Why Isn't SPAM Regulated Like Fax?

byronne asks: "It seems like spam has escalated so much lately that it seems to actually become a quantifiable bandwidth waster. The less bandwidth available, the less productivity due to spam-dedicated bandwidth is lost. Being primarily a phone system transmitted medium, why can't unsolicited junk email be regulated and controlled like junk fax? Just a simple question that I haven't seen anybody ask or relate together." SPAM is becoming more and more of a problem with today's e-mail. I used to find e-mail a valuable tool for communication, but even with filters, folders and SPAM software, I spend more time culling my inbox than I do reading mail (and if I see one more mail with "allhallowmas" in the title, I'm going to go postal!). Is regulation the answer? Many people fear such a move, but might it be time to give it some serious thought?

Fax regulation?

[cei]

To what extent is fax regulated? Is it on a national level, or on the state level? More states are starting to impose anti-SPAM laws, so this hardly seems like a revolutionary idea...

Re:Fax regulation?

[eMilkshake]

From http://www.markwelch.com/faxlaw.htm (referencing 47USC227):
Under United States law, it is unlawful "to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisement" to any "equipment which has the capacity (A) to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper." The law allows individuals to sue the sender of such illegal "junk fax" or (arguably) "junk email" for $500 per copy. Most states will permit such actions to be filed in Small Claims Court.

Re:Fax regulation?

[SN74S181]

These laws date from back in the time when thermal fax paper was a significant tangible expense and people sending unsolicited commercial faxes were using a lot of it up.

Re:Fax regulation?

[biohazard99]

Quiet down, don't give the spammers any ideas on contesting this in court.

Regulation...

[Hyped01]

Because the 'Net is mostly carried (at one point or another)via telephone circuits doesnt allow it to be regulated as such.

That would be akin to paying diesel fuel prices for your home heating oil. You dont. Automotive fuel, even when it is the same as home fuel, is regulated and taxed differently. So, saying that all cars and truck owners are taxed 70 cents for a gallon of fuel oil, so all homeowners should be (just because many or most use the same oil) wouldnt be a good idea.

Expanding a regulation to cover all aspects of the 'net because most use, for a limited portion of it's operations, certain otherwise regulated technologies would be difficult just based off the fact that many 'Net offerings dont qualify for those regulations - meaning no "jurisdiction"for lack of a better word...

-Rob

Re:Regulation...

[alnapp]

Because the 'Net is mostly carried (at one point or another)via telephone circuits doesnt allow it to be regulated as such.

Unlike fax which is carried by?

Re:Regulation...

[joto]

Why would it be so bad to have sane laws and regulations where a gallon of diesel is taxed like a gallon of diesel, regardless of its purpose? The reason for the tax is to reduce pollution, and to make money for the government. Every other consideration are there as a result of the endless bickering between different political views.

Sometimes I loose faith in democracy, producing more and more complex rules and regulations, making it less and less possible to make any sense of it at all...

As for email, I think the only solution is to make the sender pay for each email sent, like it is with phones, faxes, and snail-mail. The question is just how to do that, and who should receive the money :-)

Daniel Bernstein has a new email-system where the sender stores outgoing messages, not the reciever. That would help somewhat, but not enough (disk-space is cheap). Two other alternatives is hash-cash or micropayments. The reciever remains free to charge whatever he wants from any recipient, but must of course announce the amount before the email is sent. Typically, one would set this to something relatively low (say, one CPU second, or 10 cent) for unknown senders, and nothing at all to well-known senders (and something ridiculously high for really determined spammers ;-)

Re:Regulation...

[eMilkshake]

The purpose of a tax is to remedy negative externalities that are not accounted for when a free market finds its own equilibrium point.

In other words, when supply meets demand on the chart, it takes into account the suppliers' costs, but doesn't take into account the cost to society. Therefore, suppliers produce more than is ultimately beneficial to society. An effective tax pushes demand back to the societal optimum. A well-designed tax then pumps money into programs to further offset the externalities.

If you see two different taxes on the same good used for different purposes, it's because the negative externalities are probably different for those two puposes.

