Virginia Anti-Spam Law; FTC Forum on Spam

kiwimate writes "According to this press release, the state of Virginia has just passed a statute making 'the worst, most egregious and fraudulent kinds of spam' legally actionable. And yes, this includes header forging. The article reads like a big AOL PR piece in some places -- the VA governor led the signing at the AOL HQ in Dulles. The story also states this comes on the eve of the first-ever FTC forum on spam in Washington D.C." The FTC also made the insightful discovery that most spam is fraudulent in some fashion.

Going after header forgers?

[Corvaith]

This is the one that's always gotten me. It's obviously one of the worst possible things in spam. But how do you then track down who happens to be sending it and punish them for it?

Re:Going after header forgers?

[AlphaSys]

And better yet, do I have to live in Va. to benefit, or does my inconvenient mail just need to make a hop there?

Re:Going after header forgers?

Well, you could find your answer on google, but then you would have had to wait a little longer before posting.

Re:Going after header forgers?

[The+Turd+Report]

Go after the site advertised in the spam. The spammer (or who paid the spammer) has to get replies about their ads somehow.

Re:Going after header forgers?

[k-0s]

This is the one that's always gotten me. It's obviously one of the worst possible things in spam. But how do you then track down who happens to be sending it and punish them for it?

I don't know how you track them down personally but when you find out let me know and I can take care of the punishment part.

Re:Going after header forgers?

[Fished]

Most likely, either you or the sender would need to live in Virginia. Generally speaking, the rule is (and this is very approximate, as IANAL) that the person sued must have done *something* that they could reasonably have expected to have placed them under the laws of a given state. Marketing to someone in that state would qualify, connecting directly to a mailserver in that state would probably qualify, bouncing off a mailserver in that state would probably *not* qualify.

Re:Going after header forgers?

So we can kill off windows by sending lots of Microsoft.com spam ?

Re:Going after header forgers?

[Eric+Savage]

IANAL either, but I would imagine that spoofing the domain of a company (like AOL) registered in that state, or one with all of its mail servers (the recipient of bounces and thus victim of the aftermath) would likely qualify too.

Re:Going after header forgers?

[Stonent1]

This is the one that's always gotten me. It's obviously one of the worst possible things in spam. But how do you then track down who happens to be sending it and punish them for it?

I don't know how you track them down personally but when you find out let me know and I can take care of the punishment part.

Spamcop can certainly help :)

Re:Going after header forgers?

[minas-beede]

"But how do you then track down who happens to be sending it and punish them for it?"

Perhaps you don't. Perhaps you want for someone to run an open proxy honeypot and hope he catches the same spam and identifies the source ip.

Alternately, you could be the someone running the open proxy honeypot that someone else is waiting for. Maybe you are in Brazil running an open proxy honeypot and find out that a particular spammer is using Brazilian (and possibly other) open proxies to send out his spam. Looks like the trickiest part would be informing you of the actual source. If the open proxy opreator would tell Spamhaus what he learned they could report it - yoou'd look there to find the actual spammer information and start your action.

Re:Going after header forgers?

[Dirtside]

Yeah, it seems obvious that an ad for a website was sent on behalf of the website, or with their consent, but if you could go after someone for an ad posted for their product, without actually proving that they sent the ad, then I (or anyone) could post fake ads that would get businesses in trouble.

Yeah, it sucks because a business can send out fake or misleading ads, and then claim they didn't do it ("I swear, I don't know why someone would send out ads for me"), but if it were the other way around, any business could be destroyed by anyone.

Re:Going after header forgers?

Uh, I think it is going to be quite easy to tell the farmporn/viagara/penis pill spammers from legit businesses. It is really damn easy.

Re:Going after header forgers?

[Mengoxon]

I don't get it, why do Slashdotters always claim that it is impossible to trace spam. And if they do come up with ways to trace spam, then it is a technical approach.

In fact, all it really takes is a plain-old vanilla "criminal investigation".
Spam is now illegal:

1. Set up a special police unit to fight spam.

2. They set up a "honeypot" email address and post it on the web.

3. After a couple of hours they receive their first spam.

4. They then look at this spam - 99% of all the spam I receive does have some feedback channel as they try to sell you something and they need you to get back to them.

5. They trace the given website, phone number, office address or email and connect it to a person. This is something which police do everyday for all sorts of crime: commercial, etc.

6. This person gets charged with "sending illicit spam". To get a more lenient sentence, this person will whistleblow on the spammers they have paid to do the spamming.

7. All of the culprits pay a heavy fine, end up in prison or, more appropriately, get the electric chair.

8. The culprits learn their lesson.

So now, what's so tough about this?
This is more or less everyday police work - it's even easier than that because the criminals leave a trace, a contact point.

The only real problem here is that the criminals will claim "We did not know the email address was in Virginia".
For some email addresses it might be possible to prove that they could have known that, but to make police work easier, what we really need is national law (or even better international, but one step at a time).

Re:Going after header forgers?

[freestyle-fiend]

I think it is going to be quite easy to tell the farmporn/viagara/penis pill spammers from legit businesses.

The problem is determining whether the otherwise legit business was responsible for the spam. As another poster wrote, we could get Microsoft punished by sending Windows related spam. It would also be prone to abuse.

Re:Going after header forgers?

Please post more turd reports in your journal. Thanks, in advance.

Re:Going after header forgers?

[DeanT]

The problem is determining whether the otherwise legit business was responsible for the spam.

Cripes.

Don't make it harder than it has to be.

Let's assume appropriate legislation is in effect.

So, the situations are:

1. Company listed in email is the spammer and can be filed against.
2. Company listed in the email is innocent and unaware. In this case it's likely they'll provide the name of the "marketing company" they used for the campaign, which can then be filed against. If not, see next situation.
3. Company listed is not the spammer, but is not forthcoming with details about the spammer. File suit against the company and use the opportunity for discovery to identify the "marketing company". Amend the suit to include the "marketing company".

Again, assuming appropriate legislation.

DeanT

Re:Going after header forgers?

[Dirtside]

And what if you can't tell who sent the spam? Look at it this way: Let's say I run a dry cleaning business. Then someone starts posting flyer ads for my business, stapling them to utility poles. Well, that happens to be illegal without a permit in the county I live in. If they can go after me because of the ads, that's totally unfair, because I did nothing wrong. That's the issue at hand, that you can't fairly go after someone because of illegal advertising unless you can prove they are directly responsible for the advertising. If you could, then all I would have to do is send out some untraceable spam advertising your company (which isn't that hard if you know what you're doing), and watch your company get obliterated by the government... and yet you did nothing wrong.

Re:Going after header forgers?

[Penguinoflight]

Yes, but you also get independent "affiliate programs", I was spammed for inkjetshopper.com, a wholesale inkjet cart. site.. they have a legit business and awesome prices (say, $5/cart in groups of 5... sure beats $30 each from office depot). I did not however use a direct link, and avoided his illegal refurral.

To get to the point, small websites, beginners... people trying to make money online, and utterly failing could also be responsible even now.

Sadlly of shore spam would not be stopped

[fozzy(pro)]

This may be good for Spam originating in the US, for the residents of VA, however Spamers from other countries could still fill our inboxes.

Re:Sadlly of shore spam would not be stopped

[headchimp]

And when was the last time you saw spam coming from a US server?

Most I've seen come from China!

Re:Sadlly of shore spam would not be stopped

[Tackhead]

> And when was the last time you saw spam coming from a US server?

About the same time I started blanket-blocking 12.0.0.0/8 and 24.0.0.0/8 as well as all the other netblocks belonging to residential broadband users.

You're the CEO of rr.com? attbi.com? cogentco? telus.net? pacbell.net? swbell.net? ameritech.net? Until you start blocking port 25 by default - only enabling it when someone calls your support line and says "Yeah, I wanna run an MTA", I don't want to hear anything from any of 'em. Fuck the spammers and your idiot customers they ride in on, but at least your customers can claim ignorance as a defence. You can't, so fuck you for not controlling the damage your clueless fucktard customers do.

Even goddamn uu.net (!) blocked port 25 for its residential dialup luzers. Why the fuck are you you cable/DSL-providing assclowns so unwilling to control your customers? Aren't your businesses in enough trouble without being preemptively firewalled by every sysadmin from here to hell and back?

Re:Sadlly of shore spam would not be stopped

[David_W]

Why the fuck are you you cable/DSL-providing assclowns so unwilling to control your customers?

