Can CAN-SPAM can spam?

Or, rather, can any law stop spam?

During recent years, numerous pieces of legislation have been introduced to combat spam. The US has the CAN-SPAM Act of 2003 in addition to numerous state-level laws; the EU has the E-Privacy Directive, the E-Commerce Directive and various other directives in addition to numerous national laws; Australia has the Spam Act of 2003; and the list could go on.

But are these laws actually making a difference? Last year, spammers Sanford Wallace and Walter Rines were ordered to pay MySpace $234 million and, more recently, Canadian Adam Guerbuez was ordered to pay Facebook $837 million. The CSO of MySpace, Hemanshu Nigam, subsequently said:

          Anybody who’s been thinking about engaging in spam are going to say, `Wow, I better not go there. Spammers don’t want to be prosecuted. They are there to make money. It’s our job to send a message to stop them.’

No, spammers do not want to be prosecuted, but nor does the risk of prosecution seem to deter them. The spam simply keeps on coming. Furthermore, neither MySpace nor Facebook are likely to collect their millions, as Facebook admit on their blog:

          Does Facebook expect to quickly collect $873 million and share the proceeds in some way with our users? Alas, no. It’s unlikely that Geurbez and Atlantis Blue Capital could ever honor the judgment rendered against them (though we will certainly collect everything we can).

This has made some people wonder whether companies such as Facebook should even be permitted to address such matters through the courts. From another blog:

          Spam should be treated like a technical problem. The operators of Facebook should prevent it and police it internally. Tax-payers who do not avail themselves of the entertainment of Facebook should not subsidize the business of solving Facebook’s problems filtering spam.

There is certainly some merit to this argument. If prosecuting spammers shall neither stop spam nor enable victims to be compensated, then is there really any point?

But, of course, there is a point. We know that prohibiting murder shall not stop murders from happening, but murder is nonetheless prohibited. Whether or not a law can actually stop something is really neither here nor there. What’s important is that we do what we can to protect people from those who would cause them harm (physical or financial). Were spam not to be banned, we would be turning a blind eye to pump-and-dump schemes, the sale of potentially harmful counterfeit medications and a host of other scams.

Can CAN-SPAM can spam? No, it cannot. Do we need CAN-SPAM? Absolutely.

The eventual solution to spam (if a solution can ever be found) will probably be technical rather than legal but, until that day comes, all we can do is to legislate against it and filter it.

Written by Jesmond Darmanin


  1. M. E. Kabay, PhD, CISSP-ISSMP · May 19, 2009

    The title you have used in this posting was used in an article I published in Network World Security Strategies in February 2004. Perhaps your readers would like to read it.

    M. E. Kabay, PhD, CISSP-ISSMP
    Associate Professor of Information Assurance
    School of Business & Management
    Norwich University, Northfield, VT

Leave A Reply