CAN-SPAM Act Turns 5 Today — What Went Wrong? 301
alphadogg writes "Five years ago, the US tech industry, politicians, and Internet users were wringing their hands over the escalating problem of spam. This prompted Congress to pass a landmark anti-spam bill known as the CAN-SPAM Act in December 2003. Fast forward five years. The number of spam messages sent over the Internet every day has grown more than 10-fold, topping 164 billion worldwide in August 2008. Almost 97% of all e-mails are spam, costing US ISPs and corporations an estimated $42 billion a year. What went wrong here?"
What went wrong? (Score:3, Informative)
Re:More enforcement would help (Score:4, Informative)
CAN-SPAM Worked Exactly as Expected (Score:3, Informative)
Re:Who is receiving spam? (Score:2, Informative)
Outlook doesn't load images by default. I don't think Outlook Express did, but I don't remember anymore. Neither Yahoo! Mail or Google mail load images by default.
If you measure by what people are using, you are wrong about most clients (at least, the current defaults).
Re:We took a knife to a gun fight. (Score:5, Informative)
Um, flag day?
Yes, a Flag Day [wikipedia.org].
Re:What went wrong here? (Score:2, Informative)
Before you talk more out of your ass, look at what happened when ONE (1) USA based ISP/hosting provider was taken down in November: SpamCop (year) [spamcop.net]
Re:Legislation fixes nothing (Score:5, Informative)
There's a trivial technological means to fight spam. It just requires abandoning SMTP and moving to a new protocol with the following requirements.
You forgot one:
With that, spam is basically dead. As soon as you require those restrictions, suddenly spammers have to actually own a domain name and provide a working DNS server in order to deliver spam, and that DNS server must contain up-to-date mappings for those hosts to IP numbers. That pretty much obliterates the use of zombies for delivering mail.
Unless they can 0wn a DNS server, or have the zombies send through the owner's legitimate outbound email accounts, or can get a steady supply of disposable domains somewhere (zombie-XXXXXX.disposable-20081217.com, etc).
It also means that there is now a domain name, which by ICANN policy, is required to have a valid postal address, phone number, and other contact information associated with it.
And when the spammers don't follow the policy? Sure the domains might get shut down after someone realized (and got the registrar to verify) that the contact info was bogus, but that's a bit too late.
Re:Laws just hamper the law abiding (Score:3, Informative)
Not 200 - a LOT more! (Score:4, Informative)
Re:Laws just hamper the law abiding (Score:3, Informative)
In cities and states that overturned their anti-gun laws, the murder rate went DOWN.
In cities and states that passed anti-gun laws, the murder rate went up.
Re:More enforcement would help (Score:3, Informative)
I don't agree. I run my own servers, not at home but in a colo some considerable distance away. I own my domains, I run my own name servers. When the ISP for my home connection blocks smtp to any but their own smtp servers, I am disconnected from my own machines.
No you're not. You can simply use smtp port 587 to submit mail to your colo. Providers should never do egress filering on port 587, only on port 25.