Australian Considers Outlawing Spam

An anonymous reader writes "The Sydney Morning Herald has an article on spam down under. I guess it goes to show that if something that bothers us also bothers enough politicians then something may be done. Interestingly, the article discusses international co-operation wrt spam. Good thing too. With only 2% of the global economy, it'll take more than Australia to beat the spam problem. Perhaps someone should send a 'group letter' to all relevant politicians in various countries to start co-operating? :)" Update: 04/16 11:56 GMT by H : There's another article on the subject as well, running in The Australian.

Get real

[Sad+Loser]

This is a typical Australian head-in-the-sand position (IAAA): 'ban' it and it will go away.

Unfortunately Senator Alston does not seem to appreciate that we are connected to the rest of the world by this internet thing, and it may just be that courts in Russia and China will not recognise Australian juristiction in this matter.

It would be better if they saved their breath and did something useful like investigate some sort of token-based email, and maybe funded its development.

Re:Get real

[etxjrh]

Nah, at least you can prosecute Australians sending spam to other Australians and perhaps abroad. If every country banned it then spam would decrease dramatically.

Fair enough, it might not help you now but it's a step in the right direction in my opinion.

Re:Get real

[E-prospero]

True, this legislation won't have a big effect on international spamhausen, but it can be used to nail the ones that we know exist and operate from within Australia. For example, The Which Company, also trading as Business Seminars Australia and T3 Direct:

ABN: 90 091 728 620
Postal: P.O. Box 159, Northbridge W.A. 6865
Phone: (08) 9463 7807 Fax: (08) 9463 7808

These guys send me 2 or three spams a day selling their 'Positive Workplace Strategies' workshops, and 'guaranteed sales handbooks'.

This particular bunch of inbreds gained recent notoriety by attempting to sue a local individual who put a spam block on them. /. reported this, but I can't find the link... here is an article in the SMH about the case.

If this legislation served only to eliminate this bunch from my inbox, it would serve the eliminating a known and prolific source of spam from my inbox, plus give me a warm fuzzy feeling for weeks... and I'm certain that BSA/Which are not the only Australian based spammers.

Russ %-)

Spam down, under???

[jkrise]

Most spam I get is of the 'down, under' category :-). Incidentally, is hotmail banned Down Under? How else can they outlaw spam?

Now if only the US Senate would take note

[TekPolitik]

The proposal in the Australian report is to ban unsolicited commercial e-mail (opt-in). Now if only the US Senate would pay attention to that instead of introducing idiotic opt-out bills like the one recently introduced, that would actually increase spam.

Re:Now if only the US Senate would take note

[jkrise]

"YOU prove ME wrong."

Your logic only applies if you're an alleged criminal and I'm a prosecutor! In a debate, when you make an assertion, you got to back it up with facts, reliable estimates, study reports (unsponsored, I might add) or relevant data.
Just throwing out some piece of statistic which is being bandied about by the big guns, to deflect attention, will not do.

Consider some facts:
1. Most spam is for products and services (if you can call them so) based in the US.
2. Spam needs bandwidth to travel, and lots of it. More than 70% of the internet bandwidth is within the US. Makes it almost impossible for 95% of the spam to come in from outside.
3. Receiving spam yields no direct revenue for the ISPs concerned. Do you believe US based ISPs passively receive and service 95% of spam traffic for nothing? Think again, and more calmly.

Re:How would this international cooperation work?

[squaretorus]

Yes. It depends on the law, but yes.

There are UK laws specifically making UK citizens who commit criminal acts abroad responsible under UK law. i.e. enjoy dodgy recreational pursuits while on holiday, come back and go to jail.

That you are actually committing the crime against another country while IN your own country certainly puts you under your local jurisdiction.

This law would protect the world from Aussie spam more than it would protect Australia from the worlds spam!

2-way authentication solves the spam problem?

