Evaluation of the CAN SPAM act: Testing deterrence and other influences of email spammer behavior over time.

摘要

Both email and email spam have experienced a growth that has paralleled the similar growth in technology worldwide. Email spam is more than just a nuisance, such mass unsolicited messages may also be harmful or fraudulent. The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN SPAM) is federal legislation that was passed and enforced in the United States starting in January 1, 2004; created in response to the growing spam problem. The Act was intended to regulate the methods and content of spam that could be transmitted, requiring spammers to comply with a number of ethical standards when sending spam.;A series of reports and evaluations by cybersecurity firms and researchers followed in response to the passing of the Act to assess its efficacy, most of which were not positive about the Act's success. However, none of these evaluations used methods that were sufficiently rigorous, failing to capture the continuous nature of CAN SPAM Act's enforcement, ignoring a variety of possible spurious influences, and only considering a relative few number of measures of spamming behavior.;This research proposes to address all of these limitations by analyzing a sample of 5,490,905 spam emails received in the United States from March, 1998 to November, 2013. A time series dataset was built from the spam sample by software which processed each spam message to build 17 measures of spammer behavior, falling under the categories of spam volume, spam compliance with the CAN SPAM Act, spam severity (malware and fraud), and spam locality. Each measure was incorporated into a multiple time series design and regressed on 11 measures of CAN SPAM Act enforcement, public opinion, and attention, all while controlling for multiple economic, technological, and related time series measures. The study is informative as to the causes of spamming behavior on a multitude of different dimensions relevant to illicit email spam that has policy implications for both the CAN SPAM Act and other possible anti-cybercrime legislation.