I find the idea that the providers are supposed to be in a controlling role offensive. I am the customer, I am paying for the service, I should be resonably free to do what I want with the connection. The attitude you present will lead us down the road of everything being blocked or filtered except for what our provider approves for us.

I agree that something needs to be done about spam, and that the providers should help, but please don't advocate them "controlling" us.

Re:Sadlly of shore spam would not be stopped

[angst_ridden_hipster]

Hey, some of us run legit servers on our DSL lines.

That's why we pay for DSL.

Arbitrarily blocking the ports leads to bad things.

Wouldn't it be better to have ISPs scan for open relays, and port filter SMTP for IP addresses failing the test?

Sure, there will be wrinkles for the DHCP crowd (e.g., Cable Modems), but most of them forbid the running of servers in their User Agreements. Oh, it would be good if they enforced those consistently, too. Those old MediaOne agreements that ban "the running of servers" really need to be enforced against the standard Windows servers (NetBIOS/NetBUIE, IIS, etc) as well, not just Apache.

Re:Sadlly of shore spam would not be stopped

[amuro98]

Uh...

Most ISPs list spam as one of the things you are not allowed to do. Break the rules, lose your account. Don't like it? Go somewhere else.

Unfortunatly, too many providers don't actually ENFORCE their rules... I can think of over a dozen such ISPs in the US easily. Most of them are bell and cable companies. Some are government owned/operated, others are private.

Think of it this way. One of the neighbor kids breaks your windows. You call the parents to complain, but they just smile and nod. The next day, the same kid smashes your mailbox. Now then...would you invite said family over to your next BBQ? I certainly wouldn't.

Same thing here. If the ISP is unable/unwilling to curb their users' destructive behavior, that ISP (yes, the *WHOLE* ISP) isn't going to be allowed access to others' networks.

If anything, I think we should have laws that make the ISP liable for users' behavior. If a user spams, the ISP doesn't boot him after getting complaints and the same user spams again, then the ISP should be liable for the millions in damages as well as the spammer himself. A few such cases ought to convince these stupid ISPs that harboring spammers is neither a wise nor profitable business practice.

Re:Sadlly of shore spam would not be stopped

Try blocking using the PTR. If you see dsl.someisp.com, it's probably a dynamic swamp. On the other hand, if you get back something else, it's probably someone who's (1) running their own MTA on purpose and (2) clueful enough to have PTR delegation happening with the ISP.

I bet that'll give you similar results and fewer false positives.

Re:Sadlly of shore spam would not be stopped

[techno-vampire]

I'd go a step further: block outgoing Port 25 connections with no exceptions. That way, none of my customers could rape open relays, making it hard to deny they'd spammed. And, as long as my servers don't relay, any spam coming through them would have to be from a customer, making it easier to enforce a no spam policy. Granted, there's always a few people wanting to run their own SMTP, but so what? As long as my servers do their job properly, my customers can use them and won't need their own.

Re:Sadlly of shore spam would not be stopped

Good idea, but you going getting out of bounds with the SMTP RFC's. Don't tie SMTP to DNS.

If you disagree with this, please help write the next RFC on SMTP.

Re:Sadlly of shore spam would not be stopped

[ninewands]

One problem ... well, actually a couple of problems ... with your approach, but they're sort of related.

First, there are ISPs whose mail servers do NOT "do their job properly" ... this can vary from machines that are misconfigured or just plain flaky all the way to ISPs who threaten to terminate a user's account for spamming when they were, in fact, running a legitimate mailing list.

A perfect example of this is one reason I no longer use RoadRunner for my ISP ... for some reason that was never adequately explained to me they blocked my IP address from access to their pop server. After spending a week calling tech support every single day and having to get escalated through level 2 support and finally to their NOC techs, I got fed up with it. Their suggested workaround was to use www.web2mail.com, but that sucked so bad I considered it unusable. I finally just blew them off and switched to another backhaul ISP for my cable connection.

The second is the problem of ISPs that rewrite headers to add their own advertising to my e-mail ... yes, it's not just Yahoo, Hotmail and the other webmail sites that do that ... RoadRunner's smtp server does it too ... even though "I must advertise for RoadRunner on every one of my e-mails" is NOT part of their Terms of Service. I object to that, so I run my own MTA. I may have to give it up if AOL ever figures out that my MTA is not an ISP-run machine, but so far they haven't blocked me.

Just my $0.02

Sic Semper Tyrannis

[sulli]

Will they drive a spear through the heart of the spammer? I would move back to Virginia just to be part of that.

Re:Sic Semper Tyrannis

[chaserfromva]

No, they'll make the spammer wear funny clothes and put them on the flag to shame them.

Either it's all illegal or the law is wrong

[ObviousGuy]

So apparently we can use our 'common sense' to figure out what's 'the worst, most egregious and fraudulent kinds of spam'. I'm not sure I feel safe in a system where such a statute can be passed. The definition is too open for interpretation. Today it's porn spam with forged headers, tomorrow it's legitimate advertising getting outlawed.

If the state representatives don't have the balls to outlaw all spam outright, perhaps the residents of Virginia could grow some balls and vote these jokers out of office.

Re:Either it's all illegal or the law is wrong

There is no legitimate advertising through email.

Re:Either it's all illegal or the law is wrong

[bgeiger]

I don't mind legitimate advertising. Spam that clearly shows itself as such isn't a problem; I can just delete it without a second thought, like tossing out the fliers in my mailbox.

It's the bullshit that these scumbags pull that bothers me. Header forging is fraud. Making invalid claims is fraud. Sending spam and making it look like legitimate mail is fraud. Spammers should be prosecuted under existing anti-fraud laws.

(And by the way, at least the VA representatives have the balls to address the problem, unlike most states.)

Re:Either it's all illegal or the law is wrong

Quite a few states are outlawing fraudulent spam outright or have state-wide opt-out lists.

This is just more of Virginia senators pretending to do something good for the people while actually being "good for business".

Re:Either it's all illegal or the law is wrong

[ad0gg]

From the article

To qualify for the felony provisions the sender must:

consciously (with intent) alter either e-mail header or other routing information (a technical characteristics common to most unsolicited bulk mail, but not present in normal e-mail messages); and

attempt to send either 10,000 messages within a 24/hr period or 100,000 in a 30-day period OR the sender must generate $1,000 in revenue from a specific transmission, or $50,000 from total transmissions.

Its a clear definition. Alter the headers and send over 10,000 emails in day and its illegal.

Re:Either it's all illegal or the law is wrong

[smashr]

I am a voting resident of Virginia. I am quite happy with this law. You know, the people on /. spend so much of their time whining about how we must stop the spammers, and someone finnally comes along and passes a law that will help curb the worst types of spam, and suddenly it is a horrible trangretion.

You cannot have both sides of this argument. Any restriction the government places on things like this can be interpreted by some people as too broad. Either you take your government in small doses and shy away from government regulation, or you allow the government to regulate. You cannot be wishy-washy and take whichever side of the argument you feel like supporting that day.

Spam with forged headers is bad. I dont pretend to think that this will elimnate the mass amount of email i recieve, but I can only hope.

-Dan

Re:Either it's all illegal or the law is wrong

consciously alter either e-mail header or other routing information

This is VERY unclear and poorly defined. It's a mistake to assume that because English is your native language that legalities can be derived from such a poor understanding of your own language.

Re:Either it's all illegal or the law is wrong

[Condor7]

I can see it now: The companies that sell spam mailing software will offer upgrades that send 9,999 messages and then stop working for 24 hours.

Re:Either it's all illegal or the law is wrong

This is just more of Virginia senators pretending to do something good for the people while actually being "good for business".

Exactly. It sure takes a lot of balls to get motivated by some corporate interest, doesn't it?

Re:Either it's all illegal or the law is wrong

RTFA moron.

Re:Either it's all illegal or the law is wrong

[MrLint]

"legitimate advertising" wont be using forged headers. Try reading the article and look at the criteria for actually being a felony.

A legitimate business should stop bothering you if you tell them to.

A legitimate business with legitimate advertising should be oneou have done business with that you haved opted into.

Spam is none of these things.

Re:Either it's all illegal or the law is wrong

[gmack]

9999 isn't enough to generate revenue for them. Alan Ralsky once told me he sends a million emails per day per product.

And even that only generated about $20 000 USD per month per porn site.

