Australian Considers Outlawing Spam

An anonymous reader writes "The Sydney Morning Herald has an article on spam down under. I guess it goes to show that if something that bothers us also bothers enough politicians then something may be done. Interestingly, the article discusses international co-operation wrt spam. Good thing too. With only 2% of the global economy, it'll take more than Australia to beat the spam problem. Perhaps someone should send a 'group letter' to all relevant politicians in various countries to start co-operating? :)" Update: 04/16 11:56 GMT by H : There's another article on the subject as well, running in The Australian.

Get real

[Sad+Loser]

This is a typical Australian head-in-the-sand position (IAAA): 'ban' it and it will go away.

Unfortunately Senator Alston does not seem to appreciate that we are connected to the rest of the world by this internet thing, and it may just be that courts in Russia and China will not recognise Australian juristiction in this matter.

It would be better if they saved their breath and did something useful like investigate some sort of token-based email, and maybe funded its development.

Re:Get real

[etxjrh]

Nah, at least you can prosecute Australians sending spam to other Australians and perhaps abroad. If every country banned it then spam would decrease dramatically.

Fair enough, it might not help you now but it's a step in the right direction in my opinion.

Re:Get real

[1u3hr]

Unfortunately Senator Alston does not seem to appreciate that we are connected to the rest of the world

Yes he does:

The report concedes that difficulties identifying spammers and the lack of jurisdiction over offshore spammers means legislation alone will not solve the problem.
It recommends Australia work with other countries to combat spam, citing the International Consumer Protection and Enforcement Network as a good model for co-operation.

He may an arsehole but not a complete idiot.

Re:Get real

[BrokenHalo]

He may an arsehole but not a complete idiot.

Maybe, but he is a complete arsehole :-)

Re:Get real

[Zocalo]

Antispam legislation is fine and could work brilliantly if it's done right. The problem is, as many people have noticed, the international scope of the Internet and the fact spammers take advantage of that prevents it working. So what you need to do is side step the issue of international cooperation by making the ISP liable for failure to take action against spammers on their network and have a government body responsible for the prosecution and any revenues generated go into goverment coffers.

The way I envisage this to work is that the Governments of countries pass legislation that basically states an ISP shall not knowingly host a spammer, and failure to evict spammers from your network in a realistic timeframe will result in prosecution. You then have a government body that collects spam complaints from anywhere on the planet (like uce@ftc.gov) and goes after the ISPs hosting spammers within its jurisdiction. If the state wins the case, then they get money into their coffers (hopefully offset against taxes) until ISPs get the message and cut off the spammers.

Sure, it's not perfect and will leave an "Axis of Evil" attitude toward the nations that didn't enact such legislation, with large scale black listing by some parties for encouragement, no doubt. It would also be nice if the spammee could extract money from the spammer directly of course, but face it, that's unlikely to happen. It seems to me that removing the support infrastructure is going to be the most effective short term solution at this point.

Re:Get real

[E-prospero]

True, this legislation won't have a big effect on international spamhausen, but it can be used to nail the ones that we know exist and operate from within Australia. For example, The Which Company, also trading as Business Seminars Australia and T3 Direct:

ABN: 90 091 728 620
Postal: P.O. Box 159, Northbridge W.A. 6865
Phone: (08) 9463 7807 Fax: (08) 9463 7808

These guys send me 2 or three spams a day selling their 'Positive Workplace Strategies' workshops, and 'guaranteed sales handbooks'.

This particular bunch of inbreds gained recent notoriety by attempting to sue a local individual who put a spam block on them. /. reported this, but I can't find the link... here is an article in the SMH about the case.

If this legislation served only to eliminate this bunch from my inbox, it would serve the eliminating a known and prolific source of spam from my inbox, plus give me a warm fuzzy feeling for weeks... and I'm certain that BSA/Which are not the only Australian based spammers.

Russ %-)

Spam down, under???

[jkrise]

Most spam I get is of the 'down, under' category :-). Incidentally, is hotmail banned Down Under? How else can they outlaw spam?

Fingers crossed...

[26199]

...but I'm not holding my breath.

