On One-Year Anniversary of CAN-SPAM Act, MX Logic Reports 97 Percent of 2004 Spam Failed to Comply with the Law; Spam, Other Email Threats Will Continue to Increase in 2005
DENVER, CO -- 1/3/2005 -- MX Logic, Inc., a leading provider of innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, resellers and their customers, reported that one year after the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act went into effect, on average 97 percent of unsolicited commercial email over the past year failed to comply with the federal anti-spam law.
“While we applaud the intent of the CAN-SPAM Act, clearly it has had no meaningful impact on the unrelenting flow of spam that continues to clog the Internet and plague inboxes,” said Scott Chasin, CTO, MX Logic. “In fact, the overall volume of spam increased in 2004, and we fully anticipate continued growth in 2005.”
On average, spam accounted for 77 percent of all email traffic, or 1 in 1.3 email messages, through the MX Logic Threat Center in 2004.
MX Logic has measured CAN-SPAM compliance each month since the law went into effect by examining a random sample of 10,000 unsolicited commercial emails each week. During 2004, monthly compliance ranged from a low of 0.54 percent in July to a high of 7 percent in December.
2004: The Year of Spam
“Despite low compliance levels, the CAN-SPAM Act does provide enforcement capabilities and has helped to galvanize government and industry efforts to curb spam,” Chasin said. “Unfortunately, ending the spam epidemic will require a long-term, ongoing effort that, in addition to the law, must also include technology, industry cooperation to improve authentication and security protocols, and end-user education.”
In 2004, the CAN-SPAM Act and state anti-spam laws have been used to pursue criminal prosecution and civil action against spammers.
-- On March 20, four major Internet Service Providers filed the first lawsuits under CAN-SPAM.
-- In April, Michigan conducted the first criminal prosecution under the CAN-SPAM Act, issuing arrest warrants for four men charged with sending out hundreds of thousands of fraudulent, unsolicited commercial email messages advertising a weight-loss product.
-- In September, Nicholas Tombros, the “wireless spammer,” became the first person convicted under the CAN-SPAM Act.
-- In November, Jeremy Jaynes, considered one of the top 10 spammers in the world, was sentenced to nine years in prison under Virginia’s anti-spam law for sending millions of spam messages to America Online customers.
For a complete 2004 time line of key events, visit www.mxlogic.com/PDFs/2004_CAN-SPAM_Timeline.pdf.
What’s in Store for 2005?
In addition to continued growth in spam volume, MX Logic outlined several predictions for 2005, including:
-- Increase in number of phishing attacks and in attack sophistication. Gartner estimates that 57 million U.S. adults received a “phishing” attack email in the 12 months prior to May 2004.(1)
MX Logic expects phishing attacks to increase in frequency and sophistication in 2005. Phishers will use trojans to launch phishing attacks by redirecting users to phony Web sites and soliciting account numbers and other personal financial information. As a result, Web browsers will likely add anti-phishing technology in 2005.
In an effort to prevent phishing attacks and online identity theft, financial institutions will move toward two-factor authentication tokens and smartcards -- meaning users will be required to have a password as well as a token or smartcard to conduct online financial transactions. In December 2004, the Federal Deposit Insurance Corporation called on financial institutions to upgrade existing password-based, single-factor authentication systems to two-factor authentication systems. Many consumers use something similar today in banking -- ATM cards.
-- New methods of email-distributed denial-of-service (DDoS) attacks. In 2004, many email users were exposed to MyDoom, the fastest-propagating email worm in history. At the peak of the MyDoom outbreak, the MX Logic Threat Center reported infection rates of one in every six emails. Part of the worm’s call to action included initiating a denial-of-service attack against the domain sco.com.
To date, denial-of-service attacks have been targeted primarily at Web sites. In 2005, new methods will aim to flood SMTP email infrastructures, resulting in large-scale denial-of-service attacks that compromise email networks.
-- Rise in frequency of spam without economic profit. Email-borne propaganda from domestic political organizations and from foreign entities such as Al Qaeda affiliates will increase in frequency and in boldness. In June 2004, MX Logic saw the first use of a spambot network to propagate political spam -- German-language spam denouncing the presence of Turks and other foreigners in Germany. More than 25 variants of this “hate mail” flooded the Internet. Political spam is not covered by the CAN-SPAM Act.
-- Growth in zombies for hire. In 2005, an expanded number of distributed zombie spam networks will be built and rented out by spammers, providing the infrastructure for a significant increase in the volume of spam that can be distributed. MX Logic discovered that in recent weeks, as much as 69 percent of daily spam came from zombie PCs.
-- Increasing pressure on service providers to keep networks free from spam and other unwanted and malicious email. A recent survey found that 58 percent of 1,006 consumer respondents said ISPs needed to work harder to protect their customers from unwanted email. MX Logic predicts that in 2005, service providers will come under continued pressure to provide end users with clean bandwidth -- much the same way that water utility companies are expected to provide potable water.
Media and analysts interested in receiving monthly CAN-SPAM compliance statistics can subscribe to MX Logic’s CAN-SPAM update by sending an email to email@example.com. The company will also post compliance data on its Web site at www.mxlogic.com/news_events/.
About MX Logic
MX Logic, Inc. provides innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, and resellers and their customers. The company’s feature-rich solution suite is the industry’s most comprehensive, flexible and easy to use.
Founded by messaging industry pioneers, MX Logic has delivered numerous industry firsts to the enterprise spam market, including becoming the first managed service provider to: leverage Bayesian Statistical Classification; provide spam beacon (“Web bug”) blocking; offer quarantine management via email; provide corporate-level quarantine release reports that help reduce inappropriate email while decreasing corporate liability; and deliver a solution for tracking URL click-throughs from email to the Web, providing increased corporate control and security.
MX Logic processes billions of messages each month for over 3,000 organizations worldwide. In addition, MX Logic is the only email defense company to offer both a managed service and a turnkey, carrier-grade software solution for service providers. For more information, visit www.mxlogic.com.
(1) Gartner FirstTake, “Phishing Attack Victims Likely Targets for Identity Theft,” Avivah Litan, 4 May 2004
- Contact Information
- Sheila O’Neill
- Media Contact
- MX Logic, Inc.
- Contact via E-mail
This news content was configured by WebWire editorial staff. Linking is permitted.
News Release Distribution and Press Release Distribution Services Provided by WebWire.