Re:Either it's all illegal or the law is wrong

Keep in mind that this is a big place. There are people with varying opinions. When a "Spam is Bad" story comes along, the folks who feel strongly against spam will post. When an "Anti-Spam Law" story comes along, the folks who feel strongly against overstict laws will post.

So it oftentimes looks like slashdot is against everything. It's not-- despite the nerd monoculture here, there IS actually some variety in people's opinions.

Re:Either it's all illegal or the law is wrong

[rfg]

Its a clear definition. Alter the headers and send over 10,000 emails in day and its illegal.

So, the problems still remain. Send the spam from a throw-away email account. Not forged, just no one pays attention to it. And how in tarnation are you going to prove that the email you got had 10,000 siblings? Particularly if each batch of 9,999 came from a different address?

This law is next to useless.

Re:Either it's all illegal or the law is wrong

[amuro98]

Hey now...I'm on a few company's email newsletter lists. I knowingly signed up for them, and find the information about their sales useful.

It's just the *unsolicited* advertising that has no legitimacy.

Re:Either it's all illegal or the law is wrong

[Lord_Slepnir]

Easy way around this: Ralskya Inc sends 9999 e-mails, Ralskyb Inc sends 9999 e-mails, Ralskyc Inc sends 9999 e-mails....

Re:Either it's all illegal or the law is wrong

[danoatvulaw]

So apparently we can use our 'common sense' to figure out what's 'the worst, most egregious and fraudulent kinds of spam'. I'm not sure I feel safe in a system where such a statute can be passed. The definition is too open for interpretation.

Today it's porn spam with forged headers, tomorrow it's legitimate advertising getting outlawed. If the state representatives don't have the balls to outlaw all spam outright, perhaps the residents of Virginia could grow some balls and vote these jokers out of office.

You raise an interesting point about the lack of standards. A law based on community standards as to what is egregious may just prove Constitutionally facially invalid. That remains to be seen. At very least, it presents an issue to be dealt with, and most likely (note - i have not read the actual text of the bill) will be challenged in court. The prospect of changing standards based on conduct does not sit well with me either.

Please dont construe what I am about to say next as supporting spammers, cause I hate 'em just like everyone else, but you cannot just ban spam outright... not without tossing the 1st Amendment in the process. Both commercial and noncommercial speech is protected (like it or not), and here, a prior restraint banning spam will likewise not pass consitutional muster. Forcing truth in advertising, true header information, true return addresses == fine, but not banning spam entirely.

Re:Either it's all illegal or the law is wrong

[budgenator]

This law is next to useless.

I don't see it that way at all, this law will the major league spammers on serious notice, don't spam.think of it this way Spam-king gets busted.

1. he loses his money,
2. he loses his equipment that sent the spam,
   
3. if he sent the spam from home, he loses that
4. he goes to prison for 1-5, he loses his freedom
5. Tyron put a size 13 tallywacker in his size 2 tallywacker-holder if you know what I mean.
6. the wife divorces him while he's in the joint and child support leaves him with $7.00 a month to buy soap and tooth paste with so Don't dare get sick, medicade requires a three dollars co-pay.
7. the state offers him parole, which he might get after going through group therapy, AA, being born-again, not gettin a major ticket for two years and genernaly kissing a lot of brown-eye.
8. Virginia says we'll let you out 1 year early, if he agrees to parole terms (see Tyron for motivation),
9. 
   
   1. 3 year parole for 1 year early out
   2. you pay for parole officers' time who in turn will tell you where you can live, work, what you can own(no computers, that's for sure, and who you can associate with.
   3. you will pay the fine,(they took all of his money already so he better get that job)
   4. Don't forget about restitution, and paying into the victim's rights fund
   
   
10. Oh by the way the IRS wants its taxes on those profits that Virginia siezed plus penalties and interest

Don't forget that since the state's got him, he a whole bunch easier for me and the million others like me to sue for my $50.00 per in civil penalties

Re:Either it's all illegal or the law is wrong

Don't forget the Govenor. He apparently signed the bill at AOL headquarters. If that doesn't tell you who is behind this i don't know what will. So much for the Democrats being immune to the whims of big business.

Re:Either it's all illegal or the law is wrong

[Steve+B]

Please dont construe what I am about to say next as supporting spammers, cause I hate 'em just like everyone else, but you cannot just ban spam outright... not without tossing the 1st Amendment in the process.

Nonsense. It is well-settled law that time-place-and-manner restrictions on speech are acceptable when they are directed to some compelling interest (in this case, protecting the private property rights of the spam targets) and when they leave alternate avenues open to the speaker's message (in this case, spammers can buy banner ads and get listed in search engines like honest folk).

Re:Either it's all illegal or the law is wrong

[Steve+B]

5. Tyron put a size 13 tallywacker in his size 2 tallywacker-holder if you know what I mean.

But will Tyron allow his name to be used in the next batch of tallywacker-enlarger spam?

Re:Either it's all illegal or the law is wrong

Today it's porn spam with forged headers, tomorrow it's legitimate advertising getting outlawed

So what? I'm sick of this marketing-dominated world we live in.

Re:Either it's all illegal or the law is wrong

[rodney+dill]

Not so easy if the money goes back to a single corporation and that becomes the target of prosecution instead of a plethora of false email corporations. The cost of supporting a bunch of "real" corporations should offset the revenue they generate making them self destruct.

But, I agree to the extent that a lot of creative loopholes will be explored.

Re:Either it's all illegal or the law is wrong

This should have been under "Your Rights Online". Jeez. Where does it end? I'm no spammer, but start making laws like this and there's going to be a lot more scrutiny on ALL traffic. Get a filter if you don't like spam. Under this law, it sounds a lot like the Intel guy who warns the Intel employees is committing a serious crime..this is going to open the door for all kinds of silly litigation. Use more filters and less Big Brother!

Re:Either it's all illegal or the law is wrong

This is the same as any other advertising-I've chosen not to do business with Toyota, but how many of their BS commercials on TV do I sit through? I bet if I write them a letter, they won't stop. What a bunch of whiners. Start filtering, already. Spam is the price of doing business online.

Re:Either it's all illegal or the law is wrong

Please think before you post. There are tons of legitimate advertising emails. Heck, I signed myself up for Macromedia and Dell's mailing lists just for advertising. (I want to know when a sale starts, I want to know whats new)

Re:Either it's all illegal or the law is wrong

I fail to see how their 1st ammendment rights are being imposed upon...They have the right to say what ther wish, when they wish. What they do not have is the right to expect me to pay for their privillage to do this. This is not like junk mail thru the USPS, where the sender pay's the cost of their advertising, *I* am picking up the tab for my internet connection, and don't see where they have the right to use *my* paid bandwidth to send their trash to me. I have a 1st ammendmant right to free speech too, but yould you support the arguemant that I have the right to call you collect to excersize it?

Re:Either it's all illegal or the law is wrong

[danoatvulaw]

Nonsense. It is well-settled law that time-place-and-manner restrictions on speech are acceptable when they are directed to some compelling interest (in this case, protecting the private property rights of the spam targets) and when they leave alternate avenues open to the speaker's message (in this case, spammers can buy banner ads and get listed in search engines like honest folk).

Yes, you can have time place and manner restrictions on speech. However, a law that forbids spam online would be a content based restriction, not content neutral, since it only targets those messages that are deemed to be spam. Therefore time/place/manner restrictions do not apply. Legislators could not pass a law that simply says commercial un/solicited email is outlawed because that law targets the content of the email (even though commercial speech is entitled to lesser First Amendment protection then personal speech). For more see Ward v. Rock Against Racism 491 U.S. 781 (1989).

Re:Either it's all illegal or the law is wrong

[Steve+B]

Ah, I see the problem -- you have incorrectly defined spam as "unsolicited commercial email". Using the correct definition of "unsolicited bulk email", a prohibition on spam is a textbook case of content-neutral time-place-and-manner restriction.

Re:Either it's all illegal or the law is wrong

[greenrd]

Alan Ralsky once told me he sends a million emails per day per product.

And even that only generated about $20 000 USD per month per porn site.

Aha! But I thought Ralsky claimed he never sent porn spam?

*Gasp*! Are you trying to imply that.... spammers lie ? I'm shocked... shocked, I tell you!

Re:Either it's all illegal or the law is wrong

[gmack]

Yeah he did say that.. but that's also the same Ralksy who talked my former employer into hosting and creditcard processing for his bestiality sites.

