California Anti-Spam Law Approved

Metroid72 writes "Zdnet reports that "A California anti-spam bill passed the Senate on Wednesday, a first step toward the passage of a law that would give people the right to sue spammers." I guess there's light at the end of the tunnel"

Anti-Spam

I wonder how Hormel feels about all of this Anti-Spam sentiment.

Re:Anti-Spam

Heres how they feel about it

Re:Anti-Spam

LOL.

My uncle works as a personnel manager at the corporate offices in Austin; I asked him how they felt about 'spam'=='spam' ;-) a while back.

He said that a small minority of the execs there are pissed about the comparison; most don't care, but that a fair number of them find it hilarious and consider it free advertising.

*shrugs*

One thing I do have to say; Hormel doesn't,uh, use spam as a means of advertising. Not sure how true that is, but there you go....the irony is still thick.

(posting anon because uncle also reads slashdot ;-)

How does this work in other states?

[Sirion]

IIRC, this sort of law exists in a few other states. How simple is it to actually use? Does the spammer have to be in California? Do I need to be able to locate the spammer?

Re:How does this work in other states?

[Lancer]

The only challenge in California would be if you decide to sue in Small Claims Court, which would be pretty likely as you're going to be going after at most $1500 per violation.

California requires you to serve the other party in the state - if they're in Nevada, you can't serve them, and therefore you can't sue them in small claims.

If you have a big enough case to justify higher level courts, you can server outside of the state.

But IANAL, so don't trust me :)

Re:How does this work in other states?

[Elvisisdead]

The spamee needs to live in CA. In Virginia, it's realtively simple to file a suit under the anti-spam law. The county clerk is usually very helpful in letting you know what you need to do to file.

Read a story about how a guy here in VA filed and won.

alrighty then

[chimpo13]

I'll quit my job and rake in easy money by suing spammers. If you'd like to know how you too can do this, send $5 to...

Haha, sure, ok.

[Exiler]

Find a spammer, heck, in the time it would take you to do that you could go out and find 500 bucks on the street.

Re:I don't need any anti-spam laws!

[agentZ]

I love Mozilla, and the spam filter is great, but that doesn't really solve the problem. A lot of e-mail servers are still getting clogged with spam and the bouncebacks, flames, and problems that result.

Long way

[The+Bungi]

I guess there's light at the end of the tunnel

Yes but it's waaaay over there, very tiny. Just a speck.

Until something like this gets approved at the federal level, at least.

And I know that won't do much good for overseas spammers and so on, but perhaps it will increase the cost of doing business.

In those case, we can only hope that other countries will do the same. China and Korea, especially.

Re:Long way

[The+Bungi]

Do you have anything of value to add here, or are you just playing "Whiny Liberal Hippie Does Slashdot"?

Sounds pretty similar to Junk Fax Federal Law

[Lancer]

This sounds like a similar punishment scheme to the Federal TCPA, but with a difference:

also requires courts to impose an additional $250 civil penalty per spam to be used to fund high-tech crime task forces throughout the state

OK, it's also a tax - I guess this explains why the California government is gung-ho for it :)

Now, what we need is some legal consolidation

[bwalling]

No lawyer will sue for something piddly like $500. What we need is for someone to set up a service that we can forward all our spam to. It will root out the sender and lump all violations against one sender together. Then, the guy gets sued to hell and back. We all get our $300/ea ($500 less 40% legal fees) and everyone is happy.

A copy of the bill ...

[Snork+Asaurus]

... has been e-mailed to every California taxpayer.

What use is the ability to sue spammers

[Neophytus]

What use is the ability to sue spammers when you dont know who they are or where they live. Sure, The Spamhaus ROSKO Project will give some details on the big players, but chances are they already have their operation sorted out 'legally' offshore already.

light at the end of the tunnel

[stonebeat.org]

is just a frieght train coming your way....

Re:light at the end of the tunnel

[TeknoHog]

And the light at the end of the carpal tunnel is just your optical mouse.

Geeks asleep at the wheel

[johnynek]

I don't see why so many people at /. cheer Gov't getting involved in the spam problem. I have been using CRM-114 and SpamAssassin for several months and the result is: it works. I get something like 4-5 times as much spam as non-spam, and *VERY* rarely does a spam message find its way into my inbox now.

Before we cheer legal solutions (which will have their fair share of downsides) maybe more people should take technological measures.

Also have a look here: Annoying spammers with OpenBSD's pf
Slides explaining how Bayesian email filtering is successful

PS: I know people might say, but what about the economic cost of spam, blah blah blah. Read the slides. If no one ever gets spam, people will stop sending it, and the economic cost goes away.

