers, the burden will unfortunately rest with individuals to guard their inboxes. Adhering to computer security guidelines, not clicking on links in spam, not replying to spam, and taking advantage of Mozilla's junk mail folder is the best defense. |
|