Ralsky was the single largest reason I quit working for 2KServices.

Suitable Remedy

[ferret70]

The convicted spammers should be forced to use AOL the rest of their lives! :)

Re:Suitable Remedy

[insecuritiez]

In 1998 I got kicked off of AOL for sending 200 emails in 5 minutes. Sure, I was a stupid kid and I deserved it. That's the only positive thing I have to say about AOL. Generally they act first and ask questions later when it comes to their TOS.

Re:Suitable Remedy

Forced to use AOL? Now you are just as bad as the spammers. There are laws against cruel and unusual punishment too.

FTC & FDA

[ackthpt]

The FTC also made the insightful discovery that most spam is fraudulent in some fashion.

Yet, the FDA (also a bureau of the administrative branch of the U.S. goverment, for all you furriners who take exception to typical insensitive slashdot US-centric and clodish nature, just being clear), Food and Drug Administration, allows the marketing of 'Herbal Remedies', which effectively let all sorts of varmints claim to be marginally less illegal by offering these as body part enhancements, muscle mass builders, weight loss treatments, etc. This should make for more interesting fodder.

Re:FTC & FDA

[Blaine+Hilton]

The real question though is how much money did they spend figuring that one out?

Re:FTC & FDA

[sulli]

They were forced to by Congress, which under pressure from the dietary supplement ("health food") industry banned the FDA from regulating such as drugs. It's a real scandal.

Re:FTC & FDA

[ackthpt]

They were forced to by Congress, which under pressure from the dietary supplement ("health food") industry banned the FDA from regulating such as drugs. It's a real scandal.

Unfortunately you're probably closer to the truth than they would have us believe. While the manufacturers, at least a chunk of them, could claim these do no harm (unless taken in absurd quantities, which nobody really knows how much as they aren't regulated or adequately tested), it's hard to disprove whether or not they do no good. So, it's like selling sugar pills, which can be very profitable, hence so much spam regarding all these great meds and supplements.

Spammers, of course, have used far from ethical tactics so they don't go to capitals very well armed to defend themselves, even if they could tote in some 'campaign contributions.'

Re:FTC & FDA

[andyring]

Actually, you missed a word or two...

The real question though is how much of my money did they spend figuring that one out?

And in further news...

[0WaitState]

And in further news, a minimum of two-thirds of all types of intrusive advertising contain false claims--telephone cold-calls, loud tv commercials, the crap that hides the funnies in the sunday newspaper, the daily pound of paper cluttering your mailbox, you name it. The more intrusive the advertising, the more fraudulent the content.

Re:And in further news...

[Bendy+Chief]

Tell me, do you see ads for "Doctor Approved!" penis enlargment in any of the media listed? Those media all advertise for identifiable, accountable corporate entities; scammers can't afford a huge publication of fliers in the Daily Rag, nor could they avoid a law-enforcement backlash after their scam is exposed.

It's due to the anonymous nature of electronic communication that these types are able to sell anything. Regulatory agencies would come down, BLAMMO, on a telemarketer phoning you and screaming pornographic lines at you. Spammers don't ask questions when taking jobs. Newspaper editors and TV commercial producers do.

Re:And in further news...

[0WaitState]

It's due to the anonymous nature of electronic communication that these types are able to sell anything. Regulatory agencies would come down, BLAMMO, on a telemarketer phoning you and screaming pornographic lines at you. Spammers don't ask questions when taking jobs. Newspaper editors and TV commercial producers do.

You're talking about the tone of the advertising, not its fraudulent content. As for the fraud, regulatory agencies might get into the act after 5-10 years of abuse, by which time thousands of people will have been scammed. A few examples:

Predatory lending exploiting the elderly (telemarketing).

"zero interest" credit card offers with huge late fees and max interest rates if you're one day late (3-5 of these per day in my mailbox)

"Sale" prices for tires that are the regular price, and don't mention mandatory "service" charges per tire (the Sunday comics wrapper)

"Investment seminars" are advertised every week in the business section of the newspaper--the seminars are come-ons for such reputable schemes as multi-level-marketing, day-trading (past tense), REITs, etc.

Re:And in further news...

[Ben+Hutchings]

Don't forget unclaimable rebates, "shipping and handling" fees, "free" things when you contract to pay a monthly fee for several years, items with "free" extras that were never sold without those extras, "national rate" numbers (in the UK) that usually cost more than national rate, "excluding delivery charge, road tax and number plates", "at participating locations", etc. At least the UK has a rule that interest rates must be stated with all charges included (or both with and without).

Is their sample size really valid?

[psychosis]

The FTC studied a random sample of 1,000 unsolicited e-mails taken from a pool of more than 11 million pieces of spam it has collected.

OK, so were they planning to sample more than 3 typical e-mail accounts worth of daily spam?

Re:Is their sample size really valid?

Yes, this is a perfectly valid sample size...take a stats class sometime...there are severe diminishing returns of accuracy the more samples you take.

Re:Is their sample size really valid?

[fname]

Their sample size is plenty big enough; they usually survey less than 1000 for opinion polls.

The question of whether they are valid is a different issue. If it's a random survey of all their messages, then that's what they are measuring, But that is probably not representative of all the spam. For example, maybe only a certain class of users (read: geeks) forwards the spam to the FTC. Or maybe people only forward the most egregious examples of spam. Or maybe the FTC sample is from one day's use, and they got lots of duplicates.

Fact is, 1000 is a large enough sample size, whether it's valid depends wholly on the validity of the sample pool

Re:Is their sample size really valid?

[psychosis]

Ack! A meager attempt at a bad joke shot down by a statistician... What are the chances of that?!

Re:Is their sample size really valid?

[fname]

Not as good as you think. I'm an engineer. :)

Re:Is their sample size really valid?

[Anonymous+Custard]

Ack! A meager attempt at a bad joke shot down by a statistician... What are the chances of that?!

I'd say the chances are somewhere between 37.19% and 39.74%; except when taking into account the standard deviation of... :-)

Oh boy

I hope there can be a war on spam that is as effective as the war on drugs or the war on terrorism or the war on poverty.

Re:Oh boy

I hope it is more effective than that. Those wars have been either ineffective, fraudulent or designed to make money for politically influential companies/individuals. Spam costs legitimate businesses millions. Since our politicians seem to consider businesses to be their real constituents, I fail to see why it is taking so long to get effective legislation.

Write to the Spam King

Alan M. Ralsky
6747 Minnow Pond Drive
West Bloomfield, MI 48322

If you think this will help � you�re right.

[insecuritiez]

This wont put even a tiny dent in spam. In Virginia or any where else. What it will do is set a precedent. This is one huge step in the right direction. Now you can write your local representative with "If Virginia can do it, why can't State X?" Lets take this spam victory and run with it.

Re:If you think this will help � you�re right.

[ad0gg]

From the text of the bill:

The bill also adds a seizure and forfeiture provision allowing for forfeiture of all proceeds and equipment received from violations of the Computer Crimes Act. This bill is identical to SB 1139.

spamming software $99
list of emails $200
throw away dialup account $20
Having your house,car and other assests seized Priceless

Re:If you think this will help � you�re right.

eh?
spamming software: for i in $(LIST) do mail $i SPAM; done, free
list of emails: Dicionary attack, or a quick perl script. Free
throw away dialup account: Free (in the UK)

Re:If you think this will help � you�re right.

[indiigo]

This and future legislation is about "too little too late." Look at states with antispam laws, (WA and CA mostly,) heck , look at 10+ years of fax spam laws, they still are abused and rarely enforced.

I live in Virginia!

[Tuzy2k]

I hate to say it, but if AOL can throw their weight around to rid me of spam then I'll stop bitching every time I get an AOL cd in the mail :)

I wonder though- is there a place that we could report spam to the virginia prosecutors? Perhaps our state attorney general could setup a spam email and state residents could forward their spam there for the prosecutors to go after :)

Re:I live in Virginia!

Hey, AOL sends those CDs in nice storage tins or replacement DVD cases. It's nice of them, though I do miss the old free-floppy-disk-of-the-month-club. If they send it unsolicited, it's yours to keep. Thank you, AOL!

Re:I live in Virginia!

