Slashdot Mirror
H.R. 3113: Spam Bounty Hunters Wanted
belgin writes: "According to this ZDNet article, the U.S. House Commerce Committee is considering a law that places a bounty on illegal spammers. These bounties would be paid to ISPs and individuals who track down and turn in spammers. Specific types of spam mentioned by the article include fraudulent spam and spam that attempts to falsify its origin. Fun to think about if you've landed on one too many spam lists, but a little scary in 'leads to ...' department." The bill, called H.R. 3113, or the Unsolicited Electronic Mail Act of 2000, would impose Federal law in the form of what seem to be common-sense restrictions on electronic junk. But belgin is right -- what consequences might laws like this have that we don't want to trade for, even in spam? Would private solutions be better in the long term?[updated 18th May 2000 13:45GMT by timothy] Not to be confused with last year's H.R. 3113.
belgin and timothy are not alone in the fear of where this might lead, that's for sure... I hate spammers with a passion, but I'm not sure if I really want to start down the road this could take.
Anyway, I much perfer Julian's philosophy over at spamcop.net: "Protecting the internet community through technology, not legislation." If you're sick of spam and want a way to slap those responsible, then join up (or don't, there is a free service as well) and parse all your spamage. But please read the intro and the FAQ, we need to preserve the image that spamcop has in the minds of the abuse desks; it's only a tool being put in your hands, YOU are responsible for what you use it for.
and besides, an address like cabbey@spamcop.net, is bound to make a would be spammer queasy.... (note: happy spamcop user, not an admin.)
Not really.
I find that most non-techies are quite annoyed with spam, but they sweep it under the rug since they don't know what else to do. I took about 10 minutes to show my friend how to look at the headers, find what is most likely the mail's original domain, and email abuse@, he now has something he can do about it.
Trust me, it feels good to get that message back from their ISP, informing you that they canceled the spammer's account.
All spam has some sort of contact information in it, right? Either a phone number to call, or an address to send money to, or a (p0rn) url to go to. Easy way to track down the perp and sue them for lots of money!
Let's pretend I'm p0rn site www.slashporn.net and www.slashporn.com is getting more business than me... I'll just put them out of business - send a few hundred thousand emails stating "Visit slashporn.com! p0rn for nerds!"
Soon enough, slashporn.com gets sued for hundreds of thousands of dollars and is out of business. My business goes up and life is peachy.
Wonderful.
Of course, this ties in to DDoS - how do you track down the spammers if they're spoofing their return address? The current state of the internet makes this difficult if not impossible (if done well). Yes, I know there are differences between spoofed IP packets and spoofed SMTP headers, but there are similarities as well.
This is a tough call - on one hand, I'd love to see spammers get bitchslapped, but on the other hand I hate to see the government (or anybody else) do stuff like this. Remember the big uproar that was caused by that group in North Carolina (I think, I could be completely wrong) that was paying kids to turn in potentially dangerous kids? Same basic idea goes here - it's just not the right way to handle things.
I know that this is a completely different situation, but the same basic idea applies.
Ahh... fuck it, dude. Let's go bowling.
--
I worked at a medium sized isp for a little over a year. While I was there, i was one of the main spam contacts (ie, i got the mail that went to "abuse@" ). In general, it was easy to nail spammers. Trace the headers, send a complaint to the isp/admin on the other side. If a spammer came from uunet or psi, then it was usually a guaranteed kill. However, spammers are getting smarter, and recently i've been noticing more and more spam being relayed through boxes not in the US. This poses several problems, the main being that the rest of the world is under no obligation to follow the laws of the US. Also, there is the language barrier. Alot of uce seems to originate from asia, and i'm not sure that firing off an email in ascii characters would make much of a difference to someone who reads kanji .
Then there's the most annoying problem i faced, which is admins that either don't know how to prevent relaying, or don't care that they are being used as a relay. I recently was notified by a friend of mine that he got spammed through a mail server owned by a major canadian isp. Not only was the server an open relay, but it's sendmail configuration was so fucked that it didn't even log the originating ip address in the mail headers (IOW, it trusted whatever HELO said). TO make matters worse, the admin of the box was contacted about this, and has done nothing. I think the only way to prevent spam is to educate admins about relay-proofing their mail servers.No open relays, no spammers. Then the US could put a decent amount of money into public education instead of making bounties to catch these bastards.
Just my $2^-2 worth.
--BlueLines "The cost of living hasn't affected it's popularity." -anonymous
There's a business opportunity here. Open a spamhausen ISP, make it OK in your TOS to spam, just require your clients to use a valid return address and honor a remove list.
Most spam I get always says "No need to be removed, this is a one-time mailing, your name is already deleted." So joy, each time I want to send out a new SPAM I just create a new account with that ISP, spam away.
