Domain: waisp.org
Stories and comments across the archive that link to waisp.org.
Comments · 10
-
Re:Bad Law - kills states remedies
No - your MA business would be fine. You aren't subject to the law unless you know, or have reason to know that the address is linked to a WA resident. RCW 19.190.020 (and if you are business obscuring your email details - I have no pity). In order to make sure spammers have reason to know, WA residents can register their email addresses. And besides, nothing stops an inquiry to the ISP either. There is nothing you can say, or argue, that can cause me to be sympathetic to commercial email.
The worst part about spam is that I can't do what I do with paper spam - cross mailing junk mail (insert visa offer into mastercard offer, and mail them off). The kick I get out of that is well worth 37 cents.
-
Re:This is not an anti-spam billPrimarily, great, give the spammers a list of valid email addresses
Not if they set it up like Washington's registry. It's a searchable list that will tell you whether or not a specific address is on the list, but it will never give you a list of which ones are. Granted, given how poorly-written this bill seems to be, it seems unlikely that they'd be smart enough to set up a good do-not-email registry.
-
Re:Can we really enforce this?
Have you registered your email address? Have you filed any complaints with the attorney general? Have you filed a lawsuit? Please don't complain if you haven't. It's like complaining about Bush, and having not voted.
-
Do Not Mail versus Do Not Call (extensions)
With a Do Not Call list, one single entry covers all my phone extensions. Since the teleslimers will be comparing only the basic phone number, and not the number with its extension, against the list, by simply having my number without any extension in the list, a proper lookup will match and they can skip that number. None of my extensions will be called.
The issue is how to do this for email addresses. Many mail servers allow for "extensions" by having a certain special character such as "-" or "+" or "." followed by an "extension". By simply having the email account of the part before the separator, you automatically have every possible extension. Some people call this tagged email. And example would be jsmith-foobar@example.net where only jsmith@example.net would be in the list.
Many people even have their own vanity domain names, and regardless of what username is used before the @-sign character, they get the mail like the whole username were the extension.
For a registry to work, for at least those who are required to use it, it must meet at least these two requirements:
- Supports all user email addresses, including extensions
- Easy for the bulk mailers to compare their lists against
- The raw list itself must not be distributed
I looked at the registry run by the Washington Association of Internet Service Providers and found that the verification process only works one at a time. This makes their registry virtually useless. Of course, distributing the addresses in the raw will be worse, as it will get in the hands of spammers out of the country, and everyone will just get more spam because now spammers will have a list of address that are even more likely to have someone reading. And some will be mass mailing to such a list just to destroy the effectiveness of registering.
One option is to distribute an SHA1 checksum of each address. Then all that needs to be done on the mailer's end is to test each address by generating the checksum and looking that up in the database.
But even that has a risk, and I'm wondering if even that should be allowed. That risk is that spammers will run all their millions of email addresses through the process, and produce a subset of those who are registered, and then from out of the country
... they will spam the hell out of just those.In the end I think the only real solution is for a law that establishes two distinct networks (same address assignment base, but disjoint routing), one where spamming is allowed, and one where it is entirely prohibited under threat of jail time (for the executives in the case of corporations, LLCs, etc). Each ISP can then choose to service one or the other or set up dual but separate facilities to serve both. Wanna bet which network most will choose?
-
Do Not Mail versus Do Not Call (extensions)
With a Do Not Call list, one single entry covers all my phone extensions. Since the teleslimers will be comparing only the basic phone number, and not the number with its extension, against the list, by simply having my number without any extension in the list, a proper lookup will match and they can skip that number. None of my extensions will be called.
The issue is how to do this for email addresses. Many mail servers allow for "extensions" by having a certain special character such as "-" or "+" or "." followed by an "extension". By simply having the email account of the part before the separator, you automatically have every possible extension. Some people call this tagged email. And example would be jsmith-foobar@example.net where only jsmith@example.net would be in the list.
Many people even have their own vanity domain names, and regardless of what username is used before the @-sign character, they get the mail like the whole username were the extension.
For a registry to work, for at least those who are required to use it, it must meet at least these two requirements:
- Supports all user email addresses, including extensions
- Easy for the bulk mailers to compare their lists against
- The raw list itself must not be distributed
I looked at the registry run by the Washington Association of Internet Service Providers and found that the verification process only works one at a time. This makes their registry virtually useless. Of course, distributing the addresses in the raw will be worse, as it will get in the hands of spammers out of the country, and everyone will just get more spam because now spammers will have a list of address that are even more likely to have someone reading. And some will be mass mailing to such a list just to destroy the effectiveness of registering.
One option is to distribute an SHA1 checksum of each address. Then all that needs to be done on the mailer's end is to test each address by generating the checksum and looking that up in the database.
But even that has a risk, and I'm wondering if even that should be allowed. That risk is that spammers will run all their millions of email addresses through the process, and produce a subset of those who are registered, and then from out of the country
... they will spam the hell out of just those.In the end I think the only real solution is for a law that establishes two distinct networks (same address assignment base, but disjoint routing), one where spamming is allowed, and one where it is entirely prohibited under threat of jail time (for the executives in the case of corporations, LLCs, etc). Each ISP can then choose to service one or the other or set up dual but separate facilities to serve both. Wanna bet which network most will choose?
