Tuesday, December 5, 2006

Viagra, gibberish, money-transfer requests, more Viagra.

Three years after the federal Can-Spam Act went into effect, unsolicited commercial e-mails are assaulting inboxes at record rates as spamming technology grows more sophisticated.

“I think the majority of the industry would say that spam levels are at the highest they’ve ever been,” said Scott Chasin, chief technology officer at MX Logic Inc., a Colorado-based Internet security firm.

In September, unsolicited commercial e-mail messages accounted for more than 77 percent of all e-mail filtered by the company. Of that amount, only a fraction — 0.27 percent — was in compliance with federal anti-spamming law.

“Spammers are creative and industrious,” said Michael Davis, a lawyer with the Federal Trade Commission (FTC), which is responsible for enforcing the act. “Because of their dedication and their technological sophistication, they have found ways to stay oftentimes one step ahead of law enforcement.”

Under the Can-Spam Act, marketers are allowed to send unsolicited commercial e-mails as long as they include a truthful subject line and routing information; an opt-out mechanism; a notice that labels the e-mail as an advertisement; and a valid postal address.

“Legitimate businesses overwhelmingly comply with it,” said Stephanie Hendricks, spokeswoman for the Direct Marketing Association. “Obviously, folks are still seeing a lot of spam, but it’s not coming from legitimate companies.”

That’s the problem, according to Mr. Chasin.

“The spammers that were sending spam before the law was passed were not obeying the laws then, and they’re certainly not obeying the laws now,” he said. “When the legislation was adopted, it gave the amateur spammers a decision: Do they want to get out, or do they want to become criminals?”

The challenge of enforcement does not stem from a lack of teeth. Can-Spam allows the FTC to seek civil penalties of up to $11,000 per violation, plus further fines for spammers who unlawfully “harvest” or extract e-mail addresses from Web sites or Web services. The law also gives the Justice Department authority to seek criminal punishment for violators who falsify header information or hijack a computer to send e-mail without a user’s consent.

So far, the FTC has filed 26 lawsuits for violations of the act, Mr. Davis said. In those cases, federal courts have awarded civil penalties totaling more than $10 million.

Spam isn’t just irking consumers; it’s harming the reputations of legitimate businesses, said David Daniels, a vice president and research director with JupiterResearch of New York.

“Forty-three percent of consumers have told us that when they sign up for permission-based e-mail from their bank or retailer, they believe that doing that leads to more spam,” Mr. Daniels said. “That is not the case. When you sign up for an e-mail offer at a reputable retailer or financial services institution, they’re certainly not going to be sharing that information with another party.”

Contrary to the assumption of many home computer users, spammers typically extract addresses using a “botnet,” or program that takes over computers and uses their stored e-mail addresses to spread spam throughout the Web. Botnets can link thousands of computers without owners’ knowledge.

Spammers have learned to avoid common e-mail filters, purposefully misspelling words like “Viagra” or embedding messages in graphics rather than plain text, Mr. Chasin said. They also cut and paste random, unrelated text to throw off filter keyword searches.

Mr. Davis said the FTC uses a variety of tracking techniques to trace e-mails forwarded by consumers and identified as spam. While it’s hard enough to track the messages, he said, the problem is exacerbated when the spam’s origin is traced overseas. In that case, federal courts can award penalties, but collecting the fines can prove a challenge unless the spammer has assets in the U.S. Enforcement of the laws often depends on the relationship between the U.S. and the country in which the spam originated.

The five biggest violators, according to British nonprofit Spamhaus, are the U.S., China, Japan, Russia and South Korea.

While a comprehensive solution may be elusive, spam analysts cite the need for greater international cooperation to crack down on spammers.

In addition, there are steps that Internet service providers (ISPs) and consumers can take to ensure they are not propagating spam networks, Mr. Chasin said. Consumers should not open unknown attachments and should constantly update their Web security software to avoid having their computers hijacked, he said. ISPs should quarantine infected computers until they are fixed, he added.

Until then, “I’m afraid we’re only going to see spam continue to rise,” he said.

Copyright © 2022 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide