EU Spam Legislation Won’t Stop Spam From US

The legislation, introduced into the UK in December 2003, seeks to ban emails sent from a business to an individual without their permission. However this rule does not apply to any unsolicited emails sent from outside the EU.

MessageLabs’ research shows that, in January 2004, 76.4% of spam emails to UK addresses originated from computers in the USA. This figure is likely to rise to 79.3% by March this year. This means the vast majority of spam found in UK inboxes is not covered by the EU Directive legislation. Indeed all anti-spam legislation enacted worldwide only covers email originating from within its regulated area, which greatly weakens its potential effectiveness.

The new law was introduced on the 11th December 2003 in response to the EU Directive on Privacy and Electronic Communications. In December, 62.7% of the 40 million emails MessageLabs scans every day for its customers contained spam. In January this year the ratio hit 63.0%.

  • Over 79% of spam will originate from computers in the USA by March this year
  • 63% of email was spam in January, a major increase since the UK introduced legislation in December 2003

The figures for February are predicted to be even higher as the full impact of the Mydoom virus outbreak is assessed. MessageLabs expects volumes of spam to increase to around 75% of all email received by mid-2004.

MyDoom is the latest example of a virus with a ‘backdoor’ Trojan component as part of its payload – hijacked computers are used as spam-relay engines, sending out spam without the owner’s knowledge. This ‘convergence’ of virus writing and spamming techniques is having a significant impact – over 66% of global spam is estimated to be distributed illegally in this way, making it very difficult to trace the culprits and almost impossible to police.

Mark Sunner, Chief Technology Officer at MessageLabs, said:

“This new research underlines how, despite the enactment of the US CAN SPAM act, the UK legislation and others such as the Spam Act 2003 in Australia, businesses are fighting email security threats that are growing in number and maliciousness. It shows that a legal framework is only ever going to be at best one layer of a total solution. In time the law may make it less appealing and more difficult for a spammer to operate, but in the short term at least they seem likely to fail. Spam is inherently a technology problem and the solution at this point in time must be technology led.

“The problem is that spam is now becoming so severe that traditional anti-virus and anti-spam products are failing to protect companies due to their inherent reactive approach. The most effective solution is a proactive and continuously updated managed service, that stops known and unknown spam and virus threats at the Internet level, before they ever reach corporate networks and end users.”

Source: MessageLabs