Spam and the CAN-SPAM Act



About This Report

From the Executive Summary:

This paper examines three questions:

  1. How does international email affect the effectiveness of the Act?
  2. How can consumers and ISPs deal with spam? What technologies are available? In particular, how can people be protected, or protect themselves, from receiving unwanted sexually explicit material? Part of the problem here is that those companies that can be identified will likely comply with the CAN-SPAM Act, because it is the law; but those companies that cannot be identified may not comply. Hence the enforcement provisions of the Act are not enough, because not every non-compliant company can be caught and prosecuted. Technological means are a necessary adjunct.
  3. How effective and enforceable are the provisions? Because this paper focuses on the technology, and not legal or public policy matters, we discuss the state of technology that can be used to comply with, and enforce, the provisions. As the reader will see, many technological and scientific impediments make the effectiveness difficult to measure.
To summarize the conclusions of this paper briefly, the Act improves the ability of consumers and ISPs to block unwanted spam, provided the companies sending the spam comply with the Act. Technology can reduce the amount of spam received from companies that do not comply with the Act, but technology is of limited effectiveness in those cases where the senders take steps to evade or bypass this technology.


As part of the CAN-SPAM Act, Congress required the FTC to report on its implementation after 2 years. As part of the basis for that report, the FTC asked some experts for their opinions. Here is my report to them.