Clever spammers stay 'one step ahead' of law

Viagra, gibberish, money-transfer requests, more Viagra.

Three years after the federal Can-Spam Act went into effect, unsolicited commercial e-mails are assaulting inboxes at record rates as spamming technology grows more sophisticated.

"I think the majority of the industry would say that spam levels are at the highest they've ever been," said Scott Chasin, chief technology officer at MX Logic Inc., a Colorado-based Internet security firm.

In September, unsolicited commercial e-mail messages accounted for more than 77 percent of all e-mail filtered by the company. Of that amount, only a fraction -- 0.27 percent -- was in compliance with federal anti-spamming law.

"Spammers are creative and industrious," said Michael Davis, a lawyer with the Federal Trade Commission (FTC), which is responsible for enforcing the act. "Because of their dedication and their technological sophistication, they have found ways to stay oftentimes one step ahead of law enforcement."

Under the Can-Spam Act, marketers are allowed to send unsolicited commercial e-mails as long as they include a truthful subject line and routing information; an opt-out mechanism; a notice that labels the e-mail as an advertisement; and a valid postal address.

Mr. Davis said the FTC uses a variety of tracking techniques to trace e-mails forwarded by consumers and identified as spam. While it's hard enough to track the messages, he said, the problem is exacerbated when the spam's origin is traced overseas. In that case, federal courts can award penalties, but collecting the fines can prove a challenge unless the spammer has assets in the U.S. Enforcement of the laws often depends on the relationship between the U.S. and the country in which the spam originated.

The five biggest violators, according to British nonprofit Spamhaus, are the U.S., China, Japan, Russia and South Korea.

While a comprehensive solution may be elusive, spam analysts cite the need for greater international cooperation to crack down on spammers.

In addition, there are steps that Internet service providers (ISPs) and consumers can take to ensure they are not propagating spam networks, Mr. Chasin said. Consumers should not open unknown attachments and should constantly update their Web security software to avoid having their computers hijacked, he said. ISPs should quarantine infected computers until they are fixed, he added.

Until then, "I'm afraid we're only going to see spam continue to rise," he said.