Slashdot Mirror
EU to Require Opt-In for Commercial Email
From: Beebit <beebit-u03@euro.cauce.org>
Newsgroups: news.admin.net-abuse.email,
talk.politics.european-union
Subject: European Parliament Supports 'Opt-In' for Commercial Email
Date: Thu, 30 May 2002 13:08:11 +0200
The European Parliament has decided to accept the Council's Common Position which would require senders of advertisements by "electronic mail" to have the recipient's prior consent. "Electronic mail" is defined broadly enough so as to include text messaging systems based on mobile telephony in addition to email.
The 'opt-in' requirement for electronic mail will be in Article 13, Paragraph 1 of the new Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector which will enter into force following its publication in the Official Journal. The Directive will guide the enactment of legislation throughout the European Economic Area, which includes the 15 EU Member States and European Free Trade Association members Norway, Iceland, and Liechtenstein. EU Members Austria, Denmark, Finland, Germany, Greece, and Italy as well as EFTA member Norway had already implemented 'opt-in' in their national legislation.
Further provisions in the same Article would allow companies to send advertising via email for their own products or services of a similar category to addresses which they had obtained in the course of a sale, unless and until the customer has registered an objection. Customers are to be given the opportunity to object "free of charge and in an easy manner" both at the time the contact details are collected and with each advertising message.
All in all, is an extremely welcome development, and should serve as an example and inspiration for legislators in other territories. We are absolutely delighted to see Parliament joining the Commission and the Council in taking a stand to protect European consumers and network users. It only remains to extend similar protection to corporate citizens. This will probably have to be within the framework of other legislation than that pertaining to the processing of "personal data".
~~~
The European Coalition Against Unsolicited Commercial Email is an
all-volunteer, ad-hoc grouping of Internet users and professionals
dedicated to bringing about an end to an unethical practice by
technical and legislative means.
http://www.euro.cauce.org/en/
Why must we be so behind the times when it comes to things like this?
Oh, right. We don't want to interfere with business' right to annoy the hell out of us.
--
pants ahoy
I hope they require a proper click box for opt in, rather than imbedded in a clickthrough license agreement...
Either way opt-in is the way to go wrt email from commercial interests, I hope my country (US) adopts such restrictions for its corperations.
I would find it extremely annoying (if it were the case that I was living in Europe, which saddly enough it isn't), if I started to receive e-mail in several different languages all trying to opt me into some SPAM-list.
Achtung! Die spammingmessagezunzuzkriben is nicht fer yer fingerpokin! Clicken-zie to unsubzkriven spamhaus und wilkommen billiards und billiards of weightenlozen, Paenisenlonginment und CowboyNealen mail.
Tongue-tied and twisted, just an earth-bound misfit, I
Learning to fly, Pink Floyd.
How is keeping mail that I didn't ask for, don't want, and have to pay for out of my inbox an "unconstitutional restriction on speech"? If they want to put their shit in my mailbox, they can at least have the good graces to pay the (e-)postage themselves.
The right of someone else to spend my money without my permission is exactly nil.
!#@%*)anks for hanging up the phone, dear.
One reason the EU might be more advanced is because of the widespread use of mobile phones and the belief (one day) that a mobile device will be your main Internet connection. With per-minute or per-bit charges, getting spammed is going to end up costing people some serious coin if spam continues to grow out of control.
I think this is a point a number of US politicians need to understand. With some of the charges proposed for 3G in the US ($2 a mb in some places) the end user could end up paying for a lot of crap e-mail.
I wish our wishy-washy Liberal government had the guts to extend the telemarketing rules to spam emails. I say "good show" to the EU for setting a precedent.
Like woodworking? Build your own picture frames.
I have seen several opt in schemes which have tricked users into opting in, or have been fraudulantly opted in, and its then a pain in the backside to opt out again...
Is it gonna be mandatory that if someone wants to get away from something they opted in to that they can quickly and easily?
As has been said many times before, but which is obviously worth repeating here:
It is NOT a restriction on speech, because unsolicitied commercial email places a financial burdern upon the recipient, where the recipient has NOT consented to undertake that burden.
That is, they often have to directly pay to receive what they never requested. It is somewhat akin to having someone send you a magazine in the mail, and then bill you for it.
the same chunk of legislation also contains some truly dreadful provisions regarding retention of ISP traffic and logs - seven years, I believe, and I'm not sure if they've yet backed down from the original hilarious requirement that ISPs maintain archives of *all data* they transit for the same seven years. See extensive coverage from the last year or so at The Register and the BBC plus of course numerous issues of Need To Know.
What I don't understand is why "they" (gub'mint's everywhere) seem to think that the answer to the failures that lead to 9/11 is more of the same. Unless... but that would just be paranoia.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
It will be enough to go after the big offenders. It will result in the ability to launch class action lawsuits. And that is more than what we have in the US and Canada.
Not that I am a lawyer, i'm just saying.
Robots are everywhere, and they eat old people's medicine for fuel.
They should have to show in some way that you have opted in in the e-mail itself. Some sort of unique number that you gave them (or even an IP address, but this wouldn't be good enough). They would then have to have an e-mail AND some number to match up. There must also be a huge fine to back this up. This way, any business that sends an e-mail that says you opted in, can be automatically fined.
Two things.
1. Unless you're paying for your dialup "by-the-byte" (does anyone still operate that way anymore?), they're not spending your money. You've already spent it. Internet is flat-fee in the vast majority of areas.