[1337_h4x0r]

Lets say you get an email from bob@yahoo.com .. and your mail server then contacts yahoo's mail server (looked up by the official DNS record) to make sure that bob@yahoo.com is really the one who sent the email. If he's not, trash it. If he is, keep it.

What does this do for spam? Allows you to block it! Since all email addresses would then be verifiable, and tracked to a specific domain/user, spam-abusers could either be silenced at the source (their ISP) or silenced at the destination (your spam filter killing that whole domain). Sure there's lots of domains out there to use, but a simple master-list of "spam domains/users" maintained online would quickly whittle the spam down. What do you guys think?

Re:2-way authentication solves the spam problem?

[Sandman1971]

Something's even easier, and it already exists: Authenticated SMTP. You need to authenticate with the SMTP server when you send mail, just like you authenticate for POP/IMAIL. If this was adopted everywhere, it would solve many problems:

It would cut down on the amount of spam from 'spam newbies'.

It would allow for the creation of a blacklist on non-authenticated SMTP servers. This would encourage those not running authenticated SMTP to do so.

It would also fix the 'no roaming' SMTP problem. I could travel abroad and still send mail thru my ISP's SMTP server, since there would no longer be any need to restrict SMTP access by IP address space (though doing both would allow for extra security measures).

You could trace back the originating user. Now, user accounts could still get hacked, but it's an added measure of security.

There's also a big flaw in your suggestion. Such a system would allow for easier harvesting of email addresses. Someone could easilly write a piece of software to check for valid accounts, with the added benifit of not suffering from bounceback messages!

Re:What?

[morgajel]

There was an article a while back about a political group for geeks, right? something similar to the labor party or the populist party?
perhaps we should have them mailing stuff out. I'd actually like to see slashdot get behind them a little more, keep it to ONLY geek related issues(no war protest/mongering).

Wouldn't it be great if they mailed a message to your congressman saying "yeah, we have the slashdot population of 300,000 behind us. do something about _______ or you'll force us to vote, and you really don't want that."

hell, if the farmers of the 1900's can do that with the populist party, why can't we? We count as a special interest group too.

(please, if you have anything thoughts about it, reply. don't be rude or cynical.)

Austrailian Paliamentary Process...

[FosterKanig]

Bruno: [looking at spam] Ooh! Ah, that's it. I'm going to report this to me member of parliament.
[yells out window] Hey, Gus! I got something to report to you. [Gus tends his swine]

Gus: That's a bloody outrage, it is! I want to take this all the way to the Prime Minister.
[they go down to a lake] Hey! Mr. Prime Minister! Andy!

Andy: [floating naked on an inner tube with a beer] Eh, mates! What's the good word?

Proposal is plausible

[Goonie]

The proposals in the report are actually quite reasonably well thought out - somebody in Alston's department must have half a brain after all. It acknowledges that spam is an international problem, and needs to be dealt with at an international level. It also makes the point that domestic legislation is a good idea as a starting point for international action.

Some other interesting points:

• It concentrates exclusively on commercial spam. I think this is reasonable, as commercial speech raises the fewest concerns when it comes to infringing on free speech, and makes up 99.9% of the spam I receive.
• Requires all commercial email to contain the physical address as well as an accurate electronic address of the sender, and makes it a criminal offence to not provide such.
• Points out that a lot of spam already infringes existing Australian legislation. For instance, we have laws against advertising prescription drugs. They recommend that resources be given to prosecuting spammers under those laws.

The only thing I'd say that was wrong with this bill is that it places the onus on a government body to initiate proceedings. I think that there should be a way, indeed an incentive, for individuals to chase spammers through the courts as well.

Kangaroo Court

[SunPin]

Considering that Russia and China have adopted both the "ban it" methodology and rely on kangaroo courts, they might get along with the Australians just fine.

All Legal Solutions to Tech Problems are Bad

[tmundar]

Just about every legal solution to a technological problems end up backfiring. The problem is that most laws are so broadly written that they usually end up making something legitimate illegal as well.