Actually, this would more likely be handled by the local Commonwealth's Attorney's offices (those are the local prosecutors for all you foreigners from Maryland) -- which would probably overwhelm them in some of the smaller counties. Plus you need investigators-- only a few police and sherrif's offices have anyone dedicated to IT-related investigations.
OK, so there's an opportunity for some of you. You get to wear a tin star and bust spammers.

This isn't new

[RJ11]

Virginia has had an anti-spam law since 1997, which is part of the Virginia Computer Crimes Act (VA Code 18.2-152). It makes spam with forged headers illegal: http://www.spamlaws.com/state/va.html

AOL, Verizon, and other large ISPs based in VA have been suing under this law for years (though they almost always go to federal court, pursuant to U.S.C. 85 1332). I have burninated a few spammers in small claims court under this law as well (I was actually in court today suing etracks.com). The law allows the recipient to seek civil relief for the lesser of $10/message or $25,000/day. For ISPs, it's the greater of the two.

Re:This isn't new

[amuro98]

Verizon is one of the SOURCES of spam. They don't act on complaints, and willing let scumbags and thieves operate on their network.

If the 1997 bill didn't stop them, I don't see what this new one will do, unless AOL decides to sue Verizon. Hah...I'd fly out to sit in the audience for that trial...

Re:This isn't new

[nolife]

Verizon is one of the SOURCES of spam.

Meaning Verizon itself or a customer using Verizon services for the initial internet connectivity? Very big difference. Claiming the provider responsible for the actions of specific users is a very sharp double edge sword that has far more reaching effects then spam.

They don't act on complaints, and willing let scumbags and thieves operate on their network.

Your perception of what they do behind the scenes may not be exactly what is going on. If that is the common practice of theirs, then it is a problem.

Re:This isn't new

[amuro98]

Sorry, I meant to say Verizon hosts many spammers, and doesn't do anything to stop them.

Day 1: get spam from verizon customer, send complaint, get auto-ack that means, well, nothing.

Day 2: get same spam from same verizon customer (identical headers, content - except for timestamp) send complaint, get auto-ack.

Day 3: get same spam from verizon again...

Think to myself "Hmm...maybe verizon is a bit slow to deal with spammers..."

Day 10: get same spam from verizon again. Blacklist the IP#.

Day 20: wipe out 10 days worth of spam from that same IP# of verizon's.

Day 21: get that same spam from Verizon - but from a different IP#!

My experiences are hardly unique, nor is verizon the only ISP guilty of having an abuse desk that ignores/helps/supports spammers. Try plugging random large ISP domains into SPEWS.org and see what you get. If I recall, Verizon has a nice large file, as does UUNet/MCI/Worldcom, Sprint, AT&T, Exodus, Excite, Rackspace...

Re:This isn't new

[Overzeetop]

While I've never taken this to court, I've quoted the law back to certain spammers with results.

I don't get much spam, so when I do I try to nip it in the bud. I received a pr0n site spam a while back. I took a look at the html source and scribbled down the domains. I found about four domains registered by the same fellow, plus two companies. I send a nice letter informing the spammer (both reply-to and the admin contct his domains) that if I didn't receive a reply from his reply-to address that I would consider it to be forged and that he would be inviolation of Virginia law and subject to civil litigation. I also cc's the email to both the corporations - one was a pr0n provider, the other a CC processing service (emails found via whois for the domains).

I never received a reply from the spammer (not gonna drag his butt in for $10), but I received two professional emails - one from each corp. Each indicated that the spammer had violated his terms of service and one (the CC processor) had suspended his account based on my information.

Did he actually get suspended? Who knows. I don't really care, as I've not received another spam from him. That's the results I really wanted (though if it caused him some trouble it wouldn't hurt my feelings).

AOL HQ

[Red+Warrior]

they signed the anti-spam law at the AOL HQ?
Isn't that one of the seven signs, or something?
Or

Don't forget...

The forum is the perfict time to charge the spammers for their crap.

If you have any antispam laws in your states make sure to use them.

Also try to prevent the media from mistaking them from anything but criminals and beliving the spammers lies that they run an honest bussiness. They are doing PR control, as well as the usual trying to redefine spam to the kind that they do not do.

The NY times was belived them in this "story" (also shows how bad they are, with them trying to spin things with quotes taken out of context and spammers trying the "I am not a spammer, this hurts my business!" pitch).

Just for Ralsky

[amber_lux]

B: A person is guilty of a Class 6 felony if he commits a violation of subsection A and:
1. The volume of UBE transmitted exceeded 10,000 attempted recipients in any 24-hour period, 100,000 attempted recipients in any 30-day time period, or one million attempted recipients in any one-year time period;

I think Ralsky would get that many bounces in an hour, if he did not forge headers, and hijack mail servers.

Penalty is only $10.00 per email or $25K, whichever is less.

Not enough financial damage to spammers, but it is a start. If the statutory damages were higher, it might have a legitimate claim to being the toughest in the country.

Wind under Thy Wings

Amber

Re:Just for Ralsky

[bobbyt]

Not enough? That's a lot of viagra emails to send to get to 25k

Re:Just for Ralsky

[amber_lux]

That's a lot of viagra emails to send to get to 25k

2 500 emails at $10.00 is $25 000 dollars. AOL claims to block up to one billion spam messages per day.

Ralsky claims to be able to send 650 000 messages per hour on each of his 190 email servers.

If AOL sues Ralsky, the maximum they can get from him, per day, is $25 000. Meanwhile, he can throw 2 964 000 000 emails per day at AOL, if he so chooses.

Statutory damages should be $500.00 per email. ISPs could claim $500 multiplied by the number of undelivered emails in damages, with no maximum. That would change Ralsky's $25K per day habit with AOL, to a $250 000 000+ per day habit --- assuming that Ralsky is responsible for 10% of the spam at AOL.

Wind under Thy Wings

Amber

Re:Just for Ralsky

[budgenator]

But that's just criminal penalties, when he's in prison, he a stationary target for civil suits.
any evidence in the criminal trail would also be available for use. if there is enough for a criminal conviction, a civil suit should be a cake-walk.

Re:Just for Ralsky

[ninewands]

I think we are dealing with a fundamental misunderstanding of statutory damages here ...

Quote:

If AOL sues Ralsky, the maximum they can get from him, per day, is $25 000. Meanwhile, he can throw 2 964 000 000 emails per day at AOL, if he so chooses.

Incorrect grasshopper ... statutory damages are damages that can be awarded WITHOUT proof of ANY actual damage. As such, they represent a FLOOR for damage awards NOT a cap. Under this law, a party can sue for statutory damages of $10.00/message up to a maximum of $25,000.00 whether they can prove they suffered actual damage or NOT, however, if they can prove MORE than $25,000.00 in damages, they can sue for their actual damages. If Ralsky was dumb enough to spend 24 hours mailbombing nothing but aol.com with all 190 of his mailservers, I am sure that AOL would be able to prove a helluva lot more than $25,000.00 in damages from bandwidth consumption alone. Hell, he might even find himself charged with terrorism under the anti-hacking provisions of the PATRIOT Act for attempting a DDoS attack on AOL.

Hmmmmm ... now that's an intriguing thought ... maybe that PATRIOT Act isn't such a bad thing after all ... (just kidding)

At last, a fair use for slashdotting websites

[Pieroxy]

You don't need to find who is behind the scene. Here are the steps to punish spammers without knowing them:

1. Write a small program that every user can run at home, on the seti model. Let's call it spammerSucker.
2. Identify an email as spam (this part is easy)
3. Find the website of the spammer (The email is generally full of http links)
4. Add the URL in the centralized DB of spammerSucker.
5. In minutes, millons of DSL/Cable users running spammerSucker are downloading every byte out of their server, initiating millions of sockets per second.
6. Their server is "slashdotted", and no one can access it.

Such a campaign would just result in destroying your website when you send a spam and so would make it a lot more dangerous for a company to send spam.

The danger is actually in step 2, because you don't want to blinbly suck any website...

Re:At last, a fair use for slashdotting websites

[gmack]

The danger is in step 3 because it's hard to know what URL is the spammers' they often hide the url by by various means and include other sites in the email.

Re:At last, a fair use for slashdotting websites

[Pieroxy]

Ok, danger is in step 2 and 3:

2: How do you prevent company A from sending spam with http links to company B's website, just to shut them down.
3: How do you make sure the HTTP link is correct and represent the website of the spammer. Kind of the same issue actually...

Any ideas ?

