Slashdot Mirror
Stronger Anti-Spam Law Proposed
NumberField writes "The fight against Spam is making for some strange bedfellows. A new bill sponsored by Senator
Charles Schumer (D-NY)
and the right-wing Christian Coalition
that would let individuals sue spammers for $1000 per message. What isn't clear is how they will define spam broadly enough to outlaw it, but narrowly enough to avoid making it a bonanza for lawyers. For more information, see Schumer's
fact sheet (PDF), or his
press release." Update: 06/13 14:20 GMT by M : The draft bill (pdf) is available.
You can propose all the anti-spam laws you want. But if you keep it restricted to one country, you won't go very far. Spammers will use other locations to send their spam from. So it only works if you have an international law.
That's all very well, but for a large chunk of spam, identifying the spammer if difficult, and to it in a way that would hold up in court would be even harder..
I lay awake last night wondering where the sun had gone, then it dawned on me.
They too get spam, you know (or they'll make sure they'll get it.)
I propose the following:
1. Get local spam under control.
2. Start sanctions agaist countries / ISPs from which spam originates.
Not sure this makes any sense though, but if countries like China find themselves at a disadvantage due to a handful of local spammers I would think they would be more motivated to deal with the problem.
I'm not proposing any tehnical solutions though... anyone have ideas on that?
.: Max Romantschuk
If the law is drafted in a manner which allows authorities to go after the people benefiting from spam, rather than just the people actually sending it, then they could make substantial progress. Most of the spam I receive is for US-based companies, even if it was actually sent from China.
Tarsnap: Online backups for the truly paranoid
let individuals sue spammers for $1000 per message
I don't think many individuals would bother with this, it's easier to just the delete the spam mail than it is to risk loosing money on some lawsuit, and even if they did decide to sue them they would only have "defeated" one spammer (or his team or whatever it could be). 1 down 50000 to go.
Note to self: get smarter troll to guard door.
When right-wing religious groups start supporting something I believe in I always have to re-evaluate my belief.
do we need to prove that those emails suspected of spamming are truly unsolicited? how do we prove that we never subscribed to a certain mailing list? can spammer 'fake' subscriptions?
and with the "Do Not Spam" registry of e-mail addresses, wouldn't it make it easier for spammers to request such do-not-spam list and spam it??
If you outlaw guns, only outlaws will have guns. like the article stated, it might endanger legitimate Internet services.
I don't see the point in having a 'do not spam' list for the US, when the majority of spam the rest of us are receiving on this planet comes from the US. Is the US govt seriously going to compile a list for all 6 billion of us?
This proposal still makes it a civil matter for the recipient, having to sue the spammer for damages. What's needed is a federal US law making mass junk emailing a criminal offense. Instead they are just pushing it back onto the people to fight in civil courts. The only winners here are the spammers and lawyers.
Dude, I feel the Nigerian spammers already trembling;o))))....
1. No sig. 2. ???? 3. Profit!!!
If you'd like to see it passed, ask your Senator to cosponsor
Christian Coalition endorses Schumer bill that would for the first time impose tough criminal and civil penalties on spammers; New law would create no-spam registry like highly-effective do-not-call registries that have stopped telemarketers
Political odd couple find common ground protecting children from obscene emails
Pornographic pictures appear in 1 out of every 5 spams; 1 in 5 kids are sexually solicited on the Internet; and 1 in 4 had an unwanted exposure to obscene pictures
US Senator Charles Schumer and Christian Coalition President Roberta Combs announced today that the Christian Coalition is endorsing Schumer's Stop Pornography and Abusive Marketing Act (The SPAM Act), legislation aimed at cracking down on pornographic email spam that is sent to children. Internet and email use among children has skyrocketed over the last few years, with America Online and MSN reporting millions of child users.
The avalanche of pornography being sent to kids by spammers makes checking email on par with watching an X-rated movie. Parents need to be able to keep offensive material out of the family room and I'm working with the Christian Coalition to do just that, Schumer said. The bottom line is that America's children have been under attack for a long time from violent TV shows, racy music videos, and now pornographic spam. The v-chip gave parents control of the TV. My SPAM Act will give them control over the computer.
