Slashdot Mirror
Spam Under Legislative Attack in Europe
Anonymous Coward writes: "CNN has an article in their Science and Technology section detailing how the European telecommunication ministers have agreed that unsolicited e-mail and wireless text messages should be prohibited under a new data protection law. They also are agreeing to allow leeway for law enforcement to access logs of e-mail and telephone traffic.
Most of the spam that I receive is coming from China and South Korea. I don't think legislation will help much. I would rather see them BGP'd to /dev/null.
Mea navis aericumbens anguillis abundat
Most of the spam I get now, is from companies that are using "contractors" to spam, or spam from offshore (i.e. China) ISP's. The advertised product is from the US often, but the advertisee is not. Therefore, shutting down the "spammer" isn't going to do anything.
Now I don't know how to practically impliment this, as there are some pitfalls, but with some decent legislation, we could make it possible to target the beneficiary of the spam. That makes it possible to attack the real reason for the spam - where we can use our laws etc to attack it.
Sure, there will be spam that also has you send you money to China/Afganistan etc, but that will make the spam much less profitable, as most people won't do so. Lastly, most people will use credit cards, and I assume that most SPAM scams are frauds too, so the chargebacks will be hell for the spam beneficiary.
Anyway, it just seems that we can't just attack the spammer, we really need to attack the beneficiary. Then the spammers will go away, as they can't find anyone to demand their services.
Sure, I'm crazy, but what the heck!
We spend hundreds of kilobytes yammering about the great firewall of China, in particular laughing at the futility of it--legislation that stops the flow of information seems to be something we protest when implemented, and deride when proposed.
This is of course, while we upgrade our procmail recipes and secretly wish for a legally-mandated X-this-is-spam header.
In the end isn't stemming the flow of unwanted spam essentially the same thing? Going with the datahaven theory, eventually all your spam will come from the countries that _do_ allow spamming. And then all your bulk-marketing companies will set up branch offices there.
It starts making draconian black hole lists start seeming like the only viable solution. Because legislation sure don't work.
I'm 76% sure there's a U.S. law against fax spam, because it gets the bonus of specifically causing real-life monetary damage (in this case, waste of paper and ink, especially when fax paper was a big deal Back in the Day; email really is just electronic bits with the occasional per-minute cost).
Ha, google gets me a random attorney's page on the subject: http://www.markwelch.com/faxlaw.htm
You get $500 per violation. Woo.
Yeah, and you can screen your calls using Caller ID. That's hardly an argument, of course. Besides, automatic spamfilters are ineffective; they either let spam through or block legitimate mail. Companies cannot afford any risk of legitimate business mail being inadvertently caught in the filter, and therefore will not filter at all.
Here are some more reasons why people get up in arms:
Spam is no joke when consider that in some parts of the world, Internet service is pricey and there is no such thing as a flat rate. If you paid per MB or per minute of connect time, you would "get it" for sure. As the U.S. concept of "unlimited" internet service gets less and less "unlimited", the spam issue will only get hotter.
Personally, I have a zero tolerance policy -- I trace the headers and file complaints. No exceptions. I managed to get one spam website TOS'ed off 3 ISPs, as well as a direct hit on their DNS capability, just by recycling the same message headers as the spammers got booted from one ISP to the next. I find that complaint messages work better when I have a meaningless bunch of keywords at the bottom. Wonderful things like DMCA, copyright, infringement, litigation, trademark, liability, etc.
On to the telemarketers. If you live in a state that has a manadatory "do not call" list, get on it. Otherwise, write to your state rep. and lobby for one. I live in Connecticut, where the DNC list has hit the telemarketers like a "bunker buster".
Then we have the junk mail. That gets stuffed back into the "business reply envelope" and returned at the sender's expense. I heard someone suggest keeping a supply of junk mail on hand at all times, so as to overstuff whatever business reply envelopes you might receive. I pay for trash removal. The people who send me this junk can pay to take it away, not me.
No. In the case of the Great Firewall of China (and Saudi Arabia), a third party is attempting to block information people want. As such, the sheer number of minds applied to circumventing those artificial barriers all but assures they will be overcome.
Contrast with spam filtering, where a third party is attempting to block information people don't want, with the full support and agreement from said people. This makes the number of sociopaths trying to circumvent the barriers vanishingly small. Moreover, because people support the blocks, the number of people willing to report spammers who penetrate security is considerably higher (as opposed to the China/Saudi situation, where there's likely a silent agreement that the authorities are not informed when the barriers are breached).
