Slashdot Mirror
Do-Not-Email Registries?
prgrmr writes "Wired has an article about Colorodo and Missouri's latest legislative proposals to deal with spam and with spammers. There appears to be actual consumer-protective teeth in these bills which mirror the telephone 'do not call' lists. A nice example of a government perpetuating a working concept instead of trying inventing new ways to break things."
To get an update on this registry, just send a blank email to opt-in@colorado.gov.
Next, try and get all spammers to admit that what they are sending is "unsolicited". That's not going to happen any time soon.
-- 'The' Lord and Master Bitman On High, Master Of All
Will there be an opt-in list for those of us who still want to enlarge our penises and make money fast?
---
Hello, Slashdot user. My name is Dr. Sbaitso. I am here to help you.
Fight Spammers!
In Washington State, spam is illegal and the attorney general encourages people to file complaints. These are often done by filling out a simple form.
To help argue against spammers saying "we didn't know this address originated from Washington State", there is online registration for users who reside in the state and do not want to receive spam. You can find it over here:
http://registry.waisp.org/
-trout
Hi. I an email market-person from Laos. Where I get list so...ummm...I know who... er...not ... to send e-mail?
I don't think this will work. Do not call lists (for telephone spam) work fairly well because it's rather easy for the government and/or utilities to investigate who is violating a DNC list. This is made even easier by the fact that phone/fax spam from abroad is almost non-existent in the USA.
With email, it is far more difficult to stop. First, the jurisdictional issues. Second, it is trivial for an email spammer to hide his identity -- there are plenty of open relays to bounce through.
I already receive spam for "500,000 opt-in email addresses on CD!" -- when do-not-email lists are in place, I'm sure I will be getting adverts for "500,000 do-not-email addresses on CD!". And nobody will be able to stop them.
I don't get it.
They (CAUCE) complain that it shifts the burden onto the consumer to be a member of the opt-out list (which is free, and easy to get into). The complain that we are treating the symptoms and not the cause.
Bull. It costs the spammers money to even SEE the lists, and they face $500+ penalties if they don't check and mail first. Hence, this is a real financial deterrent (at least in those states). This artificially raises the transaction costs, which gets at the cause (that is, email is cheap and free).
Instead, CAUCE wants it to be like junk fax laws wherein no one can send you email without having established "a business relationship" with the recipient. I see too many ways of twisting this around in court that would prevent legitimate email from being sent to people when your first contact with them would be through that medium. It would scare people away from just sending email notes because they won't know how it'll be interpreted at the other end. I can envision paranoid use policies sprouting up in IT departments all over our fair land. Nooo!!!!
What is unclear is whether both the spammer and the spammee (sp ?) have to be in the same state (or in states with similar laws) for this to be effective. In that case, all the spammers will just base their operations in Florida where half the GDP comes from MLM and other scams.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
No?
So what good is it?
Is this truly the only Earth I can live on?
Jay Nixon is the attorney general of Missouri where I reside.
He has been very active in ensuring his office in on the net and useful.
He has made great strides in the nocall area. His legislation is used as a template by most states.
Here is an older story with much more info on the legislation and what it brings to the table.
Good to see state government making a national impact.
Great, we'll stop the spammers by building a huge central repository of working email addresses, and then give access to the lists to spammers worldwide. How could THAT backfire?
scott
Sounds like a great idea...but....
with a forged packet headers, open relays, and a global internet not subject to any one state or country's laws..is this in any way enforceable?
With a Do Not Call list, one single entry covers all my phone extensions. Since the teleslimers will be comparing only the basic phone number, and not the number with its extension, against the list, by simply having my number without any extension in the list, a proper lookup will match and they can skip that number. None of my extensions will be called.
The issue is how to do this for email addresses. Many mail servers allow for "extensions" by having a certain special character such as "-" or "+" or "." followed by an "extension". By simply having the email account of the part before the separator, you automatically have every possible extension. Some people call this tagged email. And example would be jsmith-foobar@example.net where only jsmith@example.net would be in the list.
Many people even have their own vanity domain names, and regardless of what username is used before the @-sign character, they get the mail like the whole username were the extension.
For a registry to work, for at least those who are required to use it, it must meet at least these two requirements:
I looked at the registry run by the Washington Association of Internet Service Providers and found that the verification process only works one at a time. This makes their registry virtually useless. Of course, distributing the addresses in the raw will be worse, as it will get in the hands of spammers out of the country, and everyone will just get more spam because now spammers will have a list of address that are even more likely to have someone reading. And some will be mass mailing to such a list just to destroy the effectiveness of registering.
One option is to distribute an SHA1 checksum of each address. Then all that needs to be done on the mailer's end is to test each address by generating the checksum and looking that up in the database.
But even that has a risk, and I'm wondering if even that should be allowed. That risk is that spammers will run all their millions of email addresses through the process, and produce a subset of those who are registered, and then from out of the country ... they will spam the hell out of just those.
In the end I think the only real solution is for a law that establishes two distinct networks (same address assignment base, but disjoint routing), one where spamming is allowed, and one where it is entirely prohibited under threat of jail time (for the executives in the case of corporations, LLCs, etc). Each ISP can then choose to service one or the other or set up dual but separate facilities to serve both. Wanna bet which network most will choose?
now we need to go OSS in diesel cars
I understand the problem with SPAM, but why a legal solution to a technical problem?
Because it's not a technical problem- it's a social problem that happens to involve technology. I suppose the phone company should come up with technical method to stop telemarketers as well, but the failure of technical solutions in solving the telemarketer problem was what prompted the creation of the do-not-call list. Technical solutions to spam have so far been a failure as well. The most you can hope for is a perpetual arms race.
It reminds me of the litgation induced from "deep linking," when in reality the web master simply needs to better configure his/her server.
That's a case of corporate idiots bursting onto the scene and applying political and legal pressure to destroy the protocols that made the web successful, because they want to shape it into something that favors their own myopic interests, and they think they can spend the money to get the courts to back them with a poorly reasoned decision. The fact that there's a technical solution to what they're whining about is convenient but irrelevant. Even if there weren't a technical solution to prevent deep linking, their case would be bankrupt.
Similarly there are technical solutions to this. If I'm on a "do-not-email" list, then why don't I configure my email client to only accept emails within my address book? Many email clients can do this filtering, even web based ones, so what's the problem? Effectively, this is what these people want and there's a solution so why the red tape?
Because we shouldn't have to resort to whitelists. I cannot compile a list of everyone in the world who isn't an asshole and who I might want to get email from. Maybe you never get mail except from six people, but some of us have to distribute our contact information.
Much more fun is to use the counterscript. I've had a few telemarketing people sounding so worried when I did it that I almost felt sorry for them.