IANAMBA (yet)

Do NOT regulate email!

Regulating email will only result in higher cost and incomprehensible rules which hinder normal use. If there is any regulation which is needed at all it's that everybody has the right to reject email as he sees fit. A better way is to give people the tools to reliably detect unwanted mail. For some that may be just commercial email, for others "unwanted" may include political email. We need tools, not rules.

Re:Do NOT regulate email!

[schon]

Regulating email will only result in higher cost and incomprehensible rules which hinder normal use.

hmm, you mean just like regulating fax spam (which is in the damn question!) resulted in higher cost and incomprehensible rules?

Sorry, your argument doesn't wash.

Re:Do NOT regulate email!

[YellowElf]

You sound like a spammer to me. :-)

Your solution does not solve the problem whereby Internet bandwidth is wasted. The mail still goes to the end-user's pickup point, where some user-defined rules reject it.

In addition, spam is a part of a technology/counter-technology process: you write a filter, then the spammer writes cleverer things to get around the filter. It is a Hard Problem to write a tool that correctly rejects the spam and correctly saves the non-spam. Obviously you don't have this tool to provide for us, so you handwave as though it already existed.

Yes, regulation will result in higher cost, but not necessarily in "incomprehensible rules," nor will it necessarily "hinder normal use." Fax rules are pretty clear, and work well. We have regulations for various services because we need them. Why else would our phone system be regulated? Because the Ma Bell is a dirty greedy company that wants desperately to cut corners and provide us with inadequate service in order to raise profits. So with e-mail; prevent its abuse so that we can have adequate service and an unnecessarily diminished infrastructure.

The real problem is that spam costs the spammer nothing; the real costs are borne by the receiver and his intermediaries. A similar thing happened with fax adverts, where people were getting pages and pages of junk, using up paper (expensive!) and preventing the real faxes from getting through because the whole roll was used up before the night was through (though the sender might have had to pay phone charges). Junk p-mail behaves better because the costs are borne by the sender; p-mail advertisers are remarkably efficient in targeting end-users, using bulk-mail rates, and so on.

Maybe ISPs should charge for number of recipients that a sender sends to, but even this seems a Hard Problem with remote distribution lists appearing as a single recipient. But it seems to me that until the sender starts bearing some costs for extra recipients, the spam problem will remain.

--dv

Re:Do NOT regulate email!

[YellowElf]

Telemarketing has been a fact, but recent regulations have improved. You can now have your phone number added to a database which all US telemarketers must check before calling you. If they call you when if you are in that database, or if they call back after you have explicitly requested that they not call you back, they can be fined $500 for each violation (or some such fee). Perhaps not many people know of this database, but it does work and several telemarketers have been successfully sued for their violations. I still stand by my statements that regulations don't have to be incomprehensible, nor hinder normal use. I am unfamiliar with the "screening services" you mention, but I don't think anyone has to buy these to accomplish a reduction in telemarketing calls.

Telemarketing is less prevalent than spam though, because there has to actually be a live person on the other end (usually) to make it really work. But I see your point that e-mail is a different issue. It is international in scope and forgible in content.

The phone regulations work because the infrastructure is there to support it. E-mail does not have this infrastructure: phone calls are traceable, and centrally controllable while e-mail is potentially UNtraceable and not centralized.

Then perhaps what we need is a better infrastructure? A series of "trusted" servers perhaps, with required configurations? Some overseeing body to reject a server deemed irresponsible? That would also mean a centralized location for complaints... a big plan but perhaps necessary.

Another idea is to go after those who benefit. At some point there is a name or URL to visit or write. If they aren't the spammers, then they can provide who is or be shut down anyway. I know this approach has been taken by some mail administrators, but won't work unless it's applied consistently.

This all sounds like turning e-mail into the phone company, but I don't have another workable solution right now. Hmmmm.... more ideas, anyone?

--dv

Answer:

[3-State+Bit]

Because SPAM has a marginal cost of $0, to both sender and receiver.