2. Even your strong statement is not without precendent. See cell phones. If you're out of town, and I call you, YOU pay a long distance charge, just for answering your phone. Isn't this exactly analogous to checking your email? So yes, people can spend your money - it's not unheard of.
Like woodworking? Build your own picture frames.
And even without 3G, we're already paying for the medium - it's just cheaper. It's a no-brainer that systematic unsolicited communications where the receiver pays for delivery should be illegal.
I think the U.S. ultimately likes it because legislators are being told these kinds of communications are good for the economy because they stimulate business by creating new transactions. But of course, you could say the same for legalizing fraud. Both approaches have long term conseunces which are bad in the end.
-David
We're on the road to Tycho.
Spam is nearly impossible to stop via laws - I think the market will and is solving this problem with more intelligent filters that will make it un-rewarding.
Unfortunately the same legislation also allows police forces to demand that ISPs retain logs of customer activity. The BBC has a more detailed story.
Of course they are. Spam=bandwidth. Wasted bandwidth means either more equipment is required to carry the same amount of useful data OR you suffer from reduced bandwidth. Either way you end up with reduced bang for your buck.
-- SIGFPE
cell phones. If you're out of town, and I call you, YOU pay a long distance charge, just for answering your phone.
That's not entirely true. The cell phone will show the caller's number. If it looks like long distance or someone unknown, the receiver can let it drop into voice mail, which can be accessed for free.
Two things.
1. Unless they've invented infinite bandwidth dialup, every kilobyte takes about a fifth of a second (assuming a good modem).
2. Phone companies in Europe (and elsewhere, excluding USA) charge by the second for local calls. It gets quoted by the minute (e.g. 2 eurocents per minute) but nowadays is calculated by the second (in NL on ISDN at least).
TANSTAAFL
Not only ISPs; all telecoms. All data. Seven years. The EU draftsman, Marco Capatto, is not happy with the data collection/retention clause, and has written a report on the proposal-- an interesting read. The problem is that this is a step away from the various governments independently deciding how to handle data collection and retention; the bill forces them to enact legislation that collects and retains in accordance with this bill. stop1984 has issued a press release on the subject.
Do something about world hunger. Click here
How in this enforced with respect to locations? Is this only applicable to domain names hosted in europe or if I claimed I was from Europe when I signed up for my hotmail account would I be protected by the Opt-in clause. If so how would they regulate this, do I have to be a resident of an European nation or do I merely need to route my e-mail through there? This decision is a great start but does anyone know if it will be truely effective and if so how can we on the other side of the pond benefit as well.
I stole this Sig
Jailing white-collar criminals is incredibly effective in stopping specific types of activity. You put one CEO in jail, and it really gets the message across. When some GE executives went to jail for antitrust violations in the 1960s, it stopped antitrust problems for almost a decade.
Never complain about spam unless you can verify with 100% certainty that the address you are complaining about is the actual address of the spammer. Doing otherwise will just harm innocent spam victims.
You know, Microsoft's street address also says a lot about their mentality.
If putting up a publicly accessible server, offering user accounts to anyone who signs up, and even allowing people who have no account to post as Anonymous Coward, does not constitute Slashdot's consent to undertake the burden of allowing someone's post, then what does?
Sendmail is a publically accessible service, and it allows people who have no account to post using any arbitrary psudonym they want. That also constitutes consent to undertake the burden of allowing someone's email.
Hm. How much do you pay for the premium "no post or reply button" /.?
Eloi are stupid, throw morlocks at them!
Yeah, that'd be nice. Not sure how it's relevant to the topic, though, as unsolicited email is an illegitimate business practice. As evidenced by the bastards who do it.
Face it, by putting up an email server, you are consenting to receive email.
Yeah, and she dressed like a slut, too.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I just don't know how any kind of legislation could ever stop or even noticeably slow spam. And I wonder how tightly you'd have to word something like this so you didn't go after legit mailers. I run an ultra-low volume mailing list at work and I get semi-indignant messages all the time from people saying they never signed up, when in fact they've usually forgotten they signed up in the first place (we don't do any address gathering or harvesting).
I always honour the unsubscription requests, even going as far as sending a note of apology, so I wonder how this would affect folks like me that try to be responsible. Having said all that, I'm still all for trying this out, on the off chance it actually works.
And I guess the spam opt-out should be in Esperanto to make sure we can all read it. :P
Checking voicemail requires airtime, which is not free.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
See cell phones
Not forgetting that with WAP handsets, you can collect your email on your mobile. For example, on my T68i, that involves downloading the headers and disconnecting, then reconnecting if you wish to collect the body of the message(s). By the time you've downloaded the headers, even if the subject line is obviously spam, you've still wasted airtime charges in collecting the spam mail header(s).
Reason #1 is Belgian beer.
:)
Mmmm. Belgian Beer.
I knew I lived here for a reason. See reason #1 for why I'd forgotten
-- A change is as good as a reboot.
I don't think the idea is that people would opt-in to receive email from anyone. I think the idea is to allow email from a specific business -- if any -- that one wants email from.
BTW, spammers and organized crime are the only two business models that use the word "legitimate" to describe themselves. If you were a real business, you would be using words like "synergy" and "innovative." The fact that you needed to throw that word in there is very telling.
-- Ken Kinder ken@_nospam_kenkinder.com http://kenkinder.com/
Spam, while obnoxious (especially HTML emails) is not the biggest unsolicited waste of money/bandwidth, at least not that I'm experiencing.
