Does CAN-SPAM Really Matter?The view of the author of that piece is clearly that CAN-SPAM has made a worthwhile difference and has done so by making illegal spamming (that is, CAN-SPAM non-compliant spamming) economically unattractive to would-be spammers. He goes so far as to cite another piece at CircleID by John Levine in which Mr Levine quotes AOL's postmaster at some length. For example:
AOL has implemented the solution to stop spam on our system. We do not send it any more. We even published the solution in the ASTA [the Anti-Spam Technical Alliance, a group of the largest ISPs] technical document. We are again trying to get the info to other messaging providers via the MAAWG.org group.
and
This is why AOL reported our spam is almost eliminated. Yes, I said it, eliminated. I get so little spam on my AOL business account (the one that has 20 pages of google results, countless newsgroup hits, etc). I think I have gotten 10 spams total in my inbox over the last month and many of them go to the spam folder where they should be.
But should we take it from the assertion that AOL has solved the spam problem within its own domain to mean that spam generally has been defeated, or is at least on the wane?
Another recent article at CircleID, also by John Levine, counterbalances this view rather nicely:
Overall, CAN SPAM's weaknesses outweigh its benefits. The biggest problem with CAN SPAM is that it doesn't actually forbid spam, for any normal definition of spam. So long as mail doesn't involve fraudulent elements, and contains specified contact and opt-out information, it's 100% legal until the recipient begs the sender to stop. This has set an extremely low floor for mailers to meet.
and
A surprising press release from AOL reported that the amount of inbound spam at AOL dropped by 22% compared to a year ago. Other ISPs reported no such drop, so we can only speculate about the causes, but my speculation would be about one part spam filtering, which AOL does well, and four parts legal threats, both the Jaynes criminal case and several civil cases they've filed in the past year.
In my mind, that latter explanation from Mr Levine rings truer with me.
Oh, and while I am on, I beg to differ with AOL's position that they do not send spam any more. True, given the enormous size of their network and user base, the amount of abuse we see coming out of AOL's network is impressively low. But it isn't zero. Remember that Barclays Bank phish I reported the other day? That came from AOL and has been followed by a further three within less than 24 hours. Four in one day is more than we have seen from AOL since our records began.
Category: CAN-SPAM
Technorati: CAN-SPAM
1. Eric Parsons02/03/2005 01:31:52
Homepage: http://startingblockcomputing.com
As for AOL's comments, I find it inaccurate to say "We do not send it [spam] any more." I have a few examples, and know that at least one address, in the AOL Namespace, is on one of the SORBS list.
I really have issue with AOL's rejection stating that the rejectee (if there is such a word) should "contact the postmaster at the recipient address."
Unable to post a comment? Please read this for a possible explanation...
-