Security Watch: How to stop spam? Don't look to legislation

- home
- reviews
- news
- downloads
- cnet tv
On MovieTome: CAPTAIN AMERICA was in THE HULK?!?
- log in
- join CNET
- welcome,
- my profile
- log out

Security Watch : Don't get burned by viruses and hackers.

How to stop spam? Don't look to legislation


	E-mail to a friend
	Send us feedback

By Robert Vamosi

Senior associate editor, CNET Reviews
December 17, 2003

After months of debate, Congress has approved an antispam bill, known as the Controlling the Assault of Non-Solicited Pornography and Marketing Act, or the CAN-SPAM Act of 2003. On December 16, President Bush signed CAN-SPAM; the law will take effect on January 1, 2004. That sounds like good news for anyone who uses e-mail. But once you look beyond the spin, you'll find there's much less here than meets the eye.

Sounds good, but...
In a nutshell, CAN-SPAM prohibits the use of fraudulent e-mail headers, the use of robotic means to collect e-mail addresses from Web sites, and the sending of unsolicited adult advertising. It requires e-mail marketers to provide a working URL in messages so that recipients can remove themselves from any future mailings.

Down the road, the law also calls for the creation of a federal do-not-spam list, much like the FTC's do-not-call list, which gives you the ability to remove your phone number from telemarketers' databases. The law also prohibits unwanted commercial messages via mobile services on mobile phones and PDAs.

That all sounds fantastic.

Opposition to new law
So why did the attorneys general from California, Kansas, Maryland, Nevada, Texas, Vermont, and Washington urge the House of Representatives to vote against the act? Because CAN-SPAM ignores and supersedes any existing or pending junk e-mail laws in 30 states--including the toughest, California's--with a decidedly weaker federal law.

The state laws were more stringent than the federal one in several ways.

The state laws, which are now obsolete, were more stringent than the federal one in several ways. For example, the laws in Utah and California would allow recipients to sue spammers who use false e-mail headers. One provision of a California law would even use the penalties claimed from such cases to help fund the state's high-tech-crime task forces. However, under CAN-SPAM, while recipients can still sue spammers, the burden of proof has been extended beyond showing that the e-mail header was false and now requires that plaintiffs show that the sender also knew it was false.

It's the opinion of several state attorneys general that this is a much higher standard of proof than other consumer protection laws and that spam recipients will now tie up the legal system with new cases without being able to stop unsolicited e-mail in the meantime. That is what the direct-marketing associations wanted: judicial gridlock.

License to spam within the United States?
Another shortcoming of the law: According to Spamhaus.org, an antispam clearinghouse, CAN-SPAM allows 23 million U.S. businesses to spam U.S. e-mail addresses legally as long as they also provide a means for users to opt out of future mailings.

It turns out the direct marketers got their way this time around. With telemarketing restricted by the do-not-call list, direct-marketing associations now see e-mail advertising as their last and best option, since automatically sending hundreds of thousands of e-mail messages is much cheaper than maintaining call centers. These groups made the rounds in Washington, D.C., and managed to get this muted federal antispam bill passed quickly. For the legislators in Congress, CAN-SPAM allows them to say, "Look, we did something about spam," when, in reality, the act does little to actually solve the problem.

Fortunately, I've never really pegged my hopes on state or federal laws stopping the flow of unsolicited e-mail. Spam goes beyond borders. A vast majority of the spam I receive comes from tiny island nations, so a law in the United States or any European country will likely have very little impact on my in-box.

Viruses and worms play a role now
In 2003, the technology used to send spam became more complex, and thus spam became harder to stop. It used to be that some guy would pop a CD full of e-mail addresses into a computer and let the system churn out spam all night. But now worms--Sobig is considered to be the first--hijack thousands of systems on the Net and use them to distribute their messages with more anonymity and speed than before. Other worms, such as MiMail, are designed to shut down third-party antispam services such as Spamhaus.com.

Believe it or not, someone's actually buying the products sold via spam. If that's you: Stop it!

Need I remind you that if you're not running antivirus and firewall software on your system, you may be part of the spam problem?

It's going to take something more than an act of Congress to stop spam. I suggest a boycott of all companies that engage in direct e-mail marketing. Believe it or not, someone's actually buying the products sold via spam. If that's you: Stop it! In fact, make sure you never open or click a spam message again, because some direct marketers make money depending on how many eyeballs see their messages.

If spam becomes unprofitable, then people will stop sending it. Don't you agree? Yes or no, I'd like to hear your suggestions for how we can stop this scourge.

What do you think? Can we stop spam? How? Tell me about it--TalkBack to me!

Next steps

CNET editors' top security products

Check latest prices for Internet security and firewall applications

Get the latest specs and reviews for antivirus applications

Protect your computer with security and encryption software

CNET Security Center
Update your software and learn about firewall apps

CNET Virus Center
View current virus threats, learn how to protect your PC, and more

Antivirus applications compared
Find the right antivirus product for you

McAfee security line reviewed
Read the latest antivirus and firewall reviews from McAfee

Norton's security line examined
Read the latest antivirus and firewall reviews from Norton

Virus and security alert forums
From CNET Message Boards

12/10/03
We need a new national cybersecurity plan--now
The Bush administration's attempts at creating a plan for securing the Internet have been ineffective at best. It's time to start over and remember to protect end users, not just big business.

12/3/03
Why Internet security suites aren't so sweet
In his annual matchup between the latest editions of the Internet security suites from McAfee and Norton, Rob says both offer cool features--as well as some serious flaws.

11/26/03
Keep script kiddies off your PC
Believe it or not, script kiddies may be using your computer to launch attacks against one another. Don't get caught in the cross fire. Here's how to keep your system safe.

More commentary

		Buzz Report Molly Wood Taking a bite out of hype.
		Security Watch Robert Vamosi Don't get burned by viruses and hackers.
		Fully Equipped David Carnoy The electronics you lust for.
		On Call Kent German Solutions for your wireless woes.
		Driving It Wayne Cunningham What's hot and what's not in car tech.

Reviews & advice: Reviews Site map; Editorial policies; Meet the editors; How we test; Tips & tricks; Internet speed test

Popular topics: Apple iPhone; Apple iPod; CES; Cell phones; Dell; GPS

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; Corrections; Customer Help Center; RSS; What's new; About CNET

Privacy policy
Terms of use
Visit other CBS Interactive sites:

#networkSites {display:none;}BNET | CHOW | CNET.com | CNET Channel | GameSpot | International Media | mySimon | Search.com | TechRepublic | TV.com | ZDNet