Slashdot Mirror
Is the CAN-SPAM Act Working?
DynaSoar writes "Lance Ulanoff of PCMag.com offer his opinion on the success, or lack thereof, of the CAN-SPAM Act. It doesn't appear to be working, though spammers have noticed, in that they try to make their spam look "legit". What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement."
Under capitalism man exploits man. Under communism it's the other way around.
I basically tried to sort out which spams were legitimately adhering to the law (which wasn't too hard), and if anything was iffy I would fill out the unsubscribe link with a throwaway e-mail to see if I got spam from it.
long story short 4 weeks later I'm getting about 170 spams/days. A decrease of 60 messages/day or about 25% less. Not a huge decrease, but noticeable.
The big benefit though is that the spam that is left is more "spammy" than before - hence my bayesian filter has achieved a slighly higher success rate which is good.
December 2003
Total messages: 162,564
Total messages blocked by SpamAssassin: 36,927
January 2004
Total messages: 180,375
Total messages blocked by SpamAssassin: 48,661
So what we have is 10% growth in total messages, but a 31% growth in spam.
Making spam illegal isn't working. Not surprising to me.....
FWIW, I attribute the 10% growth to MyDoom and its ilk - my user base did not grow 10%, nor do I think my users suddenly started sending more email - they just received more stuff that got deleted (but counted) by the virus scanner.
"The most sensible request of government we make is not, "Do something!" But "Quit it!"
Chances are that you are getting spam that has been directed at your AOL username for quite some time. An AOL username gets released back into the wild at some point after the user has cancelled their AOL subscription. It used to be six months. I don't know what the time frame is now. You probably just picked a screen name that had been used before and has had spam sent to it since it was first created.
Be listed as the domain contact for a domain where a working address is mandatory. Failure to have a working address is grounds to have your domain cancelled. (Fortunately many registrars offer filtered address these days, but that doesn't help for the addresses that were visible before and are already on lists.
Post to usenet. I stopped doing that years and years ago, but I got on spammers lists back then and those addresses still circulate.
Have your job require that your email address be on the web. Similarlly, be responsible for a business address (like "support") that has to be on the web.
Post to a publically archived mailing list that doesn't remove email addresses. Posting to said list may be part of your job and can't be avoided.
Have someone else post your mailing address to a publically archived mailing list
Have someone else send you a e-card from a sleazy site that resells addresses
Have a moderately common name and use a moderately popular email host, you might get dictionary attacked
Ultimately, if you use the same address for long enough it will leak somewhere, possibly without your knowledge. Are you sure no one you know isn't posting a "Hey, my friend bob@example.com knows about this, as him" to a publically archived mailing list? Switching addresses isn't a very good option; it cuts off communication with other people. Throwaway addresses help (I use them myself), but to suggest that it's a reasonable option for Joe Random User is silly.
Count yourself lucky that you haven't had a problem. I got a new email address with a new job about two years ago. That address has never been used for personal use, just work. I've always obfuscated it on my web page (I need to have it available as part of my job). But I'm already getting 10 or so spam a day. (Although that's an improvement over the 80 or so a day I get at my various personal accounts.)
Search 2010 Gen Con events