One year ago, the Federal CAN-SPAM Act went into effect
to help curb the tide against unsolicited
commercial e-mail. But, according to e-mail security vendor MX Logic, 97 percent of spam failed to comply with
The company has been measuring a random sample of 10,000 pieces of spam each
week since the law went into effect. It discovered that
there were varying levels of CAN-SPAM compliance during the course of 2004.
July marked the low point of the year with
only 0.54 percent of spam complying with the law. The last part of the
year, however, saw a marked turn in CAN-SPAM compliance with 7 percent
compliance in December, 6 percent in November and 4 percent in October.
“While we applaud the intent of the CAN-SPAM Act, clearly it has had
no meaningful impact on the unrelenting flow of spam that continues to
clog the Internet and plague inboxes,” said Scott Chasin, CTO of MX Logic, in
a statement. “In fact, the overall volume of spam increased in 2004, and we
fully anticipate continued growth in 2005.”
CAN-SPAM’s intent was never to eradicate spam altogether, however, or even make it illegal.
“There is a common misperception that the CAN-SPAM Act outlaws spam,”
Chasin told internetnews.com. “The
CAN-SPAM Act does not prohibit spam; it regulates it.”
The act requires that the marketers include
a legitimate “real” physical address, a functioning e-mail address, an
opt-out mechanism and a proper subject line that accurately indicates
what the message is about.
Though CAN-SPAM compliance levels as measured by MX Logic are quite
low, they did admit that the law has helped to provide enforcement
Among the companies that used the act is Microsoft, which, in September,
against an operation known as cheapbulletproofhosting.com. The site boasted
it could protect spammers against legal action such as CAN-SPAM.
In December Redmond went a step further and
filed seven lawsuits
against alleged violators of the federal CAN-SPAM law that violated
various provisions of the act, including the new “brown paper wrapper
“Spam is a complex problem that requires a multi-faceted solution,” said Chasin.
“In addition to enforceable anti-spam legislation, a comprehensive spam
solution must include technology solutions, industry cooperation on improving
identity and security protocols and end-user education.”