I stand side-by-side with Senator Schumer in the fight against pornographic email, Combs said. Parents need the ability to keep their children from being subjected to lewd material and Schumers legislation will do just that. I am proud to stand with Chuck on this issue and we will continue to work together until this bill is law.
Purveyors of spam have exploited the popularity of the Internet and e-mail to gain access to millions of consumers from all sectors of the population, advertising everything from herbal remedies to get-rich-quick schemes to adult web sites. The traffic in explicit images is particularly acute according to the Federal Trade Commission (FTC), which reports that pornographic pictures appear in almost one out of every five emails that spammers use to advertise adult web sites. Many of these explicit images reach the in-boxes of millions of young e-mail users.
In a June 2003 survey by the California-based Internet security firm Symantec, 47% of children reported receiving junk email with links to pornographic web sites. According to the National Center for Missing and Exploited Children, one in five kids between the ages of 10 and 17 are sexually solicited on the Internet, and one in four had an unwanted exposure to pictures of naked people or people having sex but only 40% of these children told a parent.
According to a 2001 Department of Commerce study, 75 percent of 14-17 year olds and 65 percent of 10-13 year olds use the Internet. The same survey also found that forty-five percent of the population now uses email, up from 35 percent in 2000, including millions of children. As of November 2002, America Online had 16 million screen names limited by parental controls while MSN, the operator of the popular free e-mail site www.hotmail.com, had an estimated 3.6 million subscribers under the age of 18.
Schumer and Combs said that the implications of these studies are disturbing: parents are not only powerless to prevent such imagery from being sent to their childrens in-boxes, they also often d
Why don't they just pray it away?
Recently there was an article posted here about taxes on cable modems here, but it occurs to me that spam, like postal junk mail, could help pay for infrastructure just as easily.
Not an original idea, but like a state sales tax (or one of several European VATs), the onus would be on the merchants, or in this case those relaying spam, to collect and pay up.
Now, since American companies are being required to collect and disperse VAT for sales made in Europe, surely there will be some sort of reciprocity there, and in general America (or the states therein) would impose sanctions on countries that did not abide by these new spam tax laws.
With spam in the news as much as it has been lately, surely some government types will take notice, that there is cash sitting in their inbox (or in their filtered spam folder if they're smart). And SpamAssassin catches a huge percentage of the spam I get lately, so if my mail machine has to do a little bit of filtering so that middle America can get cable modems and dsl, and so that maybe the last mile can be fiber someday, well, I'll bite the bullet, as long as I don't have to pay cable modem taxes or any other such things and get this spam.
If they are able to legally define spam (not that easy), the spammers will immediately find an alternative which is not illegal...
It's useless for the same reason P2P can't be wiped out!
Long live the freedom of information!!
I want my karma, and I want it now!
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
The press release is only about Porn targetted at children, shouldn't that be unwanted email targeted at everybody??
As they stand, the proposals seem to target all spam, not just porn, although it's clear that the christians are in it to stop the porn. It makes me uneasy when reasonable people ally themselves with crazy people, even if the end is good. How long before some of the christians realise that the bill does nothing to combat the exchange of pornographic materials between consenting adults?
It is not the government's place to tackle the spam problem. If they try, they'll just fuck it up, like they've fucked up so many other things in the past. Spam has all the telltale signs of a problem that legislation won't help. It's a relatively victimless crime (or rather, its victims, with the exception of those companies who run the huge backbones, are at most marginally impacted by the problem), it can be done in a relatively anonymous fashion, and any laws banning or regulating it will be very difficult to enforce. Problems like that (drug abuse and so on) are never helped by laws, and instead just get worse with each additional crackdown.
The problem can never be fully solved by technical means, being a sociological problem, but technical solutions can do a much more effective job in curbing the problem than any legislative solution, and cause fewer additional problems in the process. Rather than try to get the government to pass ineffective feel-good laws, let's fix the problem from our end. It's time to replace SMTP with a less trusting protocol - the Internet is clearly a very different place than it was when SMTP was originally created, and we need a new mail protocol to match the times.