Still, it sounds like a step in the right direction...

I guess the important question is... will America cooperate?

Now if only the US Senate would take note

[TekPolitik]

The proposal in the Australian report is to ban unsolicited commercial e-mail (opt-in). Now if only the US Senate would pay attention to that instead of introducing idiotic opt-out bills like the one recently introduced, that would actually increase spam.

Re:Now if only the US Senate would take note

[jkrise]

" 95% of spam that originates from outside of the U.S"
This is a myth. I'm inclined to believe that 95% of the spam which APPEARS to originate from outside the US, actually has origins within the US.

There is NO evidence in recorded history to suggest that the US suffers in silence due to problems originating outside. I challenge you to prove me wrong.

Re:Now if only the US Senate would take note

[jkrise]

"YOU prove ME wrong."

Your logic only applies if you're an alleged criminal and I'm a prosecutor! In a debate, when you make an assertion, you got to back it up with facts, reliable estimates, study reports (unsponsored, I might add) or relevant data.
Just throwing out some piece of statistic which is being bandied about by the big guns, to deflect attention, will not do.

Consider some facts:
1. Most spam is for products and services (if you can call them so) based in the US.
2. Spam needs bandwidth to travel, and lots of it. More than 70% of the internet bandwidth is within the US. Makes it almost impossible for 95% of the spam to come in from outside.
3. Receiving spam yields no direct revenue for the ISPs concerned. Do you believe US based ISPs passively receive and service 95% of spam traffic for nothing? Think again, and more calmly.

Re:Now if only the US Senate would take note

[TekPolitik]

Now what do you propose to do with the 95% of spam that originates from outside of the U.S.?

The same thing I plan to do about the bogeyman and other fictitious creatures.

Re:Now if only the US Senate would take note

[bluGill]

Well, about 1/3rd of the Spam I recieve is in a font that Pine can't display on an Xterm. I'm guessing Asia is the origion and target of it because few people would have use for it. (OTOH, maybe outlook displays it fine, and it is english, I wouldn't know) Another 5% (estimate) is in a non-english language. Unlikely to target Americans where english is the dominate language and many people speak nothing else.

Nearly all the rest is illegal in someway. Perscription medication, financial offers, online sex, and enlargements. Those who really want to offer such are likely to want to be outside of the US because it is harder to get caught. Medications have tricky advertising laws. Banks must be licensed in my state to do buisness with me. Sex and enlargements violate "community standards" which the supream court has sort of stated is subject to restrictions despite the first amendment, and since I know kids get this spam I know they are breaking state laws prohibiting kids from seeing this.

Note that I'm making a claim on the origion, not the target. I'll Grant that 60% of all spam is targeted at US residents. The origion in the US seems much less likely.

Re:Now if only the US Senate would take note

[BrokenHalo]

For the record, The originating IPs of 98% of the spam I get are traceable to the US. about 1.6% comes from .kr and .jp, while the remainder comes from stragglers like .ru. Funny, .ru used to send just under 10% of my spam, so maybe they've seen the light :-)

Get good internet first!

[mungeh]

As an Australian I think that we should setup a decent internet infrastructure before we outlaw spam!
Judging from the level of incompetance shown by the vast majority of Australian politicians I've seen, I doubt they have a hope in hell of outlawing spam!
Besides, what's spam to one person could be golden information to another. Right?
OK maybe not...

Re:Get good internet first!

[hplasm]

Unfortunately, Senator Alston hopes to rid Australia of spam by disconnecting it from the Internet...well, judging by his past "improvements"....

Re:How would this international cooperation work?

[squaretorus]

Yes. It depends on the law, but yes.

There are UK laws specifically making UK citizens who commit criminal acts abroad responsible under UK law. i.e. enjoy dodgy recreational pursuits while on holiday, come back and go to jail.

That you are actually committing the crime against another country while IN your own country certainly puts you under your local jurisdiction.

This law would protect the world from Aussie spam more than it would protect Australia from the worlds spam!

And next

[lingqi]

We will outlaw speeding! that'll surely get people to drive safely and stuff.

