TrustE Launches Trusted Spammer Program

Silverhammer writes: "InfoWorld is reporting that such luminaries as TRUSTe, ePrivacy Group, MSN, and DoubleClick are getting together to develop a "trusted senders" program to certify "commercial email" and "elevate" it above ISPs' and end users' spam filters. Why, you ask? Because they believe it's actually our fear of fraud that's hurting their response rates. Apparently all that stuff about invasion of privacy and theft of resources is just a big misunderstanding..." The Infoworld story linked above has the best information about this seal program, but CNet has another story including a quote forecasting 1400 pieces of spam per person per day in five years. Update: 01/31 17:02 GMT by M : The FTC is announcing a crackdown on spam.

Makes it easy to filter now

[Phoex]

All we have to do is filter any e-mail with this "Trusted Sender" Seal and cut them out.

Re:Makes it easy to filter now

Although it's theoretically easier to filter these out, I'm sure MS will bury it in Outlook & Hotmail. Considering how tightly they'd like to integrate those in Windows, I see something like this in the settings in the near future:

• Only trust TrustE commercial mail: Default: Yes
  
• Automatically open TrustE commercial mail: Default: Yes
  
• Send automatic verrification of receipt: Default Yes

Imagine, MS having a monopoly on Spam!

Re:Makes it easy to filter now

[kin_korn_karn]

I don't know about you but I am insulted by return receipts on email.

If you don't trust me to read what you send, why are you sending it?

Re:Makes it easy to filter now

[MoxCamel]

...until MS incorporates "Trusted Sender" seals into Exchange. Pretty soon, everyone running an Exchange server has a seal. Makes filtering on the seal pretty worthless then, unless you don't mind throwing out the baby with the bathwater.

As for effectiveness? Look at how many sheisters out there get "trusted" SSL certificates. All these seals are going to prove is that a real live person went through the trouble of designing some company letterhead in Word, and faxed it to Truste.

TrustE

[Sarcazmo]

I noticed that TrustE seems kind of spam friendly. I mean they don't require sites to have any sort of standards, they just require that they have the policies in place, and that they use them. What the policies actually are, is up to the company.

TrustE is just a shill, a fraud like the BBB, a company that makes money by getting businesses to join, and defrauding the public into thinking they have any real oversight power at all.

Truste is Irrelevant

[Ars-Fartsica]

This group could have taken a commanding role in privacy and users rights issues long ago, but instead it simply turned out to be a corporate mouthpiece.

Take a look at what it means for a site to be "Truste compliant" and you'll quickly see how worthless Truste is. To summarise - they don't care what your policy is as long as you state it publically. Well golly, I feel better already.

A rose by any other name is still a rose ...

[Buran]

I've just had to, within the past month, give up my 'freemail' account that I'd used for mailing lists and signing up for web sites because it's now little more than a spam bucket, and I was always careful to never check those "receive offer" boxes. It's now just full of spam from Taiwan and China and the like along with the typical get-rich-quick, debt relief, Viagra, and sex site ads. A friend who runs a server network was kind enough to give me a real POP3 box instead of the simple forwarding most of his other users get.

I keep the address strictly confidential, just like my 'real' address that only gets a very small amount of spam per week. It's for a few mailing lists that I trust and are privately owned and run; I know who to yell at if I get spam on that address.

Whether or not a piece of spam is "trusted" by some other organization is not going to change my opinion of whether or not I want to buy anything. I don't. There are specific entities and individuals that I wish to receive mail from, and then there is the simple fact that I don't want to have ads thrown at me in email, too. Web ads (I block those and am not ashamed of it), TV ads (I watch a lot of PBS; great 'geek' programming and few ads) are enough, thank you.

They don't get the point. Or if they do get the point, they just don't care. I do not want spam. Period. All the sleazy spammers have ruined it completely for the good companies that try to do it responsibly (opt-in, genuine list removals, ADV: subject tagging, etc.) but you know what?

Tough.

Oxymoron

[Restil]

"Trusted Spammer" is an oxymoron.

The only spammer I would trust is a spammer that would never send me spam because I never intentionally informed said spammer than I wanted to receive email from him, in which case, it wouldn't be spam.

Damn... I think I just logically determined that spammers serve no useful purpose in this world.

What do you think?

-Restil

How to fix spam

[Alomex]

The problem with spam is that is mostly useless. If spammers refined their targeting strategies users would not complain.

A golfer would never consider a cool catalogue with the latest golf toys spam. A hacker would welcome the latest diff of O'Reilly titles.