I could very well implement something like that in the near future is I find answer to these issues...

Re:At last, a fair use for slashdotting websites

[amuro98]

There's also "joe jobs" where a spammer intentionally advertises a website of an enemy or competitor in an attempt to get the site yanked by the ISP.

I've also gotten "newsletter spam" where there are dozens of websites with different owners, none of whom are related to the spammer, nor given permission to have their website advertised in such a manner. I got one for a bunch of casinos - none of whom were thrilled at the attention. Since my complaint was CC'd to all of them, they had a handy mailing list to band together and take the spammer to court for defamation of character in a class action suit...

Re:At last, a fair use for slashdotting websites

Same as any other authentication problem.

You require the contents of the "advertisement" to be certified by the advertised company as well as the "bulk mailer service". Both are responsible for spamming you; both parties should have cryptographically secure authentication information embedded in the email for identification purposes.

Spam without proper ID should be illegal, and dropped by mail servers at the first opportunity as badly formed.

Re:At last, a fair use for slashdotting websites

[berzerke]

5. In minutes, millons of DSL/Cable users running spammerSucker are downloading every byte out of their server, initiating millions of sockets per second.

Step 5 is probably easier than you would think. I worked briefly with a company that spammed intentially (don't flame until you read paragraph 2!). Their servers were located in Tunisa and China, and I've got more bandwidth than those servers did (I'm on DSL). I was told they had to move them off shore due to the anti-spam people. (You ARE making a difference; I heard more than one impolite comment about you!) The people that set up the servers (i.e. physical access) did a very poor job. One server was rooted before I first SSH'd in. No updates applied at all either. They are easy targets for some wanting to knock them off-line.

BTW, I didn't work there long because there were always problems with the systems. One delay after another under me. They couldn't launch any "marketing" campaigns. All accidental of course ;^) Since they never actually paid me anything (I don't believe they would have anyway, but it was interesting to a see a spam operation from the inside), I don't feel too bad about it professionally.

Re:At last, a fair use for slashdotting websites

[Ben+Hutchings]

I thought "joe jobs" were spamming runs that deliberately used an innocent person's real email address as the From address. Maybe "joe jobs" can describe either of these, just as "spam" can now be mail or news.

Re:At last, a fair use for slashdotting websites

[Sparr0]

THOSE are also illegal, and the not-participating businesses can sue them. For one thing, they will be infringing trademarks by advertising with the names/logos/whatever of the other companies. And for another, they will be liable for any monetary damages the companies lose in anti-spam suits.

Re:At last, a fair use for slashdotting websites

7. Get sued and possible worse

Look, I probably hate spam more than you do. I have some pretty twisted fantasies about what I'd like to do to these guys and their families. That doesn't change the fact the denial of service attacks are illegal. Spammers are very quick to call the cops.

Re:Spam an H-1B today!

Apu is Sri Lankan. Not Indian.

how to stop AOL cds

[SHEENmaster]

1. Beat the crap out of the disc and package. Stab it, crush it, bend it, shatter it, etc.
2. Either send the original package, or the package in a sandwich bag back by writing "Unsolicited, return to sender!" on it and placing it back in the mailbox.

I haven't recieved a CD in several months, down from once a week or so.

fraudulant?!?!?!

[edrugtrader]

spam is in no way fraud. i make $50,000 a day posting to slashdot from home. you can too, email me back at ahk235hk2@yahoo.com. if that doesn't work, try my work email at 235hlj235hl2@hotmail.com.

Yikes!

[clambake]

This is definitly a good solution... but how do you protect it from abuse? I mean, if one skript kiddie wants to spam his enemy's server, what's to stop him from forging a fake spam that he sends to himself and then posts to the centralized DB as a "spammer"?

Bye Bye Spammers....

[Elpacoloco]

Imagine what will happen when spamming is illegal in all but a few states....

I can see a federal anti-spam law on the rise, and for spammers it will not be pretty....

(-1 Redundant.)

Whoring to Capitalists is The Problem

[SubtleNuance]

The article reads like a big AOL PR piece in some places -- the VA governor led the signing at the AOL HQ in Dulles.

Hm, thats what I want, my Legislators delivering law directly from the BoardRoom. The same people who send you "buy this penis pump" emails will, next month, be sitting next to this Virginian Politician at a $5000-a-plate fundraiser... and the viscious cycle begins again.

Most Spam is Fraudulent?

[X_Bones]

Next thing you know, someone's gonna say the Pope wears a funny hat.

worthless

Another drug war.

Spam is going to suddenly become alot more profitable to those who stay in the game.

FTC recruits rocket scientists

[SuperBanana]

The FTC also made the insightful discovery that most spam is fraudulent in some fashion.

Duuuh. That's because nobody selling something legitimate wants the negative side effects of spam- mainly, the disgust it causes. Hell hath no fury like a consumer who's just been spammed for a product; they'll probably, even out of spite, go for your competition, if they just so happen to be in the market for your item. Remember those stupid little remote control cars? They learned the hard way that spam didn't work; retailers reported a backlash from the spam, people coming up to them and chewing out -the store employees- for the spam other resellers were sending.

Re:FTC recruits rocket scientists

[NanoGator]

"Duuuh. That's because nobody selling something legitimate wants the negative side effects of spam- mainly, the disgust it causes."

Speaking of disgust that spam causes, you should respond to my comment here in the other article about spam. I normally wouldn't hunt somebody down over it, but you gave me a chewing I didn't deserve.

bad law!

[JDizzy]

This is a situation where the law is countering an effect of a bad protocal. SMTP is the badness here, not so much the people that abuse it (but *they* are bad). It should be the responsibility of the people on the internet to simply ignore the spam since they are willinging participating in email to start with. I realize that SPAM is bad, but it is only possible because SMTP sucks donkie's. Same as war driving, it is very possible to drive around and find a free AP to exploite just as it is easy to scan the net for open SMTP rellays to exploit. The laws should place the burden on the standards organizations that certify things like SMTP, and the conglamerations of multi-national coorporations that controll the internet backbone that don't lift a finger to halt the bad protocals. In other words, SMAP is a feature, not a bug. It's practicalyl built into the protocal. Altering headers is possible, and could even bee viewed as a legitimate form of self protection/security.

spammmmm??

[lightningscorcho]

I get sick of this spam shit! I see how it is legal that a company can send me something LEGALLY that I did not give them permission to. let me put that in another way, I own my mailbox- I bought it so that I can be contacted by whom I wanted to, by a company sending me mail that I did not give permission for, they are using MY PROPERTY without MY permision-- goes for the same for phones -instead of do-not-call lists, all though good hearted, there should be do-call lists -- the same thing should go for e-mail also, how can it be legal for a company to fill up my e-mail box that I paid for without my permission?? get the hell out of my mailbox, you bitches!

I'm contacting the DA

[mikosullivan]

Somebody has been sending out spam as if it were from Idocs.com. I'm very angry about it. I save all the bounces. I'm going to get to work on figuring out who to contact in the VA government and see if I can get someone interested in pursuing this.

-Miko

Re:I'm contacting the DA

If the spam is advertising xxxstreet.net and similar, then you're not alone. I've been seeing the backscatter in the form of bounces from people receiving mail "from" my domain.

Their M.O. seems to be spewing through open proxies, so all of these bounce senders obviously have no protection. You don't even have to use a DNSBL to put a serious dent in spam that comes in via hijacked proxies. There are things you can do in your own MTA which will eliminate most of it.

Wow, shocks this Virginian

[mao+che+minh]

As a lifelong Virginian, I never saw this coming. This state's government is usually so in bed with the money hounds, nothing (and I mean nothing) gets done "legistlative-wise" until some big company lobbies for it.

I forgot that AOL has a huge datacenter up North from here. Hmm.....

Re:Wow, shocks this Virginian

[nite-]

just fyi, they actually have 4 in northern virginia. :)

Re:Wow, shocks this Virginian

[OpieTaylor]

Ironically, I once wrote to the Delegate who introduced this bill (my local representative), asking her to support a state-wide "do not call" list for phone-spam.

She wrote back, basically saying the bill was bad for business.

Maybe I should send campaign contributions to AOL, since they seem to get the job done.

Tasty!

[pcwhalen]

Mmmm. Virginia Spam! The best kind. They cure it different there, Smithfield I think.

