Slashdot Mirror
Do-Not-Email Registries?
prgrmr writes "Wired has an article about Colorodo and Missouri's latest legislative proposals to deal with spam and with spammers. There appears to be actual consumer-protective teeth in these bills which mirror the telephone 'do not call' lists. A nice example of a government perpetuating a working concept instead of trying inventing new ways to break things."
To get an update on this registry, just send a blank email to opt-in@colorado.gov.
In Washington State, spam is illegal and the attorney general encourages people to file complaints. These are often done by filling out a simple form.
To help argue against spammers saying "we didn't know this address originated from Washington State", there is online registration for users who reside in the state and do not want to receive spam. You can find it over here:
http://registry.waisp.org/
-trout
I'm on a state no-call list, and it's practically worthless. No all my sales calls have callerID numbers like 999-999-9999. Obviously if my phone privacy can't be protected, this email no-call list will be equally useless. Not to mention that... I can already see that the no-call list would be the most extensive (and valuable) list ever compiled. Who would secure it and how?
Jay Nixon is the attorney general of Missouri where I reside.
He has been very active in ensuring his office in on the net and useful.
He has made great strides in the nocall area. His legislation is used as a template by most states.
Here is an older story with much more info on the legislation and what it brings to the table.
Good to see state government making a national impact.
First off, let's assume that DNC lists work for phone and paper direct marketing. (We all know that they don't, but let's pretend.)
DNE lists *can't* work, for several reasons:
* There's not a one-to-one correlation between people and email addresses. Many (most?) people have several addresses: Even AOL members get up to eight. So do those people have to "unsubscribe" eight times? What about those of us who invent new email addresses for different uses? It's not unusual for someone to have dozens or even hundreds of addresses.
* Let's not forget role addresses: root, webmaster, postmaster, etc. Someone would have to put those on the DNE list.
* What about the poor schmuck who gets "fallback", i.e. [anything]@domain.com? That's the default in many systems.
* Some email addresses have several people connected to them -- for example, mailing lists. Who unsubscribes those?
* Some email addresses have *no* people connected to them -- for example, those controlling processes. Would anyone even know to add them to the DNE?
Some proposals have included a provision that allows one to add entire domains to a DNE list. These are somewhat better, but they have several problems with them. For one, it would trump the individual preferences of those using the domain.
But ultimately, the main problem is that *the burden shouldn't be on the recipient*. Unlike phone (a common carrier) or postal mailboxes (government property), email boxes are private property, requiring private funds. Access without permission is trespass.
BTW, see law.spamcon.org for a list of states with current antispam laws. I live in one with an opt-in law: California Business and Professions Code 17538.45.
--Tom Geller
Founder, SpamCon Foundation
Tom Geller
See the site in my sig. Uses MD5 to distribute addresses so the spammers can remove addresses that match, while not exposing the others for harvesting. Of course, it can be brute-forced, but the chances of getting a match that way are so slim that I doubt any spammer would make an effort to do so when there are easier ways to harvest addresses. Then there is the issue of the spammer getting a match and moving it to a "better" list because they would know it was a live address. All risks, of course, but what doesn't have risk on the Internet?