Jana Monroe, assistant director of the FBI’s Cyber Division, told a hearing of the Senate Commerce Committee yesterday that the FBI’s Operation SLAM-Spam has identified 100 spammers, targeted 50 for investigation, and linked three groups of subjects into potential organized criminal enterprises.

She said that SLAM-Spam, which was announced in conjunction with the Direct Marketing Association last August, has an emphasis on cases involving the criminal uses of spam, and that a series of criminal and civil prosecutions is planned for later this year.

The hearing was held to provide Congress with an update on the effectiveness of CAN-SPAM, which was passed last fall and became law January 1. Witnesses on both sides of the debate said it isn’t very effective, and Senator John McCain observed how few cases have been brought under it.

To date, the CAN-SPAM act has had no substantial impact on the flow of spam, Postini Inc CEO Shinya Akamine testified. In fact, in the four months since CAN-SPAM went into effect, spam has increased from 78% to 83% of messages processed by Postini.

Akamine added that recent CAN-SPAM lawsuits filed by ISPs have targeted smalltime operators. The problem, he said, is that proficient spammers know how to hide their identities, making them especially difficult to track down.

Federal Trade Commission chairman Timothy Muris concurred, saying that the FTC has been unable to determine even how many spammers are responsible for how much of the spam. Many of the truths clung to by anti-spammers are merely spam lore that has little if any basis in fact he said.

[An] example of ‘spam lore’ is the notion that a handful of ‘kingpin’ spammers are responsible for the vast majority of spam. This may or may not be true, but nobody knows for sure, Muris said. The FTC errs towards the many-culprit theory, he indicated.

He also said that an FTC study of 200 spams that contained unsubscribe links showed that 63% did not function, and that of the ones that did work, no further spam was received when fresh email addresses were used to unsubscribe.

This, Muris, said throws doubt on the spam lore notion that unsubscribing guarantees getting more spam, a commonly held belief that was used by anti-spammers to criticize the US’s decision to make CAN-SPAM an opt-out rather than opt-in law.

Committee chairman McCain urged the FTC to go after not only fraudsters who sell phony goods, but also companies that hire spammers to hawk their wares. To date, the FTC has filed just two CAN- SPAM suits, both of which could have been filed under fraud law unrelated to spam.

If the FTC can’t find the spammers, it should do the next best thing: go after the businesses that knowingly hire spammers to promote their goods and services, McCain said in opening remarks. The Act gives the FTC the tools to do so… the FTC should use them.

Spammer Ronald Scelson, also testifying, said that CAN-SPAM is working, but that there are still many problems with implementation, cooperation, interpretation, and fraudulent or misleading practices, many stemming from the ISPs or their providers.

CAN-SPAM requires spammers to clearly label their spam as such, to include legitimate company address information in the text of the email, and to allow the recipient the ability to easily opt-out of future spams within 30 days of receipt.

Scelson said his mailouts comply with the provisions of CAN-SPAM, but that this does not stop his spam being blocked by ISPs and the blacklist providers the ISPs use. Because his IP addresses are blocked, this makes it impossible for recipient to opt-out, he said.

These anti-spam groups act like vigilantes now more than ever before, Scelson testified. It is possible to have both your company name and IP addresses completely blocked in as little as four hours, thus preventing you from delivering your mail to more than half the internet.

Scelson’s complaint could be seen as lending weight to the argument put forth by anti-spam software and services vendors that technology tools and, as Postini’s Akamine put it free market economics are the best way, currently, to deal with the spam problem.