That said, I guess it's better than having legalized spam. Though, otoh junk fax law applies to spam already anyway, methinks?

I am reminded of a quote from War and Peace - "Everybody can write regulations, but it's finding ways to enforce them that's the difficult / tricky part."

2-way authentication solves the spam problem?

[1337_h4x0r]

Lets say you get an email from bob@yahoo.com .. and your mail server then contacts yahoo's mail server (looked up by the official DNS record) to make sure that bob@yahoo.com is really the one who sent the email. If he's not, trash it. If he is, keep it.

What does this do for spam? Allows you to block it! Since all email addresses would then be verifiable, and tracked to a specific domain/user, spam-abusers could either be silenced at the source (their ISP) or silenced at the destination (your spam filter killing that whole domain). Sure there's lots of domains out there to use, but a simple master-list of "spam domains/users" maintained online would quickly whittle the spam down. What do you guys think?

Re:2-way authentication solves the spam problem?

[1337_h4x0r]

Except most SMTP servers won't allow for finger queries since that's the easiest way to harvest a list of valid e-mails. What should be done, is to verify the ESMTP ID which the SMTP server could use to check if it was sent from a valid user without revealing if the user or the ID was correct. But why does harvesting valid emails matter anymore, when users/domains which spam will be forever blocked, and not just blocked by one person, but blocked by everybody ? Remember, if you have authenticated users, it's easy to set up a master list of "spam" users/domains. (Lets say it'd have to be triggered by 1000 unique people to avoid greifing). This means spammers would get to send one batch of spam per domain - thats pretty expensive after a while, if you think about it :)

Re:2-way authentication solves the spam problem?

[Sandman1971]

Something's even easier, and it already exists: Authenticated SMTP. You need to authenticate with the SMTP server when you send mail, just like you authenticate for POP/IMAIL. If this was adopted everywhere, it would solve many problems:

It would cut down on the amount of spam from 'spam newbies'.

It would allow for the creation of a blacklist on non-authenticated SMTP servers. This would encourage those not running authenticated SMTP to do so.

It would also fix the 'no roaming' SMTP problem. I could travel abroad and still send mail thru my ISP's SMTP server, since there would no longer be any need to restrict SMTP access by IP address space (though doing both would allow for extra security measures).

You could trace back the originating user. Now, user accounts could still get hacked, but it's an added measure of security.

There's also a big flaw in your suggestion. Such a system would allow for easier harvesting of email addresses. Someone could easilly write a piece of software to check for valid accounts, with the added benifit of not suffering from bounceback messages!

Only sounds good in a sound bite

[worst_name_ever]

Aside from the obvious fact that banning spam in country X does little to stop spam coming out of country Y - i.e. Australians will still be getting Turkish porno spam - the precedent set by this worries me. We've already seen the far-reaching effects of the DMCA; depending on how it's worded, I coud forsee a blanket anti-spam law having a similar "scorched earth" outcome. The last thing I want is for some sleazy corporation suing to stop me from doing some perfectly legal and peaceful activity they don't like, on the grounds that they can weasel it into fitting a too-loose description in a piece of wrong-headed legislation designed to prevent something totally else.

It seems like a better idea would be to apply technology instead of legislation to the problem -clamp down on Hotmail users who send a zillion emails a day, and lock down open mail relays - but IANAL.

Re:What?

[morgajel]

There was an article a while back about a political group for geeks, right? something similar to the labor party or the populist party?
perhaps we should have them mailing stuff out. I'd actually like to see slashdot get behind them a little more, keep it to ONLY geek related issues(no war protest/mongering).

Wouldn't it be great if they mailed a message to your congressman saying "yeah, we have the slashdot population of 300,000 behind us. do something about _______ or you'll force us to vote, and you really don't want that."

hell, if the farmers of the 1900's can do that with the populist party, why can't we? We count as a special interest group too.

(please, if you have anything thoughts about it, reply. don't be rude or cynical.)

Austrailian Paliamentary Process...

