Portal de Periódicos da CAPES

Email Spam and the CAN-SPAM Act: A Qualitative Analysis

2011; International Journal of Cyber Criminology; Volume: 5; Issue: 1 Linguagem: Inglês

0974-2891

Szde Yu,

Cybercrime and Law Enforcement Studies

IntroductionEmail spam could be one of the most prevalent crimes in the sense that almost every email user probably has received at least a few unsolicited commercial emails at some point of time. The motivation of spam usually involves revenue generation, higher search ranking, promoting products and services, stealing information, and phishing (Hayati & Potdar, 2008). could result in damaging impact on the economy. Some research has claimed spam accounted for nearly 20 billion dollars in lost time and productivity (Yeargain, et al., 2004). Furthermore, McAfee's Carbon Footprint of Email Report (2009) indicated that the energy used to transmit, process, and filter spam amounted to 33 billion kilowatt-hours (kWh), which is equivalent to the electricity used in 2.4 million households or the greenhouse gas emissions as 3.1 million cars using two billion gallons of gasoline.Despite the effort trying to stop spam, unsolicited commercial emails never seem to stop arriving in our email inboxes. Many email providers, such as Gmail or Hotmail, have diligently developed their spam filters to detect possible spam emails. However, if the filter mistakenly identifies an important message as spam, it could create a problem more than just an annoyance as users might miss an important date or fail to follow up in a communication of great consequence (Weinstein, 2003). Besides, nearly 80% of the energy consumed as mentioned earlier was related to users deleting spam and searching for false positives. filtering accounted for 16% of such energy use, but successful filtering was able to reduce the energy use incurred by spam otherwise. Therefore, accurate spam filtering saves not only time but also energy and money. Moreover, it should be kept in mind that spam is more than just an economic concern as in the USA it could constitute a criminal offense under the Controlling the Assault of Non-Solicited Pornography and Marketing Act (the CAN-SPAM Act).This article was intended to perform a qualitative analysis on 3,983 spam emails with respect to their content, format, techniques, and their compliance with the CAN-SPAM Act.Literature ReviewThe CAN-SPAM ActIn December 2003, the CAN-SPAM Act was enacted and took effect in January 2004 (Lee, 2005). The Act was enacted in an attempt to regulate interstate commerce by imposing penalties and limitations on sending unsolicited commercial email via the Internet (Yeargain et al., 2004). The Federal Trade Commission (FTC) was authorized to enforce provisions provided in the CAN-SPAM Act, and unsolicited commercial emails that fail to comply with its regulations were declared criminal. The punishment could be a fine up to $16,000 for each separate email in violation of the CAN-SPAM Act (FTC, 2009), or it could be imprisonment (Yeargain et al., 2004). In 2008, the so-called Spam King Robert Soloway was convicted under the CAN-SPAM Act for sending fraudulent emails along with two other charges and was sentenced to 47 months in federal prison (Rabinovitch, 2007). The Act also allows states and Internet service providers to file civil lawsuits against spammers (Ford, 2005; Yeargain et al., 2004).The rationale of the CAN-SPAM Act can be seen as based on the expected utility theory in economics, which posits spammers would only choose to send spam when the expected gains exceed the expected cost (Lee, 2005). Since the Act was aimed to increase the cost to spammers, it was expected spammers would be discouraged. However, this did not seem to be the result. According to Symantec's monthly spam reports, the amount of spam is actually increasing (Symantec, 2010). More than 90% of emails sent in the world now are possibly spam, depending on how spam is defined (Symantec, 2010).The CAN-SPAM Act defines spam as unsolicited commercial electronic mail that includes any commercial emails addressed to a recipient with whom the sender has no existing business or personal relationship and not sent with the consent of the recipient, and commercial electronic mail is defined as any electronic mail message the primary purpose of which is commercial advertisement or promotion of products or service (Rogers, 2006). …