Share this:

Alex Kigerl 80x108Receiving spam emails is one of the most ubiquitous experiences for anyone who uses the internet today. In 2003, the US Congress enacted the CAN SPAM Act which aimed to regulate the sending of unsolicited emails. In new research, Alex Kigerl looks at the effectiveness of the CAN SPAM Act using a sample of 5.5 million messages sent over a 15-year period. He finds that the Act has served as a deterrent to spammers, but only through detention, not fines, since many spammers have considerable incomes and can afford to pay them. He argues that if we wish to reduce the amount of spam we get, then we must increase enforcement and prosecutions, and imprison spammers for long enough for them to be deterred from sending further spam.

Spam, the bulk sending of unsolicited electronic messages, has grown since the beginning of the internet, and today makes up more than half of all internet traffic.  The United States is one of the top spam haven countries.  On December 16, 2003, the United States Congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing Act, or CAN SPAM Act, intended to regulate electronic spam.  The regulations inherent in the bill set requirements that electronic commercial messages must adhere to when sending advertisements to recipients electronically (including email and other electronic means of communication).

The bill does not prohibit spam, but rather regulates the way it is sent and the content that is delivered.  The messages must be truthful and not fraudulent.  The sender must also comply with a recipient’s express request to opt-out of all future emails.  The Act does not require opt-in by recipients, however, and so unsolicited messages are still lawful.  Violators of the Act are usually fined, but can also receive prison time for additional aggravating violations.  However, only a few authorities are allowed to prosecute under the Act: The Federal Trade Commission, internet service providers, and state attorney generals.

In terms of the CAN SPAM Act’s effectiveness, early responses to the Act were not favorable, but new evidence suggests the legislation may actually provide a deterrent effect against spammers.  Prior investigations into the Act only looked at its impact in terms of a dichotomous measure, that of a coarse binary before and after impact on spam activity and severity.  New evidence using monthly CAN SPAM Act activity (prosecutions, fines, detentions) and a sample of 5.5 million spam messages received in the United States between March, 1998 and November, 2013 taken from available spam archives suggests a deterrent effect.

A time series plot of the spam sent during this time frame can be seen in Figure 1.  The CAN SPAM Act went into enforcement on January 1, 2004.  New rule provisions were also added to the Act during May, 2008, specifying further the requirements spammers must adhere to when honoring opt-out requests, among other provisions.  As can be seen from the plot, these dichotomous events do not appear to have an obvious impact on spam volume.

Figure 1 – Monthly count of spam messages received

Kigerl Fig 1

When analyzing monthly CAN SPAM Act activity as reported in the news on the amount of spam sent, the Act may be more effective than first appears.  The number of ongoing trials prosecuting spammers per month, as well as the number of spammer convictions per month under the CAN SPAM Act, is associated with lower spam rates the following month.  Fines against spammers, however, were not found to be effective.

There also appears to be some elements of the CAN SPAM Act that might actually make spam worse.  The number of news articles mentioning spammers being detained was associated with more spam being sent.  In contrast, the sum of days spammers were detained overall per month, regardless of the number of individual detentions, predicted less spam.  Figure 2 depicts the predicted spam counts based on this relationship.  The reason for the finding may be that spammers being detained in the news could be an emboldening effect, as spammers are only held for very brief amounts of time, making the punishments seem trivial.  Yet if there are a low number of spammer detentions, but high average days detained per month overall, that would suggest spammers are being detained for longer and thus that is where we see spam at its lowest level. 

Figure 2 – Predicted spam received based on spammer detentions

Kigerl Fig 2

The results might have implications changes in policy. The majority of the penalties contained in the CAN SPAM Act are via fines against the spammer.  Yet none of these fines used appeared to have an impact on spam rates.  Instead, the number of days spammers were detained appears to be associated with a drop in spam, so long as the length of incarceration is adequately long.  It might be optimal for the CAN SPAM Act to be revised to allow for more prison sentences as opposed to financial damages.  The sentences should also be long enough to avoid the possible emboldening effect seen in the data here.  Many spammers have substantial incomes from their illicit spam businesses, hence why fining spammers may not be as effective.  However, lengthy prison sentences might be sufficient to make spammers think twice about sending spam illegally.

It is also important to note that the number of ongoing trials and convictions of spammers also predicts less spam being sent.  More prosecutions of spammers may therefore be beneficial.  As it stands now, the CAN SPAM Act largely goes unenforced, as it is limited to a narrow number of possible authorities that would enforce it, as well as being conservative as to what it classifies as spam.  The Act might do well to have the definition of illegal spam broadened or simplified to facilitate easier enforcement.  The definition of illegal spam could be broadened to include unsolicited commercial mail, requiring opt-in.  Such a revision might cut down on the annoyances legitimate marketers impose (at the very least), as they would likely comply with the law.  As of now, unsolicited spam is not illegal, so long as the spammer abides by specified regulations.

Additionally, the entities authorized to file lawsuits against spammers for damages could be expanded, such as allowing consumers to file suit in addition to the Federal Trade Commission (FTC), the states, and internet service providers (ISP).  Enforcement of the CAN SPAM Act is not frequent, as the FTC is underfunded and ISPs have little profit motive to bother pursuing spammers on their networks, which may not be that costly to them in the way of direct damages, as the recipients themselves absorb most of the consequences of spam.  Expanding the option to bring suit to more who would be affected by spam should increase enforcement.  This portion of the revision would not include the possibility of jail sentences for spammers, but would at least increase trials and convictions, which also appears to have a deterrent effect.

Prior opinion was not positive about the effectiveness of the CAN SPAM Act.  Yet new evidence suggests elements of the Act have an impact on spam rates.  Further revisions to the Act may capitalize on these elements which are effective, such as increased enforcement and longer incarceration sentences for spammers.

This article is based on the paper ‘Deterring Spammers Impact Assessment of the CAN SPAM Act on Email Spam Rates, in Criminal Justice Policy Review.

Featured image credit: Jonathan Lister (Flickr, CC-BY-2.0)

Please read our comments policy before commenting.           

Note:  This article gives the views of the author, and not the position of USAPP– American Politics and Policy, nor of the London School of Economics.

Shortened URL for this post:


About the author

Alex Kigerl 80x108Alex KigerlWashington State University
Alex C. Kigerl is an Assistant Research Professor of Criminal Justice and Criminology at Washington State University and Senior Data Analyst for the Washington State Institute for Criminal Justice Research.  His research focuses on cybercrime, email spam, prison misconduct, and offender risk assessment development.