Good luck!

Re:Geeks asleep at the wheel

[noahm]

I don't see why so many people at /. cheer Gov't getting involved in the spam problem. I have been using CRM-114 and SpamAssassin for several months and the result is: it works. I get something like 4-5 times as much spam as non-spam, and *VERY* rarely does a spam message find its way into my inbox now.

That doesn't do anything at all to stop spammers. Even if all that spam wound up in your inbox, you'd never give a penny to any of the people who sent it. Neither would 99% of the other recipients. Spammers know that, but it doesn't matter to them because it costs so little to send the spam. So basically, who cares if you use SpamAssassin and CRM114? The spammers sure don't.

PS: I know people might say, but what about the economic cost of spam, blah blah blah. Read the slides. If no one ever gets spam, people will stop sending it, and the economic cost goes away.

Until filters can guarantee 0 false positives, they can't be deployed at a lot of sites.

I hate having to resort to legislation to stop spam, but I really don't think filters will ever solve the problem. Maybe they'll hide most of the symtoms as far as you're concerned, but the spam still wastes bandwidth and now wastes even more CPU cycles since you have to process all your incoming mail so heavily to try and identify it. That's theft of service, and it needs to be stopped.

noah

Re:Geeks asleep at the wheel

[mcrbids]

Yeah, until the spammers *REALIZE* that nobody is getting their emails - at which point they change tactics so that the messages get through.

A while ago, one of my clients was sending out a newsletter that was labelled as SPAM. It took me just over an hour to look up the tags that Spam Assassin found that it violated, and rework it so that the SpamAssassin score dropped from like 16 down to just 3. (The most common minimum threshold is 5-10)

This is an opt-in newsletter, but don't think that spammers can't do the same thing!

-Ben

Pro-war spam multiplies

[aethera]

Maybe its just me, but within the past two days I've noticed a huge jump in the number of Pro Iraq War or Save Our Troops Spam. All I can say is, "Way to support your cause boys, I know I always get people to agree with me by spamming them!"

Strangely enough none of the Peace movement organizations have spammed me. Perhaps even more stange, or suggestive, is that all of the peace groups are non profit, while all the pro war psam seems to come from some business hoping to sell some thing or another (offensive t-shirts, duct tape, plastic sheeting, etc).

Yes, but which one?

[dacarr]

There are currently four - count 'em, four - bills in the California state government system. Based on going to the California Senate page, hitting legislation and plugging in "Unsolicited" as a search term, I came up with twelve results, and the following were related to email:

SB 342, "Unsolicited email advertisements" (Florez)

SB 186, "Privacy: unsolicited e-mail advertising" (Murray)

SB 12, "Electronic Mail Advertising" (Bowen)

AB 567, "Unsolicited electronic mail advertisements" (Simitian)

For those about to rejoice, remember this is simply the first step. It still has to finish going through the state assembly, and then get signed by Governor Davis. Let's get some of this stuff pushed through for the better of the anti-spam community, shall we?

Re:I don't need any anti-spam laws!

[rleibman]

True, but as more and more people use customized spam filters spamers will have less incentive to continue.

Fine and dandy....

[pastorBernie]

A recent report on spam by Reuters stated that Yugoslavia, in an attempt to bring in more revenue is "harboring" spammers through its new program in which the government sells mass emailing licenses to spammers. These licenses basically exempt these spammers from any kind of criminal prosecution.

While this article is good news, it will not stop the constant migration of spamming operations to foreign countries who need the money.

There have been more and more people moving towards a newer solution which is very simple. Just ignore the spam. If more and more people ignore the unsolicited emails, eventually the Spammers will lose revenue or lose interest. By establishing all these forceful "spam attacks" we are just flaming the fire and provoking more spam. This is exactly the kind of media attention these spammers thrive on.

my two cents

don't worry about the spammer, get the advertiser

[DiveX]

With the junkfax laws, one may go after the junkfaxer (entity that sent the fax) and/or the entity on who's behalf the fax was sent. that has been proven in many cases where the fax entity could not be identified or was an offshore (often Canada) service. If your local carpet cleaning service pays a junk fax service to send the ads, then you can sue them directly. If they want to suggest they didn't do anything wrong, then just have them identify the people that sent the ads and simply add them as a defendant and let them fight it out.