[FosterKanig]

Bruno: [looking at spam] Ooh! Ah, that's it. I'm going to report this to me member of parliament.
[yells out window] Hey, Gus! I got something to report to you. [Gus tends his swine]

Gus: That's a bloody outrage, it is! I want to take this all the way to the Prime Minister.
[they go down to a lake] Hey! Mr. Prime Minister! Andy!

Andy: [floating naked on an inner tube with a beer] Eh, mates! What's the good word?

Proposal is plausible

[Goonie]

The proposals in the report are actually quite reasonably well thought out - somebody in Alston's department must have half a brain after all. It acknowledges that spam is an international problem, and needs to be dealt with at an international level. It also makes the point that domestic legislation is a good idea as a starting point for international action.

Some other interesting points:

• It concentrates exclusively on commercial spam. I think this is reasonable, as commercial speech raises the fewest concerns when it comes to infringing on free speech, and makes up 99.9% of the spam I receive.
• Requires all commercial email to contain the physical address as well as an accurate electronic address of the sender, and makes it a criminal offence to not provide such.
• Points out that a lot of spam already infringes existing Australian legislation. For instance, we have laws against advertising prescription drugs. They recommend that resources be given to prosecuting spammers under those laws.

The only thing I'd say that was wrong with this bill is that it places the onus on a government body to initiate proceedings. I think that there should be a way, indeed an incentive, for individuals to chase spammers through the courts as well.

Kangaroo Court

[SunPin]

Considering that Russia and China have adopted both the "ban it" methodology and rely on kangaroo courts, they might get along with the Australians just fine.

All Legal Solutions to Tech Problems are Bad

[tmundar]

Just about every legal solution to a technological problems end up backfiring. The problem is that most laws are so broadly written that they usually end up making something legitimate illegal as well.

Usually these laws end up fining someone who sends 'spam' described in legalese. Then, you forward a joke to someone who gets offended by it, calls it an unsolicited e-mail message, and then uses the law to extract money from your wallet. Meanwhile, since the spammers never send anything using their own return address, they just continue doing what they always have done.

I think of laws as the social equivalent of bug fixes in code. You fix one problem and unintentionally create 5 new problems.

Tom

Re:All Legal Solutions to Tech Problems are Bad

[schon]

Just about every legal solution to a technological problems end up backfiring.

The thing is, spam isn't a techological problem, it's a social one.

If spam were purely a techological problem, there would be a technological solution. The fact that there are people out there who don't care that they're harrassing millions of innocent people means that there is no technological solution.

Re:A Group Letter to relevant politicians???

[TopShelf]

But you forget that the secretaries basically run the show anyway...

Re:Get real..it is real

[evil_roy]

This is a typical Australian "do something about it" position. Granted, it may not always be the best thing straight up, but we are willing to modify as required.

If you don't like it there is always Europe and the UN...........go hide there.

Re:How would this international cooperation work?

[91degrees]

Certainly an issue, but not an issue that hasn't been dealt with before in cases of mail fraud. As long as both countries have a low tolerance for the crime being committed, then the main problem is that it's an administrative hassle.

Of course, the level of hassle required may make this highy inconvenient to actually prosecute a spammer. While annoying, spam is really only a minor inconvenience. Hardly worth the effort of tracking the guy down, getting multiple police forces, and arranging witness statements, and prosecuting.

The other problem is many countries simply have more important problem to deal with. The Nigerian scam is already illegal in all countries, but I still get roughly one email a week from these guys. Someone who is simply trying to sell me cheap printer cartridges will probably get no interest even from stricter governments.

Re:How would this international cooperation work?

[Marlor]

This law would protect the world from Aussie spam more than it would protect Australia from the worlds spam!

That's basically the idea. The report states that the Australian Government should push for the creation of an international agreement on outlawing spam (i.e. similar to the current international IP agreements).

Introducing domestic anti-spam laws is obviously the first step to achieving this. It would be difficult to convince the international community to introduce similar laws if Australia didn't have them in place themself.

Despite this, until some form of international consensus is reached, these laws are basically just a symbolic gesture.

