As the second anniversary of the CAN-SPAM Act approaches, experts at Sophos believe the legislation's impact has been mixed.
The law, which went into effect on 1 January, 2004, was written to stem the tide of unsolicited email, most notorious for hawking pornography, low interest loans, and any number of snake oil medicaments claiming to enlarge body parts, or enhance the sex lives of recipients.
"Some aspects of the CAN-SPAM Act have certainly been successful, allowing authorities to prosecute and convict some of the United States' most notorious spammers," said Graham Cluley, senior technology consultant for Sophos. "Improved corporate and consumer security measures and cooperation between internet service providers have combined with the CAN-SPAM act to reduce the percentage of spam being relayed from the USA."
However, Cluley added that by placing the responsibility on individuals to opt-out of email lists rather than require email marketers to only send messages to individuals who have opted in, CAN-SPAM has created a large loophole, through which large volumes of spam can still flow.
Analysis by SophosLabs, the company's global network of security centers, shows that the volume of spam sent from compromised computers based in Asia - primarily China and South Korea - is rapidly filling the void, and continuing to frustrate computer users around the world. Over 60% of spam is relayed by compromised, "zombie" computers.
The dirty dozen spam-relaying countries of 2005.
"The unfortunate truth is that spam is a lucrative global business, driven by criminal intent, and well beyond the ability of CAN-SPAM to control," Cluley continued. "Individuals and corporations who do not take proactive measures to protect themselves from the onslaught are certain to fall victim to the detrimental effects of spam in one form or another."
For more information about the latest trends in spam and viruses, read the in-depth Sophos Security Threat Management Report 2005:
Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.