It doesn't REALLY cost anyone anything more that you're sending 100,000 pieces of mail versus 1000 to a campus-wide discussion group, EXCEPT for the time that the 100,000 people receiving it must spend deleting the mail.

Honestly, in this day and age a 2,000 byte e-mail is NO load on our servers or infrastructure.

It is a load only on the receiving party.

What I might like to see implemented though is this:
I will run a public in-box to which you must deposit 30 cents with each e-mail you send to it. My friends can just get it back at an appropriate time (since the micropayment architecture allows for zero-fee transactions, they're just entries in a database), or via the e-mails that I send to them in reply, and the businesses that I do business with can just charge me 30 cents more to pay for the privilege of learning about their product, but the businesses that I DON'T want anything to do with will either stop bothering me, or pay me nicely for my time -- I'll glance at 20 subjects, decide I'm not interested in any of them, and wa-la, I've made $6 in ten seconds.
This will have a bunch of good effects:
1. Illegal spam will be traceable to a source, since SOMEBODY's account is making me those micropayments.
2. I will see more products I'm interested in, since companies will have 0 cost of printing advertising materials, only the shipping. Whereas I get some interesting postal junk mail now, I will get more interesting junk e-mail if you remove the cost of printing. Also, instead of the advertisers paying the us postal service, they will be paying me.
3. I will be paid back for what I'm paying my ISP in order for it to uphold my end of the mail infrastructure.
4. etc.

It also shouldn't be that hard to establish this kind of a micro-payment system. Imagine this:
Here is a nonprofit company, xyz, that keeps monetary entries in a database, you can make any transaction for free, but you can only deposit or withdraw money in increments of $50. This keeps enough money in xyz's bank to pay, via interest, the transaction costs of writing out and receiving checks.

This is also a good way of paying artists. I'll send you 5 cents, and when enough people have sent you five cents, you can get a check out of it.

(Of course, to start sending people 5 cents, I will first have to deposit $50, but that's a small detail...also, if I REALLY want my $1.50 out, I can give it to someone I know who has over $50, so that the next time they take out money, they'll take out that much more and give it to me.)

We can even do it so that you don't even need to register to start receiving payments. I can simply mail cmdrtaco@slashdot.org $0.05, and he won't even know about it unless his e-mail receives more than $5, at which time he'll be reminded, once, via e-mail, that he has that much in, and that when it reaches $50, he can withdraw it. Authenticating the e-mail works the same way it does today for sending a gift-certificate to an e-mail address via amazon. You send an only-usable-once URL that requires information from the e-mail in which it appears in order to authenticate.

The best part is, a lot of e-mails might only ever receive less than $50, because people stop caring or the e-mail becomes shut down. In this case, the money just stays in xyz's coffers, to help finance the operation, until the end of time, or until the paying party retracts the money (since it is to an UNVERIFIED e-mail), whichever comes first.

It's a lot better than paypal, which "charges a transaction fee just for changing a number in one of its databases", to paraphrase someone I read on slashdot earlier.

What do we all think? Micropayments for everyone? (Miniature american flags for others.)

I know a BUNCH of famous people I'd instantly donate a dollar or two to, of whom presently I have only the e-mail address...

Marvellous...

(yes, voila.)

Re: Answer:

[Black+Parrot]

> Honestly, in this day and age a 2,000 byte e-mail is NO load on our servers or infrastructure.

Funny, within the past week my mail admin has sent out notice that excessive spam is causing delays in the distribution of legitimate mail from off-site.

Also, you seem to be getting uSpam. I can filter with 90% accuracy by deleting all the messages > 10KB in my inbox. 2KB is a typical size for the legitimate messages I get. Spam tends to use huge amounts of sloppy HTML and/or large attachments.

Re:Answer:

[ebbe11]

Because SPAM has a marginal cost of $0, to both sender and receiver.

I beg to differ...

It doesn't REALLY cost anyone anything more that you're sending 100,000 pieces of mail versus 1000 to a campus-wide discussion group, EXCEPT for the time that the 100,000 people receiving it must spend deleting the mail.