Instead we get this useless pieces of mail asking to join in some Ponzi scheme, send a penny to Craig, copy DVD movies, and Viagra for St. Valentine day (I'm not making this up).

Ditto for pop-ups, pop-unders and banner ads. The ad-executives seem to think "if only people looked at my ad, we would have great sales".

Sorry but no cigar. Pop-ups/unders advertise mostly useless products and even if we were submitted 24/7 --a la clockwork orange-- to the ads we would still not buy a stupid X whatever video camera.

Re:How to fix spam

[J'raxis]

A golfer would never consider a cool catalogue with the latest golf toys spam.

I certainly would consider that spam if it was sent to me without having signed up for it. And it was 50K. And HTML/MIME mail. And sent several times. And had a fake return address, different ones each time. And relayed through *.cn or *.kr. And had random garbage appended to the subject to (try to) make it slip through filters.

Re:How to fix spam

[Chetmurray]

I disagree.

There is not one golf store. If you said, okay anyone who wants to send me info on golf, go ahead. You would get 100 golf stores, emailing you weekly. Would you like that? The Internet is not your local mall, before you agree to something or think it is a good idea, think of it on a big scale. Your simple answer does not scale, spam means unsolicited, so you don't control all these friendly golf companies sending you their tips, their hot items, their penis growth forumlas.

That is the problem with all legislation so far. It does not look at the Internet and see its true scale and global reach.

Chet

-California residents, vote against spam, vote against the spammer bill jones.

Re:How to fix spam

[Dr.+Bent]

In order to collect the information necessary to do that, you would have to invade people's privacy on a grand scale.

Imagine getting tons of porn spam becuase all the marketing companies know you like pr0n...and that information is available to anyone who wants to buy it.

The less that marketing companies know about me, the better. Even if it means I have to wade through lots of pointless popups.

Re:How to fix spam

[Alomex]

The problem with spam is that it's unsolicited, whether it's useful or not.

This is not quite so simple. In day to day life there is pull content and there is push content. For example a coworker walks into the office in 9/11 and says: "did you hear about what happened in New York?"

That is unsolicited information: in-your-face real-time push content. Yet few people would be upset about it, in fact most would be thankful for the heads up.

On the other hand, one hundred catalogues from golf stores is unfocused spam. Sending an O'Reilly diff file to somebody whose personal paranoia is spam is also unfocused. Sending e-mail in HTML format from .cr with no return address is the epithomy of unfocused spam.

Re:How to fix spam

[Sycraft-fu]

What he's talking about is NOT doing that. No fake returns, easy unsubscribe mechinism, interesting content. For example, I'm an IEEE member. I never asked ot be on their mailing list, or perhaps I simply forget to tell them not to put me on it. Whatever the case, I get e-mailings form all the societies I'm a member of about once a month. They are easy to unsubscribe, but I haven't bothered. Why? The content interests me enough that I read it.

What he's getting at is the fact that most online popup ads/spam are for bullshit. The reason they get no sales is because their product sucks, and noone cares. It's funny, but I don't seem to mind ads in teh newspaper nearly as much. They take up a lot of space, 50% or more of the paper, but they really don't bother me. Even more interesting is that I find myself reading them invoulantarly. One will catch my eye and I'll read it. The ads are effective because they are marketing things I actually might want (like pizza, books, sofrate and so on) and are doing it in a direct fashing (ie not slap the monkey and win).

What everyone seems to be missing...

[jd]

Is that it would be very easy for that "trusted seal" to contain all sorts of nasties.

If the "trusted seal" is, in fact, a hyperlink to an image, you get an instant list of all recipients and a good idea of their timezone. You also get their actual computer ID, not just the ID of the mail server that they use. Other information sent includes the browser/mail client ID, the OS used, and any other bits of information included in an HTTP request.

Of course, if the connection goes via a .NET-enabled system, you also get their .NET id (if they have one), which can be used for comparisons. (eg: Is the personal name for the e-mail the same as that for their e-mail client and/or their passport account, which can then be used to cross-reference other database entries for that same person, to build up a better marketting picture.)

There may be other controls in the e-mail, or the image, which can feed back other information. It's not as if the average Windows box is hyper-secure.

I don't know if Outlook lets people slide controls into the subject line (say, via a buffer overflow), but if it does, you can also get the date and time the e-mail was delivered to the user, regardless of whether they opened it or not.

If someone is detected as having .NET (see above), and their connection is not secured, then the server would have sufficient information to scan the victim^H^H^H^H^H^Huser's machine, say for keywords of interest, pirated software, etc.

so?

