NordVPN Promotion

Home / Blogs

A Year of CAN SPAM

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

The CAN SPAM Act of 2003 went into effect a year ago on Jan 1, 2004. As of that date, spam suddenly stopped, e-mail was once again easy and pleasant to use, and Internet users had one less problem to worry about.

Oh, that didn’t happen? What went wrong?

There are a few good things about CAN SPAM. It made some arguably fraudulent practices specifically illegal, and set per-spam statutory damages. That allowed a variety of lawsuits such as the one where an Iowa ISP won a billion dollar default judgment against a Florida spammer. It also explicitly ratified ISPs authority to set and enforce their own stricter policies about e-mail.

But overall, CAN SPAM’s weaknesses outweigh its benefits. The biggest problem with CAN SPAM is that it doesn’t actually forbid spam, for any normal definition of spam. So long as mail doesn’t involve fraudulent elements, and contains specified contact and opt-out information, it’s 100% legal until the recipient begs the sender to stop. This has set an extremely low floor for mailers to meet, and far too many now argue that since they comply with CAN SPAM they must be OK. I’ve gotten spam from the National Council of Churches, who really should know better, to addresses that were clearly scraped from my church’s web site and added to the NCC’s list without asking permission. When I complained, they pompously assured me that they complied with the letter and spirit of CAN SPAM, an utterly vacuous claim since CAN SPAM says nothing at all about non-commercial e-mail. (The obvious counter-argument is that if they didn’t comply with CAN SPAM, they’re be criminals, but they evidently don’t see it that way.)

Another problem is that the remedies are cumbersome, since they require filing in Federal court, so they’re likely to be useful only to medium and large businesses who get a lot of spam and can bundle many similar complaints into one case. CAN SPAM wiped out a lot of more stringent state laws, but even so, the remaining state laws are at least as useful as CAN SPAM. For example, the criminal conviction of large-scale spammer Jeremy Jaynes was under the Virginia state law, not CAN SPAM.

What does this all portend for the future? A surprising press release from AOL reported that the amount of inbound spam at AOL dropped by 22% compared to a year ago. Other ISPs reported no such drop, so we can only speculate about the causes, but my speculation would be about one part spam filtering, which AOL does well, and four parts legal threats, both the Jaynes criminal case and several civil cases they’ve filed in the past year. Spammers may turn away from large ISPs and aim more at smaller domains who are less likely to have the resources to sue them. Tune in again next year and find out.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Phil Howard  –  Jan 17, 2005 12:15 AM

What went “wrong” with CAN SPAM happened in 2003.  I think we know that it wasn’t really intended to address the problem of the volume of spam.  To members of Congress and the bulk of their constituents, who know nothing about the costs of running a network and the servers that power them, it was more about things like pornography (a button that can get lots of special interest groups activated, and hence get members of Congress to move), and the various scams.  Had no spam ever promoted any pornography site, or promoted any illegal activity, as far as Congress would be concerned, there isn’t a problem.

I’ve stored and kept every piece of spam I got (at designated spamtraps) in 2004.  The 122,295 spams received breakdown by month to: 2186, 2768, 4685, 6818, 9099, 10612, 11713, 12318, 10473, 13558, 17394, 20671.  September dropped because my primary mail server went down for a few days due to a hardware failure, and the backup server didn’t have the spamtraps configured.  All these spam traps are for email addresses that have never been used or assigned to any user.  In at least a couple cases, I’ve tracked down that people have entered fake email addresses to post at some sites (most likely to prevent spam in their own mailboxes).  I didn’t pursue them for using my domains for that purpose.  Instead, I just took advantage of that to run it as a spamtrap.

We need to turn to Congress yet again.  But perhaps the best thing to do is simply have CAN SPAM undone.  If they can’t do it right, and I doubt they ever will, we’re better off without it.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion