H.R. 3113: Spam Bounty Hunters Wanted

belgin writes: "According to this ZDNet article, the U.S. House Commerce Committee is considering a law that places a bounty on illegal spammers. These bounties would be paid to ISPs and individuals who track down and turn in spammers. Specific types of spam mentioned by the article include fraudulent spam and spam that attempts to falsify its origin. Fun to think about if you've landed on one too many spam lists, but a little scary in 'leads to ...' department." The bill, called H.R. 3113, or the Unsolicited Electronic Mail Act of 2000, would impose Federal law in the form of what seem to be common-sense restrictions on electronic junk. But belgin is right -- what consequences might laws like this have that we don't want to trade for, even in spam? Would private solutions be better in the long term?[updated 18th May 2000 13:45GMT by timothy] Not to be confused with last year's H.R. 3113.

Yea, for about 2 seconds

Then you begin to wake up to reality.. the spammer will just go grab another AOL CD and be back on the net in under an hour. They're like cockroaches. You cannot kill a determined spammer. They will move to off shore providers if they have to but they WILL keep spamming. I'm suprised China or korea hasn't setup a spam haven where spammers can get remailers that are sympathetic to their anti-consumer ways.

Re:Yea, for about 2 seconds

[winnetou]

Then you begin to wake up to reality.. the spammer will just go grab another AOL CD and be back on the net in under an hour.

Just read AOL's page on Junk E-mail and remember that AOL does sue.

Re:I can see it now...

I'm glad you had luck. I haven't. I still get tons of dinner calls. Not many (obvious) repeats, but lots of calls

We can't tell if the same telemarketer calls back with a different pitch. I worked for DialAmerica briefly, and people in the same room might be calling for 10-20 organizations.

Your first link (and the lawsuits you discuss) were for junk faxes . That law is 9 years old (per the site), and yes, people are having success suing -- but only because the problem is still there!

Your second link is a non-government filter list for spammer-friendly nodes, primarily useful to ISPs. Filtering is the type of self-help the poster above you says is one of the spammers big fears. The DMA supports HR 3113, after all -- isn't that a little fishy?

Re:How do you "win" the bounty?

Hijack someone's IP address.

Send out spam

Turn them in for the bounty

Going to court...

[Mickey+Jameson]

While I'd be a millionnaire if I actually actively pursued every bit of spam I've received in the last 4 years, it's generally not worth the trouble. I'm not going to waste my time and money just to take some spammer to court. I get satisfaction on a weekly basis from ISPs that email me back to say, "Dear Xxxxxxx, we have identified the spammer and terminated the account. Thank you for bringing this matter to our attention." And all it takes is 30 seconds to peruse the headers and forward them to the appropriate abuse accounts. While I'm not making a dime off it, the satisfaction of knowing that dickhead's two accounts (usually uu.net or yahoo.com and their actual ISP accounts) are gone for good and he/she'll forfeit the amount of $ left on that account, in addition to having to find a new ISP. That's justice enough - for me at least.

Government means well, but should leave 'net alone

[Lally+Singh]

icky. Remember whose 'common sense' it'll be - a 70 year old _IMac_For_Dummies_ judge who differentiates computers by color, and between "computer professionals" and "damn hackers" by media stereotype.

It's going to suck. It's going to suck badly.

Hmm, anyone up for a "Keep your laws off my internet" geek campaign? Lemme know - my email address is real.

--

MAKE MONEY FA$$T!

[Pseudonymus+Bosch]

From:
Reply-To: <tr0ll@hotgr1t$.org>

YOU too can be RICH hunting spammers!!!

Find about the new HR 3113 bill from Congress!!
Now YOU can make the Internet a BETTER place!!

Every day millions of 'spam' and UCE messages are sent through the Information Superhighway by unscrupulous cybermarketers. You have received several tens of them a day.

But the new HR 3113 bill allows normal users like YOU and me to claim a bounty for every 'spammer' tracked and denounced.
Until now 'spam' tracking was a black art known only by computer 'hackers'.
But NOW YOU can HUNT and FIND them!!!!
MAKE MONEY FAST AND EASY with my SPAMHUNTER COURSE CD-ROM (TM)!!!

SPAMHUNTER COURSE CD-ROM(TM) allow easy tracking. You will know how to use our secret HACKER tools like WHOIS and TRACEROUTE to find the lair of this scum. Then you can claim your bounty at your local police station.

Click HERE to profit the LAUNCH OFFER to get the SPAMHUNTER COURSE CD-ROM(TM) for only $39.95!!!

(You are receiving this message because you once asked to be removed from a spam address list, you idiot. If you want to be removed from our list, you can't. We are based off-shore for this law to stop us.)
__

Spam hunting privateers wanted

[Pseudonymus+Bosch]

Better than spending tax money to pay hunters, make the spammers pay. It would be (100 + X) % of their spam booty, and it could be divided among the hunter, the state and maybe the spammed (difficult), in the style of privateers seizing pirates and fat galleons with the gold of the Indies.
__

Privacy concerns?

[Old+Man+Kensey]

I honestly don't see the privacy concerns so many have mentioned, unless people are concerned about legitimate "spam" being mistaken for the real thing and small companies getting mistakenly raided with all those attendant privacy concerns.

There are several things that make real spam easily identifiable:

1. Fishing. They always want me to buy or send something. I've gotten spam that's non-commercial, but it's very very rare.

2. Forgery. Forged headers are practically a defining characteristic. Again, I've gotten spam with non-forged headers, but rarely.

3. Fraud. Just about every one I get is MAKE.MONEY.FAST in a new form, or else it's selling black-market herbs/medicines/whatever.

The biggest problem I have with HR 3113 is that by saying "this spam is bad" it's implicitly saying "this other spam is good."

The real problem, of course, is that SMTP is largely unauthenticated. What's needed is a "secure-net" of SMTP servers that do things like verify the forward and reverse lookups on the address of a sending host, strip out bogus Received headers, and so on. Basically eliminating the trust that allows spammers to get away with their nasty tricks. Sucks, I know, but these days paranoia is the rule rather than the exception (see the Slashdot DDoS discussion for plenty more on that subject).

Would it violate the relevant RFCs for an ISP to set up an SMTP server to strip Received headers on messages coming from its dialup pool? That'd take care of about 90% of the spam right there -- they can run, but they can't cover their tracks. If stripping wouldn't be allowed, maybe there could be an additional header somewhere, an X-header containing the first "known-good" Received line, and that would always be stripped if a message comes from the ISP's subnet(s) with it already present unless other arrangements have been made with the customer.

To those who say it would be too much effort to coordinate, I say open relay used to be the default and now it's fairly rare on servers that have been up for any length of time. This could be accomplished by peer pressure if the major sites jump on it.

Re:Why not Postal Spam?

[Old+Man+Kensey]

AC wrote:

It may be that I don't know what I'm talking about, but the government seems to be doing more about E-Mail spam than Snail Mail Spam. Not to mention deleting E-Mail spam is easier than deleting Snail Mail Spam. Doesn't make much sense to me.

Many people don't realize it, but the USPS has confirmed that the rates companies pay on snail spam actually subsidize part of the cost of first-class mail. Translation: if companies quit sending it, your mail rates would go up.

I pay half my bills online these days anyway, but there it is.

Besides that you can recycle snail spam as firelighters :)

Can you say TROLL???

[Old+Man+Kensey]

Try this one:

http://thomas.loc.gov/cgi-bin/bdquery/z?d106:h.r.0 3113:

That's the 106th Congress, not the 105th.

Re:Can you say TROLL???

[Hoaxed]

Can you say neither Miller nor Wilson have worked on either of the bills they are credited with?

Please send me my bounty....

[PD]

This is one of the routine mails I get every day. Another spammer bites the dust!

Everyone should learn how to trace mail headers, and complain about *every* spam they receive.

From Brian Willcott Wed May 17 14:00:36 2000
X-Apparently-To:
pdrap@yahoo.com via mdd103.yahoomail.com
Received:
from jewnix.org (208.44.130.245) by mta118.mail.yahoo.com with SMTP; 18 May 2000 02:13:51 -0000
Received:
from localhost (ids@localhost) by jewnix.org (8.9.3/8.9.3) with ESMTP id QAA18927; Wed, 17 May 2000 16:00:36
-0500
Date:
Wed, 17 May 2000 16:00:36 -0500 (CDT)
From:
Brian Willcott | Block address
To:
Patrick Draper
CC:
ops@knetconnect.net
Subject:
Re: Fwd: RE: Have you submitted this?
In-Reply-To:

Message-ID:

MIME-Version:
1.0
Content-Type:
TEXT/PLAIN; charset=US-ASCII
Content-Length:
2930

All apologies for this action. The user's account was terminated.
Sorry for any inconvience caused.
Sincerly,
Brian
brw@knetconnect.net
On Wed, 17 May 2000, Patrick Draper wrote:

> Your customer is a dirty spammer. Terminate their accounts and send
> them to prison.
>
> --- alfred_dominic@IPMailStop.com wrote:
> > From nei_zuer_xusta@ip-email.com Wed May 17 19:36:04 2000
> > X-Apparently-To: pdrap@yahoo.com via web127.yahoomail.com
> > Return-Path:
> > X-YahooFilteredBulk: 193.105.56.209
> > Received: from econ.insead.fr (193.105.56.209)
> > by mta105.mail.yahoo.com with SMTP; 17 May 2000 12:51:15 -0000
> > Received: from gateway-ga-nm1.mailhost.mcr-atl-mcremwin.net
> > (31-kc1-dialup.knetconnect.net [208.44.131.31]) by
> > econ.insead.fr
> > (Netscape Messaging Server 3.62) with SMTP id 342;
> > Wed, 17 May 2000 14:45:43 +0200
> > Message-Id:
> >
>
> > Subject: RE: Have you submitted this?
> > To: @yahoo.com
> > X-Mailer: Pegasus Mail for Win32 (v3.01b)
> > Date: Wed, 17 May 2000 08:50:24 -0500
> > From: alfred_dominic@IPMailStop.com
> > MIME-Version: 1.0
> > X-Encoding: MIME
> > Content-Type: multipart/alternative;
> > boundary="----=_NextPart_4388685666521173163256153 783464"
> > Content-Length: 3659
> >
> > Home Owners, Get the + Plus + you need.
> >
> > + You want to consolidate bills
> > + You want to make home improvements
> > + You want cash for extras

etc.

Re:Please send me my bounty....

[PD]

Sometimes I say

"Please terminate the spammer's account, then go over to his house and beat him up, kick his dogs, eat his food, watch his TV, and slap his wife."

You'd be surprised how many responses I get back from sysadmins who say that they thought it was funny, and the wish they could do that for real!

Re:Please send me my bounty....

[Chris+Johnson]

Uh- is 'send them to prison' really a useful thing to ask an ISP? O_O Here's my version- as a MacOS clipping so it's just drag and drop, over and over and over and over and over and.... eight times today alone... Please kill this spammer's account. -postmaster@airwindows.com Note that I send the complaint as postmaster >:) I think possibly this might help in borderline cases. I'm not above saying 'we're getting slammed here'. airwindows.com is of course, just me...

Re:Creating your own targets

[Helge+Hafting]

One of the first things that I thought of was the possibility that the people who are "bounty hunters" may do what people have done in years past when the government ever gave actual bounties of this kind. All you have to do is just either create some of your own spam and then turn in the "user" or just pay people to post spam under fradulent accounts. Bam instant money.

Easily fixed by having the spammer actually pay the bounty (by having government extracting a fine from him.)

Bounty on Spammer Scum

[dr_strangelove]

"...the U.S. House Commerce Committee is considering a law that places a bounty on illegal spammers."

Ooooo! Do we get to take heads?

Re:Your tax dollars are going towards...

[Morchella]

A bunch of Shimomuras looking for spammers. Now that's what you call worthwhile.

Actually, for the spammers, we have one "Afterburner", who heads up the abuse desk at RCN/EROLS.

Afterburner has a team of "Evil Abuse Desk Minions", who mercilessly track down and terminate spammers accounts, with various BOFH LARTS. RCN/EROLS, before the arrival of Afterburner, used to be something of a haven for spammers. Not so anymore.

Over on USENET, in news.admin.net-abuse.email, a war is currently being waged. Spammers use software which circumvents the mechanisms by which the origins of a mail message can be tracked. Someone, obviously, has to write that software, and provide it to the spammer.

In at least one recent instance, that someone has turned out to be Andrew Brunner, who claims to be president of CyberCreek LLC. Brunner's product, Avalanche Pro, claims both to be a legitimate MTA, and to contain a number of tools for circumventing the security of OTHER MTAs. (hmmm, sounds suspicious).

The full details, of course, including death threats by Mr. Brunner against Paul Vixie (author of BIND(8), and currently V.P. of Above.net), as well as his impersonation of a federal agent, and prior criminal record, are available on n.a.n-a.e.

UUNet, who currently host Brunner, is suffering under a load of public humiliation, mostly by the abuse teams of other major ISPs.

I invite slahsdotters to join in the fray.

--Brian

Re:Another opportunity to fink

[winnetou]

Governments that have become police states criminalize simple, innocuous actions.

Spamming is not innocuous, spam costs a lot of money to ISPs.

This means that virtually everyone is a criminal, and if they don't like you, theyll be able to arrest you and convict you of scads of crimes that you unwittingly comitted.

It is absurd to assume that virtually everyone is a spammer or that people would "unwittingly" spam.

Re:ROCK ON!!

[winnetou]

It's nice to see the government is trying to take action against SPAM by empowering the citizens!

Please be carefull with your CapsLock key. SPAM is a trademark of Hormel Foods. They kindly allow the use of "spam" for unsolicited bulk e-mail and excessive multiposting to Usenet.
Note:The website of Hormel seems to be down at the moment.

pros and cons

[noah_nelse]

as with any law, we have to evaluate this on the basis of how it benefits each citizen and how it hurts each citizen. any good law will do none of the latter. while this may be convenient, it does not protect the rights or insure the freedom of anyone, which is the sole function of the government.

it's a question of whether we choose convenience over our rights to monitor or own email, whether we really want the government regulating yet another form of communications. given the extremely poor record of the FCC in making decisions which benefit citizens, i'd answer a big fat no.

a medium has a tendancy to be interesting and useful in direct proportion to how little it is regulated by the federal government.

UnEMA?

[Insight]

Unsolicited Electronic Mail Act of 2000 == UnEMA?

I can see the ad's now:

"Had some bad Spam? Try the new UnEMA! Instant relief!"

Re:A client side idea

[Longing]

What if someone Bcc:'s you on something? You won't see the email, as you're not in the To: or Cc: lines, and your email client will reject it.

Procmail is one way to go about doing what you asked for (a client side spam-block). A lot of the programs spammers use have signatures that procmail can catch. But spammers can start to use new programs. Or spammers can start to send email with your email address in the To: field (happens, although rarely, to me)

An adequate solution (lacking any better solution) is to maintain seperate email addresses for friends, work, mailing lists, and "companies" - whether it be for account information (you bought something) or whatever. Then you can "white-list" the work, friends, and mailing list email addresses, meaning the person sending you email has to be on the approved email sender list - any mail that isn't from an address in your white-list gets bounced or dropped.

Unfortunately, you can never tell what email account amazon or petstore.com or whomever you do business on the web with is going to send from, so you are still stuck with one email address that can potentially get spam.

Another solution is to get a domain and set up an individual email address for every company you do business with. So if you never want to get email from microsoft@yourdomain.tld again, just forward it to /dev/null :)

Matches my domain

[Krimsen]

Wow... how strange. It matches my domain.

House E-Mail

[suede]

The House has provided a handy way to e-mail your representative! While I'm sure it's not secure, it's a good way to give comments back to the people voting on this bill, not just other slashdotters.

E-MAIL YOUR REP!
http://www.house.gov/writerep/

Spam - more damaging than you think

[sela]

Spam is more than just a slight annoyance - it makes more damage than you think.
The way spam affects us is not only by filling our mailbox. The problem is there are so many things we could do on the net we cannot do now because of spam.
Take usenet for one example. Every kids knows posting in a newsgroup, and putting your true email address, is going to put you in every possible spam-list. Does putting user@yahoo.nospam.com really works? Maybe, yet maybe not ...
Spam is probably one of the things that makes usenet much less than it could be.

Then, take email search engines. Suppose there is an old friend of yours from highschool days you wish to write. Wouldn't it be great to go to one of the email search engines and find his email so that you could write him. Well, you probably couldn't find him there. Why? He's not listed, because of spam, ofcorse. If spam was not such a big story, most email addresses would be registered on whowhere and the like.

I had a hotmail account I opened a long time ago, when it wasn't part of m$ft yet. Spam was not as big problem as it is today, and I carelessly put my email address where I shouldn't.
Recently, this email address got so many spams (20 a day or more) I had to abandon it, which is probably a good thing (hotmail sucks, you know), but I also had to inform everyone I knew about my new email address ...

This is not to say the suggested low is a good solution. I don't think making citizens into police is the way to go, but I think making a clear stand against unsolicited email in the law is quite important.

Re:Private Is Always Better...but...

[I+R+A+Aggie]

I can't help but, although reluctantly, support federal legislation to limit UCE.

You just need to support a law making it legal to hurt spammers...

James - me? violent? never...

anti-spam HOWTO

[Silas]

I maintain an anti-spam HOWTO that discusses some of the general issues of spam policies and prevention; it might be useful for this discussion. (Note that it was originally written for folks who use qmail, but much of it is relevant on a mailer-independent basis.)

Re:Jurisdiction

[e-gold]

...What about spammers outside US jurisdiction? ...

Oh, you mean reality? Well, a REALLY KLUDGY but working solution is proposed at the Flying Rat Project. As usual, free e-gold for the asking to Slashdotters who want to try it. Just send me an account number. http://www.FlyingRat.org Thanks.
JMR

Criminalizing simple. innocuous actions

[timothy]

hear, hear, hear!

In fact, see Ain't Nobody's Business If You Do (in fact, all of McWilliams' books are available online for the reading) for a complete summary of the case against precisely this.

On the other hand, specific privisions against fraud are different from general "thou shalt not email" laws. Fraud is (at least)as bad to free marketeers as to anyone else, if nothing else because it's one thing [they / we]'re often accused of ignoring if not committing.

timothy

Re:nice.

[titus-g]

Plus the greif of admins. When a student where I work sent out 5,000 spam messages, advertising a company he was running on the side, the university abuse adress (which I am one of the recipients of mail to) was recieveing several spam complaints per day for 4 days...which of course we had to answer and tell these people that the issue was resolved.

Relax . . . drink perl

Re:Dammit

[greenrd]

Brilliant idea!!! Thanks, I'll probably use that. :)

Re:This will never work

[dubl-u]

Then there's the most annoying problem i faced, which is admins that either don't know how to prevent relaying, or don't care that they are being used as a relay.

Luckily, I think this is only a temporary problem. Why? The combination of a few factors:

• Most shipping mail packages include relay protection, many by default, so newly installed servers generally aren't vulnerable.
• Old machines are constantly being taken out of service, reducing relay supply.
• Organizations like MAPS and ORBS put pressure on open relays to close.
• as the number of open relays decrease, spammers will hit the remaining ones harder and harder.

Put together, these factors should make it harder and harder to run an open relay and not give a damn. A lame admin may be able to ignore a little stolen bandwidth, but the ever-decreasing number of relays will mean ever-increasing loads on the few that remain.

In the meantime, it would be nice if more dialup ISPs blocked outgoing access to port 25. I know that Mindspring does it, and I never see spam from them. Unlike, say, PSI or UUNET.

Re:your isp bill usually dosn't go up despite spam

[Dwonis]

Mine does. So you can shut your mouth, now.

BTW, go ask an ISP if spam is a problem. Nice when you get 80,000 different mails from a spammer with a dictionary.
--------
"I already have all the latest software."

Re:Boba Fett!

[wolf-]

Just like, use the beer, eh?

.. Forgot the tracking URL sample =)

[citizenc]

Check out a sample report that SpamCop generates!


.- CitizenC (User Info)

Re:Nice try...

[marksthrak]

This is true- since the web is so huge an entity, there are always corners that will remain hidden. But if we can get other countries to cooperate (read: extradite), this sounds like it could be remarkable effective. Any US company could probably be held liable regardless of where the spam originates, and this sort of 'distributed enforcement' is about as powerful a tool as we're going to get.

Re:The only thing it costs you is patience

[marksthrak]

That's not true- every SPAM takes up time and bandwidth on every system that it passes- which works out to be an enormous amount of bandwith and computing time, especially when it's one of those mass emails advertising for cheap toner.

Re:Isn't it just?

[bugg]

There're not enough bounty hunter jobs in the world

You must be living in the woods. I know a couple people who are bail enforcement agents both part and full time. There's certainly enough work, as people will _always_ skip.

Or if you're the crazy, suicidal type, you could try going after bin Laden.

Sign me up

[casper911]

I would spend personal time going after these spamming bastards. I despise spam. The penalty should be a public stoning. With rocks that is. Lee

Yeehaw. Good huntin', Bubba!

[Raving+Lunatic]

I'm goin ta get me a bran-new 12 guage and head
out into cyberspace shootin.

Re:Your tax dollars are going towards...

[Strongtium90]

Agreed!

Re:What is a shimomura?

[Strongtium90]

He was a true Hacker that busted that Cracker named Mitnick.

Re:Wouldn't it be even *harder* overseas?

[tmatysik]

Here in New Zealand (which I think would definitely classify as "far flung" and outside US jurisdiction) we have unlimited free local telephone calls, and free unlimited dial-up internet access (thanks to companies like i4free, surf4nix, freenet, zfree and so on); 56k is pretty damn fast when all you're sending is text messages.

Re:illegal spammers

[ahodgson]

That's why God invented firewalls.

They can send the crap to themselves, and maybe even each other, but no one I know needs to talk to companies that spam.

wait..

[Super_Frosty]

Let's look at the story behind the story here.

Since when are congressmen so interested in the internet? I've sent my reps tons of stuff about tech issues. When I ask them to overturn restrictions on encryption, etc., they say "duh, I'm still reading internet for dummies."

My suspicion is that this i spart of an effort to regulate the internet.

Right now, there is NO CONTROLLING LEGAL AUTHORITY over the internet. No buearau of internet safety. But, there would have to be if there were going to be federally enforced anti-spam laws.

I promise that this won't stop with spammers. It will extend to internet taxation and other unpleasant regulations.

Re:Bounty on Spammers?

[Zipo+Bibrok+5e8]

Or alive? What good is a live spammer? All they do is take up space and waste bandwidth. Make spamming a cause for justifiable homicide, like adultery is in some states.

--

Re:/. spammers

[Zipo+Bibrok+5e8]

But who has the addresses they used to sign up, and their posting IP logs? Only the /. admins.

/. could actually turn a profit for Andover...

--

Re:Be careful, Timothy

[Zipo+Bibrok+5e8]

This has been addressed before. Hormel doesn't mind, as long as you don't use all caps to refer to UCE. SPAM in capital letters is the pseudo-meat. Spam in normal case is UCE.

--

Re:/. spammers

[Zipo+Bibrok+5e8]

Oh, suuuure... No logs. Just like AOL OpsSec doesn't read your IMs, and there is no Echelon, and Britain's new email monitoring system will be used with the utmost discretion, and there aren't microscopic cameras in your walls and homing devices in your bloodstream, and the government doesn't have a dossier and DNA profile on every living human being, and your neighbors aren't spies, and the markings on the back of highway signs aren't intended for UN shock troops, and the military doesn't have nukes aimed at our own cities, and your cat isn't super intelligent and waiting for the moment to overthrow his oppressors...

What? No! I took my medicine today! Get that away! I don't need any thorazine! HELP! HEEELLLPPP!!!

The Slashdot admins respect your privacy. The government is here to help. The conspiracies are all in your head...

--

This has the potential to be very Evil(tm),

[Zipo+Bibrok+5e8]

I hate spam as much as the next guy. In fact, I probably hate spam more than the next guy, unless the next guy is Julian Haight. BUT...

This looks good on the surface. But change the definition of "spam" and it essentially becomes just "bounty hunters wanted."

Thus, with a 1-page amendment, the government can go from protecting the consumer to executing witch-hunts and digital book-burnings.

--

Beg to differ

[Rares+Marian]

1. That damn anonymininity thing. I know several people who keep ahead of the ad bombers by skewing surveys, separate identities, and just plain good internet sense (the alter ego of netiquette). I totally disagree on that point.

2. Knee-jerk easy trade laws
That's why a micrograin of marijuana gets your financial aid taken away. The darker side is that I think regardless of spam and wasted resources people overreact to spam to the point that it embarrasses me.

3. Cracker jack box prize
The anonymity that allows one to protect oneself preemptively against this kind of harrassment. (Yes, spam sucks. No, it is not a capital offense.)

Time for fire up Microsoft GovStringPull 2000 + 5/12.

Delayed release virus as spam

[Rares+Marian]

Suppose some shit decides to program a little beastie that spreads and randomly edits headers using info from other mail you've received. Then on an irregular basis send five copies of said emails. But as long as we can count on Geneva 8 to sodomize us in otherwise that's no biggie.

Re:Subscription details?

[BMIComp]

Well, FYI, the ACLU is the American Civil Liberties Union. It's website is ACLU.org. Click on the Join Our Alert List link on the main page to get on it.

Re:Nice HR!

[BMIComp]

Uhm, try putting on your glasses next time...

Well, I probably would have too actually, it's just somehow I got on the ACLU's mailing list so I'm used to the House of Representatives (HR) bill number thing.

there's a price on your head, mister

[jxxx]

The very idea of bounty hunters gives me a chill.
Take the police, probably not in the mood to be nice, and take away the role of public servent. It's a license to take out aggressions.

As for the ISPs...if your ISP says "ok, you can spam", wouldnt they have to then get permission from their upstream? On and on, bandwidth provider approval requirements set up an impossible goal. That added to the fact that I don't like being told what I can and can not do with my bandwidth. Better to set limits on usage than to dictate what the end purpose is.

Re:what consequences?

[SEAL]

Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt.

I agree here. I'm curious why an incentive is needed at all. Most people, I think, would jump at the opportunity to turn the screws on a spammer. I think we should be concentrating on penalties for spamming, rather than rewards for turning people in.

This seems to work well enough for fax machines; email should be granted the same protection under the law. Email may be harder to trace, but offering rewards isn't going to cure that problem.

But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?

"Why should we be suspicious of the DMCA? No one's going to use it in a way we didn't anticipate, right?" Heh... granted that's an extreme but you see my point.

Best regards,

SEAL

If this goes through

[AndyL]

If this actualy happens I'd like to place my bet now that at least 90% of all Spam Bounty Hunters will go by the name of "Boba Fett" or some variation on the same.

Re:Isn't it just?

[TheCarp]

hmmm there are plenty of communists who believe
in freedom and privacy.

Besides...doing something "for the money" and
being willing to forsake the privacy of the masses
for capital gain isn't a very communist idea :)

In fact...its one of the things many communists
would point to and say "Look at what those
capitalist pigs do to the people!"

The bill, the spam, and congress is slow

[MattW]

First: why does it take so long to pass a simple piece of legislation? All they have to do is require "UCE:" or "AD:" at the beginning of every email, and with stiff penalties, that would be the end of spam. And that's a mild remedy -- there are better ways.

Second, I don't think HR 3113 was being referenced in the article. It seems as though the conference participants were suggesting more vicious legislation (the bounty hunter reference). HR 3113 primarily seems to establish one big opt-out list maintained by the FCC (yech), which you can ad yourself to, and UCE people must honor that opt-out.

On the plus, side the bill seems to offer up to $500/violation or $25k/day -- and as I read it, the lay person getting a piece of spam could literally sue for $25k or 75k for a willful violation. Can you say, "ow?"

Here's the link for the bill info:
HR3113.

Re:The bill, the spam, and congress is slow

[Twistor]

...but what we give up may be too much (naturally I wouldn't mind the cash though the hoops they make you run through to collect are a bit daunting.) The libertarian in me winces at Section 4:

SEC. 4. PROTECTIONS AGAINST UNSOLICITED ELECTRONIC MAIL. (a) UNSOLICITED COMMERCIAL ELECTRONIC MAIL OPT-OUT LIST- (1) SELF-LISTING; MAINTENANCE OF LIST- Any person, on his or her own behalf or on the behalf of any of his or her children, may file with the Federal Communication Commission a statement, *snip*...

(A) shall maintain and keep current, or shall by contract provide for the maintenance and currency of, lists of the names and electronic mail addresses of persons filing such statements; and

THIS IS WHERE IT GETS TROUBLING

(B) shall (directly or by such contract) make the lists (including portions thereof or changes therein) available to any person, upon such reasonable terms and conditions as the Commission may prescribe, including the payment of such service charge as it determines to be necessary to defray the cost of compiling and maintaining the list and making it available in accordance with this paragraph.

So the FCC maintains an email database and charges for its perusal... smells a bit like a protection racket!

*SNIP*...

(b) PROTECTIONS AGAINST UNSOLICITED ELECTRONIC MAIL- (1) RETURN ADDRESSES REQUIRED- It shall be unlawful for any person within the United States to initiate the transmission of an unsolicited commercial electronic mail message or an unsolicited pandering electronic mail message unless such message contains a reply electronic mail address, conspicuously displayed, to which a recipient may send a reply to indicate a desire not to receive any further messages. (2) TRANSMISSIONS AFTER OBJECTION SUBJECT TO ORDER- Whoever, following a request by a recipient to the initiator to be removed from all distribution lists, directly or by any agent or assign, initiates the transmission or causes to be initiated the transmission of any unsolicited commercial electronic mail or unsolicited pandering electronic mail, or who violates paragraph (1), shall be subject to an order of the Federal Communication Commission to refrain from further mailings of such materials to designated addresses of the recipient.

Oh, so I can still get spammed at least once by JoeSpammer and NOT collect right away... only after the Handshake (the "Notice" sent after the spamming) is complete can i take it to court... hmmmm, that's a loophole.

Spammers: Your days are numbered

[Erik+Fish]

I take the time to track down and report every spam I receive on one of my important e-mail accounts. Out of 157 spams since 1997 I've gotten 87 confirmed kills. Despite this, I would much rather see spammers be given the Mitnick treatment than reap any monetary rewards.

Hopefully Sam "BENCHMARK PRINT SUPPLY" Khuri will be the first up against the wall if this goes through.

Spam is the result of incompetent/malicious ISPs

[ThePurpleBuffalo]

I know very little of system administration, but the way I see it, the only way to transmit spam, is to have an ISP that is either incompetent, or willfully allowing it. If I'm not mistaken, sendmail will (by default) not allow external relay access. These laws should make ISPs responsible, then you would see a drastic decline in levels of spam.

Then, the problem becomes inforcing the laws in other nations. The Internet needs some sort of internal justice system. No single country should be able to write laws like this. These laws have to come from the users, wherever they are *physically* located.

This "Internet Justice System" would only be feasible if it had the power to deny service to certain ISPs and countries based on their willingness/unwillingness to comply with the rules brought forth by the Users.

Anyway, that's my rant for today, let me know what your thoughts are on the idea.

ttyl
TPB

Kill the government

[forkspoon]

The government has only been bad news for not only us computer junkies but most about everybody in history in general. fuck the government. Thanks, Travis forkspoon@hotmail.com

SamSpade.org

[rjamestaylor]

Anyone could become a Spam Bounty Hunter using e-z online tools such as Sam Spade (it even has a ... plug-ing (?) ... for IE. I've used this site for tracking down a number of spammers and 31337 "attackers".

Re:MEEPT!!

[348]

MEEPT!!, Welcome back! All Hail MEEPT!

Just watch out so you don't get "bitchslapped", It would be a shame to have to dig for your posts at -2 again.

Re:nice.

[Nastard]

so im sure you wouldnt mind if someone was using *your* bandwidth that *you* pay for, to spam everyone they can find? well go ahead and set up an open relay smtp on your network, and ill do my best to use all of your bandwidth.

my site is anti-spam

More info on HR 3113

[jmozena]

The basics of HR 3113 are as follows:

1. Forging headers/contact info on commercial e-mail is illegal. Noncommercial e-mail is not affected.

1. Using somebody else's mail server to send commercial e-mail without their permission is illegal.

1. "E-mail service providers" can post a policy, either on their Web page or in the SMTP banner, as to whether or not they allow spam to be sent
2. to their users. Violators of the policy can be sued by the ISP for $500/message.

1. Commercial e-mails must be identified as such with "ADV:" in the subject line.

1. End-users may sue spammers for $500/message if the spammer does not honor "do not mail me" requests.

1. The Federal Trade Commission has the power to go after unrepentant spammers.

More info is available on the Web sites of the Coalition Against Unsolicited Commercial E-Mail (CAUCE, www.cauce.org) and the SueSpammers Project (www.suespammers.org).

John Mozena
moz@cauce.org

Re:More info on HR 3113

[Hoaxed]

H.R. 3113, the Reauthorization of the Rhinoceros and Tiger Conservation Act of 1994 not SPAM law.

Re:Summary of the bill

[jmozena]

This summary is out of date. It's a summary as of when the bill was introduced (10/20/99), and the bill has been completely rewritten (everything past the enabling clause was thrown out and redone) since that point.

Don't base your opinion of the bill on this summary.

John Mozena
moz@cauce.org

would hav been better...

[ryanhos]

would have been betterif it were called House Bill 1337!

Re:I can see it now...

[kd5biv]

Even the most inept telephone telemarketer has a few stories of conversions: people who start off following the "Put me on your No-Call list" script of DMA-supported so-called 'consumer' groups, but end up as buyers. The secret is that the longer you talk, the more likely you are to buy. Most people who follow a No-Call script would have hung up point-blank before. The 'don't call' script offers a tiny foot in the door of otherwise definite no-gos. The Telemarketers have scripts of their own to capitalize on this.

I've used the do-not-call script on a few cold callers myself, and it's really funny to hear them bracing for what they know is coming and frantically switching scripts to get their pitch in before the call is over.

The most pleasant effect is that all of a sudden they become very polite once you have their business name, address, and phone number. They know they can only talk to you for the remainder of the call and then they lose you for a whole year, so the remainder of the call is usually *very* professional.

Or they hang up after your first question and you *know* you're dealing with a scam artist ..

My point? It's not that much of a hassle to do this the legal way, and if the people in charge of writing this law have any sense, it won't be any more of a hassle to dismiss with a spammer. Plus, you do have the incentive of an occasional payoff *and* sticking it to a scammer once in a while. Unless they really screw this one up, I think the benefits are worth the drawbacks.

My $.02

[kd5biv]

Spam is only going to get worse. As more people realize that they can force millions of people to see at least the subject line of an unsolicited email (get rich quick, hot babes, get your own spam CD, take your pick) the problem will continue to escalate until email becomes a recipient supported ad delivery system.

When it gets to that point, what will most users do? Realize they're throwing money down the drain for an ISP account that is so crammed with useless junk it's unusable for communicating with people they want to talk to.

I don't like the idea of vigilante justice. It shouldn't be necessary to dangle re-ward money under people's noses just to get them to do what we should all be doing anyway -- capturing the messages and forwarding them to abuse@spammers_domain.com and/or abuse@higher_up_the_food_chain.net until someone is willing to take action. But, since most people outside the tech world are a lot more self-centered and need this kind of incentive to get them off their butts, this is what it usually takes to get enough people motivated to make a difference. Maybe it will work too well, and maybe for the wrong reasons, and maybe it's just a kludgy psychological hack, but it will get more people involved in keeping our email systems usable.

And for the record, anyone who spams me is toast. I know who you are, and I know how to find out what I need to know to get you shut down. Consider this my opting out.

Re:Dammit

[Hellmongr]

I don't see the controversy in this. Turning in kids that might be potentially dangerous (who hadn't yet committed a crime) is quite different from turning in spammers who have committed a crime (forgery (in this case, attempting to falsify the origins of an email) is a crime).

Re:Nice try...

[ArchieBunker]

A lot of the spam I get usually comes from some box over in asia. A quick scan of the boxes revealed solaris 2.7, someone just plugged it in and never bothered to fix inetd. EVERY service is usually running, useless shit like chargen and echo. Sun managed to fix sendmail in Solaris 8 so mail relaying is off by default. Finding out who owns the IP block is no good because 99% of the addresses don't work.

spam

[geekoid]

not all spam is bad Check this out

Don't want to burst the bubble...

[Sonicboom]

...but this sounds like another swinging door for legislators to walk in and censor the internet.

AFAIK The US .gov and their legal vultures should keep their mitts off the internet and start worrying about more important issues at hand.

Lowering taxes, better schools, more funding for PBS... etc...

oo-ta goo-ta solo?

[nomadic]

sounds good to me; spam a few mailboxes, get frozen in carbonite...

Re:Spam solutions

[homer_ca]

I use Brightmail. It catches about 2/3 of the spam in my mail. Better than nothing but still an annoying of spam.

FWIW the best filter I found is to junk all BCC'ed email that's not from people you know or mailing lists you subscribed to.

Re:ponder ponder ponder

[homer_ca]

>imagining a world where one driver can pull over another for speeding. And can they issue a ticket
>on the spot, or do they have to wait for a police officer to arrive.

That's the funny thing about traffic laws. For every annoying law you can get me on, there's an equally annoying law I can get you on. For every 71 in a 70 speeding ticket, there will be just as many tickets for this law. I will personally ticket every single moron going 69 in a 70 in the left lane who doesn't move over for traffic behind.

The Larger Picture

[khog]

Spam is nice to rant about, and all, but there's more. So much more. Where do we draw the line? Targetted advertising via Internet? TV? Billboard? Dashboard? Earpiece? Retina? At what point do we stand up and demand to be called by a name and not a database reference? When do we demand our freedom from the technological age? At what point are we going to demand to have lives, not histories?

These questions are so amazingly important not only the in future of the Internet, but in the future of the modern world. Without rhetoric, when will we demand that the interactivity stop? Aren't we people and not IDs? Shouldn't we "Just Say No" to tracking, whether it be electronic or not?

In my wise-ass, surly, 15-year-old opinion, the time is now. The "war on tracking," however, will not go the way of the "war on drugs;" this is a fight that needs to be fought (and won!), and now is the time. We may already be too late; DoubleClick, for instance, is everywhere. This needs to be stopped.

The solution? Well, don't look at me, I'm in high school. I think the solution begins with individually disabled tracking, locally; delete those cookies from DoubleClick, set up a proxy and don't let them in. What we don't need, however, is legislation legitamizing anything, though. We, the geeks, need to stop this from happening. We made the Internet, and it's going to be our job to save it.

Sheesh, you'd think I was Jon Katz, or something.

Mike Greenberg

Re:ponder ponder ponder

[zaius]

There's a $100 fine for littering, would it bother anybody if I got half if I turned litterers in?

Imagine for a second a world where you give everyone say, half of the fines payed by "criminals" they turn in. First, fines would go up because the government still needs the same amount of money, if not more to handle the extra overhead of having to mail all these checks. Also, it will certainly cause people to take the law into their own hands. IMHO, if anyone wants to track down and turn in a serial killer, they're more than welcome to and they should be payed a reward for it. But what about turning in people who litter, or who are speeding? I have a difficult time imagining a world where one driver can pull over another for speeding. And can they issue a ticket on the spot, or do they have to wait for a police officer to arrive.

Also, police officers go to school for years to learn, among other things, judgement!! Other than the spiffy uniform and legal sidearm, that's the only thing seperating a police officer from bubba sitting in the back of his pickup with his double barreled shotgun. Even though we have a court system to make the final judgement on who's guilty and who's not, it would sure as hell be inconvienent if you had to go to court because some bum under the highway overpass with a stolen radar gun gave you a speeding ticket for going 71 in a 70 zone.

I have no problem with this bill, so long as it doesn't set a precedent for future laws, relating to the internet or to other things.

-- zauis --

Re:what consequences?

[subsolar2]

What I would much rather see is enforcement of starting off the subject line of an UCE with "Adv:" or "Ad:" like some other places require. This would make it much easier to filter out the junk from my inbox. Currently a filter on the above stops about 5-10% of my junk e-mail.

While were on the topic of filtering junk what about an .SEX or .XXX top level domain??

subsolar

You read the wrong response

[TekPolitik]

There are two responses on the CAUCE web site - one supporting HR 3113 and one withholding support from the as yet unnumbered senate companion bill.

Re:SpamCop - Easily report your spam!

[catflop]

Spamcop is worthless. Do a dejanews search in nana.email.

Re:Dammit

[TheSteve]

Almost like the beginnings of an online WAVE program.

"Come on, kids!
Get free prizes!

For every person you report who abuses or uses unusually any technology or computer, or seems like they might, you get a free pair of Nikes or a CD player!
Additional prizes available for reporting often!

Re:Subscription details?

[noitalever]

oh, i'd agree with that, and i'm not even anonymous... although the vocabulary could be improved.

The anon site.

[noitalever]

Hey, I went to your site. You should learn how to spell, it's not that hard, and the rewards are legion. "Donatons" tend to be in short suply when it looks like you have no reel clue what you're dooing, if you kan't spell, how do i know you can really protekt my privaci?

Spam solutions

[Anonymous+Taco]

I think that privatized solutions, especially services offered by Brightmail, Inc., are a much better alternative to government-imposed regulation.

Re:Why a bounty on *this*?

[DgtlGhost]

While I'm not too sure about offering SPAM bounties, I am very much against the idea of automatic bounties for more serious crimes. SPAMmers aren't likely to kill the people who turn them in....
Kill the thread, it's going OT real fast...

-Earthman

Proving innocence

[effer]

I can see potential instances in which SPAM could originate from an innocent person/entities system. At this point, is the poor exploited user responsible for their own defense? Furthurmore, doesn't said defense constitute "Proof of innocence"?

I agree with a previous posters comment that this is an attempt to add one more Internet law to build the numbers and make future laws more mainstream and thus accepted!

Re:Summary of the bill

[JCMay]

This law is based on a false premise, but one that has received more and more credance as the years go on. That premise, in a nutshell, says:

People are idiots. Government must save them from themsevles

Where I work, we are slaves to M$. I use Outlook as my mail reader. You should see my rules list. I only see SPAM once from any domain. Sorry about any of you that happen to have legit accounts at AOL (smirk), MCI, Excite, Hotbot, or any other of a galaxy of domains, or countries for that matter (no mail from .nl, .br, .jp). I'll never see your mail.

Did I need help setting these rules up? Nope. Is it perfect? Nope. But every time I get SPAM, it gets better.

Upset that you can't mail me from your account in these domains? Just talk to your system administrator. Every so often I clean out the rules list, and maybe you can try then.

Really, I get more upset with frilly things in mail more than SPAM. I know people that like to include background graphics and use HTML in their mail. Yech. I just wish I could whap people that don't mail in just plain ASCII.

ROCK ON!!

[11390036]

We can collect bounties for busting dweebs (a.k.a. internet scum).

It's nice to see the government is trying to take action against SPAM by empowering the citizens!

Now I've got something useful I can spend my time on, and make $ too!

Interesting how the tactics of yesteryear (do bounty hunters still exist?) being implemented into the new fronteer.

Do I sense a major reduction in SPAM, an increase in initiatives to bring these non-31337 losers behind bars, and more youngsters (and old timerz) having more time & $ to spend in bars?

Private solutions?

[yankeehack]

Ummm.....If there are viable private solutions to this scourge, then why haven't we seen them already?

I am not sure if a private solution would work in this situation because of the "free speech" arguements and also of the multi-juristdictional nature of the problem.

The the bill addresses two issues in the fight against spam. 1)a legal definition of spam and 2)an incentive for others to hunt down spam.

For all those anti-government folks, I am surprised to see that a creation of a civilian anti-spam force is so distrubing to you.

nice.

[laserjet]

I want to be a bounty hunter to catch those damn spammers.
seriously, though, this is definately needed. i think we are all victims of spam, and it's time somehthing is done about it. filter all you want, you can't catch everything. or can you? it would be interesting to know what filters people use and how succesfull they are.

Re:nice.

[ahsile]

I personally like to filter the same way Hotmail does with its bulk email filter. Anything that doesn't have my email address in it gets trashed. Only a slight few actually make it through.

Re:nice.

[t3mpest]

I use sendmail with the rbl and source domain validation. I get maybe one piece of spam per week.

Re:nice.

[fatboy]

It boils down to using a traditional and effective compensation method (bounty) on an act that infringes on others' rights. What great freedom of yours is being lost?

Anyone that knows RFC822 knows that any compliant MTA shows where it gets mail from. You have an audit trail of where that mail came from in each and every message. If that is not enough information, you can call the admin of each MTA the offending message went through. There is no need for any kind of government regulation.

If you don't want spam, get an ISP that uses the RBL.