Keep the government's laws off my Internet, people. It is a medium that spans the entire globe and is not under the jurisdiction of any one government anyway, so laws will never do the job. They'll just cause more problems and never solve anything.
Most of the spam that I receive comes from South Korea, Russia and China, not the United States.
If the spam is advertising goods or services sold by someone in the U.S., the spam came from the U.S., regardless of what physical server delivered it. As they say, "follow the money." I don't care that Alan Ralsky pays for his spam to be sent through Brazil. His spam still came from the United States. An effective anti-spam law will allow you to sue him for a significant sum of money ($1000 or more) and federal, state, and local law enforcement to prosecute him for a crime.
Want to deal with overseas firms sending spam to U.S. citizens? Then handle it like the "war on terror." Pressure other countries to turn over spammers for prosecution for violating U.S. laws. This can be done with multiple tools, including threats to revoke a country's "Most Favored Nation" trading status, reduction in aide to countries where we provide same, tariffs, and even federally-mandated blocking of Internet traffic to and from that country.
heres an article on what Australia along with other countries are doing to fight spam.
1 09 20208.html
http://www.smh.com.au/articles/2003/06/09/10550
I like the sound of this. Defining Spam would be a problem.
If you could prove that there is either no way of requesting an end to the spam or that it didn't work when you clicked on the link then that might stand up in court.
If you still get spam then you should be able to forward it onto some Government organisation who would deal with the company with an army of beurachrats.
Here in the UK, we have a good system for stopping unsolicited phone calls and text (SMS) messages. It is called TPS (Telephone Preference Service). You basically register your number(s) with this organisation and marketeers aren't allowed to use that number. If they do you can report it, they can check phone records or something and fine them something like £5,000. This system does work.
From the fact sheet:
Anyone who sends spam to these addresses will be subject to stiff fines. The database will be protected by military-caliber encryption to ensure the protection of its contents.
Nonsense. How can the database be encrypted if all potential spammers are deemed to have notice of every address on it?
Spam is so easy to kill: add authentication to SMTP and create a new email network of authenticated email. Servers won't accept email from unauthenticated sources, and spammers will be unable to hide their tracks.
SMTP already supports authentication. My server won't send mail except from someone who has a username and password for it. How do you make everyone configure their mail servers that way? Hell, we can't even get everyone to turn off open relays.
The problem with what you propose is that it is sender-side. How will you know if the sender and/or his server are to be trusted? Will your server ask theirs if the sender is to be trusted? Will yours ask if the e-mail address is valid? It would take spammers about 20 minutes before they had something that mimmicked a legitimate e-mail server.
Or are you proposing something like the third-party system we have for secure web sites, where every person operating a mail server pay hundreds of dollars per year to Verisign (or a handful of other "trust" companies)? How would Verisign determine if a server operated by some guy in Argentina was to be trusted? Would you revoke his certificate if spam came from his server? What if it turned out to be a temporary configuration problem or a bug in his mail server that was exploited by a spammer? What if it was perpetrated by an ISP's customer -- one with legitimate access to that mail server? If I signed up for an AOL account and then started spamming from there, would AOL's mail certificate be revoked?
It's not an easy problem to solve through technology. If it was, a technological solution would have been implemented five years ago.
My suggestion is that the SUPPLIER of the advertised goods is fined, not the spammers. The supplier is, after all, paying someone to send the spam, and they're easily traceable (otherwise they'd have trouble fulfilling your orders for Viagra, septic tank cleaner and goat pr0n).
When I am king, you will be first against the wall.
One thing spammers always get correct in spam, is the details of how to buy whatever they are advertising
Why don't we ignore the spammers and punish the companies who's products are being advertised?
Spam wouldn't exist if people weren't paying the spammers to spam.
Target the advertisers contact details, like how BT disconnects numbers advertised on tart cards in London phone boxes.
"Sure you can advertise by spam it'll cost you $10000 for 2^8 mails unfortunatly within 12 minutes of the 1st mail going out your contact email and website will be deleted."