/var with their own little morons_log which seems to update every second. 2: Klez. Average number of klez-bearing emails recieved per day across the network-15.(And it's a SMALL network.) Klez contains attachments of variable sizes. Average number of minutes spent per day reassuring panic-stricken family members/co-workers/non-techie friends: 5. Cost of antivirus software per Windows compuer on network: $50. Time spent downloading antivirus updates--too much.
Byte for byte, the largest wastes of bandwidth I'm experiencing can be attributed to two categories: 1: Windows SysAdmins who refuse/don't know how to patch their systems against the likes of nimda and code red. They also waste space in
Spam can be blood-boilingly infuriating and push us to the point of wanting to ressurect public hangings, but I think that by and large the two categories I list are the biggest wastes of everything... And I'll be damned if I can find a way to opt out.
-Sara
Not for me, I can check voicemail from a land line.
I don't know about the rest of europe. But Sweden doesn't have class action lawsuits.
"First lesson," Jon said. "Stick them with the pointy end."
Spam used to get me really mad and/or annoyed. I thought about the scammers out there, I thought about my wasted time, I thought about wasted resources, etc.
Recently, I've installed Spamassassin, and I've been running it for a few months.
Nowdays, spam doesn't bother me too much. Spamassassin tags nearly all of it. Deleted without much trouble or effort on my part. I still report the ones that get through the filter. I haven't had much of a problem with false positives either.
These days I'm thinking that passing more laws to stop spam isn't the answer. I'd rather we use technological solutions for now. If/when we finally all start using authenticated, encrypted e-mail, spam will cease to be a problem at all. In the mean time, a good filter aleviates the need for legislative solutions, in my opinion.
Did your computer download that post? You can set it to notify you, but no big deal turning that off.
SPAM is messages sent TO you, whereas you go to slashdot to read messages. Therein lies the difference.
Synergy is your friend
Here's my spooky prediction. We'll see "traffic congestion thinking": sure, everyone else should take the bus, but it can't hurt if I keep using my car, right?
Likewise, every country in Europe will say "Sure, we don't want those bastard Germans, French and Brits [insert or delete as appropriate] spamming our citizens, but could it really hurt that much if we enact lax legislation so that our businesses can scam^H^H^H^H market themselves globally and reap nice fat tax generating revenues, right?"
Remember, each member state can decide for itself exactly how to interpret this resolution, and how strongly to police and enforce it.
If you were blocking sigs, you wouldn't have to read this.
buy your own domain, set up e-mail aliases. www.namezero.com
I like these guys.
Synergy is your friend
Well, if it really is opt-in it's not spam. At work I, for example, have Sun mailing me "spam" on a regular basis.
Most I throw away, but sometimes there is an interesting lecture with free beer afterwards or somthing like that...
I mean, as a developer you actually want to know what certain companies are up to.
So email marketing áctually has a few legitimate uses.
"First lesson," Jon said. "Stick them with the pointy end."
After doing so many wrong things they go and do occasional things like this. Argh!! It just means I can't hate them totally unreservedly.
Sparing my 0.0000000000000001% respect for the Harris (Legacy) Tories since 2000.
I'm not a geek, I'm just a clever script.
Face it, by putting up an email server, you are consenting to receive email.
That's like saying:
"Face it, by installing a telephone, you are consenting to receive obscene phone calls at 3:00AM."
"Face it, by putting up a pool, you are consenting to let random strangers hop in and piss in it."
"Face it, by storing your lawn mower outdoors, you are consenting to let your neighbors use it whenever they want to."
I put up a mail server so that I could invite specific people and organizations to communicate with me. I did not put it up so that I could receive random ads from every yahoo in a trailer park that wants to rope me into his Herbalife scam.
My server. My connection. My monthly bill. My decision.
Hmm...
It seems to me that at some point, for a spam to be worthwhile, some money has to change hands.
There will be a money trail.
A pr0n site spams in a large way? Go after the site - shut it down.
Penis pills are sold? Shut down the purveyor.
While there are some potential issues with your competitors spamming on your behalf (to get you in trouble) - I think following the money trail would eventually cut down the tree at its root.
No, actually, it's not.
But I have the option not to answer, and thus not to pay.
By the way, have you heard the latest ruse with cell phones? Some packages now let you subscribe to information services that charge you for using them, and apparently most mobiles are vulnerable to having someone dial you and then bill your account as if you'd subscribed to such a service, without any consent on your part at all. This is already happening, and is where unsolicited commercial messages are headed. Do you really, really think this is a good thing, and just like answering a long-distance call?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Not to fan any flames, and by no means take this to read as an endorsement, but would'nt it be grand if all those kids out there with tons of time and resources just decided to use there 'mad hacking' skills to take out some of these spammers?
In a perfect world laws would be written, and enforced. But right now, they are not. As a general rule, I'm not a proponent of taking the law into your own hands, but I'd sure like to see some smack down on whoever hits the 'send' button on this crap I get in my e-mail box.
The Internet is generally stupid
Except that in Europe you don't have to pay to receive either SMS messages or phone calls (unless your receiving it when roaming abroad, but that's pretty irrelevant), so that hasn't got anything to do with it.
Germany has had a similar law before, and it didn't do anything.
I've reported spammers to the cops repeatedly, and usually got a letter 2 weeks later stating something along the lines of "yes, they violated the law, but we won't go after them for such a small offense because they're too busy with real crime (It's not like they're committing a major crime jike going 55 in a 50 zone, or crossing a traffic light 5 seconds after it turned red...)
I don't think this piece of legislation will be any different.
Legitimate businesses that may worry about their reputation never sent spam in the first place.