If the government starts dictating what can be in email headers, the technical reasons information is placed in those headers can be restricted.

I would rather deal with some spam and follow RFCs than have a little spam and have goverment regulated RFCs

Re:nice.

[fatboy]

seriously, though, this is definately needed. i think we are all victims of spam, and it's time somehthing is done about it. filter all you want, you can't catch everything. or can you? it would be interesting to know what filters people use and how succesfull they are.

I have not read the bill or anything, but I think that it sounds like a Bad Idea. We can take care of these problems ourselves. There is no need to have the US government police our networks in this manner.

I will accept a little spam if I can keep all of my liberty.

Well, what little liberty I have left ;)

Re:nice.

[Bouncings]

• We can take care of these problems ourselves. There is no need to have the US government police our networks in this manner.

It's easy to get carried away in this kind of regulation indeed, but consider things for a moment. What about only banning forged email? Don't I atleast have the right to contact who is spamming me? Outlawing the worst-case SPAM cases isn't going to cost you very much liberty.

The idea behind freedom and liberty is doing what you want, so long as it doesn't hurt others. Email SPAM, like the now illegal FAX SPAM, does cost the collectors money. It's only fair that those damages be collected on, and it might be a good idea to encourage the process by offering a reward.

It boils down to using a traditional and effective compensation method (bounty) on an act that infringes on others' rights. What great freedom of yours is being lost?

Re:nice.

[TheCarp]

You obviously don't run systems with more than
a couple of thousand users.

Sure its only a 2k email....however when you
multiply it by 10,000 users, that "one little
mail" will take up 10 MB of space...not much by
todays standards....but given that it is not
unheard of for an individual on spam lists to
get several spams per day....it adds up quick.

Plus the greif of admins. When a student where
I work sent out 5,000 spam messages, advertising
a company he was running on the side, the
university abuse adress (which I am one of the
recipients of mail to) was recieveing several
spam complaints per day for 4 days...which of
course we had to answer and tell these people that
the issue was resolved.

Forget about user quotas (which are finite, as is
the very nature of quota) and what happens when a
user runs out of quota...I am sure they would
rather the last 2k of their quota going to a
message from their friends than some spam
advertising some "get rich quick" shceme.

(yes, our users have quota. I know that some
people are amazed by this - like say the people
who wrote pine - but its true)

Re:I can see it now...

[muldrake]

Is it just me or does this sound damned hard to work out details for?

Simple. You turn in the ears and tail for the bounty. They'll be able to tell it's from a spammer because the ears will be made from a pink, vaguely ham-like substance and be covered in a slimy gel.

Alternately, you could turn in their thumbs as well, that would slow them down. I don't even care what happens with this, I just would love to see spammers hunted across the face of the earth, fleeing gangs of money-hungry geeks.

i don't like it this law

[FullaDumbAnswers]

I think spammers should be free to fill my mailbox with trash without fear of financial consequences. A congressional law like this might be too effective at cutting down on unsolicited junk email. Spammers have a right to fill up my server resources and use your valuable download time to spew their messages!


...................

... paka chubaka

Re:Dammit

[tchuladdiass]

Better yet, have account #3, post the address far and wide (various news groups, etc.). Use this for a "spam trap". Compute a CRC on each message that goes into this account, and compare with CRC's of messages in your real account, and filter out matches.

I filter out about 90% of my spam that way.

Re:I can see it now...

[Mojojojo+Monkey+Inc.]

http://mail-abuse.org/rbl/ - kills spammers dead

http://www.alladvantage.com/go.asp?refid=GZX636 - Get paid to surf

Ironic? I think so.

Why a bounty on *this*?

[isomeme]

It seems odd to me that a built-in bounty provision would be attached to the crime of spamming. We don't offer automatic bounties for turning in murderers, for example, though they're also hard to catch. What line of reasoning led these legislators to conclude that a mandated bounty on spammers was warranted? Or does that question contain a fatal hidden assumption? :)

Spam-proof SENDMAIL!

[Sunlighter]

Why not attempt a technical solution?

Make it an option for the owners of e-mail addresses to set and remove passwords on their e-mail boxes. Unless the sender has one of the passwords, his message simply never gets received.

If I posted on the Usenet I could post a temporary password. It would expire in a few days. If I joined a mailing list, I could give that list a unique permanent password -- and if I got spammed, I'd be able to see which password they used, and cancel that password, and warn people to stay away from the web page or mailing list that compromised it.

All those CD-ROMs full of e-mail addresses would be rendered worthless overnight.

Why not? Let's do it!

-- Sunlighter

Re:Private Is Always Better...but...

[_ganja_]

I used to work for an ISP only a short while ago. The marketing department of the ISP actually spams its own users, ironic really.

Re:This will never work

[_ganja_]

I'm sure the admin / his or hers manager would take action if this server found it's way on to the ORBS database, taken from their web sire (www.orbs.org)

"ORBS, or the Open Relay Behaviour-modification System, is a database for tracking SMTP servers that have been confirmed to permit third-party relay. These servers permit spammers to connect to them from anywhere in the world, usually from a modem connection, and then forward the spam to its intended victims. It also tracks networks that prevent ORBS from verifying whether or not their SMTP servers continue to permit third-party relay - it is fairly common for inept administrators to try blocking the ORBS testers rather than to actually fix their security problems."

If the problem doesn't get sorted once ORBS has contacted the admin, it'll find it's way on to MAPS RBL list.

http://www.mail-abuse.org/rbl/

I really feel that all abuse@ supervisor should be aware of these two services.

Re:If you think u$oft is bad...

[_ganja_]

Just wondering if it worth registering slashporn.net??

I think they had this at one point

[42821128607675]

Now don't officially quote me on this but I believe I saw just the thing your were looking for before. Either at the internic's ftp site or similar had an early listing of IP addressed and owners. However I believe that now with all sorts of people having ownership of IP addresses and them changing hands quickly I don't think that this will be up to date (probably from 1994 or so).

Wouldn't it be even *harder* overseas?

[42821128607675]

Maybe I have been smoking something but it seems to me that most countries in the far flung reagions of the world that are outside the relm of US juristiction are also in relation extremely expensive to do bulk mailing activities from (metered calls per minute)? That really dosn't add up. Maybe if they have unlimited access deals then possibly yes.

Subscription details?

[42821128607675]

Sounds like a good list. What are the details?

Creating your own targets

[42821128607675]

One of the first things that I thought of was the possibility that the people who are "bounty hunters" may do what people have done in years past when the government ever gave actual bounties of this kind. All you have to do is just either create some of your own spam and then turn in the "user" or just pay people to post spam under fradulent accounts. Bam instant money.

You have described Signapore

[42821128607675]

Police in this area are among the most anal of anywhere in the world. You can get arrested for littering, spitting, overeating, etc. Not exactly a pleaseant place to live if you are not a very strict person who can control all of his/her outward actions.

Off with his Header! Off with his Header! Off ?!?

[mofohawk]

Hmmm... Well in any event this piece of news I find quite disturbing. It is not that I like spam, care for it, etc... But it sets a precedent... How will they define spam, or unsolicited e-mails? Will Spammers be registered? And why, on God's Green Earth (Or Mother Natures or Allah's or however you believe) would they put together something so pansy and full of loopholes... THERE IS NO POINT! Anyway's I've got a bad joke for you... Why did the Senator cross the road? To get the donuts left on the other side by pr0n spammers.

cancel moose to the rescue?

[catkinson]

I wonder if people can come up with a cancelmoose solution and _gasp_ solve the problem without spending any of the government's money. has anyone heard of open source to the rescue? realistically though ... I think spam might be around for a while even if the United State's government tries to do something about it. We all know how effective they are at solving problems.

Bad, Evil ... Criminal.

[dR.fuZZo]

Some cases may not be so clear, but there's some spam out there that's definitely criminal. I wouldn't have anything against a law that encourages people to turn in those who are committing outright fraud.

This is only the start

[Rathian]

A bounty is a good start... personally a baseball bat and I would love a few hours to beat the Purple Vein Snot out of these jerks that spam me. Laws are only the start of this though. Great, they've given us a tool to smite the spammer with. What isn't really being said is just how hard that can be. Basically to track down spammers we have:

• Contact info in the email itself (po boxes, phone numbers, etc.)
• Credit Card Clearing Houses - >rant< though some are VERY unhelpful such as Shopnow.com who has or had been willingly and knowingly harboring the Cyber Investigator spammer in spite of my numerous reports! >/rant<
• ISPs the spammer's site is uploaded to
• ISPs used to send the spam
• Owners of the computers involved in the relay
• Email host providors

Rookie spammers should be a comparable slam dunk - though they are the ones that will not likely carry much of a bounty. The pros on the other hand are a completely different matter. Say you get a spam from say, a modestly experienced spammer. First, you need to hack through all of the Javascript BS - some of them have gotten annoyingly proficient at using all kinds of stuff to thwart would-be reporters. OK great, you managed to hack through all the protection, now you need to track it back to his ISPs. Most ISP's I've dealt with require a subpoena to get the phone logs. I've never gotten a subpoena before, but I've heard it can be a lengthy process (I could be wrong), plus there are the fees. Next tracking the phone number down through the teleco. In most cases, this should be pretty easy. Now for what can go wrong and if this becomes law, you can guarantee spammers are going to do things like this more and more. Spammers already do quite a bit to obscure what their originating IP is. Some of them have gotten pretty good a burying it in the forged headers. Other times spammers use ISPs from outside of the USA. That or if they are successful in burying/eliminating the originating IP in the header all you have to work with is the relay site. Some ISPs/companies are very good about doing something about the open relay - while others are damn near impossible to dig up valid information on who even owns the IP! Even if you do get it down the phone number, I would guess a few of them have gone as far as to get unlisted numbers (if they don't already have them). This will likely require another subpoena to the phone company for them to turn over information about who they are. The law is only the start, tracking down a veteran spammer is hard work now (many have tried) and this law is bound to make them much more careful in what they do and how they do it. Securing the cooperation of ISPs, telecos, and other businesses and individuals involved with the spammer is the other challenge. Some I have run into can be very uncooperative. Good luck to those would be bounty hunters out there!

Total Hoax

[Hoaxed]

The article refers to 2 different bills. Both supposedly introduced last year. 2162 and 3113. H.R. 2162, the Archer Immigration Bill http://www.house.gov/archer/news/papers/immigratio n.html H.R. 3113, the Reauthorization of the Rhinoceros and Tiger Conservation Act of 1994 http://www.house.gov/resources/105cong/fishery/98f eb05/babbitt.htm

Re:Pandering? Pandering?

[Chris+Johnson]

What? lusers. It's not about _content_! Spam is not about content, it's about mechanism! I totally impartially go after the accounts of MLM and Ponzi scams, porn, and missing children reports. Do you realize how useless your emailbox would become if it was legally filled with the reports and descriptions of all the missing children in the world? O_O

Summary of the bill

[joeboo]

SUMMARY AS OF:
10/20/1999--Introduced.
Unsolicited Electronic Mail Act of 1999 - Authorizes any person, on his or
her own behalf or on behalf of his or her children, to file with the Federal
Communications Commission (FCC) a statement that he or she desires to
receive no unsolicited commercial electronic mail (e-mail), unsolicited
pandering (erotically arousing or sexually provocative) e-mail, or both.
Directs the FCC to: (1) maintain and keep a current list of such filers; and
(2) make such list available to any person, upon reasonable terms and
conditions, including a service charge for such list. Prohibits any person
from initiating the transmission of any unsolicited commercial or pandering
e-mail to an individual whose name and e-mail address has been on such list
for more than 30 days. Prohibits any other use of such list.

