Lawmakers and e-mail industry representatives agreed that it is too early to assess the success of the 5-month-old federal anti-spam law, though most thought it was a step in the right direction.
The Senate Commerce Committee convened a hearing yesterday to gauge the progress of the CAN-SPAM Act, in effect since Jan. 1. The hearing focused on law enforcement efforts and industry moves to address the spam problem through e-mail authentication systems.
“This is just the beginning,” said Sen. Ron Wyden, D-OR, a co-sponsor of the legislation. “This is just the start of the effort to drain the swamp.”
During the law's first 141 days, the volume of spam has grown from 78 percent of e-mail to 83 percent, said Shinya Akamine, CEO of spam-filtering company Postini.
“Without the law, I think spam would have increased faster,” he said.
The CAN-SPAM Act gave enforcement powers to Internet service providers, state attorneys general and the Federal Trade Commission. Unlike many state spam laws that it pre-empted, the federal law did not give consumers the right to sue.
AOL president Ted Leonsis said his company's aggressive pursuit of spammers through lawsuits had contributed to a 20 to 30 percent drop in spam reaching members' inboxes since the start of the year. AOL joined with Microsoft, Yahoo and EarthLink to launch the first major lawsuits under the CAN-SPAM Act in March.
“My confidence is high,” he said, “but the mission is not complete.”
The FTC testified that CAN-SPAM has given it important new investigative powers, enabling it to bring two cases, raising its total of spam cases to 62.
“We will continue to follow the money trail and go after the sellers,” said FTC chairman Timothy Muris, who is to step down from his position this summer. He asked the committee to pass cross-border fraud legislation so the FTC would have more ability to pursue offshore spammers.
Disagreement arose over the idea that a small group of “kingpin” spammers represents the vast majority of spam. Spamhaus, an anti-spam organization, claims that 200 spammers account for 90 percent of spam. Wyden said the challenge is to “come down on the kingpin spammer with hobnail boots.”
Akamine, whose company screens 1.5 billion e-mail messages weekly, disagreed that enforcement against a select group could eliminate most spam.
“We don't have the evidence to support that viewpoint,” he said of the kingpin spammers.
Muris agreed, saying the FTC was told by some ISPs that 500 spammers account for most spam, while others say it is 5,000.
Along with cooperation on enforcement, Muris urged the e-mail industry to continue its work to institute e-mail authentication as a way to add trust into the e-mail system. AOL, Microsoft and Yahoo each endorsed different e-mail authentication standards, which would allow legitimate senders to establish their identity. Such systems then would be complemented by reputation services, which ISPs could use to determine legitimate bulk mailers through their prior behavior.
“The real challenge we face is to facilitate the continued evolution of an e-mail ecosystem that supports authentication, accreditation and reputation services while also protecting the power of open access to information that makes the Internet what it is,” said Hans Peter Brondmo, senior vice president at e-mail service provider Digital Impact.
Representatives from the top ISPs, in addition to other interested groups, are meeting in San Jose, CA, with the Internet Engineering Task Force this week to try to bridge the gaps in their different authentication proposals.
The Senate meeting also included a spirited exchange between Leonsis and Ronnie Scelson, a Louisiana-based e-mail marketer who is on Spamhaus' list of the top spammers. Scelson, who said all e-mail he now sends complies with the federal law, complained that big companies like AOL use the law to squelch small companies like his with fewer resources.
He also compared bonded sender programs, which require e-mailers to put up a bond that is debited based on their complaint rates, to a mafia shakedown.
“I don't see why the ISPs should decide what mail you receive,” he said.