This message is provided under the terms outlined at http://www.bero.org/terms.html
One reason the EU might be more advanced is because of the widespread use of mobile phones and the belief (one day) that a mobile device will be your main Internet connection. With per-minute or per-bit charges, getting spammed is going to end up costing people some serious coin if spam continues to grow out of control.
;)
.de - unless you're fortunate enough to live in a place that has DSL (available only in and near bigger cities ATM), your only option is pay-per-minute dialup (the concept of free local calls is US specific).
In most European countries, you don't need a mobile connection to pay per minute.
At least in
spam has always cost Europeans real money.
This message is provided under the terms outlined at http://www.bero.org/terms.html
It's illegal to make unsolicited commercial calls to cellphones in the US (one of the few countries that has the receiver-pays regime)
So, yeah, there is a precedent here - it's against the cellphone equivalent of "spam", even in the country with the First Ammendment.
KMSMA (WWBD?)
But I do want an easy way to inflict a large burden on those who send it to me repeatedly, especially if they continue to do so after I request that they stop.
The problem right now with SPAM is that the SPAMMERS are preying on morons who think that SPAM works. These poor home-based business owners really think that SPAM companies are going to send their adverts to 5 million real people, as opposed to 1 million dead addresses, 1 million duplicate addresses, 1 million domain-name registrants (or ex-registrants), and 2 million people who will instantly trash the message. Maybe the best course of action is a crackdown on fraud laws?
I just had to cancel my email address of 5 years due to being overspammed. I was deleting mail that I needed because I was deleting blocks of 10, 20, 30 at a time. And now I will lose contact with old friends for a while. I would really like to be able to make some of those cocksucker spammers pay for it.
-dbc
Not only must Spammers Die, they must Die in a horrible, fearsome fashion, to scare off the other knuckle-dragging, mouth-breathing, pee-drinking, unethical low lives that might think of spamming on their own. A Spammer's death must teach the other hairy, rat-molesting Spammers a lesson that they won't forget.
Email spam is theft. Theft must be punishable. We must punishe email spammers.
Not true. Slashdot openly invites posts from anyone and everyone. They advertize themselves as a public venue. An email server which only services its own subscribers, whether it is connected to the Internet or not, is still private. Simply being connected to the Internet does not make a system fair game for any and all activity.
No, it isn't. The government is not deciding which emails are accptable and which are not. You can still opt-in to receive the emails. What the government is (would be) saying is that the sender of a certain type of message has to have the recipient's permission before sending that message. Here's an analogy: I tell my best friend he is welcome to come over any time and have a beer at my place. I have given him permission to enter and have accepted financial responsibility for any beer he might drink. But if a solicitor comes over, he has to obtain my permission to enter my house, otherwise he's tresspassing or burglarizing (which one depends on local laws). If the solicitor then proceeds to drink one of my beers, that's theft. The government hasn't prohibited the solicitor from attempting to sell his wares or from drinking beer, it has simply required him to obtain permission from the parties he may adversely affect.
Another analogy: I have CallNotes from the phone company, so when I'm not home and someone leaves me a message they're using the telco's eqiupment on which to store the message. It's a service I pay for, just as my email account is a service for which I pay my ISP. The message doesn't go directly to an answering machine in my house. However, the fact that I don't own or directly control the equipment on which the message is left does not circumvent the law(s) that say someone can not leave a message threatening my life. The caller is responsible for the message which is intended for me, whether or not the message is left on equipment I own.
Simply put, requiring opt-in for spam is not prior restraint. Prohibiting all spam under all circumstances would be.
If your website is a member of an affiliate program, has advertising banners or accepts paypal payments from users that have bootlegged your IP but want to pay you for it, what are you classified as? How about I put in a message in a mass-mailing to users on a mailing list a site I administer runs saying "while you're there please buy something through the affiliate store or click on an ad?" AFAIAMC (As Far As I Am Concerned) politicians should be civilally and criminally liable if their bills are considered generally destructive and outside the bounds of the country's constitution. Yes, I believe the USSC should be allowed to summarily imprison members of Congress who voted for the DMCA for say... 1 year and that each state supreme court should have the equivalent power. When the state acts, it can act only through violence implicitly or explicitly. When members of the civil body politic fuck up, they hurt people. They should be held accountable on a level that ordinary people are not.
This gives you a *Legal* basis to act against someone who repeatedly spamms you. Of course it won't stop a lot of spam, but if you can prove a company is repeatedly spamming you, you can finally act.
Giving cynical comments about how this won't help etc, however doesn't do anything. Spam assasin etc would be better of course but it doesn't have any legal basis and it seems that quite a few politicos in the US have a vested interest in outlawing efforts such as that.
No, selling a service (i.e. seller/customer relationship) is completely different from requesting to be employed (employer/employee relationship) by a company. (this is my interpretation of US law, keep in mind, but I doubt EU is that much different in the differentiation between the two)
If you're a contractor and you're trying to pimp your services, that might be another story as that's getting into a client relationship. I suspect this EU law covers bulk transmissions pretty much exclusively.
If you could never, ever ask a person or business on an individual level to buy something from you, no one would ever drum up new business. In other words...if I ask just you to buy my product, that's probably ok under this law and it's really not spam....if I ask 100,000 other people at the same time, that's no good....and that's what this law is trying to prevent. Unsolicited bulk commercial email....spam.
All clear?
This message brought to you by the Council of People Who Are Sick of Seeing More People.
I have an email account so that I can get messages that I am interested in. I am not interested in ads. I pay an ISP for this account. The ISP sets prices for his accounts high enough to cover his costs. Some of these costs include bandwidth, storage space for email, modems for people to connect, and phone lines for those modems. The more of any of these things that the ISP has to have, the more the ISP's costs.