Usually these laws end up fining someone who sends 'spam' described in legalese. Then, you forward a joke to someone who gets offended by it, calls it an unsolicited e-mail message, and then uses the law to extract money from your wallet. Meanwhile, since the spammers never send anything using their own return address, they just continue doing what they always have done.

I think of laws as the social equivalent of bug fixes in code. You fix one problem and unintentionally create 5 new problems.

Tom

Re:All Legal Solutions to Tech Problems are Bad

[schon]

Just about every legal solution to a technological problems end up backfiring.

The thing is, spam isn't a techological problem, it's a social one.

If spam were purely a techological problem, there would be a technological solution. The fact that there are people out there who don't care that they're harrassing millions of innocent people means that there is no technological solution.

Re:How would this international cooperation work?

[Marlor]

This law would protect the world from Aussie spam more than it would protect Australia from the worlds spam!

That's basically the idea. The report states that the Australian Government should push for the creation of an international agreement on outlawing spam (i.e. similar to the current international IP agreements).

Introducing domestic anti-spam laws is obviously the first step to achieving this. It would be difficult to convince the international community to introduce similar laws if Australia didn't have them in place themself.

Despite this, until some form of international consensus is reached, these laws are basically just a symbolic gesture.

Evil idea

[sstidman]

So if you did want to encourage law makers to pass anti-spam laws, I think it may be fairly easy to make it happen. Borrowing from the recent campaign to harass a spammer, what if people started putting the e-mail addresses of various lawmakers on the lists of spammers? I would imagine that if the lawmakers started getting tons of spam, they might be encouraged to do something about it. And I'm not just talking about US lawmakers, I'm talking about lawmakers everywhere. If Chinese or Russian lawmakers are overwhelmed with spam, they might just do something about it.

Outlawing SPAM is a bad idea

[swb]

It sounds good on the surface, and everyone likes the idea of spammers spending some quality time in a federal pound-me-in-the-ass prison.

But...it won't work. It's just too easy to move (if its not already moved) these operations offshore to countries where pissed off AOL users aren't a concern. And that's if you can trace the messages and the trail doesn't go cold at some open relay or owned box.

Furthermore, it only invites a lot of unwanted government regulation of email. If DMCA, the Patriot Act and others aren't enough for you, can you imagine having to license an SMTP server?

What we need (and I've started to see this gain more prominance in comments to these stories) is better enforcement of fraud and racketeering laws. Most SPAM is criminal, and the best way to find the crooks is to FOLLOW THE MONEY TRAIL! The one way the crooks behind spam allow themselves to be tracked is through the mechanism that allows them to collect money from their victims.

If you can eliminate the crooks who are behind most spam, you should see a big reduction in spam. Not everything will go away, but enough should to make a big impact on the people who make a living doing the spamming. If they can't make a buck selling spam services, they might move on to something else.

If the government won't enforce the criminal laws spammers are already breaking, why should we expect them do a very good job enforcing anti-spam laws, except of course where it benefits Ashcroft et al.

Re:Forged Headers

[Eric+Savage]

Forging headers is not an exploit of a bug. Mail servers simply don't look at them. Why?

Received Headers:

1. Parsing and reversing all the domains in there is expensive. (as expensive as spam? probably not but see #3)
2. There's nothing in the RFC that says all the headers have to match up end to end. A large email provider often has separate inbound and outbound mail servers so a mail getting forward will have headers from A to B and C to D, despite being a legitimate mail.
3. Third, there is no requirement for reverse naming on mail servers. If there was then maybe #1 would be a valid tactic.

The from header:

This is what most non-technical people think of when they talk forged headers. Again, this is not an exploit, in fact its part of relaying which is a feature of the SMTP RFC. Some mail providers (like us) actually check the domain you are using when sending and stop you from sending the mail if you are faking it. However this isn't what most ISP's do because not many people actually use the Verizon or whatever address.