FTC Goes After Spammers

klaun writes: "Yahoo has an article about the FTC launching a crackdown on deceptive unsolicited email. Basically they are after scammers offering easy money quick, not the average 'get porn here' type of spam. There is more info at the in a press release at the FTC's website." TheGreatGraySkwid amplifies, saying that this story "tells of an FTC crackdown on Spammers, that had resulted in charges (settled) against 7 chain-letter ring spammers, and several pending cases. I know I could use some Spam relief..." The settlement, unfortunately, isn't exactly stern stuff: the seven spammers "agreed to refrain from participating in deceptive schemes in the future, or lying about the legality or potential earnings from any such schemes."

We need technical measures, not laws, for spam

[geek00]

I think these senators don't comprehend the reality with spam; that is, 99% of it has false origin information and has an opt-out scheme that doesn't work or only results in more spam.

However, I don't believe in making laws against spam. They'll always be outdated and interfere with legimate uses of email, since it can be very hard to define exactly what is spam. (Someone taking my address from a newsgroup posting and trying to sell me printer toner is spamming, but how about an email from a company I bought something from a year ago?)

Adam Back has an interesting proposal called Hash Cash. The idea is that if you want to send me an email, you have to burn some CPU cycles to compute a partial hash collision. I choose how many bits are required. Friends and family can send me email for free. I'll charge a few bits for the store I shooped at last week, and even more for people I don't know. If you're in ORBS or MAPS, perhaps I'll charge even more.

Re:We need technical measures, not laws, for spam

[poot_rootbeer]

I don't think laws against spam will succeed in having a preventative effect on the behavior, but perhaps they could have a punitive effect. Most laws are already like this--just because the laws say that you're not supposed to kill people, drive over the speed limit, doesn't mean you won't be able to do those things. But if you do, and you get caught, you're going to have hell to pay.

Cypherspace.org seems to be /.ed so I can't read the Hash Cash proposal itself, so I'm going based on your summary of it.

The problems I see with such a system:
1. Requires two-way communication between sender and recipient to establish a one-directional message transfer. Potentially could waste more bandwidth than blindly sending out spam does today.
2. Requires end-users to set up "scorefiles" to dictate how much they trust every sender in the world. At best, provides users with no more functionality than existing score-based mail filters/readers.
3. Ties senders' ability to get their message out to the CPU power of their machine. Owners of dual-10GHz Pentathlon systems should not have a louder voice than the hobbyist running sendmail on an old 286.
4. Spammers HAVE CPU cycles to burn--like most of us, their machines rarely run anywhere near 100% load. They will learn to send out their garbage in a slow,steady stream rather than in huge batches so that their machines can handle it--simultaneously making bulk-mailing harder to identify.

Re:Just got this spam today....

[kindbud]

Yes, you can use the Microsoft.com mail servers for this purpose. In fact, you can use any Exchange server for this purpose. They all accept mail before determining whether it can be delivered, have no capability to block recipients, and generate a new messages for the bounce, with the original attached. Perfect for all your spamming needs:


mail from:<targets@address.com>
200 ok
rcpt to:<nosuchmailbox@microsoft.com>
200 ok
data
Subject: pr0n served fresh daily

.
250 ok