"And after a while, you can work on points for style.
Like the club tie, and the firm handshake,
A certain look in the eye and an easy smile." Rodger Waters

Virginia and the Law

[The+Ape+With+No+Name]

As a gennilman raised in Vehjenya, I can tell you this, they do not fuck around. Illegal gun: 5 years. Use a firearm in commission of a felony: 5 years on top of 20 years for whatever you did. Simple pot possession: 12 months. Radar detector: fat fine, car searched and mucho points on the license. It goes on and on. The old joke is that Virginia has a law against everything and two laws against most things, and never get busted in a state where the flag has a woman standing on a man's chest wielding a spear.

If any spammers are reading this, let me tell you about the Virginia correctional system. If you are lucky you will go to the big house. If they put you on the farm you are fucked. Most penal farms in Va grow their own food and cut their own fire wood, etc. You will come out tan and fit, my friend. I taught literacy in Wise County at the facility there. No slack for misdemeanors and light felonies. They also operate road gangs (no chains. Work is time off from your sentence with good behavior) with the Boss standing over you with a 12-gauge full of rocksalt if you decide to make like Cool Hand Luke. Also, the Virginia State Police are ruthlessly efficient and will get you. This was the best state to implement anti-spam legislation if we want spammers to hurt.

PS. It is "The Commonwealth of Virginia" not the "State of Virginia." I didn't get my hands whacked with a ruler by Mrs. Underwood to have y'all malign my beloved home with the lowly name of "state."

Re:Virginia and the Law

PS. It is "The Commonwealth of Virginia" not the "State of Virginia."

Wow, does that mean it still belongs to us? Reading slashdot is just like rummaging around down the back of the sofa, you never know what you'll find, a 5 pound note, a comb, some pocket fluff, a former colony. Hang on, what's this thing?... Oh, I wondered what I'd done with that.

Re:Virginia and the Law

[The+Ape+With+No+Name]

PS. It is "The Commonwealth of Virginia" not the "State of Virginia."

Wow, does that mean it still belongs to us [parliament.uk]?

Nope, but kick out Bush's lapdog Blair and we might give it back in kind. I'll throw in Tennessee (just had a tune-up and a new tires installed) and South Dakota (slightly used) for the hell of it.

Re:Virginia and the Law

[Hallow]

I live in Virginia, and call it home.

Don't forget, it is the South, so you better believe there will be a huge guy in your cell named "Bubba" who wants to make you "squeal like a pig".

Re:Virginia and the Law

Yep, and now you can get 5 years for spam.

Plenty of room left at Wallen's Ridge and Green Onion (supermaxes, in the middle of nowhere, in the mountains, staffed by locals who generally don't like outsiders too much) after Connecticut canceled their contract with our Dept. of Corrections, too.

I thought the old joke was "How many Richmonders does it take to change a light bulb? Three. One to change it and two to talk about how good the old one was."

Migrating West to East with Area Code 703

Re:Virginia and the Law

Ah yes, the old DUMB ONION (thats Old Dominion for you outta town slackers)

Re:Virginia and the Law

[NortonDC]

Radar detector: fat fine, car searched and mucho points on the license.

False. No points, and they can't even compel you to relinquish it. And it has never been fully tested in court, either.

Re:Virginia and the Law

[The+Ape+With+No+Name]

Right. I live in Tennessee now. Have a radar detector. I forgot to put it away in Bristol. Bam. $118 on top of the speeding ticket and he took it as evidence. Said I could get it back after my trial if I showed up. They are illegal and confiscatable in VA. Don't fool yourself with the "never fully tested" line. Care to be the one to fully test it?

Permission and trespass

[NewtonsLaw]

An interesting debate arose from a story I wrote earlier this week in which I published screenshots from a spammer's mailboxes.

One reader complained that this was "hacking" and that it was an unjustifiable action.

In response to that complaint I asked my readers (part-way down the page) whether there was any difference between a spammer trespassing on someone's mailbox with their crap and someone trespassing on the spammer's mailbox to expose their mis-deeds.

Gathering by the responses it appears that the rule of "do unto others" can reasonably applied to spammers and their mailboxes.

Re:Permission and trespass

[Netmonger]

It is completely responsible to publish the screen dumps!! What you are doing is similar to Consumer Reports magazine - showing consumers real cases of Internet FRAUD, so that they can be better educated!

Text of the statute

[SlashdotMirrorer]

Mirrored here I'm not sure how they plan to track people down.

Bills

[dannyweb]

Code Of Virginia: SB 1139 HB 2290

Extradition

Since it is a felony, I wonder if they will attempt to extradite people from certain foreign countries?

"send", not "send or cause to send".

[Animats]

This bill, unlike California law, only penalizes sending spam, not causing it to be sent. So it doesn't let you go after firms that hire spammers. California law lets you go after people who hire spammers.

The FTC has recently gone even further. They take the position that a beneficiary of the spam is responsible for it unless they took steps to stop it. This covers spamming by "affiliates".

The FTC's position is consistent with decades of false advertising law. The FTC has often prosecuted companies that let their "dealers" lie for them. The FTC has the authority to crack down on spam, and it looks like they're starting to do so.

Anti-spam legistlation ethically not justified

[TheDataAlchemist]

I don't want to be Mr Opposition here, but I for one am against anti-spam legislation. Now, I hate spam as much as the next guy, and I do as much as I can to avoid recieving it (ie keeping email address confidential, filters, blocklists, etc.), but it is certainly not the government's job. If anything, such legislation robs individuals and companies of their rights, namely their rights to use internet email as the system stands to their own discretion, but also the right to communicate (dont reject this just yet, ill get back to it). Regardless of the fact that the majority of the population dislikes spam, whenever the government takes rights away from citizens, it is a form of tyranny. It is important that we do not allow the rights of any minority to be revoked, otherwise it becomes easier in the future for such to occur to other minorities. Today we may be taking away advertiser's ability to use a communication medium (because we dislike them), but tomorrow it could be you.

When the human race is destroying itself due to stupidity and hate, and the individuals that see this are powerless to do anything about it because those in power "dont like" their ideas, you can trace the cause back to laws such as these. PS. I may be exagerating the effect of this one law as a singularity: there have been and will be many more such laws, but that is no argument against trying to do the right thing...we must learn to think collectively through reason and justification, not mass opinion.

Re:Anti-spam legistlation ethically not justified

[techno-vampire]

What you are really saying is that spammers have an absolute right to steal service, waste other people's bandwidth and fill their mailboxes with unwanted messages. Forcing the vast majority of people to do the needed work to get rid of this trash is OK, but preventing it from being sent isn't. No, you're not Mr. Opposition, you're in contention as the poster boy for spam.

Re:Anti-spam legistlation ethically not justified

I tend to disagree. It's a violation to send unsolicitated Faxes, Yet people can still use their fax machines for whatever they want, as long as they aren't sending others unsolicited faxes. How is email really that different? While I agree, less government is better, there's also a reason it's there. To take care of issues we want to get control of and lay some smack down on the people who are abusing our fax machines, phone lines, and mail servers.

Re:Anti-spam legistlation ethically not justified

U Idiot, You dont want to listen to people who you do not know unless you can shut them up or stop listeneing to them if you wish. Spam is ok if I know whos sending it and can block the bloody ass...

Re:Anti-spam legistlation ethically not justified

[Ryokos_boytoy]

...such legislation robs individuals and companies of their rights...

Ummm, companies don't have any rights and thats the way it should be. And I don't think tyranny started with the VA anti-spam laws. You need a big bandage for that bleeding heart ya got there.

"find a technical solution"

[mlknowle]

I'm sure people are going to respond saying "find a technical, not a political, solution." The fact is, this problem exists now, and a technical solution isn't forthcoming. Sometimes, a political solution is appropriate to legislate interactive conduct. A silly, but still applicable analogue: shoplifting might be considered a 'technical problem' with running a store - but we still pass laws against it! At the same time, stores employ technical means against shoplifters. Similarly, SPAM is probably best addressed from both sides - the public and private approach, if you will...

Re:"find a technical solution"

Sure. Just can all mail that isn't from someone on your contact list. Problem solved.

If, however, you still want to be able to receive mail from "strangers", then if you get a mail from, say, abc@xyz you automatically (ie. immediately) send the mail back to him back with a code, like 1234, and the reply starting "Mail me back with 1234 at the start of your header." You then accept any mail from abc@xyz with 1234 starting the header. Since spammers generally don't have return addresses they never get the code. Anybody who "really" wants to mail you can take the 4 seconds to send the mail a second time. Simple.