If the ISP does not gain any customers, but the bandwidth used goes up, he will have to raise the prices that I pay. If the ISP does not gain any customers, but the amount of storage space he needs goes up, he will have to raise the prices I pay. If the ISP does not gain any customers, but each customer has to stay connected longer to download their email, the ISP will have to pay for more lines and modems. Then, the prices I pay will have to go up.
If every customer of my ISP starts receiving 100 pieces of spam each day, the ISPs costs will rise, and the price I pay will go up. If every postal customer starts receiving 100 pieces of junk mail every day, my price does not increase. Why? Because with email the recipient pays for the delivery, while with physical mail the sender pays for the delivery.
The analogy above of somebody banging on the door ten times a day has one major flaw in it; there is no expense to the person who owns the door. Change the analogy to "If some guy picked a flower out of my flower bed 10 times a day..." Yes, the flower bed is outside and you can walk to it right from the street. You seem to think that this is an invitation for anybody who wants to to walk up and pick a flower. I (and the law everywhere) disagree. However, if you knock on the door and ask if you can pick a flower, I can then opt-in to your using my flower bed ("Sure, pick one any time.")
In your flippant answers above, one of the questions was, "So why does the fact that I have an email account ever allow you to message me?" Technically, you answered the question asked and not the question intended. So here are a few of the intended questions for you to answer:
- Why does the fact that I have an email account ever on its own authorize you to email me?
- Why do you feel that your mere existance justifies your "providing" me a service (i.e. spam) at my expense, which I have not asked for and have no desire for?
- Do people have a right to privacy?
- Do you have a fax machine on an 800- number? Please provide that number.
- What do you perceive as the difference between "free speech" and "speech for free"? Is there any?
(Personally, I think that the word "unfettered" needs to be hauled out and dusted off. It would make some of these conversations a lot easier.)Chris Beckenbach
That all countries of the EU are allowed to monitor and record data transmissions. This vote passed this morning, they're still debating over exactly what they're allowed to store (i.e. web URLS, web content itself, usenet etc)
:)
Sounds like I'm gonna have to move back to the US, or somehow find an ISP that's gonna work around all this. What I was wondering about was exactly where they want to scan the data. At the ISPs or somewhere at the backbone?
A little more information can be found here, if you can read Dutch
---
d . tml t / buse/Spam/Blacklists/
t cp - http://cr.yp.to/ucspi-tcp.htmld - http://cr.yp.to/ucspi-tcp/rblsmtpd.htmlo ftware
n et / buse/Spam/Preventing/. html
On my opinion SPAM is occuring as abuse of
ability to send mail to multiple recipients.
So here is an idea how to fight spam:
1. We need to limit number of users in messages in To: Cc: and Bcc: for a reasonable amount (about 30)
---
As you say below, the solution 'should' be on the client side (ie: filtering when receiving). The client, doesn't care, that's the point. Joe Public doesn't want to manage filters, and crap like that, they would rather complain about it, yell at their ISP and then curse the senders.
As far as client software (send & receive), if clients such as Eudora, Outlook, Mozilla, Pine, 'mail', etc. were to limit the numbers of mailings that could be sent (which it is doubtful they would) the spammer would just continue to use another software product. If software limitations were imposed (within sendmail, qmail, exchange, etc.) they (spammers and the below stated) would just go elsewhere.
In that case, the only limitations would be on people that had a legitimate reason for sending mass eMails, ie: family when someone is in the hospital, soccer moms & coaches, people continuing hoax's... (ok, we can get rid of them)
---
2. All messages that bear more addresses in To: Cc: and Bcc: should be junked on servers automatic ally.
---
First, See above.
Second, have you taken a look at your spam mail recently? Look at all of the headers, many (most) of the spam that comes through now-a-days has one address in it... yours, in the To: header. The amature spammers use massive Cc:/Bcc:/To:'s, but most of the effective spam will get past simple filters by putting your name in the To:.
Third, a problem that you will run into is that this will not be adopted due to the chance that some soccer mom, jehovah's witness, or someone in a Senator's office will lobby against this and will start an anti-spam-blocking-league as soon as they get's criticised for not putting someone on a mass mailing list.
---
3. If you have a legitimate need to use mass mailing - you should use DIFFERENT system. Not mail system. Better to use news for that purpose, but current NNTP-based newsgroups are way to hard to maintain and adding new group is a nightmare for "regular user"
---
"They" (spammer scum of the earth) are one step ahead of you. In fact, they already use a very different system for spamming. In many situations, spammers use open relays, one-time-use accounts (AOL Free 1000 hours, hotmail.com, yahoo.com, etc.), and established spam domains. The use of these is actually fully automated at this point, and when they don't use those, they send it from their own domain with a "You opted in to this mailing" or "You are receiving this due to our business partners" etc, etc...
---
I see that mailing lists that have only your "to" will go through this filter - but that proposed measures will junk a lot of spam already! The remaining should be a task for intellectual mail filters on a client side.
---
Not surprisingly, spam filtering falls under three items of the title 'computer security', information security, network security, and system security. And just as a company should not have -only- a firewall, a company should not -only- have a single spam filtering method. The method should be multi-tier with checks for who the mailing is addressed to, which content checks, blackhole/open relay lists checked, verifying the validity of the mailing user, etc.
Lastly, users need to take responsibility and be properly trained. Putting your eMail address on mailing lists, signing up for porn with a frequently used eMail address, and general stupidity help these scum harvest eMail addresses and users need to take action also [See Prevention].