Prohibits any person from sending an unsolicited commercial or pandering
e-mail message unless the message contains a conspicuous reply e-mail
address to which a recipient may send notice of a desire not to receive
further messages. Subjects to an FCC order to discontinue any person who
transmits such a message after such an objection. Directs the FCC, upon
request, to include in such an order the names and e-mail addresses of any
children of an objecting recipient.

Provides a private right of action, or an action by the FCC, against an
e-mail initiator who violates the above requirements.

Authorizes an interactive computer service provider to establish and enforce
policies that are nondiscriminatory on the basis of content regarding
unsolicited commercial e-mail. Authorizes such provider to decline to
transmit such messages to subscribers without compensation from the sender.
Requires a provider to notify the violator of such policy in writing and
request compliance. Makes subject to the same FCC order as above a violator
who sends such messages after provider notification. Provides a private
right of action by a provider, or an action by the FCC, upon an e-mail
initiator who violates such requirements.

Requires the FCC to report to Congress on the effectiveness and enforcement
of this Act.

Private Is Always Better...but...

[waldoj]

I'm pretty gung-ho about private solutions to technical problems. I'm far more confident in my abilities, and those of my technical compatriots, than I am in the ability of our government to enforce a law appropriately.

So I'm generally a firm believer in my ability to take care of things on my own. ORBS and The RBL have certainly been shown to be an extremely successful method of filtering out spam. Since I got my mail server set up with MAPS and ORBS, I get about 2 pieces of spam a week. That's pretty managable. (And good, because I'm the kind of guy that gets spam and calls the company to bitch. Total waste of time.)

However, I don't run an ISP. I worked at one, as all good geeks must, back in '95. Spam wasn't a problem then -- I shutter to think what it must be like these days. Spam is obviously a huge loss to these people, MAPS or no MAPS. Because of the direct financial losses that result from the actions of spammers, I can't help but, although reluctantly, support federal legislation to limit UCE. It seems like the only method of stopping it.

God help us all...I'm in favor of a law. :)

-Waldo

Spam Runner

[ch-chuck]

Now that would be a cool movie I'd pay to see!

"In the future, when all the worlds electronics are networkd, a 'leet group of govt agents, outfitter with the latest in tracking gear, neat-o flying cars and spiffy firearms quietly hunt down unsolicited bulk email perps and 'terminate' them, usually with lots of fighting and evasive action scenes ending up with an aweful bloody death for the spammer."

Isn't it just?

[Kris_J]

There're not enough bounty hunter jobs in the world - I'm definately following through on this one. I wonder if one could make a decent living on legitimate bounty hunting and rewards these days?

Sorry to all pro-freedom/privacy zealots, but I'm willing to try this one before I condem it - I don't see anything being given up with this. You only point the law at the aledged spammers, you aren't judge, jury an executioner.

The actual current text of HR3113

[tgeller]

Before you go all postal with visions of 1984 in your head, read the actual text. It's still being modified, but the current version will always be found at http://www.suespammers.org/us. There's *nothing* in there about bounties.

For the record, I don't see how a government-sponsored bounty program could work for spam. The problems aren't in finding good examples of spam -- we all get those every day! The barriers are:

1. Having good laws (that define spam accurately and give right of action to both the individual and the ISP)
2. Getting a name and address to which you can serve papers
3. Collecting after judgement.

All three of these problems are made much easier to overcome with a strong government mandate. But bounties? I don't see it.

--Tom Geller, Founder and Administrator, The Suespammers Project (http://www.suespammers.org)

Government Bounty for Spammers -- A Question...

[Guppy]

So, to get the bounty--do we need to turn in just the ears, or does the government want to see the whole carcass? It'd be mighty nice if I could keep the pelts to sell on the market.

A client side idea

[finkployd]

I'd like to see more Linux email clients (you hear me, spruce guys) include some feature to drop all mail NOT directly addressed to me. If it allows me to set up exceptions to let in the couple of mailing lists I'm part of, then this would effectivly fix the problem.

Maybe there is a way to do this with filters, and I'm just too lazy to figure it out.

PS. I KNOW there is a way to do this with procmail, I just don't use it (neither do alot of people who just have a pop account or two)

Finkployd

California Republican Party spams Canadians

[KeithH]

Interesting that the US Congress would be discussing the issue. Here's a copy of some spam that was received by myself and a whole whack of my colleagues just today:

------- begin extract -------
Wed, 17 May 2000 09:34:49 -0400
Received: from sdeveaux (race203.ienet.com [206.253.15.203])
by qcars001.nortelnetworks.com with SMTP (MailShield v1.5);
Wed, 17 May 2000 09:34:39 -0400
Return-Path:
From: California Republican Party
To: "Hanlan, Keith "
Subject: Greetings from the California Republican Party
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Wed, 17 May 2000 07:34:36
X-SMTP-HELO: sdeveaux
X-SMTP-MAIL-FROM: rapid@cagop.org
X-SMTP-RCPT-TO: keithh@bnr.ca
X-SMTP-PEER-INFO: race203.ienet.com [206.253.15.203]
Greetings from the California Republican Party:

The California Republican Party would like to invite you to become online activists with our State Party. This is a free activity, as we would like your support to help our federal, state, and local candidates and other Republican activities.

Please join today by clicking www.cagop.org/rapid now.

++++++++++++++++++++++++++++++++++++++++

We apologize if you have received this email in error. If you do not wish to receive this email in the future, just delete this email. Thank you.
-------- end extract --------

Apart from not having a clue, they seem to have confused .ca and .ca.us domains - talk about compounding stupidity!

Re:I can see it now...

[seebs]

That "handful" of people is ever-growing, and I will say, *damn* few telemarketers call me back after I say "TCPA" and tell them to put me on a do-not-call list.

Do I sue? No, I'm too busy. But I'm on a mailing list *full* of people who sue, and win. One of them has a respectable income going here; I know people who work full time and don't get as much money as he does, just suing junk faxers.

http://www.junkfaxes.org/

Read it, learn the magic words, sue the bastards.

Re:Jurisdiction

[arcade]

I rember reading a few weeks back that either Norway or Sweden has just passed a law that makes spamming legal.

Not norway! It was sweden! :) Don't blame US for those stupid swedes. ;)

Oh, and the swedish parliament is really having a tough time nowadays. People are subscribing them to all sorts of mailinglist, sending 'unsubscribe' messages to different spam-lists for them, and doing them all sorts of favors. :) Not to mention all the mailbombs sent their way.

In short, I think the swedish parliament will remove that "its ok to spam" paragraph pretty damn soon. :)

(oh, and if you want to help bomb them from here, to h*** and back, look up the swedish parliament, find some email addresses and .. well, you know what to do :)


--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet

Re:what consequences?

[kramer]

Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt. But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?

Perhaps you're unaware of this, but the IRS has a number you can call to turn in people who cheat on their taxes. I know they used to, (but am not sure if they continue to) pay a portion of monies recovered to the person who turned the cheat it.

Mind you, YOUR records better be pristine if you turn someone in, 'cause they're gonna audit you as well operating on the theory that if you hang out with Tax Cheats you might well be one as well.

But a Bounty is hardly a new concept for the US government.

Nothing illegal here

[Webmonger]

There's very little spam out there that doesn't involve someone trying to make money. If they're going to make money, they need some route for receiving money. That route is traceable.

Most people don't want to take the time, though.

Bounty on Spammers?

[skribe]

How do you want them? Dead or Alive?

What about innocent "spammers"?

[vladkrupin]

And what would happen to those innocent souls that do not even know that spam is being sent from their addresses? I mean, how can you distinguish right from wrong and innocent people from guilty, if there is virtually no way to prove that the spam is coming from a particular source, unless you actually seize a computer and manage to dig something useful out of it?
(I certainly hope placing bounties will not give more rights to certain agencies to dig through peoples mailboxes in search of evidence).
-----------------------------------------
------- ------------------------------------------

Re:What about innocent "spammers"?

[Zipo+Bibrok+5e8]

Methinks you need a bit of spam-education.

In tracing spam, the "from" and "reply-to" addresses are essentially ignored. Thus, that risk is bypassed.

When people have their accounts cracked, their ISP admins will go poking through their logs anyway, so that bit of privacy invasion was already present.

As someone who's helped newbies survive an ISPjacking, I can tell you that many help desks will let them off with a warning once. Once. If anything, the experience teaches them proper security practices. Nobody I know has ever been penalized too heavily for stupidity.

--

Re:Consider the CAUCE response.

[AME]

Did you read it? That paragraph was talking about other legislation. Later:

CAUCE vigorously supports HR 3113...

I only said that CAUCE likes it. I said nothing of the decenting opinions of other parties.

--

Re:Dammit

[spencerogden]

This is totally different than the WAVE situation you mention. In that case kids were being encouraged to turn in others who exibited weird behavior, not who committed actual crimes. In this case, if we do get a law against spamming, then these people would be encouraged others who are breaking the law. Totally different.

Boba Fett!

[TrevorB]

Rats, there goes my Star Wars idea and my karma bonus.. :)

I was thinking rather of posters with Boba Fett on them, pointing his arm rocket pack toward the viewer...

"Now you too can be a bounty hunter"...

Oh well, At least I have something:
Darth Vader is now Canadian... :)

SpamCop - Easily report your spam!

[citizenc]

SpamCop does a wonderful job of helping eliminate spam -- you just paste the headers and full body of any spam you recieve, and it chews through it, and reports the spam to the account's admin! It's VERY VERY cool! And free too.. check it out guys =)


.- CitizenC (User Info)

a great new job...

[juzam]

i could get bizness cards that say spam bounty hunter.... this would be a nice way to make extra $, but i think some people would abuse it.

Re:Nice HR!

[joe52]

why couldn't it have been HR 31337?

seriously. How many other people saw 3113 and tried to read it. It took me a few seconds to realize that it was just a number and not some cryptic reference to a fashion magazine.

Re:what consequences?

[G27+Radio]

Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt. But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?

I'd rather not have our government(s) regulating our e-mail. It'll just feed into their whole "we need more resources to fight cyber-crime" thing. I personally would really like to avoid handing any more of the Internet over to them if possible.

I have serious doubts about the benefits too. No legal solution will ever stop spam as well as a technological solution. At best it will reduce spam but it will never stop it. A technological solution on the other hand could stop automated spamming very easily. Unfortunately users and ISP's would have to make changes on the client and server side to allow for protection from automated spamming--and as far as I can tell no one is really interested in doing the work.

Users should be able to maintain a whitelist/blacklist for e-mail at their ISP. Blacklisted stuff should go to /dev/null, whitelisted stuff should pass through unhindered. Everything else should be returned with instructions on how to get to through the filter--nothing complex, maybe including a keyword or something like that. Just something the an automated mailer can't get around. It would be important that the white/blacklists could be easily maintained from the client.

numb

PS: Never invite a vampire into your home.

Re:Another opportunity to fink

[Super_Frosty]

This guy has a good point.

Governments that have become police states criminalize simple, innocuous actions. This means that virtually everyone is a criminal, and if they don't like you, theyll be able to arrest you and convict you of scads of crimes that you unwittingly comitted.

Your tax dollars are going towards...

