WASHINGTON, May 21 (UPI) -- Looks like Congress is having a hard time canning spam in spite of anti-spam legislation passed last year, according to a Senate panel's discussion Thursday.
The CAN-SPAM Act became law in December 2003 and provides penalties, including possible prison time, for certain unsolicited commercial e-mail. CAN-SPAM stands for Controlling the Assault of Non-Solicited Pornography and Marketing.
U.S. Senate Commerce Committee Chairman John McCain, R-Ariz., said that 64 to 83 percent of all e-mail traffic is "spam." According to a March report by the Pew Research Center, 77 percent of e-mail users surveyed said they receive as much or more unsolicited e-mail than before the law went into effect, McCain added.
"The rising tide of spam is driving nearly a third of consumers away from using e-mail," McCain said, citing data from the Pew report. "[That is] a result that could well impact Internet usage and, consequently, the future financial health of our telecommunications, online retail and information technology industries."
The CAN-SPAM Act bans e-mail sent with misleading or false titles or from phony return addresses. It also requires e-mails be sent with an option for recipients to "opt-out" of receiving future e-mails.
McCain also urged the FBI to focus on child pornography sent through e-mail, which he called "the most disgusting aspect" of spamming.
A Federal Trade Commission rule prohibiting sexually-explicit content in the subject lines of e-mails became effective Wednesday. The FTC is responsible for rules to implement CAN-SPAM.
The FTC is "already searching for targets," FTC Chairman Timothy Muris told senators. The new rule requires e-mail with sexually explicit content include "SEXUALLY EXPLICIT:" in its subject line.
Ted Leonsis, vice chairman of America Online, said that the CAN-SPAM Act has had a positive impact.
"It was the right bill at the right time," Leonsis told senators. AOL has taken measures such as introducing spam folders in AOL users' inboxes and creating a "word list" to spot the "most reviled" words and curb e-mails with sexual content, he said.
In March, AOL, along with Earthlink, Microsoft Corp. and Yahoo!, filed the first lawsuit against spammers under the CAN-SPAM Act.
Leonsis added that AOL customers are getting 30 percent less spam than a year ago, even though the number of attempted spam messages has increased.
Muris said that the FTC is going after businesses that sell through spam e-mails as well as the companies that send the e-mails.
But the anonymity of the Internet makes it difficult to find spammers, Muris said. "There's an arms race going on between the spammers and the ISPs (Internet Service Providers), and the spammers are certainly holding their own," he said.
Muris and others cautioned that law enforcement must be aided with technology to curb spam.
Shinya Akamine, president and chief operating officer of Postini Inc., said that his company, which specializes in e-mail security, believes thousands of companies are responsible for spam. If that's true, he said, changes in Internet technology, rather than more law enforcement, is "the way to go."
"We think [spam] is a symptom of e-mail is fundamentally not secure today," he said.
James Guest, president of the Consumers Union, which prints Consumer Reports, said it is too early to tell if the CAN-SPAM Act has made a difference. Eighty percent of respondents to a recent survey said there has been no reduction in the amount of spam they get since the act became law.
"There's not a lot of time," Guest said. The federal government needs "to take fine-tuning this law seriously," he said. "Spamming is not only making wireless devices less useful, but e-mail in general."
In June, the FTC is scheduled to give Congress a report on setting up a "do not e-mail" registry similar to the "do not call" list implemented last year.
But the FTC has warned Congress that a "do not e-mail" would not be as easy to set up as the "do not call" list, according to Michael Goodman, an attorney in FTC Bureau of Consumer Protection.
Privacy, security and enforceability are concerns, he said.
With regards to security, a "do not e-mail list" would mean creating a database of potentially millions of e-mail addresses. Not only would this be a very large file to manage, but it might also be vulnerable to hackers who could use it to send more spam, Goodman said.
"We want to make sure any database we create would be used for the right purposes and not the wrong purposes," he said.
The FTC has set up a database to collect spam, Goodman added. Spam recipients can forward messages to firstname.lastname@example.org or file a complaint at www.ftc.gov.