Schwab
Editor, A1-AAA AmeriCaptions
Anti-spam legislation is intended to allow people to stop receiving information (?) they don't want.
This is not about control of the Internet. This is about control of my e-mail inbox, the one I pay for.
If I could set up my email system in such a way that it will only receive email after receiving notification from paypal that an amount X has been transferred to me, I would cease to receive spam overnight. My personal threshold would be 25 cents - less than a stamp but enough to be noticed. This would deter spammers, but not keep entities with a reasonable expectiation that I want the mail from emailing me. It might even deter those pesky friends that keep sending me copies of jokes that were already old when I was still young.
Between friends engaging in conversation, the amounts paid would balance out. But in the case of one way communication, I'd get paid a bit for the time I spend looking at my emails.
Obviously, this can be implemented with reasonable effort pretty quickly. There are some minor details to deal with, nothing traumatic though: The sender would have to be able to determine what the going receiving rate of the recipient is. There needs to be a functional and pervasive micropayment system (paypal). Mail programs would need to be updated to deal with the added protocols.
I find it amusing how politicians still think they can regulate the Internet by way of stroke of pen. They'll have to learn the hard way. Sadly, we'll have to suffer in the meantime.
There are how many millions of businesses in this country? And you're saying they should all have the right to send you their sales pitches by e-mail, but as long as you reply with "remove", they have to honor it?
You want to reply to 5 million e-mails with "remove" in the subject?
Sorry, try again.
I disagree. Spammers are soooo much more annoying than phone solicitors.
-Phone solicitors don't immediately engage in sex talk with your 7 year old when he picks up the phone.
-Coming home from a long vacation doesn't usually mean you're going to have to sift through a blizzard of thousands of phone solicitation calls. (Interspersed by warnings from the phone company about how you're getting too many phone calls and would you like to buy more space?)
-When a huge amount of phone solicitations overwhelm the phone company and force them to invest in additional infrastructure, the cost is passed to the phone solicitors, not to you.
-If you have an unlisted number, and a phone solicitor calls, it doesn't automatically mean that the gig is up and the number is no good anymore.
-There actually exist phone solicitors who are not running scams.
-You don't get hundreds of phone solicitations in the space of 24 hours.
-Phone solicitors don't try to fool you by pretending to be people you know.
-Phone solicitors don't call you and offer to sell you a CD of the phone numbers they're calling.
-Phone company operators aren't kept awake at the phone company at 3 AM clearing wayward phone solicitations out of the equipment after a torrent of wrongly dialed phone solicitations.
-You don't get the same phone call from the same solicitor five times in a row in immediate succession, unless he has an organic brain disorder.
-While they can sometimes block the number from appearing at all, phone solicitors don't intentionally send forged numbers to your Caller ID box.
-If you tell a phone solicitor to take your phone number off his list, he doesn't immediately sell your number to all the other phone solicitors in town. ("It works, someone picked up the phone!") This is because we have laws dictating that phone solicitors cannot do this.
-And you can at least be rude to a phone solicitor. In fact, a phone solicitation from the PBA offers the quick-thinking solicitee a rare opportunity to safely tell off a cop. And you can do stuff like this:
ME: Hello?
PHONE SOLICITOR: (bubbly female voice) Hello, do you subscribe to the <name of local newspaper>
ME: Uh, no...
PHONE SOLICITOR: Oh my GOD! How do you get your news?
ME: Well, if you must know, the government implanted a chip in my brain, and now God and aliens just beam all that news right into my head. Why, isn't the chip in your brain working?
PHONE SOLICITOR: Uhh, OK, ummm... goodbye!
This may be one of the best legal solutions. Simply ban the "harvesting" of e-mail addresses from web pages and newsgroups and/or the selling of those addresses. Obviously, those things have no legitimate use, and are used only to send me crap that I don't want.
It would also be easy to catch people to prosecute them. Set up a web page that, when it's hit, generates an e-mail address, and logs that address along with the IP address and timestamp of when and from where that page was requested. When an e-mail comes to one of those addresses, get a little help from the ISP and you're well on your way to finding out who did it! Not just who sent it, but the scum that harvested the address!
Those people are the worst of all Internet citizens. If I was alone in a room with an e-mail harvester, and I had a baseball bat in my hand, it wouldn't be pretty.
That and banning ANY sender info or header forgery, require a valid mail or phone AND e-mail contact in all commercial e-mail, and I think the spam problem will be pretty much done. You might still get a few UCEs, but not the sheer quantity of stupid and annoying ones we get now.