-
Do Not Mail versus Do Not Call (extensions)
With a Do Not Call list, one single entry covers all my phone extensions. Since the teleslimers will be comparing only the basic phone number, and not the number with its extension, against the list, by simply having my number without any extension in the list, a proper lookup will match and they can skip that number. None of my extensions will be called.
The issue is how to do this for email addresses. Many mail servers allow for "extensions" by having a certain special character such as "-" or "+" or "." followed by an "extension". By simply having the email account of the part before the separator, you automatically have every possible extension. Some people call this tagged email. And example would be jsmith-foobar@example.net where only jsmith@example.net would be in the list.
Many people even have their own vanity domain names, and regardless of what username is used before the @-sign character, they get the mail like the whole username were the extension.
For a registry to work, for at least those who are required to use it, it must meet at least these two requirements:
- Supports all user email addresses, including extensions
- Easy for the bulk mailers to compare their lists against
- The raw list itself must not be distributed
I looked at the registry run by the Washington Association of Internet Service Providers and found that the verification process only works one at a time. This makes their registry virtually useless. Of course, distributing the addresses in the raw will be worse, as it will get in the hands of spammers out of the country, and everyone will just get more spam because now spammers will have a list of address that are even more likely to have someone reading. And some will be mass mailing to such a list just to destroy the effectiveness of registering.
One option is to distribute an SHA1 checksum of each address. Then all that needs to be done on the mailer's end is to test each address by generating the checksum and looking that up in the database.
But even that has a risk, and I'm wondering if even that should be allowed. That risk is that spammers will run all their millions of email addresses through the process, and produce a subset of those who are registered, and then from out of the country
... they will spam the hell out of just those.In the end I think the only real solution is for a law that establishes two distinct networks (same address assignment base, but disjoint routing), one where spamming is allowed, and one where it is entirely prohibited under threat of jail time (for the executives in the case of corporations, LLCs, etc). Each ISP can then choose to service one or the other or set up dual but separate facilities to serve both. Wanna bet which network most will choose?
-
Re:Washington State already has it
http://registry.waisp.org/
Pros:
- It appears to be free to register
- Does not appear to be distributing the list
Cons:
- Too hard to register lots of addresses
- Cannot register just a general domain
- Verification is only one at a time and way too hard to do
My conclusion is this site is a joke. Do they expect to handle millions of lookups an hour?
What they should do is distribute a list of the 160-bit SHA1 checksums of the registered addresses. Then it's simply a matter of the spammer hashing each email in their mailing list and looking that up against the list. If there's a match, bingo.
-
Re:A Swing in the right directionI live in WA, where we've had a spam no send list for quite awhile (unfortunately, no no call list as of yet). It hasn't done me one bit of good - you have to register individual addresses (I have hundreds of aliases at my domain and they all come to me - I often don't remember specific ones), and even my main address, which has been registered for a couple of years, receives way too much spam.
Also, we've seen how many "wins" from these laws? a handful at best? There's obviously something not right with the system yet.
Granted, heavy modifications to courier's bofh file (blocking bad addresses/mx's) has narrowed that down from 50-100 to 5-10 daily. But it's still annoying.
-
There is a way
There is also no way to know if a resident is from washington or not.
Yes there is. Washington State has a registry of e-mail addresses that residents can sign up for.
Registration of your Washington E-mail address on this site makes sure would-be senders have some way of finding out you own a Washington E-mail address. Your rights to take individual action under the law and the state's right to jurisdiction are protected when you register your E-mail address. -
Spam effectively banned by conflicting state lawOk, so the chronology goes like this:
* Spammers fight like hell with the Direct Marketing Association to stop Federal regulation of spam, back in 95-96 or thereabouts. Spammers win, Feds decide to do nothing.
* Anti-spam advocates go into state legislatures, and start to win - state-wide anti-spam statutes pop up in 5 states.
* By my count, including Colorado, 14 states now have anti-spam statutes. (I have the list at work, but I'm on vacation... I only recall WA, CA, VA and NV off the top of my head.)
The beauty of this process is that the state legislatures are not all passing the same law. The Nevada filtration model (ADV in the headers, opt out method must be provided) rules in several states, while other states followed the Washington opt-out model (states set up 'Do not solicit lists' - spammers cannot solicit on that list').
The effective result of this patchwork of state regulation is that by following one state's laws, a spammer can't help but violate another state's laws if the spam is sent nationwide. I don't see how any legal advisor to a spammer can green-light a nationwide spam using the same methods employed in the mid-90s. Trolling the net to scrounge up email addresses doesn't tell you which jurisdiction they're in...
Basically, a list of email addresses is useless unless it has a state field in the dattabase, too. Thank you DoubleClick!
If you don't know which jurisdiction's rules to follow, you shouldn't send the spam. Penalities like this Colorado statute eliminate the old profit model (40 sales of $20 each on 1 million spams was cost effective then; now those 1 million spams will generate you fines... you have to make more sales).
So thank you DMA, for effectively banning spam!
T
==
"This is the nineties. You don't just go around punching people. You have to say something cool first."