Why Isn't SPAM Regulated Like Fax?

byronne asks: "It seems like spam has escalated so much lately that it seems to actually become a quantifiable bandwidth waster. The less bandwidth available, the less productivity due to spam-dedicated bandwidth is lost. Being primarily a phone system transmitted medium, why can't unsolicited junk email be regulated and controlled like junk fax? Just a simple question that I haven't seen anybody ask or relate together." SPAM is becoming more and more of a problem with today's e-mail. I used to find e-mail a valuable tool for communication, but even with filters, folders and SPAM software, I spend more time culling my inbox than I do reading mail (and if I see one more mail with "allhallowmas" in the title, I'm going to go postal!). Is regulation the answer? Many people fear such a move, but might it be time to give it some serious thought?

Fax regulation?

[cei]

To what extent is fax regulated? Is it on a national level, or on the state level? More states are starting to impose anti-SPAM laws, so this hardly seems like a revolutionary idea...

Re:Fax regulation?

[biohazard99]

Quiet down, don't give the spammers any ideas on contesting this in court.

Do NOT regulate email!

Regulating email will only result in higher cost and incomprehensible rules which hinder normal use. If there is any regulation which is needed at all it's that everybody has the right to reject email as he sees fit. A better way is to give people the tools to reliably detect unwanted mail. For some that may be just commercial email, for others "unwanted" may include political email. We need tools, not rules.

Fax Regulation vs Spam Regulation

[fwc]

Let me preface this with I think we need to do *something* about the spam problem, so the first part of this is *not* saying we shouldn't regulate Spam.

The reason that junk Faxes are against the law is because of the problems people were having with coming to work and finding a $50 roll of thermal fax paper spewed from their fax machines covered with nothing but essentially the content of most spam we're seeing today. This is a very real cost that you can put a figure on, and very definately was more expensive for the recipient to deal with. I remember hearing some stories of fax machines being tied up for hours with junk faxes.

The problem with spam is that it is hard to put a measurable cost on it, at least for the couple that the average joe gets a day. Plus, regulation in the US will just move the problem overseas in a lot of cases.

That said, I'm convinced that there is a very real cost to spam. I run spamassassin and literally get 200-300 spam messages in my spam folder every day, plus another 20-30 or so which spamassassin didn't catch. Conversely, I get about 20 legitimate emails a day.

On the mail server for the ISP I am the sysadmin for, spamassassin tags 75% of the messages we recieve as spam. We just spent $4000 buying hardware for our new mail server. If we had 25% of the load, we could have probably gotten away with a $1000 mail server instead.

Not to mention the times that a spammer decides to dump 10,000 messages on us within a 1/2 hour taking our mail server down to a crawl.

I'm hard pressed to come up with a workable, implementable solution which has any chance of working long term. Legislation has its problems. Technical solutions are a loosing battle on the filtering front. Economic solutions with advocate micropayments or similar (hashcash, etc) need to reach some sort of critical mass before they will help - but noone wants to implement them until they will. And so on.

There *has* to be a solution to this problem out there that someone hasn't come up with yet (or at least hasn't publicised properly).

I'm cutting down on spam

[DeadSea]

Here is how I did it:

1. I bought my own domain name. This allows me to have unlimited email addresses and to change addresses at will.
2. Put a contact form on your website. I couldn't find one that did everything that I wanted so I wrote one. It works on an alias system so it never reveals the email addresses that it uses. To use it, just edit the aliases to include your address and plunk it on your server. To prevent unwanted spam and automated submissions you can set regular expressions (server side with client side optional) to validate the form.
3. When an email address starts getting spam, disable it. I send an autoreply saying "You emailed me at an address that gets too much spam you can contact me at http://ostermiller.org/contact.pl"
4. Change contact info you have in public places such as your website to point to the form, rather than to an email address. That way the email addresses you use won't get spammed in the first place.
5. Encourage your friends not give your email address out to greeting card sites, somebody thinks you are cute sites, and email a friend this page sites. But even if they do, don't be afraid to change your address. If your friends email you at a disabled address, they will get a response to go to the form.

I've been using this system for several weeks. I now send out about 100 autoreplies each day (all those used to be spam in my inbox). I now get about 5 spam a day and I'm working to disable some of those addresses. (I still have to find a way to deal with bugzilla since it requires a public email address)

Yeah, right

[tswinzig]

Honestly, in this day and age a 2,000 byte e-mail is NO load on our servers or infrastructure.

Ask the big boys if spam is a problem. The services like AOL, MSN/Hotmail, Earthlink, etc... ask them if "in this day and age a 2,000 byte email is NO load" on their servers or infrastructure.

It's a BIG load and a huge headache.

The problem is that 2KB might not be a lot, but 1,000,000 2KB emails *IS*, and who is footing the bill to process that crap? The consumers that pay for email service, NOT the people sending the spam.

When you force other people to pay for something, when you give them no choice, that's illegal.

(Unless you're the government! :)

Re:Stop it at the source

[Evro]

Seriously though, the amount of spam people receive just isn't a problem. The folks who like to complain about it are just doing it to brag about how much time they spend on line and how connected they are. Enacting laws to charge spam senders for sending mail to individuals is silly; it'll cause more problems than it solves.

You know, this is the mentality of a 2-year-old. "Since the problem does not affect me, it must not really exist!" In any case, the cost of receiving an INDIVIDUAL spam may be trivial, but the problem is that people receive thousands of them. I personally use several DNSBL services to block open relays, I have most of Asia blocked (211.* 210.* 61.*), and I still get 4-6 spams a day. I also have one entire email address blackholed because it's the one I used to use on slashdot and a spambot picked it up, and it denies about 30 connections a day - that's 30 spams I would be receiving - so don't tell me that it's trivial. Time is money, and if I'm one person potentially receiving 40 emails a day, then a network administrator in a company of 100 is easily dealing with 4,000 a day. Do you still think that's trivial?

No! Technological Solutions!

[Tom7]

No, regulation is not the answer. There are loads of technological solutions of varying complexity: hash cash, authentication, etc. If we care a lot about Spam, we should be working to decide on a technology and implement it in our mail readers. (There are some, already, like S/MIME, that have a fair amount of deployment.)

Think about what you're saying: Legislate to try to extend the life of a legacy system? We should not be encouranging the government to do this kind of thing. How much do we hate the DMCA? How much will we hate the anti-anonymous e-mail law? Don't we *want* authenticated and encrypted communication anyway? Why do we use ssh for typing commands at our shell (pretty boring to read, except for passwords) but SMTP for our english messages (often much more sensitive!)?

Re:No! Technological Solutions!

what is wrong with requiring legit return info and ADV:?

they can still send it. but it has to have those 2 pieces of info