I know they have been listed before, but I haven't seen a comprehensive list of resources on here recently so here one is:
Anti-Spam Manifestos and Organizations
The IETF Anti Spam Recommendations - ftp://ftp.isi.edu/in-notes/bcp/bcp30.txt
Fight Spam on the Internet! - http://spam.abuse.net/
The Coalition Against Unsolicited Commercial Email - http://www.cauce.org/
SpamCon Law Foundation Center - http://law.spamcon.org/
SpamHaus - http://spamhaus.org/
Blacklists -
Blacklists Compared - http://www.sdsc.edu/~jeff/spam/Blacklists_Compare
Google List of Blacklists - http://directory.google.com/Top/Computers/Interne
SpamCop Blocking List - http://spamcop.net/bl.shtml
Open Relay Black List (ORBL) (Currently Appears Down)- http://www.orbl.org/
Open Relay Database (ORDB) - http://www.ordb.org
OpenRBL DNS Lookup - http://openrbl.org/
Distributed Sender Boycott List - http://dsbl.org/
OsiruSoft's Open Relay Spam Stopper - http://relays.osirusoft.com/
MAPS (Mail Abuse Prevention System, RBL/RSS/DUL/NML) - http://mail-abuse.org/dul/
Vipul's Razor - http://razor.sourceforge.net/ (a distributed, collaborative, spam detection and filtering network.)
SpamAssassin - http://www.spamassassin.org
SpamBouncer - http://www.spambouncer.org/
Spam Cop - http://spamcop.net/
Abuse.net - http://www.abuse.net/ & http://www.abuse.net/tools.html
Tools -
QMail - http://www.qmail.org
QMail Anti-Spam Sectionhttp://www.qmail.org/top.html#spam
ucspi-
tcpserver - http://cr.yp.to/ucspi-tcp/tcpserver.html
rblsmtp
Procmail - http://www.procmail.org/
RBL Check Script - http://rblcheck.sourceforge.net/
Tagged Message Sender (TMS) - http://www.deepeddy.com/tms
tcp_wrappers - ftp://ftp.porcupine.org/pub/security/index.html#s
Preventing (Slowing) -
http://directory.google.com/Top/Computers/Inter
Five Easy Ways to Spam Prevention - http://www4.zdnet.com/anchordesk/story/story_1180
Sugarplum - (Generates fake eMail addresses for harvesters) http://www.devin.com/sugarplum/
Sneakemail - (Disposable eMail addresses) http://sneakemail.com
Emailias - (Disposable eMail addresses) http://www.emailalias.com
Credit to: Chris Hardie of chris@[X]sault.com insert 'summer' at [X] and everyone that is
an active member of the anti-spam groups around the world.
I cannot confirm nor deny the allegation or allegations you may or may not have just made
I'm not going to repost my previous comment on this, instead I will completely re-write and re-word it for those that think recycling one's own precious electrons that they themselves created is a waste.
Let me start by introducing myself. I'm 29, born and raised in san Jose, had a computer in my house since I was 5. Up until the .com crash I had a nice
7 year long career as a sysadmin for a lot of different companies. So yeah, I do
know a thing or two about computers, networking in general.
Well, I had been laid off for about 6 months or so. Wife n I bought a house a week before I got laid off, she got laid off 2 weeks later. Everyday this unemployed sysadmin would fax out résumé's trying desperately to get off the top ramen diet I had been on all while the words "Must not eat, must pay mortgage" played out in my head. I had dropped in weight from 240lbs down to 196. Poor desperate and at the end of my rope I decided to try and scrounge up some contract work.
Around that same time, a friend of mine told me something rather intriguing. His father down in Bakersfield apparently had a T1 line, and was running a spam operation out of his house and might need my help in making it better. It would be an all expenses paid trip (gas for his car, 7-11 burritos, big gulps, smokes) I told him I had sort of a moral objection to eat so let's go!
Well as we started out our trip I talked to my bud about how I was going to install list managers for his dad and how it would help him stay "legal" We switched subjects from our acid trippin days as teenagers to who was having kids these days. It's weird, as you approach 30ish it seems like you and all your friends wives are just shooting out babies and placenta like AA fire over Baghdad. Well 5 hours later we arrived at his fathers house and I began to surmise the situation.
*Thinking to self* Hmm I bet myself any money that it's just DSL... Nono... wait a minute what is he using that cisco2500 for??? Wait a minute, look at those orange lights flickering at 60hz Holy SHIT thats a CSU DSU! Wait lemme count...1.2.3.4 YES!! 4 COPPERS!
I looked over the rest of the room and saw that it was wall to wall screwdriver shop computers, all of them running win98. Then I opened my mouth.
"Wow, you really got your act together here!" He started showing me the different systems and softwares of his operation. To my horror and shock he was running a windows based open relay SMTP scanner!
*Open mouth, Insert Foot* "Uhhh sir? Using other peoples SMTP servers without authorization is trespass." Well I opened up the floodgates of this 53ish former Green Berets patriotic side. Oops!
"THE INTERNET WAS CREATED BY THE GOVERNMENT WITH MY TAX DOLLARS!! IF THESE SERVERS ARE OPEN RELAY'S THAT MEANS THEY WANT ME TO USE THEM! DON'T TELL ME I KNOW IT ALL! ALL THESE LAWS THEY'RE PASSING ARE INTERFERING WITH MY AMERICAN RIGHT TO DO BUSINESS!!"