[BMIComp]

A bunch of Shimomuras looking for spammers. Now that's what you call worthwhile.

Re:Really simple

[TheCarp]

I have to agree here. We have too many good
examples of this sort of thing NOT working.

Take paid informants. There was an incident in
Florida where a paid informant informed police
that a certain house was a drug house. The truth
turned out to be that it was nothing more than the
residence of an old couple. That fact wasn't found
out until police showed up in full storm trooper
gear and killed an innocent old man. Need I
mention that no "drugs" were found in the house?

I think this is an issue that is best dealt with
on the ISP level. Give ISPs the ability to sue
spammers who use their machines to relay spam.
That should help..

Beyond that....Laws can't really stop the problem.
Spammers will just spam from acounts in other
countries where the laws are les strict.

-Steve

Consider the response rates...

[sansbury]

You assert that direct(junk) mail and telemarketing are not viable, and yet they exist. Paradox? Non!

The key is response rates- telemarketing is expensive indeed, but successful sells are comparatively common. Direct mail less so, but it is much less expensive (they use bulk rate and metered pre-sorted rate postage so it's actually less than 32 cents/item).

Spam OTOH might have insanely low response rates but it quite cheap, so it still works. This is why marketers get so juiced up over the idea of targeted opt-in mailing lists. These have lower costs than direct mail, but potentially with the response rates of phone jockeys.

And yes, it's terribly trivial. Wait until they start broadcasting custom digital TV and the ads you see on Friends are targeted just for your household. We've only seen the first 1% of the bleeding edge of truly personalized marketing. In 20 years' time we'll look back and long for the days of simple spam.

-cwk.

Re:Nice HR!

[dingbat_hp]

4 minutes to post it. Clearly the Force is strong today

Two Words: BOBA FETT

[zpengo]

Vote Boba Fett for Spam Bounty Hunter General!

Tomorrow's headline:

[DrEldarion]

H.R. 31137: Script kiddie bounty hunters wanted.

-- Dr. Eldarion --
It's not what it is, it's something else.

/. spammers

[348]

I wonder if we could gain some dollars by turning in some /. spammers. Lord knows we have our share.

ASCI art $ 100
Trollmastah $1,000
Hot Grits $10,000
First Post $100,000

We could all be rich.

Re:what consequences?

[HomeySmurf]

The law does lump people who break the law into the overarching category of "lawbreakers"; however, it certainly divides that up into felonies and misdemeanors, and further divides up the felonies into different classes. There is also tort law and the whole idea of liabilities. I think that civil justice can be much more painful to spammers than whatever criminal penalties would be assessed (they would be very light since the crime not inherently harmful). If automatic class action suits could be filed so that every person who receives a piece of spam from a spammer is owed $.05, I think the world would be a much better place. Not to mention that anyone with accounts on AOL, Hotmail, or Yahoo mail would have an wonderful new revenue stream.

I don't think there is anything wrong with having bounties for people who catch criminals, at any level of crime. It has been shown time and time again that what prevents crime is strict enforcement rather than harsh penalties. No criminal does his crime if he thinks he is going to be caught. If we have a problem with it being a crime we should decrimininalize it rather than being hypocritical and not seriously enforcing it.

Encouraging every citizen to be on the look out for crimes in progress merely amplifies everyone's civil duty and reduces the price of hiring more law officers. The only problems to be avoided are people potentially being "framed" and so forth, but that is already a problem today. That is what insurance fraud investigation is about.

renegade spam hunters

[kb9vcr]

Lorenzo Lamas and Brandscombe Richmond star in their most demanding Renegade rolls ever as Reno '31337' Black and Bobby 'w00t' Sixkiller in a smart new action thriller on UPN!!

Re:Congress ahead of its time?

[Frank+T.+Lofaro+Jr.]

Sarcastic rant time: Of course Congress believes in free speech. Here in the good old USA you can say ANYTHING you want. Unless of course it is offensive, costs somebody money, embarrasses someone or is politically incorrect. But everything else is completely legal.

ponder ponder ponder

[gunner800]

I have some serious reservation about this. Paying citizens to tattle on each other is serious business. In fact, it's been an early step in many totalitation regimes such as Hitler's (for turning in "disloyal" citizens, not sleazy marketing types though).

How would we react if citizens were rewarded for reporting other crimes? There's a $100 fine for littering, would it bother anybody if I got half if I turned litterers in?

(For once) I think that the lawmakers are genuinely trying to do a Good Thing, but the indirect consequences could be bad.


---
Dammit, my mom is not a Karma whore!

illegal spammers

[myshka]

Illegal spammers? Would that include the NASDAQ-trading, inernet economy-sustaining, politically donating companies that opt you in no matter what you say and opt you out only when somebody sells them a list of recently deceased people whose families might be interested in discounts on funeral arrangements? Nah, that's as legal as it gets, isn't it. After all, millions mean respectability and with spam as with everything else in this world, whoever's got the money got the (il)legal ride.

At least with small-time spammers, you can have their ISP shut the account down. Now try doing the same when the spammer is an A-list client on Exodus.

Re:Congress ahead of its time?

[gilroy]

Quoth the poster:

(1) There is a right of free speech on the Internet.

I'm so happy Congress found it, I thought it was lost before.

Hmmm. DMCA. UCITA. PTO... I think there's evidence that the First Amendment had gone missing for awhile. I know it's irksome that Congress feels the need to assert the existence of a right guaranteed in the Constitution, but... but, it's nice to have this formal and in print.

This isn't bounty hunting

[MrShiny]

Receiving a reward for turning in a criminal is not bounty hunting. Unlike these guys, you are not taking the law into your own hands if you use the legal system to pursue a spammer. All they are proposing is that you receive a reward for doing so.

This is completely different from the WAVE program where kids report their peers just for being weird, and not for commiting any crime.

Re:Jurisdiction

[_ganja_]

"What about spammers outside US jurisdiction?"

I rember reading a few weeks back that either Norway or Sweden has just passed a law that makes spamming legal.

Does anyone have any more details?

better ways

[cabbey]

belgin and timothy are not alone in the fear of where this might lead, that's for sure... I hate spammers with a passion, but I'm not sure if I really want to start down the road this could take.

Anyway, I much perfer Julian's philosophy over at spamcop.net: "Protecting the internet community through technology, not legislation." If you're sick of spam and want a way to slap those responsible, then join up (or don't, there is a free service as well) and parse all your spamage. But please read the intro and the FAQ, we need to preserve the image that spamcop has in the minds of the abuse desks; it's only a tool being put in your hands, YOU are responsible for what you use it for.

and besides, an address like cabbey@spamcop.net, is bound to make a would be spammer queasy.... (note: happy spamcop user, not an admin.)

Re:Actually not many people are so vitrolic

[Stiletto]

Not really.

I find that most non-techies are quite annoyed with spam, but they sweep it under the rug since they don't know what else to do. I took about 10 minutes to show my friend how to look at the headers, find what is most likely the mail's original domain, and email abuse@, he now has something he can do about it.

Trust me, it feels good to get that message back from their ISP, informing you that they canceled the spammer's account.

If you think u$oft is bad...

[Longing]

All spam has some sort of contact information in it, right? Either a phone number to call, or an address to send money to, or a (p0rn) url to go to. Easy way to track down the perp and sue them for lots of money!

Let's pretend I'm p0rn site www.slashporn.net and www.slashporn.com is getting more business than me... I'll just put them out of business - send a few hundred thousand emails stating "Visit slashporn.com! p0rn for nerds!"

Soon enough, slashporn.com gets sued for hundreds of thousands of dollars and is out of business. My business goes up and life is peachy.

Wonderful.

Of course, this ties in to DDoS - how do you track down the spammers if they're spoofing their return address? The current state of the internet makes this difficult if not impossible (if done well). Yes, I know there are differences between spoofed IP packets and spoofed SMTP headers, but there are similarities as well.

Dammit

[Dr.+Sp0ng]

This is a tough call - on one hand, I'd love to see spammers get bitchslapped, but on the other hand I hate to see the government (or anybody else) do stuff like this. Remember the big uproar that was caused by that group in North Carolina (I think, I could be completely wrong) that was paying kids to turn in potentially dangerous kids? Same basic idea goes here - it's just not the right way to handle things.

I know that this is a completely different situation, but the same basic idea applies.

Ahh... fuck it, dude. Let's go bowling.
--

Re:Dammit

[gilroy]

Quoth the poster:

Same basic idea goes here - it's just not the right way to handle things.

I disagree ... this is not the same basic idea. In the WAVE thing, kids were paid to inform. Here, Congress is defining the right of a private citizen to recover damages incurred by a violator of civil law. Read carefully ... it is not all spam, only those that falsify origins or defraud the recipient.

The issue is, spam costs time and money. Unlike even junk mail, the sender suffers effectively no cost, but the recipient does. It's annoying enough when this is "legitimate" but it's maddening when the message is fraudulent.

Despite the wonderful Wild West connotations of "bounty", this isn't a bounty ... it's not a reward, it's a right to recover damages.

This will never work

[BlueLines]

I worked at a medium sized isp for a little over a year. While I was there, i was one of the main spam contacts (ie, i got the mail that went to "abuse@" ). In general, it was easy to nail spammers. Trace the headers, send a complaint to the isp/admin on the other side. If a spammer came from uunet or psi, then it was usually a guaranteed kill. However, spammers are getting smarter, and recently i've been noticing more and more spam being relayed through boxes not in the US. This poses several problems, the main being that the rest of the world is under no obligation to follow the laws of the US. Also, there is the language barrier. Alot of uce seems to originate from asia, and i'm not sure that firing off an email in ascii characters would make much of a difference to someone who reads kanji .

Then there's the most annoying problem i faced, which is admins that either don't know how to prevent relaying, or don't care that they are being used as a relay. I recently was notified by a friend of mine that he got spammed through a mail server owned by a major canadian isp. Not only was the server an open relay, but it's sendmail configuration was so fucked that it didn't even log the originating ip address in the mail headers (IOW, it trusted whatever HELO said). TO make matters worse, the admin of the box was contacted about this, and has done nothing. I think the only way to prevent spam is to educate admins about relay-proofing their mail servers.No open relays, no spammers. Then the US could put a decent amount of money into public education instead of making bounties to catch these bastards.

Just my $2^-2 worth.

Joy, this legalizes spam

[weave]

If you read the bill, there are troubling points in it including:

• RETURN ADDRESSES REQUIRED (No forging)
• TRANSMISSIONS AFTER OBJECTION (Must remove from list if asked)

There's a business opportunity here. Open a spamhausen ISP, make it OK in your TOS to spam, just require your clients to use a valid return address and honor a remove list.

Most spam I get always says "No need to be removed, this is a one-time mailing, your name is already deleted." So joy, each time I want to send out a new SPAM I just create a new account with that ISP, spam away.

An Opt-Out law is worse than no law at all

Opt-in (or "permission-based marketing") is the way to do it. Opt-out will always just be spam and this bill makes that legal.

I can see my spam now. "This message can not be considered SPAM under HR 3113 as long as we provide a valid return address and a way for you to be removed from our lists.

Consider the CAUCE response.

[AME]

A quick look at the cauce response indicates that they are all for it and why.

In general, I support cauce and their put-the-power-in-the-hands-of-the-people-not-the-g overnment philosophy. So if cauce likes it then it's probably a pretty good idea. If you hate UCE then consider joining cauce. They do lobby legislature and the quantity of their members adds to their political ability.