Alex
How many of my email addresses will I be allowed to register? Let me see, assuming a maximum of 64 characters per username (it's probably more), and 36 different characters (actually there's more there, too), that would be potentially 40119919145476304800650533877024438126904024877418 12225955731622655455723258857248542161222254985216 addresses. Of course no one would have that many and no database could store them all. But spammers could dynamically generate random ones. As more and more mail services support tagged addresses, spammers will likely start adding random tags to make sure they have a defense of "no match in the do-not-spam database".
I use a different email address for every mailing list I subscribe to. Should I register every one of them with the database? Most of them have already been spammed (probably harvested from online archives of those mailing lists).
One possibility is requiring that tagged format address be matched with respect to the base address (tag characters usually being "-" and "+"). Another is registering a whole vanity domain making it applicable to every username possibility. I'm sure aol.com will get registered like that, as will just about every domain out there. Mine will be.
now we need to go OSS in diesel cars
Spammers are smart people. You are never going to get the definition of spam such that it will block out all the forms of spam. And if there is a hole, spammers will rush to take advantage of it.
I'll illustrate with a snail-mail example:
A few years back everybody could get a sticker (the yes/no* an no/no* stickers) which we could stick on our mailbox to prevent "unadressed mail" (read: yunkmail) from flooding your mailbox. Good initiative: saves paper, time, money and irritation. BUT: Suddenly all yunkmail got addresses prionted on them and we were stuck with the same pile of paper we didn't read and had to take out to the paper recycle bins.
Nice initiative, didn't work. Wait, that's not entirely true; it still has a function: It blocks the local newspapers.
* yes/no for local (free) newspapers; no for unadressed mail.
IT WORKS!! BELIEVE ME!!!!!! Here is what you have to do: check your INBOX and look for unwanted mail, no matter who send it to you. AND THEN SUE THE PERSON WHO MAILED YOU AND SEND ME A MERE 1% OF THE AMOUNT YOU RECEIVE!!
Everytime you do this, it adds $990 to your account. I couldn't believe it either until the $$$ started to flow my way! My wife does it, and now we have no more financial worries!!!!!!!!
Don't feel left out, check your inbox today and start to make money!!!!
By the way, this mail is not spam. No, Sir. Honest. It just a one-time mailing. Really. Trust me.
My cats ate my karma. They also wrote this comment.
Why exactly do we *need* OUTGOING SMTP servers? WHy can't mail clients pull the MX record for the destination domain on their own and just send it straight there?
Obviously we don't "need" outgoing SMTP servers since many spammers already use the method you describe for sending e-mail.
But there is a very good reasons to have outgoing SMTP servers: The ISP can block access to port 25 for their residential (i.e., non-business) subscriber base. This prevents the subscribers from exploiting open relays or directly sending spam using the method you describe above.
Instead of hijacking open relays, spammers would need huge-ass pipes because they'd be stuck sending the mail themselves.
Only partially true. If a spammer had 100,000 AOL addresses he was sending to, he would not need to send 10,000 messages. He could blind copy, say, 100 recipients on AOL at a time. Then AOL's servers would increase his effective throughput 100x. That's what most of the direct-to-SMTP spammers already do. It's only when the list of recipients are not clumped on ISPs and, are, instead, one or two to a domain, that the bandwidth limitations become an issue.
By the way, that's one reason why you tend to see more spam on big ISPs than on little ones. If a spammer finds three addresses on a small ISP, he spends a relatively large amount of bandwidth sending to those three addresses than if he blind copies 100 users on AOL (assuming direct, rather than relay-rape, spam).
How long before some of the christians realise that the bill does nothing to combat the exchange of pornographic materials between consenting adults?
Most Christians aren't that naive. They know that kinky and perverted things go on between consenting adults every day. That doesn't mean that they want to see it. And if someone doesn't want to look at porno, why should you assault their conscience with it? Just like you wouldn't go to Egypt and start throwing sausage at every Muslim you saw.
Doesn't freedom of religion grant them the freedom to go on blocking the crud coming at them as long as they are not impinging on the rights of others?