Your time may be free but most people's time isn't. Lets (rather arbitrarily) set the hourly rate at $30. If it takes 10 seconds to take care of a spam mail (update blocking list and filters, delete the mail), 100,000 spam mails will cost around $8.300 in lost time. And that is for just one (1) spam mail.
No, it won't cost each person very much but collectively, the cost is significant - especially when you take into account that most people get several spam mails every day and that 100,000 pieces of a single spam mail is rather on the low side.

It doesn't help

[soegoe]

Here in Germany, junk mails (e-mails, that is) are considered the same as junk faxes legally. It doesn't help much, though: Either you can't trace the spammers, or they're sitting in some obscure Caribbean country where your legislation has no power.

It could

[anthony_dipierro]

Being primarily a phone system transmitted medium, why can't unsolicited junk email be regulated and controlled like junk fax?

It probably could. One reason it shouldn't be is because unlike telephone companies which are common carriers, ISPs can set their own regulations with regard to what content they will allow over their wires.

congressmen

[blastedtokyo]

there's no legislation since they're all enjoying their increased endurance, university diplomas, amazing weight loss, free money, human growth hormones and ability to see the sexiest women in the most compromising positions.

The real question, is why aren't you?

Fax Regulation vs Spam Regulation

[fwc]

Let me preface this with I think we need to do *something* about the spam problem, so the first part of this is *not* saying we shouldn't regulate Spam.

The reason that junk Faxes are against the law is because of the problems people were having with coming to work and finding a $50 roll of thermal fax paper spewed from their fax machines covered with nothing but essentially the content of most spam we're seeing today. This is a very real cost that you can put a figure on, and very definately was more expensive for the recipient to deal with. I remember hearing some stories of fax machines being tied up for hours with junk faxes.

The problem with spam is that it is hard to put a measurable cost on it, at least for the couple that the average joe gets a day. Plus, regulation in the US will just move the problem overseas in a lot of cases.

That said, I'm convinced that there is a very real cost to spam. I run spamassassin and literally get 200-300 spam messages in my spam folder every day, plus another 20-30 or so which spamassassin didn't catch. Conversely, I get about 20 legitimate emails a day.

On the mail server for the ISP I am the sysadmin for, spamassassin tags 75% of the messages we recieve as spam. We just spent $4000 buying hardware for our new mail server. If we had 25% of the load, we could have probably gotten away with a $1000 mail server instead.

Not to mention the times that a spammer decides to dump 10,000 messages on us within a 1/2 hour taking our mail server down to a crawl.

I'm hard pressed to come up with a workable, implementable solution which has any chance of working long term. Legislation has its problems. Technical solutions are a loosing battle on the filtering front. Economic solutions with advocate micropayments or similar (hashcash, etc) need to reach some sort of critical mass before they will help - but noone wants to implement them until they will. And so on.

There *has* to be a solution to this problem out there that someone hasn't come up with yet (or at least hasn't publicised properly).

Re:Fax Regulation vs Spam Regulation

[grahamm]

As long as the typical political logic of "Something needs to be done, this is something, so this must be done" is not applied to the problem. The Spam problem needs a solution but the wrong one could make things worse than they are now.

Re:Fax Regulation vs Spam Regulation

[dacarr]

There are solutions, but they're not legislation - as a poster in Germany pointed out (quite insightfully, might I add), US legislation has no effect if the spammer is doing it in a foreign country (I believe the current spam rush I'm getting is from South America, mostly Brazil).

As far as I can tell for the solution, if the ISP's don't want to cooperate with what is "acceptable", the only real solution is Internet Death Penalty - that is, failing to recognize spam friendly ISP's at the router level and accordingly dropping their packets to /dev/null.

Re:Fax Regulation vs Spam Regulation

[dacarr]

Re-read my original message and pay very close attention to the part about "packets", sir. Mail be damned, if it's an ISP that is a known spammer and not willing to conform (let's say Cyber Promotions gets back into the spam game) - method of last resort is to ignore all TCP/IP and/or UDP packets from that machinery set. That means everything - as large as slashdot effect on http and as small as a ping or NTP request - goes nowhere. That includes mail. That, mon frair, is the internet death penalty.

