Slashdot Mirror
Anti-Spam law Passed in Colorado
MadShark wrote to us about a new
anti-spam law passed in Colorado. It means that any commercial e-mail must have an "ADV:" label, as well as providing an easy way to opt out. But what's even more interesting is that politicians and non-profit groups must do the same as well. If a spammer violates the law, individuals can sue for $10 per e-mail, but ISPs can collect all the messages and sue the spammers for potentially millions. The question, of course, is the enforceability of the law.
Here in VA, I was excited when the anti-spam law passed here. But the problem here is the same as anywhere else: So you get Spam -- now what? It's usually difficult to trace, or, if you do trace it, it comes from some big spam-factory that, if you complain to, will just add you to all of their lists.
Since it's a crime in VA, do I just call the police? ("Hello, police? I'd like to report a drive-by spamming!") I don't think that I'd get far with that.
And, of course, spammers have no idea of where I'm physically located -- not that I have any sympathy for 'em -- so can't limit their spam based on geographic limitations.
It's neat that we're passing these laws. But, as best I can tell, they're pretty much worthless.
$ gpslookup makemoneyfast.com | launch-tlam
missile launched...
$ ping makemoneyfast.com
host is unreachable
$ exit
Mea navis aericumbens anguillis abundat
There are just a few of the matters which should have been addressed; all of them are equally difficult to overcome and are large enough stumbling blocks that, in my opinion, the bill is worthless.
It's my humble prediction that you're going to see people hacking boxes (if you can't trace the source, who can you sue?) to spam from as well as people outsourcing their direct e-mail marketing to ISPs in foreign countries.
I hate spam. Yet I don't see how ANY law could stop spam. First of all, I'd wager that most spam that citizens of Colorado receive does not originate in Colorado. Secondly, how would you enforce this law? How do you collect your $10 from some loser who can't even afford to pay for a full month of Internet access and has just sent 15,000 e-mails from his free NetZero account? Most of the spam I get is very obviously (at least to me) from individuals that really could care less about the legality or ethics of what they are doing.
The part that really bothers me is giving government a precedent where they are allowed to regulate communications over the Internet. Anti-spam legislation just seems like a good way to get their foot in the door.
I honestly believe that spam CAN be stopped by technology. We need to protect ourselves. I wrote a great procmail filter a couple years ago that filtered all my spam based on required keywords. If the e-mail was filtered out, procmail sent an e-mail back explaining that all mail without the required keyword was filtered--please include [keyword] in your e-mail to get through the filter.
Once someone sent the e-mail with a valid keyword they would be added to the "never" filter list. Everyone I showed it to thought it was way cool, however I got my ass flamed to cinders when I proposed the idea on Usenet.
Using a procmail filter like mine was NOT an ideal solution. For instance, bounce messages from mail daemons were lost so I wouldn't know if I sent e-mail to an invalid address. However, I can see fairly clearly in my mind how a new e-mail system could be implemented that would be easier and more reliable.
I'd really like to get some people to put some brain-power behind an e-mail system that could display a "terms of use" or any message before letting an unknown user into your system. No, your average spammer won't give a sh*t about your terms of use message. However, the average spammer is not going to read through 15,000 "terms of use" messages and type in 15,000 keywords just to get you to send him $5.
Anyone have any insight on how this might be implemented? I'd rather put a 'password' on my account for security than risk trading my liberty for it.
numb
- At $10/pop, no individual recipient of non-ADV-tagged spam is going to pursue legal action. The Washington state law that allows recipients of spam to sue for $500 is infinitely superior to the CO law.
- Remember Murkowski's bill? Now that we've got the Colorado law, we'll see tons of spam with "ADV:" in the subject line, and the language "Since we used ADV: this isn't spam, nyaah nyaah nyaah". This law legitimizes spam, rather than prohibiting it.
- ISPs can sue for $10/message. Sure, that's millions of dollars. But how many ISPs are gonna spend the bucks on lawyers just to sieze some spammer's 1965 trailer, collection of beer cans, and a few rotting buckets of chicken bones?
Good:Hear me out on this; I'm not advocating open relays. Just a relay that's "open enough to give the spammer enough rope to hang himself". Sendmail on such a box could be configured to allow the first 100 spams to go through, (resulting in minimal harm to end users), and to then silently drop the next few thousands of spams on the floor. While spammers don't have the millions of dollars required to make it worth an ISP's while to sue, many probably do have $1000 or so in seizable assets, which makes it worth the while of individual Coloradans operating specially-configured relay "honey traps" to hunt the spammers down for fun and profit.
What to do next is obvious -- use the logs to grab the spammer's IP address, contact the NOC at the spammer's ISP and mention that your relay has been attacked, and that you'd like to sue the spammer under the Colorado law. Even if you require a lawyer to obtain the spammer's identity, the cost should be minimal, particularly with the overwhelming weight of evidence of the spammer's guilt on your side.
Once you have the spammer's identity, send a demand letter to the spammer for $500 to settle out of court - if he ignores the demand letter, drag him into court for the full $1000.
Repeat, once for every spammer who attacks the relay. Finally, you too can make money fast with responsible bulk email!