At that point I had to think quick, c'mon toq, what would you say whenever someone was absolutely ballistic at the office. Somehow my ramen fed mind uttered the phrase, "I never thought of it that way, I think you're right!" Holy shit it worked! He calmed down after that.
The way home was spent driving faster than we had gone going there and explaining to my friend how what his father was doing was bad. He really didn't get it until I told him it fucks up his counter-strike and penciled in bandwidth calculations. 3 days of sleeping on a floor in a run down apartment complex wasn't really that fun. That and his father tried to shanghai us down to the army recruiters. Despite the negative involved it was a growing and learning experience because I saw exactly how the REAL down in the GHETTO spammers live. It's not pretty.
Sort of an update to the story, my buddies father is out of business. Not from an ISP shutdown though. His wife left him so he moved to the Philippines to avoid paying alimony. Myself, I've fully adjusted to eating less, working out more, and living on a string of contracts for everything from doing web work to 3D renderings of industrial machinery.
__
Choose mnemonic identifiers. If you can't remember what mnemonic means, you've got a problem. - Larry Wall
The vast majority in Europe (which was part of civilized society, last I checked) pays by the second.
On the other hand, and provided you don't receive cell phone calls while roaming in other countries, cell phone reception is free as in beer.
Overall and givcen the really rotten mess called mobile phone services in the US, my assessment in that specific respect is:
Europe 1 : US 0
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Yes, and the Junk Fax law, which is constitutional and has been upheld in a court of law, bans all unsolicited advertisement faxes. Why? Because there is a direct cost to be paid for receiving these commercial faxes, and it is unfair for the recipient to suffer the burdon of that cost.
If the content of the fax is not an advertisement then it's not illegal to send it unsolicited. Thus I cannot be prosectued if I accidentally fax you a 1000 page document on the sex life of llamas, unless I try to sell you some llamas within the document.
If you don't think that emails have a cost associated with them, you are quite incorrect. On a specious level, there's the cost of bandwidth to the ISP, the drive storage of the data, processing time of same, and the time it takes me, the end user, to realize that only 3 out of 120 emails I got today weren't SPAM and to delete them. On the specific level, if you have email access on a cellphone, or have maximum bandwidth allocations on your ISP, you can cite some very specific costs associated with that SPAM.
The precedent exists and it's not a bad one. The onslaught of email SPAM makes the old junk faxes look like a bad joke. MAPS and the like don't solve the problem - they mask it. The bandwidth is still being consumed and it's going up constantly.
Thanks for the info, I am just a lowly programmer, and not into law very much. ;-)
What is your opinion of class action lawsuits? Will they change anything fundamental in the current system, and in what way?
"First lesson," Jon said. "Stick them with the pointy end."
So, tell us all why you're such a zealous defender of spam...
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
You get free land-line service? Neat.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I asked, "What do you perceive as the difference between "free speech" and "speech for free"? Is there any?" You replied (in part): "The phrase "speech for free" doesn't really have a set meaning in my mind. It sounds like something you just invented. "Free speech", in my mind, means that the content of one's communications should never be regulated. I don't believe in any exceptions, unless you want to count conspiracy to commit a crime, which I personally see as more of an act than speech."
You sig reads: "Oppose a law to criminalize spam - watch your karma go down by 20. Can you say "witch hunt"?" Post/reply/flame all you want; I'm done with you. If you haven't figured it out by now, you're a waste of any more electrons. As Louis Armstrong said, "There are some people that if they don't know, you can't tell 'em."Chris Beckenbach
"Face it, by installing a telephone, you are consenting to receive obscene phone calls at 3:00AM."
Yep.
Nope. Obscene, harassing phone calls (unlike their e-mail equivalents), are illegal.
"Face it, by putting up a pool, you are consenting to let random strangers hop in and piss in it."
No. I don't really see the similarity at all actually.
Then let me spell it out in simpler terms:
My (hypothetical) pool is my private property. I pay for the equipment, the maintenance, and the recurring costs (chemicals, water, electricity, etc.) I have put it there for my use and the use of my invited guests.
My mail server is my private property. I pay for the equipment, the maintenance, and the recurring costs (bandwidth, electricity, etc.) I have put it there for my use and the use of my invited guests.
Storing your lawn mower outdoors is not the same as storing it in front of a sign which says "free lawn mower rental"
I have not put up a public announcement stating that anyone who wishes may:
a. Use my lawn mower for free.
b. Jump in my pool.
c. Send me advertisements via e-mail.
Therefore, I don't want to find random people using my lawn mower, swimming in my pool, or sending me random ads in my e-mail. Pretty simple to grasp, eh?
If you are going to argue that any e-mail server is a public facility, stop now. You are simply wrong and it has been proven over and over in court cases.
I am sick and tired I am of the Libertarian bull**** that people like you spew. If you want to live in a cabin in the woods, hating the government, and erecting booby-traps, cameras, and fences to keep people out, go for it. But don't give the rest of us a bunch of crap because we don't want to spend our lives erecting barriers to the rest of the world.
Re a pool, there is something reasonable--you put up a stinkin fence with cameras. We have laws if they encrouch on your property, you get them for trespassing, disorderly conduct, etc.
Re the lawn mower, duh. Get a lock and key.
The question is not whether I can find some way to defend my property. The question is whether or not we make it illegal for people to use my property without my permission.
It's silly to expect when you hand out party invitations in a public manner (and yes, it's public--network traffic is considered public) that there won't be a party crasher.
You are simply wrong as you can see from that link. A mail server is private property.