An Opt-Out law is worse than no law at all
Opt-in (or "permission-based marketing") is the way to do it. Opt-out will always just be spam and this bill makes that legal.
I can see my spam now. "This message can not be considered SPAM under HR 3113 as long as we provide a valid return address and a way for you to be removed from our lists.
In general, I support cauce and their put-the-power-in-the-hands-of-the-people-not-the-g overnment philosophy. So if cauce likes it then it's probably a pretty good idea. If you hate UCE then consider joining cauce. They do lobby legislature and the quantity of their members adds to their political ability.
--
"I have a good idea why it's hard to verify programs. They're usually wrong." --Manuel Blum, FOCS 94
- What about spammers outside US jurisdiction? They often can't be collected from, so who pays the spam-hunter bounty? The US tax payer? I'm paying for SPAM enough as it is in my ISP bill.
- If spammers can't be collected from, a bounty hunter could hire them to spam and give them evidence of it, and split the bounty, again picked up on by the tax payers.
Personally, seeing spammers being hosed is reason enough for me to fight them.-- Ken Kinder ken@_nospam_kenkinder.com http://kenkinder.com/
Hormel, which holds the trademark on spam, might sue you for infringement. ;-)
So what if, unsolicited, I send a scholarly dissertation on the evolution of the sea slug to Roblimo, but unbeknownst to me, it gets him all hot? (You just never know with Roblimo.)
Am I screwed?
Also, I also think that it might be remarkably easy to frame somebody, and then collect the bounty for finding them. Unless some law enforcement agency checks your findings, thuroughly.
-- zaius --
User@domain.com receives spam.
User complains to ISP about spam.
User takes approproiate action against spammer.
Spammer cries "But people WANT spam!"
BZZZZT! That's where the excuse dies. If users want spam, there wouldn't be such an outrage against it. Now when this little law goes into effect, and people see the percentages of internet users complaining about spam, Spammers will have to come up with another excuse.
Then in turn, tougher rules will be enacted. This seems like a Good Thing to me. Here's hoping Internet Spam goes the way of Fax Spam.
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
Other have addressed some of the reasons why this is hardly the panacea it seems at first glance. I just want to note that whenever a law is passed to control an 'out of control' practice, the public's resistance to that practice diminishes.
Even the most inept telephone telemarketer has a few stories of conversions: people who start off following the "Put me on your No-Call list" script of DMA-supported so-called 'consumer' groups, but end up as buyers. The secret is that the longer you talk, the more likely you are to buy. Most people who follow a No-Call script would have hung up point-blank before. The 'don't call' script offers a tiny foot in the door of otherwise definite no-gos. The Telemarketers have scripts of their own to capitalize on this.
Why do you think Publisher's Clearinghouse makes you fiddle with so many stickers to complete one of their sweepstakes stickers? So the visions of payoff, and other irrational notions can dance in your head. Even after you hang up after your Don't-Call spiel, don't you secretly wish they call back, so you can nail them in small claims. Only a tiny handful of people have ever successfully sued (not enough to pay for a single DMA trade seminar luncheon) while telemarketers do many successful conversions every hour, in every state.
And now we dangle the 'bounty' of a potential windfall, albeit a modest one, in front of every newbie, casual user, and kid?
Less spam will get filtered and discarded unread and more spam will be scrutinized for 'illegal' elements that qualify it for the bounty. People will be less cautious about prtecting their e-mail, because it's a potential pay-off as well as an annoyance, and because watching your privacy is hard work, and humans will seek any rationalization to avoid such a tedious and thankless task. "Spam is illegal" is just such an excuse
Publishers Clearing House would love this! PCH spends several times as much on its interactive sticker-laden mailings than it does on the grand prize - and made decades of tidy profit on this marketing model. They are proof of concept.
Salesmen - especially shady ones - are cynical masters of psychology, unlike engineers.
I'll close with a general warning tht you should keep in mind for the next year of so:We are at a critical time when private data is still largely unregulated in the US, and is not as tightly regulated as it will be, even in Europe. They can gather and share information now that they may never be allowed to gather again.
_____________
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
I could see it now, cruising around newsgroups and SMTP servers looking for spam with my Boba Fett outfit on. People could contact bounty hunters and offer added incentives for giving the personal data of the spammer to them first before passing it along to the government.
Spammed person: (getting ready to freeze the offending account and dispose of the spammer)
Me: He's no good to me dead.
Spammed person: (pausing) Don't worry, you will be properly compensated.
Spammer: (screaming as the torture began) Aaaaaaaarrrggh! They didn't opt out, they didn't opt-AAAAAAAAAAAAHH! NO! Not my e-mail finger-GNNNAARGH!
I like it.
(a) FINDINGS- The Congress finds that:
(1) There is a right of free speech on the Internet.
I'm so happy Congress found it, I thought it was lost before.