Some cases will be more tough to prove, but with a little case law, you can win. One difficult case would be something like mortgage lead spams. The spammer and website are offshore, and once they have your information, then they sell the leads to numerous companies that 'claim' to not know how the information was obtained, however this will not be a valid excuse. I haven't seen the text of the bill (will a karma whore please post it if found), but I hope the wording is like that of the TCPA (Telephone Consumer Protection Act of 1991). In order to be sent a prerecorded commercial message or commercial fax, one must have a prior business relationship or have given prior *express* permission to receive such. Express permission cannot be sold nor purchased. Those of us that run our own email servers or use catch-all domain forwarding or other such service will be able to track all emails quite easily where you can simply create a new account for every location you post, web site registration, sweepstakes entry, etc so that you can decidedly trace the method a company used to obtain your address. A company trying to suggest that you must have 'subscribed or requested at some point to be added' will be shot down faster than my advances on prom night.

You don't have to worry about stopping the spammers per se, but the people that are knowingly paying others to send the illicit ads. The spammers protect themselves decently well just like junk faxers and scamming telemarketers, but when you hit their source of money, then you cut the body off the head of the snake. If the business think they were unfairly treated, then they are free to go after the spammers they paid to send the junk. States can pass all the bills they want, but until the public has rights to collect damages that have been made themselves, such laws or bills will continue to be toothless. Washington's law, from what I understand, has been decently effective. I simply do not see how Congress can site idly much longer on this issue. This is something that is affecting more people than before. The junk fax problem was quite so widespread when Congress acted in the early 1990s. Senator Disney did well with the TCPA, so maybe an anti-spam bill would be considered someday. It would see the best time to pass this is on the heels of the implementation of the FTC/FCC regulations. Awareness will be at an all time high and the same arguments DMA, Fax.com, and other scum will try to usee will have already been shot down with fresh case law or interpretation of regulations. While some people get in the news for winning spam cases using the TCPA, it seems most of those involved default judgments (like the recent Sears case). I know this isn't an junk email list, but thought some would be interested in the obvious mirroring of aspects of the TCPA. Interesting aspect is also the additional penalty 'read: tax' going to state coffers, that will be included even if it is a private action.

Full Text of anti-spam bill below:

[Snork+Asaurus]

Shut up, bloody Vikings!

Of course...

[ackthpt]

Of course theres a rather fat line between successfully suing them and collecting money...

Could be a whole new employement niche, Spam Collection Agent.

"Hello, you bad old spammer you, I'm here to tow away your server."

California has had antispam laws for years

[tgeller]

Three laws have been in effect in California since 1998. They've not been widely used, but about a dozen cases that I know about have resulted in positive results for the prosecutors. You can follow current cases on the Suespammers discussion list, or read the archives.

The new law appears to be more protectionist than previous ones, which required either (a) opt-out by the recipient, (b) status as an ISP, or (c) evidence of fraud.

--Tom Geller
Founder, SpamCon Foundation

1337-speak spam?

[Dem0sthenes]

I'm all for anti-spam foo, especially since spammers have recently started misspelling subject lines (ie sex spelled "seks") and hence squirm past my spam filter sieve scripts.

However, this seems amusingly similar to the evolutions of spellings that led to 1337 5p34k. IRC would filter out some words like "hacker" and disguising these words with numbers and intentional misspellings was a way to get past the filters and avoid breaks in communications. They're using our own cleverness against us. :)

Re:Technology, not laws

[Landaras]

I don't see how laws on Spam are going to be effective. How can they thwart someone in China?

Bombs. Lots and lots of bombs.

To quote someone from the discussion of the national do-not-call list administered by the FCC, "I'm looking forward to the national do-not-spam list, administered by the U.S. Army."

(Note for the humor-impaired: I'm not serious about the above)

What if?

[mpcarlos]

If I have 10 accounts at yahoo for example, and I get the mail at all my accounts, will it be $500x10??? What if I have 1000??? I'm going to quit my job, and start opening mail accounts... =)

Are we maybe taking the wrong approach?

[broken_bones]

This is totally off the cuff but...

It seems society may be taking the wrong approach to this whole spam thing. We keep focussing on the guy actually sending us the e-mail. We seem to be overlooking the fact that there is someone out there who is trying to sell something to us (or scam us). If it weren't for this seller/scammer the spammer would have no reason to send us anything. Instead of attacking the spammer why not attack the root of the problem: the guy who is paying the spammer to spam. The way I look at it the spammer isn't doing this out of the goodness of his heart. He's doing it on someone's behalf because they are paying him. The person doing the selling is likely much more accessable than the actual spammer because one would need to actually contact them to buy the product being advertised. In contrast to suing the spammer why has suing the company/person who has hired the spammer been cosidered?

Re:Yeah right....