Don't encourage them

[billd]

If nobody ever replied to spam, there'd be no point to it, so maybe it would dry up eventually. People who react to spam are providing the feedback that encourages the spammers to spam on.

Re:Don't encourage them

If you flip thru the responses spammers get (come on, some of you know how to do this), you'll see that 99 percent of their responses are junk. The fact that they are uniquely capable if ignoring dozens of "FUCK YUO SPAMMER, 12345,asfdasd, GONNA KILL YOU," and pick out the one or two good orders, and go to bed at night and sleep soundly, proves they are unlike the rest of the human race.

Where do I turn myself in?

[ajs]

From the article, here are the criteria:

consciously (with intent) alter either e-mail header or other routing information (a technical characteristics common to most unsolicited bulk mail, but not present in normal e-mail messages); and

Have you ever seen such hogwash?! What, pray are, "a technical characteristics"?! Since when are headers and routing information common to "unsolicited bulk mail", but not "normal e-mail messages"?!

attempt to send either 10,000 messages within a 24/hr period or 100,000 in a 30-day period OR the sender must generate $1,000 in revenue from a specific transmission, or $50,000 from total transmissions.

Ok, so where do I trun myself in? I've certainly generated $1,000 from a specific transmission (we in the spammer game call it an "invoice") and I (just like tens of thousands of other evil spammers like me) forge headers and alter routing information. For example, I have mailing list managers that alter headers and routing information and then take that single modified message and send it to DOZENS of users! I also send mail from my laptop at home and claim to be me at work and visa versa!

Before tonight I didn't know I was a spammer, but if Virginia says I'm a spammer, I must be one! Is there a reward for turning my evil spammer ass in?

I'd add a smily, but this is just creepy!

Re:Where do I turn myself in?

[willmc]

Perhaps you missed the "and" between those two qualifications. You are only a spammer if you make $1,000 from an e-mail AND intentionally forged headers. So it does not in fact say you'd be a spammer as you claim.

Re:Where do I turn myself in?

[ajs]

Exactly, so for example, when I've written such invoices, the fact that I claimed to be "ajs@ajs.com", but was in fact sending the mail from work (or visa versa) means that I was committing a crime by Virginia's standards.

Worse, I'm interpreting what I think is the *intent* here, but technically the fabrication (e.g. creation) of any headerer information (you know, header information, that thing "normal" mail doesn't have...) would seem to meet the criteria, so any message I've ever sent that generated $1000 in revenue would be criminal spam.

Hi, my name is Aaron and I'm a spammer. [insert reply posts here with, "Hi, Aaron!"] My career as a spammer started out like most people's. I thought it was ok to send business email, but then I got hooked on adding "headers"... that's when my dog left me and my beer all went flat! But I've admitted that I'm powerless in the face of my addiction, and I've asked my higher power (ISP) for help. Since I've been blocking outbound port 25 I've only had one relapse at an Internet cafe. I've been a recovering spammer for 2 years now, and I'd like to thank you all for this lovely medallion! ;-)

Re:Where do I turn myself in?

[Kalak]

I also have "forged headers" as you claim, but changing your "Reply-To" header is not a forged header. It adds a "Reply-To" header to the other headers present in an e-mail. You're not claiming to be from an IP address that you're not using. You're not using non-existant domain names in headers. You *want* to be contacted by your clients in your business dealings.

Have you ever actually read e-mail headers? I'm not sure if you're trolling or just plain ignorant of what e-mail headers are. Open your Outlok Express and looks at the properties of an e-mail message sometime. Or better yet, send me an e-mail and I'm sure I can tell where you sent it from, right down to if you were at work or at home when you sent it.

Re:Where do I turn myself in?

[ajs]

Adding a reply-to is one thing. My mailer claims that I'm ajs@.com, even though it's sending mail from a system, and through an MTA totally un-related to my company. It does this by setting the From address both in the headers and in the Envelope (e.g. the SMTP "MAIL From:" command).

That's called forgery, and it's a perfectly legitimate form of forgery use by most popular mailers these days.

Hasn't this dork heard of Debian?

[InfiniteWisdom]

The second part of this step is to set up an actively developed software repository on the internet. Users aren't stupid, they don't need a hand holding front end, but they do need easy access to programs, and an online facility dedicated solely to my distribution is definitely a plus for me as a potential customer.

DuH... isn't that what apt does?

Thank you Mark Warner & VA Lawmakers! You rock

[insanehippie]

Woo Hoo! I just talked to Governor Mark Warner in my VA Politics Class on monday (4.28.2003) at VCU... If I would've known he was gonna pass this before I would've especially thanked him for this one too. I will have to fly my Virginia Flag even higher now! Sic Semper Tyrannis! Virginia is for Email Inbox Lovers. This is definately a step in the right direction, IMO. Now if we can just repeal the virginia DCMA, and UCITA legislation... Time can only tell. -Jesse www.insanehippie.net insaneNOSPAMhippie@yahNOSPAMoo.com

Just to clarify the state police bit

I'm from Vehjenya too, and I've been all over the state. Let me clarify the bit about the state police. When he says "ruthlessly efficient", he means, "professional to a tee."

By my experience, they are not at all evil, they are just plain good.

I've been pulled over for minor driving offenses about four times in my life -- three of them were deserved, the other was in Blacksburg, Va by a local yokel [failure to stop at a stop sign, where the police officer's position was completely occluded by houses: he was 2 blocks back on a crossroad.] But two of the times, it was on state highways, by state police. They were efficient, smart, and knew their business. I was proud to show up for my day in court in Charlottesville, plead guilty, and say that the state police officer was extremely professional. Normally, I just stroke a check.

Two or three other times, I've had contact with state police officers, in cases such as where I pulled over because I was hearing a noise from my wheels [silly me, I had gone from state-highway asphalt to Richmond bypass concrete]. But it was clear that they were on the lookout for drug dealers. When I mentioned that I was hearing a funny noise from my wheels, a ringing, he said "perhaps it's the concrete." One or two more professional questions, a license check via radio, and problem solved, traveller on his way.

Those guys know their job.

Re:Just to clarify the state police bit

[insanehippie]

I haven't had the pleasure to try out your story on my beloved Commonwealth's roads, but if I'm pulled over, I'll tell them you said hello.

I think the cops leave me alone cuz I have a big Virginia Sticker on the back of my car, and a pro gun rights bumper sticker...

The Good Ole Boy network I suppose.

-Jesse
www.insanehippie.net

Re:Just to clarify the state police bit

[The+Ape+With+No+Name]

Yeah. They are very professional. Don't get my statement wrong. I meant it a in begrudgingly admiring way. The Virginia State Police are very pleasant and professional about it when they toss you into the Greenville Penitentiary. Never give any lip to a Virginia trooper on a traffic stop because the judge will never believe that the trooper instigated any confrontation.

Re:Just to clarify the state police bit

Don't forget to mention that VA Troopers also pull duty as College and University security. Might want to keep that in mind while blowing through UVA, JMU, or GMU.

When selling penis pills really starts to hurt ;-)

5 years in a federal (pound-'em-U-know-where) prison...
Bet some spam "kings" (for the time being) will learn to really regret ever marketing these penis enlargements ;-)

looking forward to a future...

...where countries like Iraq are attacked not because they are alleged to have weapons of mass destruction, but because they are alleged sources of spam.

Not really

[autopr0n]

The danger is in step 3 because it's hard to know what URL is the spammers' they often hide the url by by various means and include other sites in the email.

If your browser can get to the URL, it obviously isn't hidden enough.

AOL cds are sent 4th class

[bubblegoose]

or bulk rate, I forget which. That means the post office does not return them to the sender. If something is undeliverable or refused the post office just throws it in the trash.

AOL isn't informed that it was thrown away.

And For That Matter...

Those damn annoying people who call my house all the time to sell me crap should be arrested too!!!

Spam resulting from abuse of SMTP, Mailer Daemons

[a13ean]

As the not quite so proud owner of a hotmail email account, I have recently noticed a new type of spam scam. Because hotmail is smtp based it appears that one particular spamer is using the hotmail smtp servers to "send" email from my account OR simply forges headers. These emails which appear to be from my account are send (with the add inclosed) to a non existant email address, which causes the message, with add, to be bounced back to me. Has anyone else seen this going on?