The Red, White and Blue of Spam

Despite increased legislation and hyper vigilance by IT companies, one industry report says spam has not been canned and the “phishing” industry is now booming.

But to put the blame on Russian hackers or Nigerian royalty would be a mistake.

The report issued by Commtouch Thursday is an analysis of e-mail activity for the month of March. The findings: three months after the CAN-SPAM law was enacted, it’s seen no slow-down in spam volume. In fact, the Mountain View, Calif.-based provider of anti-spam software said its spam detection center and Commtouch Spam Lab saw a record high number of spam outbreaks and spam messages last month.

That’s not to say that Can-Spam won’t help eventually. “Every legislation takes time to work, said Commtouch executive vice president Avner Amram. “There’s the first wave [of wrongdoers] that hear about the legislation and decide to stop, but most do not take action until the enforcement threatens them.”

More important, the report found that the U.S. was overwhelmingly the origination point for spam. While Commtouch saw spam from IP addresses in 152 countries, 60 percent of it came from within the country. The next largest spam distributor, China, was a far distant second, accounting for just 6 percent of the volume.

A common argument among marketers while the spam legislation was debated in Congress was that Federal legislation would do no good, because most spam came from overseas.

In fact, said Anne Mitchell, head of the Institute for Spam and Internet Public Policy, “We’ve known all along that the vast majority of spam originates in the U.S.”

She said that was the impetus for the advertiser liability portion of the law, on which her organization consulted. This provides that the company whose products are promoted can be held liable along with the actual sender of the commercial e-mail.

“A large amount of spam comes ‘through’ overseas resources. Such as open proxies,” Mitchell said, “but the spam ‘originates’ here in the United States… Now we can go after the advertisers, who can’t hide their identity — at least, not if they want to get paid for whatever product or service their spam is shilling.”

Commtouch also found a growing number of incidents of phishing. The practice of sending fraudulent e-mails warns consumers that there’s a problem with an order or credit card, in an attempt to dupe them into providing personal and credit card information. Phishing expeditions spoof the identity of a legitimate merchant, and both the e-mail and the Web site it refers to mimics the look and feel of the merchant’s site.

“The phishing phenomenon has increased dramatically,” Amram said, “and there are endless innovations. Spam is annoying, but phishing is dangerous.”

Mitchell said April would also probably be too early to see the true impact of Can-Spam, although several high-profile anti-spam efforts in March could have a dampening effect.

On March 5, Bob Vila, the television home renovator, was touched with public shame as an ISP sued his Web site,, in the first Can-Spam lawsuit. Foster City, Calif.-based Hypertouch claimed that the site’s operators sent customers e-mail advertisements with fraudulent headers and no legally required physical address and also sent e-mail to randomly generated and harvested addresses, even to addresses that had been submitted to “opt-out” links.

On March 19, the top ISPs, America Online EarthLink, Microsoft and Yahoo! , held a press conference near the White House to announce they had filed six lawsuits involving hundreds of defendants in Virginia, California, Georgia and Washington state.

On March 30, AOL made a splash announcing a sweepstakes for spam victims. Users who reported spam using automated tools provided by the ISP were automatically entered in the contest to win a 2002 Porsche Boxster S auto. The company said the car was purchased with money won in one of five lawsuits that AOL filed in federal court last year, accusing individuals and corporations of sending spam to the AOL network.

Mitchell said that efforts to prosecute spammers will make a difference in the long run.

“People have to see that the law has teeth, and those teeth bite,” she said. “Once a few spammers and their advertisers have been bitten and felt the pain, yes, it should make an impact.”

News Around the Web