Security news
Security news16 December 2005
CAN-SPAM Act can do better, Sophos reports Sophos says anti-spam legislation a mixed bag; US still leads list of spam-relaying countries
As the second anniversary of the CAN-SPAM Act approaches, experts at Sophos believe the legislation's impact has been mixed.
The law, which went into effect on 1 January, 2004, was written to stem the tide of unsolicited email, most notorious for hawking pornography, low interest loans, and any number of snake oil medicaments claiming to enlarge body parts, or enhance the sex lives of recipients.
"Some aspects of the CAN-SPAM Act have certainly been successful, allowing authorities to prosecute and convict some of the United States' most notorious spammers," said Graham Cluley, senior technology consultant for Sophos. "Improved corporate and consumer security measures and cooperation between internet service providers have combined with the CAN-SPAM act to reduce the percentage of spam being relayed from the USA."
However, Cluley added that by placing the responsibility on individuals to opt-out of email lists rather than require email marketers to only send messages to individuals who have opted in, CAN-SPAM has created a large loophole, through which large volumes of spam can still flow.
Analysis by SophosLabs, the company's global network of security centers, shows that the volume of spam sent from compromised computers based in Asia - primarily China and South Korea - is rapidly filling the void, and continuing to frustrate computer users around the world. Over 60% of spam is relayed by compromised, "zombie" computers.
The dirty dozen spam-relaying countries of 2005.
"The unfortunate truth is that spam is a lucrative global business, driven by criminal intent, and well beyond the ability of CAN-SPAM to control," Cluley continued. "Individuals and corporations who do not take proactive measures to protect themselves from the onslaught are certain to fall victim to the detrimental effects of spam in one form or another."
For more information about the latest trends in spam and viruses, read the in-depth Sophos Security Threat Management Report 2005:
Download "Sophos Security Threat Management Report 2005" 
Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