Interesting idea, but doubtful to work with the current system in any way. (You really want to have to declare all of those micropayments on your 1040?)
Personally, I think some kind of pre-authorization scheme is better than a pay system - remember, this has to work in third world countries, too.
Brad Templeton has a neat system in place that is not too difficult to use at all. If you send him an email, you get the following:
OK - there goes 99% of your spam.
If spammers figure a way to reply, add a question and answer feature:
You could make the questions progressively tougher
Procmail could handle the rest of the mail, too, (if it weren't so damn hard to write recipes for. Yes, I know about the perl mail filters - I'm looking into them now.)
Imagine a procmail-type system that could strip attatchments and process them:
Since I get a lot of mail in Japanese, I could choose to detect DBCS text and run it through babelfish before I read it.
Most of these things could be and are being done. I bet there would be a market for a prewritten package customizable through a web interface. I would buy it.
What you do with incoming mail is a very personal decision - some people *like* mails that you and I would consider spam. There are always exceptions to the rules:
What happens when your mail filter blindly drops a mail from your wife telling that the baby just ate the Copier Toner or your housemate writes to tell you that a group of Real Naked Coeds are waiting in your room - get home quick! OK, neither of those situations are likely to occur, but you get the idea...
Cheers,
Jim in Tokyo
-- My Weblog.
Mail clients should have a spam-vote button, a button that lets you vote for blacklisting the sender of the message you are just viewing.
If you press the button you get a warning, explaining what you're about to do. If you accept, a message including all the headers of the spam mail is created automatically and sent to a spam-vote server at your e-mail service provider. This vote server verifies that the vote comes from you, and then, possibly after some processing, sends your vote to one or more blacklisting services chosen by your e-mail service provider.
If there are just a few votes to blacklist a particular sender it's considered a mistake and no blacklisting occurs. The sender is blacklisted only if the number of votes is large. If a provider has a very large number of blacklisted senders, that provider may be blacklisted.
This would give technically clueless users a say in the matter. It would let clueless users send proper spam complaints, complete with all the headers. And it would allow people to stem the flood without revealing their e-mail address to fake opt-out lists that just increase the spamming.
When you press the spam-vote button, the mail client not only sends the spam vote. It also puts the sender in the client's own list of blocked senders, and removes all the messages that came from that sender. You can change your mind and remove the blocking, so you can receive messages from that sender again. Then the mail client creates another automatic message revoking the blacklist vote.
This way even the clueless will see what happens. A clueless user can't just keep sending a lot of blacklisting votes by mistake. Mistakes have consequences that have to be rectified.
At the server side, the system can be refined and improved over time. For instance, the voting services should count percentages rather than absolute numbers. They might also keep karma points and reputation scores. They might use collaborative filtering. Lots of different refinements are possible. Hopefully there would be several different services trying different strategies so the system evolves.
Users can then try different e-mail service providers with different spam-vote and spam-block policies. Probably many providers would let users choose among several alternatives. Tastes differ very much in this matter. You try different alternatives and see what works best for you.
Give a man a fish and you have fed him for one day. Teach him how to fish and he'll eat for a lifetime. Unfortunately, he'll call you a miser for not giving him your fish.
Terrorists can't threaten a country's freedom and democracy. Only lawmakers and voters can do that.
Your comment about paying per SMS message makes no sense to me as it's the spammer that has to pay, not the recipient. Care to elaborate?
Monkey sense
What makes you think a working opt-out is not possible ?
We do infact have such a system in Norway. There's a single webiste, operated by the government whee you can register yourself, and mark check-boxes for which kind of targeted marketing you accept. (postal or by phone ? Not from anyone, or do you still accept postal marketing or phone-calls from charities?)
Anyone who does direct marketing is legally obligated to wash their adress-lists against this one atleast once every 3 months. Sending postal mail, or doing phone-marketing to a person on the list is a crime. Punishable by fines or prison up to 2 years. (In theory, in practice you get a fine offcourse)
When it comes to email we've got opt-in though. Sending marketing to individuals without *prior* *informed* *active* consent is a crime. Same punishment as above. And it *does* Work. I get about 200 spams a month. And this far in 2001 I've gotten *2* Count them - *TWO* spams from Norwegian spammers. Naturally I've reported them and had them fined.
Opt-out is actually acceptable if there's *one* single point where you opt out, and if there's punishments attached to ignoring your opt-out. I still prefer opt-in, but the opt-out on phone-marketing does work. I've got ZERO phone-marketing-calls after I registered myself on the opt-out site.