[hawk]

That it's the only job they can get doesn't justify telemarketing any more than it justifies prostitution, contract hits, or crack dealing.

If it ties them up longer, it makes the returns from telemarketing lower, making it a less desirable activity for the marketer.

It should be a criminal offense to make a solicitation from a phone line that does not in some way identify the call as such--so that the victims can avoid having the phone ring in the first place.

hawk

Re:Telemarketer tarpit.

[Black+Parrot]

> Unfortunately this doesn't hurt the people responsible, just the people being paid very little to make thephone calls

Probably it does: cheap labor may be their biggest expense. If you've noticed, they all switched over to mass-dialing systems about a year ago, so now when you pick up the phone you immediately know it's a telemarketer because there is a 4-second pause while their war-dialer says "hey, a sucker anwsered" and tries to find a free human operator to connect you to.

I've started doing essentially what Restil suggests -- as soon as the operator makes the required introduction, I say "hang on a second" and put the phone down on my desk as quietly as I can.

If they waste my time, I don't feel the least bit guilty about wasting theirs. Hopefully they'll decide that I'm too expensive for them to waste their time on.

Re:We get junk mail through the postal service

AH, the old "I don't worry about it, so you shouldn't either" argument. Head in the sand, let's just "accept" garbage disguised as mail, whether it be paper mail or e-mail.

I don't think so.

Junk mail is JUNK MAIL no matter what the form. It's a massive waste of paper (but hey, who cares if they saw down another forest just so Arby's can announce a burger deal). I don't know if the receiver pays for paper junk mail, but the receiver certainly pays for the electronic junk mail.

Oh but I guess I should just "accept that" and "not let it worry me."

Read no further than this

[Uttles]

The Federal Trade Commission (FTC) is poised to announce an unprecedented law enforcement sweep against deceptive junk e-mail, also known as "spam."

Unfortunately, that happens to be the first line of the article.

Spam is not only definted as deceptive junk-email. Spam is email sent to someone in a broadcasting manner when that person has not signed up for that broadcast. In other words, if you send a message, deceptive or not, commercial or not, to a list of recipients that you don't know, that's spam.

Re:DCMA and 'authorised' spam

[J'raxis]

Since when does the DMCA force people to use this software? It only forces people to not reverse-engineer the software they are using.

What would be more realistic (but still rather bizarre) would be receiving a piece of mail that has JavaScript or some other executable in it, that, when opened, downloads images or cookies or other web bugs, and claims that trying to stop it or intercept the connections is a violation of the DMCA.

Hello! I send you this file in order to have your advice!

By opening this message, you have agreed to allow SIRCAM~1.EXE to install itself on your computer and periodically send copies of files in your Documents Folder to selected users from your address book. Any attempt to intercept, block or otherwise try to circumvent this behavior is a violation of the Digital Millenium Copyright Act ("DMCA").

Re:Why does Spam matter?

[eaolson]

Spam isn't costing you any precious resources. Don't bother me with the mindless argument about how valuable your time is, or the size of your mail spool.

Oh, I'm sorry. Discussing it would be "bothering" you? Bandwidth is a limited resource and it has a non-zero value. If marketers are allowed to shift the majority of their costs off themselves and onto me, they will do so.

If your ISP is getting DoSed by spammers, it's up to your ISP to sue the spammers. Of course they don't and won't do that --- here's the rub --- because they HAVE NO CASE.

Actually, an increasing number of people are doing that, and winning. We're not talking (malicious) DOS attacks. We're talking about people sending so many email messages to so many people, that they're overloading entire networks.

Public networks are subject to public use, commercial content notwithstanding.

What "public network"? My ISP's network is private property. Sure, it's connected to the rest of the world, but so is my telephone. Marketers can't call me long-distance collect and expect me not to get ticked off.

Spam has the potential to end the days of email as an effective communication medium. I don't want to see that happen.

FTC crackdown on spam

[njdj]

This whole story is BS. No crackdown on spam is intended or proposed. Only a crackdown on "deceptive" spam. So instead of getting 50 emails a day which I delete without reading, I will get 50 "non-deceptive" emails a day which I will delete without reading. They still take space on my storage media, they still cost me time to delete. Absolutely no change from the present situation.

Re:DCMA and 'authorised' spam

[duncan+bayne]

A company could legally force you to use a spam-supporting client, using the DCMA.

Imagine if they used prorietary authentication protocols, forcing you to either use their clients, or implement your own version of the protocol in violation of the DCMA.

Currently, the difference between the example I've just described, and MSN, is that MSN doesn't (yet) enforce TrustE-authorised spam.