Slashdot Mirror
Stronger Anti-Spam Law Proposed
NumberField writes "The fight against Spam is making for some strange bedfellows. A new bill sponsored by Senator
Charles Schumer (D-NY)
and the right-wing Christian Coalition
that would let individuals sue spammers for $1000 per message. What isn't clear is how they will define spam broadly enough to outlaw it, but narrowly enough to avoid making it a bonanza for lawyers. For more information, see Schumer's
fact sheet (PDF), or his
press release." Update: 06/13 14:20 GMT by M : The draft bill (pdf) is available.
You can propose all the anti-spam laws you want. But if you keep it restricted to one country, you won't go very far. Spammers will use other locations to send their spam from. So it only works if you have an international law.
That's all very well, but for a large chunk of spam, identifying the spammer if difficult, and to it in a way that would hold up in court would be even harder..
I lay awake last night wondering where the sun had gone, then it dawned on me.
I propose the following:
1. Get local spam under control.
2. Start sanctions agaist countries / ISPs from which spam originates.
Not sure this makes any sense though, but if countries like China find themselves at a disadvantage due to a handful of local spammers I would think they would be more motivated to deal with the problem.
I'm not proposing any tehnical solutions though... anyone have ideas on that?
.: Max Romantschuk
If the law is drafted in a manner which allows authorities to go after the people benefiting from spam, rather than just the people actually sending it, then they could make substantial progress. Most of the spam I receive is for US-based companies, even if it was actually sent from China.
Tarsnap: Online backups for the truly paranoid
let individuals sue spammers for $1000 per message
I don't think many individuals would bother with this, it's easier to just the delete the spam mail than it is to risk loosing money on some lawsuit, and even if they did decide to sue them they would only have "defeated" one spammer (or his team or whatever it could be). 1 down 50000 to go.
Note to self: get smarter troll to guard door.
I don't see the point in having a 'do not spam' list for the US, when the majority of spam the rest of us are receiving on this planet comes from the US. Is the US govt seriously going to compile a list for all 6 billion of us?
This proposal still makes it a civil matter for the recipient, having to sue the spammer for damages. What's needed is a federal US law making mass junk emailing a criminal offense. Instead they are just pushing it back onto the people to fight in civil courts. The only winners here are the spammers and lawyers.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
The press release is only about Porn targetted at children, shouldn't that be unwanted email targeted at everybody??
As they stand, the proposals seem to target all spam, not just porn, although it's clear that the christians are in it to stop the porn. It makes me uneasy when reasonable people ally themselves with crazy people, even if the end is good. How long before some of the christians realise that the bill does nothing to combat the exchange of pornographic materials between consenting adults?
It is not the government's place to tackle the spam problem. If they try, they'll just fuck it up, like they've fucked up so many other things in the past. Spam has all the telltale signs of a problem that legislation won't help. It's a relatively victimless crime (or rather, its victims, with the exception of those companies who run the huge backbones, are at most marginally impacted by the problem), it can be done in a relatively anonymous fashion, and any laws banning or regulating it will be very difficult to enforce. Problems like that (drug abuse and so on) are never helped by laws, and instead just get worse with each additional crackdown.
The problem can never be fully solved by technical means, being a sociological problem, but technical solutions can do a much more effective job in curbing the problem than any legislative solution, and cause fewer additional problems in the process. Rather than try to get the government to pass ineffective feel-good laws, let's fix the problem from our end. It's time to replace SMTP with a less trusting protocol - the Internet is clearly a very different place than it was when SMTP was originally created, and we need a new mail protocol to match the times.
Keep the government's laws off my Internet, people. It is a medium that spans the entire globe and is not under the jurisdiction of any one government anyway, so laws will never do the job. They'll just cause more problems and never solve anything.
Most of the spam that I receive comes from South Korea, Russia and China, not the United States.
If the spam is advertising goods or services sold by someone in the U.S., the spam came from the U.S., regardless of what physical server delivered it. As they say, "follow the money." I don't care that Alan Ralsky pays for his spam to be sent through Brazil. His spam still came from the United States. An effective anti-spam law will allow you to sue him for a significant sum of money ($1000 or more) and federal, state, and local law enforcement to prosecute him for a crime.
Want to deal with overseas firms sending spam to U.S. citizens? Then handle it like the "war on terror." Pressure other countries to turn over spammers for prosecution for violating U.S. laws. This can be done with multiple tools, including threats to revoke a country's "Most Favored Nation" trading status, reduction in aide to countries where we provide same, tariffs, and even federally-mandated blocking of Internet traffic to and from that country.
From the fact sheet:
Anyone who sends spam to these addresses will be subject to stiff fines. The database will be protected by military-caliber encryption to ensure the protection of its contents.
Nonsense. How can the database be encrypted if all potential spammers are deemed to have notice of every address on it?
Spam is so easy to kill: add authentication to SMTP and create a new email network of authenticated email. Servers won't accept email from unauthenticated sources, and spammers will be unable to hide their tracks.
SMTP already supports authentication. My server won't send mail except from someone who has a username and password for it. How do you make everyone configure their mail servers that way? Hell, we can't even get everyone to turn off open relays.
The problem with what you propose is that it is sender-side. How will you know if the sender and/or his server are to be trusted? Will your server ask theirs if the sender is to be trusted? Will yours ask if the e-mail address is valid? It would take spammers about 20 minutes before they had something that mimmicked a legitimate e-mail server.
Or are you proposing something like the third-party system we have for secure web sites, where every person operating a mail server pay hundreds of dollars per year to Verisign (or a handful of other "trust" companies)? How would Verisign determine if a server operated by some guy in Argentina was to be trusted? Would you revoke his certificate if spam came from his server? What if it turned out to be a temporary configuration problem or a bug in his mail server that was exploited by a spammer? What if it was perpetrated by an ISP's customer -- one with legitimate access to that mail server? If I signed up for an AOL account and then started spamming from there, would AOL's mail certificate be revoked?
It's not an easy problem to solve through technology. If it was, a technological solution would have been implemented five years ago.
My suggestion is that the SUPPLIER of the advertised goods is fined, not the spammers. The supplier is, after all, paying someone to send the spam, and they're easily traceable (otherwise they'd have trouble fulfilling your orders for Viagra, septic tank cleaner and goat pr0n).
When I am king, you will be first against the wall.