Use SSL authentication. Procmail/filter out. Use several addresses. Block multiple connections. Yes, when you put up a mail server, it's going to get connected to. The internet is not yours. It's PUBLIC. You ACCEPTED that when you had the choice to or not. You further had the choice whether to authenticate or use VPN. Did you? No.
Quit trying to impress everyone with your knowledge about how to construct a mail server through which no one can send mail. I'm unimpressed. I've consulted with a company that sells an expensive spam blocking system and probably know more effectively blocking spam than you ever will.
A mail server that cannot be accessed by normal people who e-mail through mass-market ISPs is as good as worthless.
Yes, when you put up a mail server, it's going to get connected to. The internet is not yours. It's PUBLIC.
The Internet is public but my mail server is PRIVATE! The road leading to your house is public, but that doesn't mean that I have a right to drive a car off of that public road and onto your private property.
If it's truly for your friends and specific organizations, filter.
If I put up a web page that says "e-mail me with comments about this web page", I don't have a list of who is going to e-mail me, but I have specifically limited the invitation to those who want to comment on the web page.
As to my e-mail filtering, it's DAMNED good. For every spam that gets through, I probably block 50 or more.
But I realize that the average person does not run their own mail server, does not know how to run one, nor should they have to learn how. I also know that mail filtering that works for me would never work for a wide audience at an ISP (I block all of Brazil, for instance).
By setting up a mail server to accept random ads, you're taking the risk that someone might send them to you.
I did not set it up to accept random ads. I set it up to accept e-mail sent to me.
Using your logic, everyone who received letters with Anthrax should blame themselves because their mailboxes accepted the Anthrax-tainted letters.
What slashdot fails to mention is that the law is ONLY for spam which is selling financial services.
Nope - there were two laws. One for financial services, which was dealt with a couple of weeks back, and one more general one that was passed in the past 24 hours
Using your logic attempted murder is the same thing as sending commercial email.
Using an analogy is not the same as saying that two things are of equal magnitude.
That said, the analogy stands. Blaming the mailbox, whether physical or electronic, for the contents someone puts into it is absurd. The only real flaw in the analogy is that the Anthrax tainted letters were delivered at the sender's expense while the recipients bear the brunt of the cost of spam.
>Not only must Spammers Die, they must Die in a horrible, fearsome fashion
No!!! they must LIVE in a horribly painful situation, preferably without limbs, senses and bound to a stockade in the middle of town for people to spam them with.. say.. rotten tomatoes, eggs, and cans of SPAM(tm).
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
In the case of the costs of spam - ranging from miniscule to nothing
The only number I've heard regarding the cost of spam was 6 billion dollars a year. I don't know if this includes infrastructure and bandwidth costs, or just the time taken to delete these e-mails, but there you go.
Synergy is your friend
The only number I've heard regarding the cost of spam was 6 billion dollars a year.
Most of which was probably the cost of enforcing terms of service agreements and fighting lawsuits. Criminalizing spam will only increase those costs, adding FBI agents, court costs, public defenders, and criminal prosecutors to the equation.
You get 10,000 spams a day. How do you know how much of that is spam?
Some moron faked something@my.domain as the From: address for his/her spam. So I get all the bounces. I've shut off the account, but I still write a line to a log file (in case I ever get a lawyer willing to work on a contingency basis), and I log over 10,000 bounces a day.
How much time do you think that it takes your users to delete those 10,000 e-mails?
Spammers are no more responsible for the time it takes to delete e-mails than slashdot posters are responsible for the time people waste reading posts.
It may only cost me 18 hours a year, but multiplied by the number of people that get spam, that's a big number.
You're kidding yourself if you think any but the largest businesses will have this law enforced for them. Multiply the number of FBI agents you need to enforce the law and multiply that by the average FBI agent salary and you'll get an even bigger number. That's my argument based on practicality. Because email is essentially anonymous, enforcement costs will far outweigh the benefit.
If MCI calls me and tries to get me to switch to their service, and I tell them not to call me anymore, they stop calling me. There are laws to insure that. Spam is not the same way.
If you tell a spammer to stop contacting you and they don't, it's harassment, and there certainly are laws to protect against that.
Furthermore, if you believe that there is no way to block spam without blocking legitimate e-mail, take telemarketing. Telemarketing laws seem to be working out okay for the states that have the no-call lists (such as mine). So what would be different about e-mail that would keep it from working?
Email is essentially anonymous. With phone calls there is a centralized record of every single origin and destination.
What do you have to lose if 10,000 e-mails a day didn't get to your server?
Money that I pay in taxes to enforce the law and a little bit of the feeling that I live in a free country. That said while I don't support the law I secretly hope that it gets passed anyway. I think only after seeing what a colossal failure that law will be will people be moved to start really working on technical solutions to the problem of spam.
Simply, this: why don't you support federal legislation whose goal would be to eliminate spam?
1) Practicality: Because spam is an international problem and because email is essentially anonymous, spam laws will not work, and will cost myself and all taxpayers large sums of money.
2) Morality: I don't believe that the federal government has the right to make laws applying to phenomena which occur solely on the internet. Rather I feel that internet legislation should be done through voluntary contracts.
For instance, every time an ISP peers with another, it should force that ISP to sign a contract that it will take certain steps to stop spam. When I get spam, I should be able to send it (with headers) to my ISP, who will send it to the originating ISP and ensure that the issue is taken care of. Perhaps a fee could even be charged (actual costs, or maybe three times actual costs), which could be passed down the line to the originating sender. If an ISP can't collect the fine from the originating sender, then the ISP needs to eat that cost itself, and put better mechanisms into place to stop that from happening.