See this URL for more details.

I'm cutting down on spam

[DeadSea]

Here is how I did it:

1. I bought my own domain name. This allows me to have unlimited email addresses and to change addresses at will.
2. Put a contact form on your website. I couldn't find one that did everything that I wanted so I wrote one. It works on an alias system so it never reveals the email addresses that it uses. To use it, just edit the aliases to include your address and plunk it on your server. To prevent unwanted spam and automated submissions you can set regular expressions (server side with client side optional) to validate the form.
3. When an email address starts getting spam, disable it. I send an autoreply saying "You emailed me at an address that gets too much spam you can contact me at http://ostermiller.org/contact.pl"
4. Change contact info you have in public places such as your website to point to the form, rather than to an email address. That way the email addresses you use won't get spammed in the first place.
5. Encourage your friends not give your email address out to greeting card sites, somebody thinks you are cute sites, and email a friend this page sites. But even if they do, don't be afraid to change your address. If your friends email you at a disabled address, they will get a response to go to the form.

I've been using this system for several weeks. I now send out about 100 autoreplies each day (all those used to be spam in my inbox). I now get about 5 spam a day and I'm working to disable some of those addresses. (I still have to find a way to deal with bugzilla since it requires a public email address)

One solution...

[Troy+H+Parker]

You could charge for Email, something small and insignificant to the average (or even hardcore) user, but expensive to the bulk 1,000,000 mail a day spammer.

Of course this would only make sense if Spam were sent through a normal user account, rather than a cracked box or open relay. Back to the drawing board.

Re: Just the Fax, Man . . .

[Black+Parrot]

> I'll follow the assumption that since faxes kill trees that they would be regulated.

Presumably the typical legislator notices the huge pile of junk faxes, but not the huge pile of deleted e-mail. Remember that this is a headache for staffers rather than for the legislator.

US legislation would help, IMHO

[KjetilK]

Here in Norway we have some quite nice anti-spam laws, and Norwegian spam is very rare. The majority of the spam is from sources in the US. Obviously, our legislation doesn't help on that.

Block lists can excert some pressure on parties to fix their spam problem. RBL tried to excert pressure on ISPs, it worked for a while before they got toothless. SPEWS has fallen down on the opposite side, blocking too much is degrading the value of the block list.

However, I wouldn't mind blocking some obscure Caribbean country at my mailserver entirely, and if enough people did, they would have to enact good legislation, or find themselves isolated from the world. I think that pressure would work.

However, this can't be effective right now, because most of the spam is coming from the US, and it is harder to block the US back to the stone age.... Therefore, I think some clueful US legislation is the key to the spam problem. Unfortunately, leading legal scholars doesn't seem to have much confidence in that the US will enact anything clueful right now... :-(

Yeah, right

[tswinzig]

Honestly, in this day and age a 2,000 byte e-mail is NO load on our servers or infrastructure.

Ask the big boys if spam is a problem. The services like AOL, MSN/Hotmail, Earthlink, etc... ask them if "in this day and age a 2,000 byte email is NO load" on their servers or infrastructure.

It's a BIG load and a huge headache.

The problem is that 2KB might not be a lot, but 1,000,000 2KB emails *IS*, and who is footing the bill to process that crap? The consumers that pay for email service, NOT the people sending the spam.

When you force other people to pay for something, when you give them no choice, that's illegal.

(Unless you're the government! :)

Fax gets junk mail too

[Leimy]

At least we do where I work... its basically people with the fax equivalent of a war dialer sending us bullshit we don't want

a four letter solution...

[kevin+lyda]

tmda. i've been using it for several months and it blocks pretty much all spam i get. currently my tmda pending directory has over 700 files which are all most likely spam. i hold them for a week and then i delete them.

or rather tmda holds them for a week and then cron deletes them.

no one has had trouble reaching me. if you'd like to check out tmda, see here. and if you'd like to see what it's like to email a tmda protected address, mail me at kevin@ie.suberic.net.

btw, i'm not a tmda developer, i just happily use their s/w. it is of course free s/w.

Follow the RIAA Method...