[NewtonsLaw]

I don't think this is going to solve spaming. (You can fake your email, etc.) It will only add to the people who sue everything

Yeah, but don't forget that spammers usually want to sell you something and in order to do that they have to include some form of contact address or phone number in their spam.

Tracking down the people behind the products or services being promoted should be pretty straight forward -- proving that it wasn't a joe-job however could be a whole lot harder.

Wouldn't it be easier...

[pajamacore]

...for California to simply enforce the ADV:-at-the-beginning-of-the-subject-line law rather than create a whole slew of new spam laws? If the state did this, then users could just create mail rules to send those ADV: messages straight to the trash. Voila! No spam in your inbox.

give Nigerian spammers my acct# to pay judgement?

[SourceHammer]

So when I sue the Nigerians who spam me, will they want my bank account number to deposit the funds for the judgement? I figure that I can sue them for $16 million dollars by now.

suing spammers CUSTOMERS

[Xtifr]

Technically, this will involve very little suing of actual spammers. What this will involve is going after the spammer's customers - those businesses that are foolish enough to purchase spamming services. The thing is that spamming doesn't make you any money directly. You have to find someone willing to pay you to spam for them. And, while it's pretty easy to set up a spam box somewhere offshore, it's not so easy to set up an entire penis-enlargement firm or "herbal viagra" firm offshore, especially if you still want to do business in the US. So, if the people actually trying to sell products find themselves at legal risk, they're much less likely to avail themselves of a spammer's services, even if the spammer has minimized his own legal risks.

Not True

[Macka]

I've been getting about 20 spams/day, and did some checking into where most of it comes from. And 90% of it comes from the USA.

About half of that was coming from various domains that turned out to be owned by emailhello.com. To their credit, I sent them a mail requesting I be removed from their lists, and that I not be forwarded onto anyone else. They replied saying they'd remove me with 48hours, and true to their word, they did.

This speculation that most spam doesn't come from the USA is uniformed fud, and mostly untrue!

How long until...

[mla_anderson]

How long until I start getting spam from lawyers wanting to sue other spammers on my behalf?

More Lawsuits are Not the Answer

[MAurelius]

I can't think of a single social problem that was ever solved by making an activity or type of company liable for civil damages.

Obviously this is not the same as product liability, which for all its evils, in many cases has made us safer in our homes, cars, and places of work.

Physicians know very well the nightmare involved in any kind of malpractice action.

While the Calif. legislature's intentions are good, the problems with this law will prevent it ever having its intended effect.

The only think it will do is make a small number of California lawyers very wealthy.

The fix for spam (lowercase letters only!) has to involve shutting down open relays, ISP and individual filtering, and carefully crafted criminal legislation. For instance, we don't sue crank phone callers, we prosecute them criminally. Likewise, the new federal law against junk phone calls and the federal do-not-call list have criminal penalties, ie, large fines. Those are the laws that have forced junk callers to change their behavior. This is the direction most likely to be successful with spam as well.

Sue the sender only?

[t0qer]

This doesn't do jack people for us people, just another open loophole law that was passed so the politicians have "busy work"

Most spam is sent out through a 3rd party, who usually hides behind all kinds of nifty little things like hijacked SMTP servers and spoofed IP addresses. My freinds dad was a spammer, so I'm quite aquainted with thier operations.

Let's say, I recieve a spam from penis enlargement corporation. I try to sue, PEC just points out that the spam wasn't sent by them, it was sent by "insert spam company here" and they're off the hook.

The law needs to include the customer of the spam house, otherwise it's going to be ineffective.

Law is fine, but could we get a little tech help?

[Kjella]

I'd *really* like e-mail coming from domain.com to actually come from domain.com. I.e. No fake-mail. If you have the email-address user@domain.com, you should also have to authorize with the domain.com servers in order to send mail. And mail servers should verify that mail from domain.com actually was sent by a domain.com server (they must know where the mail is to be delivered to that domain, why not if it was *sent* to that domain?).

Yes, I know that *unless* you do/can authenticate with your email server now, this will break a few setups. And it's not the end-all of spam solutions. But it'd sure be a good help.

Kjella

Re:$500 per violation

[IceFreak2000]

Much of the spam I receive at the moment is highly pornographic - not a problem for me, but I have a two year old daughter. In a couple of years, she'll be using the 'net (albeit from behind some kind of transparent filtering proxy); how would you feel if your child was being sent pornographic mail?

OK, so I'll be closely monitoring her email account when I set one up for her, but why should I have to do this? It's not as though I have to open every envelope sent to her through the post.