Spamhaus declares the CAN-SPAM act ‘toothless’ after 11 years
Mon 22 Sep 2014
The CIO of The Spamhaus Project, which has been collating and providing information on spammers since 1998, has criticised the CAN-SPAM act of 2003 for failing to afford any real protection to businesses or individuals besieged by unsolicited email.
Speaking to the Register, Richard Cox disagreed with a 17th September report [PDF] by the Online Trust Alliance, which estimated that only ten per cent of mail marketers abuse the conditions of the CAN-SPAM act by failing to provide legitimate and working ‘unsubscribe’ procedures.
“[What] we see suggests that their 10 per cent may be, ehrm, somewhat optimistic – even in terms of CAN-SPAM compliance” said Cox, who criticises both the implementation and core structure of CAN-SPAM – a somewhat contrived acronym which was intended to represent ‘Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003’, but is ultimately self-explanatory.
“The goal of the larger corporate backers of CAN-SPAM seems to have been to reduce or eliminate any right of private legal action by spam victims against those who spammed them.” said Cox. “Only ISPs are allowed to take matters to the courts – and only a handful ever have. It’s not worth the money, as extracting actual damages from spammers is usually a fruitless quest.”
The three core requirements of compliance with CAN-SPAM for email marketers are that a clear unsubscribe link be present and functional in the mail, that unsubscribe requests be honoured within ten days, during which time the sending party may only re-communicate with the respondent for compliance purposes, and that any ‘opt-out’ lists generated by these transactions only be used as suppression lists, to ensure that unsubscribed parties are not contacted again.
Cox believes that the law, brought through Congress by Senators Conrad Burns and Ron Wyden under the George W, Bush administration, was passed and then starved of any meaningful backing by which it could become effective.
“The problem is the law made no provision for additional funding to the US FTC with which to enforce it, thus making it toothless – a situation similar to that in the UK. Many companies know this, and just ignore it,”
The Spamhaus Project maintains a Register of Known Spam Operations (ROKSO), providing information on spam-gangs which have been been banned from at least three internet service providers due to spamming activity, and also makes this information available to the police. Many ISPs and third party companies and applications utilise the range of data on junk mailers that Spamhaus stores and updates regularly.