 |
| The new legislation designed to stop spam is
unlikely to be successful, says Sophos |
Anti-spam legislation that could send spammers to jail has been
approved by the US House of Representatives in an overwhelming
vote.
However, Sophos, a world leader in protecting businesses against
viruses and spam, believes that the legislation will not help, and
- if anything - has the potential to create confusion and encourage
even more companies to send unsolicited emails.
In a vote on Saturday, the House of Representatives passed a
vote of 392-5 in favour of the bill. The Senate is expected to
follow next week, with President George W Bush expected to sign the
bill into law on 1 January.
The bill, which is known as CAN-SPAM ("Controlling the Assault
of Non-Solicited Pornography and Marketing") proposes an "opt-out"
standard rather than the more vigorous "opt-in" process proposed by
anti-spam experts such as Sophos.
Under the terms of the proposed law, certain forms of spam will
be legal. The bill states that spammers may send as many
"commercial electronic mail messages" as they wish - provided that
the messages are obviously advertisements with a valid US postal
address, and an unsubscribe link is present at the bottom. It would
then be the responsibility of every individual to unsubscribe from
any mailing list they did not wish to receive spam from, rather
than only legalising email from mailing lists to which users have
explicitly chosen to "opt-in".
"This legislation will be bad news for all computer users. The
US authorities had the opportunity to make a real stand against
spam, but through attempting to come to a compromise with the
direct mail industry they have only managed to create an enormous
fudge," said Graham Cluley, senior technology consultant for
Sophos. "This bill acts as a green light for any company
considering sending unsolicited email to millions of innocent
users. Now they know they can go ahead, completely legally, as long
as they include a message offering 'opt-out' at the end. This won't
reduce the amount of spam people are likely to receive at all. If
anything, it may make things worse."
Sophos is also concerned that the proposed new law conflicts
with state-level laws already in place in some areas of the USA.
For instance, a stricter "opt-in" law scheduled to be enforced in
California will be overridden by this federal legislation.
"Confusion reigns as to which laws apply in which states - this
was a wonderful chance for the House of Representatives to put in
place a stringent law country-wide," continued Cluley. "The USA
should have followed the precedents set by some other countries,
and adopted tougher laws to crack down on spammers. As most spam
originates from the United States it is likely we will all suffer
from this muddy-headed legislation."
Although Sophos welcomes some aspects of the new legislation
(making the use of stolen open proxies to relay spam illegal, for
instance) it believes that many companies will view it as an
endorsement of their current spam marketing initiatives, and
encourage them to continue.
Sophos recommends companies protect themselves with a consolidated solution which can defend
businesses from the threats of both spam and viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.