[grantdh]

Hey, if the RIAA "DoS/Hack P2P copyrighted music traders" bill gets passed, surely we can use this to legitimately net.nuke the spammers into the dirt??? :)

Currently, 44% of my mail is spam

[TheTomcat]

See real-time (updated every 10 mins) status here.

(please be gentle. I'm only posting this because it's not on the main page...)

S

Re:Stop it at the source

[Evro]

Seriously though, the amount of spam people receive just isn't a problem. The folks who like to complain about it are just doing it to brag about how much time they spend on line and how connected they are. Enacting laws to charge spam senders for sending mail to individuals is silly; it'll cause more problems than it solves.

You know, this is the mentality of a 2-year-old. "Since the problem does not affect me, it must not really exist!" In any case, the cost of receiving an INDIVIDUAL spam may be trivial, but the problem is that people receive thousands of them. I personally use several DNSBL services to block open relays, I have most of Asia blocked (211.* 210.* 61.*), and I still get 4-6 spams a day. I also have one entire email address blackholed because it's the one I used to use on slashdot and a spambot picked it up, and it denies about 30 connections a day - that's 30 spams I would be receiving - so don't tell me that it's trivial. Time is money, and if I'm one person potentially receiving 40 emails a day, then a network administrator in a company of 100 is easily dealing with 4,000 a day. Do you still think that's trivial?

No! Technological Solutions!

[Tom7]

No, regulation is not the answer. There are loads of technological solutions of varying complexity: hash cash, authentication, etc. If we care a lot about Spam, we should be working to decide on a technology and implement it in our mail readers. (There are some, already, like S/MIME, that have a fair amount of deployment.)

Think about what you're saying: Legislate to try to extend the life of a legacy system? We should not be encouranging the government to do this kind of thing. How much do we hate the DMCA? How much will we hate the anti-anonymous e-mail law? Don't we *want* authenticated and encrypted communication anyway? Why do we use ssh for typing commands at our shell (pretty boring to read, except for passwords) but SMTP for our english messages (often much more sensitive!)?

Unfortunately, we just can't do that....

[CSG_SurferDude]

Sure, you could make a law that says "You can not send SPAM to a U.S. Address".

What do you do about that fool in (pick your favorite "other" country)?

Do we send in the Marines to arrest him/her/it?

Do we start to have all of our ISPs block everything from that country in retaliation?

Unfortunately, I see no real solution other than to have our ISPs use some sort of SPAM-blocking software, and to have the attorney generals of the states aggressively go after the fools who spam on illegal activities (chain letters, pump and dump, preteen photos, etc.)

One problem I've seen

[dacarr]

Oddly enough, some of the spam I get still has endorsements for Senate Bill 302 (you know, "it's legal because it has an out"). What's not clear to me however is why they do this, but as far as I can tell it's because they don't understand the process of making laws (and that accordingly bills aren't valid until that point), or if it's because they do and they are severely underestimating the average spammee's intelligence.

But that I recall, this bill was more or less forgotten on the Senate floor.

There was a case

[www.sorehands.com]

There was a 3rd Circuit case that argued jurisdiction on the TCPA, but....

in a footnote it said that it was a SPAM not a fax. The court ignored that issue. There are no cases that an appeals court ruled that the TCPA does not apply to SPAM.

Once again, for the umpteenth time

[CaptainZapp]

1) In America, the first ammendment protects speech, even commercial speech. As tasteless as spam is, regulating sets a dangerous precedent. Unpopular political speech could be artfully labelled as spam to silent those with differing views.

Yeah, I know this really tired argument by just about every spammer; but:

Your right to speak ends where you infringe with my right to be left alone.

You should have the right to stand at a street corner and spew whatever you feel like spewing. You do not have the right to yell into my ear; you do not have the right to spew your message at 3am via loudspeakers in a residential area and you do not have the right to disseminate your message with a bullhorn during a Verdi opera at your local opera house.

If I consider shitting on a carpet as an art form, you'll probably agree that I shouldn't have the right to perform my art on your living room carpet.

There's no need to thank me.