Aww, why couldn't it have been HR 31337? That would have been so much more fitting ;)
- Rei
They carry weapons and they know if you've been bad or good. Not everybody's good, but everyone tries.
Spam and junk mail, at the first look, seem very similar. In fact, they are quite different. Those of you geeks who bother to leave the house (myself included) know that you need a stamp to send snail-mail. Stamps, as you know, are not cheap. What is it now, 34 cents? I can't keep track. (I just don't leave the house enough, that's my problem.) To send an e-mail? With an unlimited internet access plan, nothing, really. On bandwidth rated connections it could end up costing you a pretty penny if you were really high volume. Notwithstanding, spam is, on the whole, free to send; junk mail isn't.
This presents quite a conundrum. In the "real" world, junk mail isn't free to send, so there's less of it. Telemarketing isn't viable, either, because you need to pay people. Spam, on the other hand, can be efficiently run on an old computer with a 56K, or 33.6K (if you're patient) modem. What is there to do?
Well, nothing good. Government regulation (as in USA government) of anything on the internet is just wrong -- the internet belongs to no one, at this point. If the government wanted to regulate it, it shouldn't have ever left our borders; not so quickly, at least. It's too late for wide-scale regulation -- it'd be trivial and stupid. Trivial because anyone can route through some foreign server and stupid because it's no one's place to go around making regulations.
As mentioned previously, I think the best solutions are private. Set up some filtering software. Or, god forbid, delete the crap. If you're on a per-bandwidth payment schedule...sorry. It's what you have to deal with. The whole point of freedom is that anyone, not just geeks, can do what they want. If what they want to do is sell printer toner then by all means, sell away.
As a side note, doesn't this all seem a bit trivial to anyone?
Mikey G.
http://www.yourmothernaked.com
Is it just me or does this sound damned hard to work out details for?
-Earthman
Earthman
Say it to me face w/ out wasting space...
(One of the great things about MAPS is that the more participants, the better it gets. If you use MAPS to filter your mail, then report spam you receive back to MAPS appropriately, you will be helping to improve the service -- thus reducing your future spam intake and everyone else's.)
It's funny you should mention those -- because those are, in fact, two problems with law-based solutions which do not affect private solutions."Freedom of speech", as protected by the U.N. Declaration of Human Rights and the U.S. Constitution (among others), is more accurately described as the freedom to use your own resources, including your voice and your property, to speak your mind. It does not justify your use of other people's property to speak your mind. That, however, is what spammers do -- they use my mail server, without my permission, to spam me, my users, and others. In the civilized world we call that "theft of services" -- just as if I owned a printing press and you crept in by night and used my press to print up your leaflets.
The legal trouble, then, lies in defining "permission". Some would argue (and have argued) that by connecting a mail server to the Internet you are implicitly granting everyone permission to use it as much as they want, for whatever purpose they want -- including spamming. The opposite extreme is to hold that only explicitly solicited mail is granted permission -- which would rule out a lot of perfectly legitimate mail. Both of these are IMHO ridiculous extremes. A legal attempt to stop spam, however, must deal with these issues in defining spam. Veer to far towards the first position, and you violate property rights; veer too far towards the second, and you violate freedom of speech. A private attempt to stop spam can define permission extensionally -- i.e. by example. This is exactly what cooperative, voluntary systems like MAPS's lists do. The lists are made up of addresses associated with actual pieces of spam received and reported by participants.
You also mention the "multi-jurisdictional nature of the problem". This, too, is a problem solely for legal attempts to stop spam, and not private ones. Private cooperation among ISPs and among users may easily ignore governmental borders -- indeed, it already does. MAPS participants come from all corners of the globe.
What's so "anti-government" about bounty-hunters and more laws? That's about as "anti-government" as any other case of stool-pigeonry.As a Libertarian, I object to government meddling in private affairs. I also object to crime (i.e. the violation of people's rights), and I consider spamming to be criminal, regardless of whether or not government thinks it is. Spamming is a violation of the property rights of those spammed, and of the owners of mail servers that relay and store the spam. I support people taking private action to protect themselves from crime, insofar as they feel the need to do so, and can do so without violating others' rights in the process -- and that is exactly what MAPS and similar systems do.
If you are emotionally dependent on government to protect your rights -- in other words, if you are unwilling to protect them yourself -- what rights do you really have?
Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt. But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?
Well, we should be suspicious if it is only A Bad Thing and not An Evil Thing. SPAM is a pain, but it's just not on the same level as rape or murder. There is a real difference between giving someone an incentive to turn in their rapist neighbor vs their spamming neighbor. The law ought to see a difference between the magnitude of those two acts, rather than lumping them together as "lawbreakers."
Then again, if they'll let me hunt them spammers with my shotgun in hand, to hell with the precedents! :-)
-- Diana Hsieh
-- Diana Hsieh
GeekPress: The Weirder Side of Tech News