--

Jurisdiction

[Bouncings]

There are some conflicts of interest and problems with this otherwise good idea:

• What about spammers outside US jurisdiction? They often can't be collected from, so who pays the spam-hunter bounty? The US tax payer? I'm paying for SPAM enough as it is in my ISP bill.
• If spammers can't be collected from, a bounty hunter could hire them to spam and give them evidence of it, and split the bounty, again picked up on by the tax payers.

Personally, seeing spammers being hosed is reason enough for me to fight them. :-)

Be careful, Timothy

[Jim+Tyre]

With the Microsoft "precedent" in hand, you should be more careful in choosing your titles.

Hormel, which holds the trademark on spam, might sue you for infringement. ;-)

Pandering? Pandering?

[Jim+Tyre]

The Bill provides:

(8) UNSOLICITED PANDERING ELECTRONIC MAIL MESSAGE- The term `unsolicited pandering electronic mail message' means any electronic mail message which the recipient, in his or her sole discretion, believes to be erotically arousing or sexually provocative that is sent to a recipient with whom the initiator does not have an existing consensual relationship or has been sent by the initiator without the express consent of the recipient.

So what if, unsolicited, I send a scholarly dissertation on the evolution of the sea slug to Roblimo, but unbeknownst to me, it gets him all hot? (You just never know with Roblimo.)

Am I screwed?

How do you "win" the bounty?

[zaius]

What exactly do you have to do to get the bounty money? Do you have to find the person's real IP address, or their name, or phone number, or physical address or what? It seems to me that in order to find any physical contact info, you would either have to be extremely lucky, or you would have to do something illegal to get it...

Also, I also think that it might be remarkably easy to frame somebody, and then collect the bounty for finding them. Unless some law enforcement agency checks your findings, thuroughly.

-- zaius --

No More Spammer Excuses

[Accipiter]

See, the typical spammer response to general complaints is "But 94% of internet users WANT to receive junk E-Mail!" Now, this excuse won't work anymore.

User@domain.com receives spam.

User complains to ISP about spam.

User takes approproiate action against spammer.

Spammer cries "But people WANT spam!"

BZZZZT! That's where the excuse dies. If users want spam, there wouldn't be such an outrage against it. Now when this little law goes into effect, and people see the percentages of internet users complaining about spam, Spammers will have to come up with another excuse.

Then in turn, tougher rules will be enacted. This seems like a Good Thing to me. Here's hoping Internet Spam goes the way of Fax Spam.

-- Give him Head? Be a Beacon?

Re:I can see it now...

[orpheus]

>>> rush to see how many SPAM lists you can get Therein lies one danger of this plan.

Other have addressed some of the reasons why this is hardly the panacea it seems at first glance. I just want to note that whenever a law is passed to control an 'out of control' practice, the public's resistance to that practice diminishes.

Even the most inept telephone telemarketer has a few stories of conversions: people who start off following the "Put me on your No-Call list" script of DMA-supported so-called 'consumer' groups, but end up as buyers. The secret is that the longer you talk, the more likely you are to buy. Most people who follow a No-Call script would have hung up point-blank before. The 'don't call' script offers a tiny foot in the door of otherwise definite no-gos. The Telemarketers have scripts of their own to capitalize on this.

Why do you think Publisher's Clearinghouse makes you fiddle with so many stickers to complete one of their sweepstakes stickers? So the visions of payoff, and other irrational notions can dance in your head. Even after you hang up after your Don't-Call spiel, don't you secretly wish they call back, so you can nail them in small claims. Only a tiny handful of people have ever successfully sued (not enough to pay for a single DMA trade seminar luncheon) while telemarketers do many successful conversions every hour, in every state.

And now we dangle the 'bounty' of a potential windfall, albeit a modest one, in front of every newbie, casual user, and kid?

Less spam will get filtered and discarded unread and more spam will be scrutinized for 'illegal' elements that qualify it for the bounty. People will be less cautious about prtecting their e-mail, because it's a potential pay-off as well as an annoyance, and because watching your privacy is hard work, and humans will seek any rationalization to avoid such a tedious and thankless task. "Spam is illegal" is just such an excuse

Publishers Clearing House would love this! PCH spends several times as much on its interactive sticker-laden mailings than it does on the grand prize - and made decades of tidy profit on this marketing model. They are proof of concept.

Salesmen - especially shady ones - are cynical masters of psychology, unlike engineers.

I'll close with a general warning tht you should keep in mind for the next year of so:We are at a critical time when private data is still largely unregulated in the US, and is not as tightly regulated as it will be, even in Europe. They can gather and share information now that they may never be allowed to gather again.
_____________

Spam bounty hunting - Sweet!

[Chairboy]

I could see it now, cruising around newsgroups and SMTP servers looking for spam with my Boba Fett outfit on. People could contact bounty hunters and offer added incentives for giving the personal data of the spammer to them first before passing it along to the government.

Spammed person: (getting ready to freeze the offending account and dispose of the spammer)

Me: He's no good to me dead.

Spammed person: (pausing) Don't worry, you will be properly compensated.

Spammer: (screaming as the torture began) Aaaaaaaarrrggh! They didn't opt out, they didn't opt-AAAAAAAAAAAAHH! NO! Not my e-mail finger-GNNNAARGH!

I like it.

Congress ahead of its time?

[Jim+Tyre]

The actual Bill provides, among other things:

(a) FINDINGS- The Congress finds that:

(1) There is a right of free speech on the Internet.

I'm so happy Congress found it, I thought it was lost before.

Nice HR!

[Rei]

Aww, why couldn't it have been HR 31337? That would have been so much more fitting ;)

- Rei

Spam vs. Junk Mail

[khog]

Spam and junk mail, at the first look, seem very similar. In fact, they are quite different. Those of you geeks who bother to leave the house (myself included) know that you need a stamp to send snail-mail. Stamps, as you know, are not cheap. What is it now, 34 cents? I can't keep track. (I just don't leave the house enough, that's my problem.) To send an e-mail? With an unlimited internet access plan, nothing, really. On bandwidth rated connections it could end up costing you a pretty penny if you were really high volume. Notwithstanding, spam is, on the whole, free to send; junk mail isn't.

This presents quite a conundrum. In the "real" world, junk mail isn't free to send, so there's less of it. Telemarketing isn't viable, either, because you need to pay people. Spam, on the other hand, can be efficiently run on an old computer with a 56K, or 33.6K (if you're patient) modem. What is there to do?

Well, nothing good. Government regulation (as in USA government) of anything on the internet is just wrong -- the internet belongs to no one, at this point. If the government wanted to regulate it, it shouldn't have ever left our borders; not so quickly, at least. It's too late for wide-scale regulation -- it'd be trivial and stupid. Trivial because anyone can route through some foreign server and stupid because it's no one's place to go around making regulations.

As mentioned previously, I think the best solutions are private. Set up some filtering software. Or, god forbid, delete the crap. If you're on a per-bandwidth payment schedule...sorry. It's what you have to deal with. The whole point of freedom is that anyone, not just geeks, can do what they want. If what they want to do is sell printer toner then by all means, sell away.

As a side note, doesn't this all seem a bit trivial to anyone?

Mikey G.

I can see it now...

[DgtlGhost]

The rush to see how many SPAM lists you can get on so as to track the origin of the msg, just to turn them in. Undercover SPAM cops! Oooo, I think I see a new Fox Show for next fall, following the special, When SPAMmers attack!
Is it just me or does this sound damned hard to work out details for?

-Earthman

Private solutions? Sure, they're waiting for you!

[Frater+219]

Ummm.....If there are viable private solutions to this scourge, then why haven't we seen them already?

There are viable private solutions to spam. See the Mail Abuse Prevention System. Using MAPS's lists to filter your incoming mail will significantly reduce the amount of spam you receive. No, it will not eliminate all spam -- but neither does any "solution" to a social problem entirely eliminate that problem. (Certainly law is not a perfect solution to problems -- otherwise, why do we still have murder, theft, and copyright violation?)

(One of the great things about MAPS is that the more participants, the better it gets. If you use MAPS to filter your mail, then report spam you receive back to MAPS appropriately, you will be helping to improve the service -- thus reducing your future spam intake and everyone else's.)

I am not sure if a private solution would work in this situation because of the "free speech" arguements and also of the multi-juristdictional nature of the problem.

It's funny you should mention those -- because those are, in fact, two problems with law-based solutions which do not affect private solutions.

"Freedom of speech", as protected by the U.N. Declaration of Human Rights and the U.S. Constitution (among others), is more accurately described as the freedom to use your own resources, including your voice and your property, to speak your mind. It does not justify your use of other people's property to speak your mind. That, however, is what spammers do -- they use my mail server, without my permission, to spam me, my users, and others. In the civilized world we call that "theft of services" -- just as if I owned a printing press and you crept in by night and used my press to print up your leaflets.

The legal trouble, then, lies in defining "permission". Some would argue (and have argued) that by connecting a mail server to the Internet you are implicitly granting everyone permission to use it as much as they want, for whatever purpose they want -- including spamming. The opposite extreme is to hold that only explicitly solicited mail is granted permission -- which would rule out a lot of perfectly legitimate mail. Both of these are IMHO ridiculous extremes. A legal attempt to stop spam, however, must deal with these issues in defining spam. Veer to far towards the first position, and you violate property rights; veer too far towards the second, and you violate freedom of speech. A private attempt to stop spam can define permission extensionally -- i.e. by example. This is exactly what cooperative, voluntary systems like MAPS's lists do. The lists are made up of addresses associated with actual pieces of spam received and reported by participants.

You also mention the "multi-jurisdictional nature of the problem". This, too, is a problem solely for legal attempts to stop spam, and not private ones. Private cooperation among ISPs and among users may easily ignore governmental borders -- indeed, it already does. MAPS participants come from all corners of the globe.

For all those anti-government folks, I am surprised to see that a creation of a civilian anti-spam force is so distrubing to you.

What's so "anti-government" about bounty-hunters and more laws? That's about as "anti-government" as any other case of stool-pigeonry.

As a Libertarian, I object to government meddling in private affairs. I also object to crime (i.e. the violation of people's rights), and I consider spamming to be criminal, regardless of whether or not government thinks it is. Spamming is a violation of the property rights of those spammed, and of the owners of mail servers that relay and store the spam. I support people taking private action to protect themselves from crime, insofar as they feel the need to do so, and can do so without violating others' rights in the process -- and that is exactly what MAPS and similar systems do.

If you are emotionally dependent on government to protect your rights -- in other words, if you are unwilling to protect them yourself -- what rights do you really have?

what consequences?

[geekpress]

The ./ summary hints at some potentially scary future as a result of the precedent set by this bill. Well, we already have worse incentive programs. Thanks to DARE, kids turn in their parents for smoking pot. Compared to that, the precedent set by hunting down spammers seems pretty benign.

Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt. But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?

Well, we should be suspicious if it is only A Bad Thing and not An Evil Thing. SPAM is a pain, but it's just not on the same level as rape or murder. There is a real difference between giving someone an incentive to turn in their rapist neighbor vs their spamming neighbor. The law ought to see a difference between the magnitude of those two acts, rather than lumping them together as "lawbreakers."

Then again, if they'll let me hunt them spammers with my shotgun in hand, to hell with the precedents! :-)

-- Diana Hsieh