Evil idea

[sstidman]

So if you did want to encourage law makers to pass anti-spam laws, I think it may be fairly easy to make it happen. Borrowing from the recent campaign to harass a spammer, what if people started putting the e-mail addresses of various lawmakers on the lists of spammers? I would imagine that if the lawmakers started getting tons of spam, they might be encouraged to do something about it. And I'm not just talking about US lawmakers, I'm talking about lawmakers everywhere. If Chinese or Russian lawmakers are overwhelmed with spam, they might just do something about it.

Re:2-way authentication ... TMDA

[bucklesl]

I disagree... After installing TMDA I have been getting more spam. Actually it is quite funny, since I don't see any of them normally. I just checked all my spams with tmda-pending (I was bored), and I got the Nigerian email a couple weeks ago...

So what does TMDA do? It sends a reply asking to confirm that address. I receive a follow up from the Nigerian people. TMDA sends another reply. I get the Nigerian peeps again (they have a ton of gold just for me). TMDA sends a reply... this happened eight times.

So you can see that this will only increase spam! ;)

Outlawing SPAM is a bad idea

[swb]

It sounds good on the surface, and everyone likes the idea of spammers spending some quality time in a federal pound-me-in-the-ass prison.

But...it won't work. It's just too easy to move (if its not already moved) these operations offshore to countries where pissed off AOL users aren't a concern. And that's if you can trace the messages and the trail doesn't go cold at some open relay or owned box.

Furthermore, it only invites a lot of unwanted government regulation of email. If DMCA, the Patriot Act and others aren't enough for you, can you imagine having to license an SMTP server?

What we need (and I've started to see this gain more prominance in comments to these stories) is better enforcement of fraud and racketeering laws. Most SPAM is criminal, and the best way to find the crooks is to FOLLOW THE MONEY TRAIL! The one way the crooks behind spam allow themselves to be tracked is through the mechanism that allows them to collect money from their victims.

If you can eliminate the crooks who are behind most spam, you should see a big reduction in spam. Not everything will go away, but enough should to make a big impact on the people who make a living doing the spamming. If they can't make a buck selling spam services, they might move on to something else.

If the government won't enforce the criminal laws spammers are already breaking, why should we expect them do a very good job enforcing anti-spam laws, except of course where it benefits Ashcroft et al.

why legislation?

[velo_mike]

While I agree completely that spam is a pain and costs mail providers money, do we really want laws passed? After all, these are the people who crafted Patriot I & II, DMCA, and COPA/CIPA that most of us are opposed to. What will we give up to in anti-spam legislation?

Probably not actually necessary...

[BrokenHalo]

Most Australian ISPs have an acceptable-use policy which, from what I've seen, is fairly strictly enforced. There are a couple of notable exceptions, but the industry as a whole is vigorous and competitive in a comparatively small community, and ISPs can be made to hurt fairly badly if they allow their users to transgress against accepted codes of conduct. I've known of quite a number of cases where spammers got the plug pulled on them.

My point is, in other words, that if someone doesn't know how to behave as a "netizen" then there is already an informal means of removing him from the community. All it takes is an email or even a phone call.

Re:Forged Headers

[Eric+Savage]

Forging headers is not an exploit of a bug. Mail servers simply don't look at them. Why?

Received Headers:

1. Parsing and reversing all the domains in there is expensive. (as expensive as spam? probably not but see #3)
2. There's nothing in the RFC that says all the headers have to match up end to end. A large email provider often has separate inbound and outbound mail servers so a mail getting forward will have headers from A to B and C to D, despite being a legitimate mail.
3. Third, there is no requirement for reverse naming on mail servers. If there was then maybe #1 would be a valid tactic.

The from header:

This is what most non-technical people think of when they talk forged headers. Again, this is not an exploit, in fact its part of relaying which is a feature of the SMTP RFC. Some mail providers (like us) actually check the domain you are using when sending and stop you from sending the mail if you are faking it. However this isn't what most ISP's do because not many people actually use the Verizon or whatever address.

Should we really be looking...

[yoshi_mon]

...to Australia for laws about the internet?

Given their track-record in legislating the internet. Are we really sure we want to look to them for guidelines on this?