Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft and the SPAM Game

Posted by krow on from the if-only-spam-asssassin-caught-everything dept.

The Seattle Times reported a while ago that Microsoft is pushing for Washington State Senate Bill 5734 which will overturn most of Washington State's laws that specify monetary penalties for companies who send out spam. This will completely exempt ISPs from current Washington spam laws, which Microsoft just happens to be. It seems that they are jumping the gun a bit. They are having a company named Digital Impact (save that address for you spam filters) send the email for them. Thankfully I live in Seattle so maybe I can collect an easy $500 before Microsoft guts the current law.

2 of 252 comments (clear)

  1. This will completely exempt ISPs by stratjakt · · Score: 5, Insightful

    Frankly it sounds like a good bill, and just because MS is supporting it doesnt mean you shouldnt.

    Do you want the laws to lead down a path where your ISP is financially liable for your actions? Because that road goes to the place where your ISP turns over audited logs of everything you've done to avoid liabilities.

    --
    I don't need no instructions to know how to rock!!!!
  2. Re:It's all the other spam... by gizmonic · · Score: 5, Insightful

    Okay, I have a few problems with this, especially the comment, "Make ISPs responsible for ANY fraudulent email they transmit or relay. Legally reposnsible as in fines and jail terms.".

    I work for an ISP. I spend about 30 minutes to an hour of my 8 hour day, 5 days a week, tracking down and banning people who spam through our network. Our SMTP server is locked down to our own IPs, and limited to the amount of email it will send for one user, and we have outbound port 25 filters in place across the network. But, people still spam. They run form mail scripts against unsecure servers (we can't exactly block port 80, now can we?). They find open relays running on other ports. And they spam, and I ban their asses.

    Considering the amount of money and time (I'm not the only one at my company who devotes part of my workday to killing spammers) we spend fighting spam, you now suggest we become criminally liable for it? I can tell you right now, if that law passed, we would shut down our SMTP server and that would be that. No outbound mail for anyone. Don't have to worry about spam when their is no email, period.

    You want a workable solution? Allow us to block access to anyone blocking caller ID. Most professional spammers block caller ID because they know we can and do block them by their phone number, if we can get it. But blocking access to anyone who blocks caller ID violates privacy rights according to the FCC and we can't do that. (Mom and Pop ISPs might be able to, but we are a wholesale ISP.)

    Why would blocking by phone number work? Because professional spammers use stolen IDs (credit cards, names, etc) to buy a throw away account that they use until we knock them offline. (We get the subpeona's for logs all the time to track down these people. Most never get caught.) They can get 10 stolen credit card accounts in an hour. Phone numbers aren't as easy to change.

    Take it from someone fighting spam in the trenches, the concept of billing an ISP for any "bad" mail that passed over their server would simply shut down email. Period.

    I won't even get into the debate that if an ISP *were* responsible and accountable for every email you sent, you better damn well believe that they would read and approve of every email you sent before forwarding it. Yay Free Speech! (Free as in hand-cuffs.)

    Whew. Enough ranting. Mod away... :)

    --
    WWJD?
    JWRTFM!