EU Rolls out Anti Spam Strategy

An anonymous reader was one of several who noted an article about the latest developments in the EUs War on Spam. The article is pretty realistic in pointing out that EU Legislation won't be very effective unless Asia and the US do something as well.

No more Spam

[skidrowe]

The Spam will be no more...it will cease to be!

Gotta start somewhere

[TopShelf]

The article is pretty realistic in pointing out that EU Legislation won't be very effective unless Asia and the US do something as well.

I think that view is actually overly pessimistic. I'd agree that a relatively complete solution won't exist until the US and Asia also act, but it's not like a global solution is going to be decided upon and implemented in one swell foop. If something like this works well for the EU, it provides a viable option for others to follow. Frankly, I think users would be much better off under the "opt-in" method rather than "opt out" which is being considered here. It will all come down to lobbying, of course. In the opt-out corner are the advertising and marketing industries, while the ISP's basically represent opt-in. Users are left on the sidelines.

Re:Gotta start somewhere

[Transient0]

t only overly pessimistic, but utterly defeatist.

If you are going to buy into the party line that there is no point in the EU fighting spam without North America and Asia follwing step-in-step, you must eventually decide that there is no point fighting spam at all. There will always be somewhere for spammers to run. Because when it comes down to it, even if North America, the EU and Asia all work together to pass anti-spam legislation, there is little chance of Antigua, Cyprus and Sealand following suit.

Really though, every little strike against spam makes real headway. If we can eventually drive all spammers to little off-shore havens, it will that much easier to block them. To be honest however, as a libertarian of sorts I can't help but think that filtering may actually be the better front on which to fight this war.

Re:Gotta start somewhere

[fingal]

Ho hum. read the Acceptable Use Policy for HavenCo before you start pointing fingers...

" Unacceptable use of the network includes, but is not limited to... ...Bulk or regular unsolicited communications through email or other Internet protocol. (commonly called "spam") Hosting web content which is knowingly advertised by spam is also prohibited. Mailing lists must comply with the MAPS Mailing List Management Guidelines; they must be opt-in, provide confirmation protection against accidental or malicious subscription, terms of use of address use must be fully disclosed, and unsubscription methods must be provided."

Re:Gotta start somewhere

[jason0000042]

A technological problem cannot be solved using legal methods, it must be solved technically.

People flying through the windshield when they run their car into something is a technical problem. The auto industry developed safety technology on their own, thus solving the problem technically. But seatbelts didn't save many lives until they were legislated into all cars.

People still die in auto accidents, and laws don't work completely (I'm so tired of 'click-it or ticket PSAs). But sometimes solving the technical problem isn't enough.

I think this is a case where some laws need to be involved. You can't control people's behavior with software. You can't really do it with laws either, but that *is* their problem domain.

Re:Gotta start somewhere

[ives]

even if North America, the EU and Asia all work together to pass anti-spam legislation, there is little chance of [...] Cyprus [...] following suit.

On May 1 2004, Cyprus (at least the internationally recognized greek part) wil join the EU. So if the EU goes ahead with this anti-spam legislation, Cyprus will have no choice but to follow.

Hrmm

[acehole]

With all the laws, bans and implementations of anti-spam measures, I'm curious to know if there is any reduction in the amount of overall spam?

Are we fighting a losing battle? or have the tides turned against the spammers?

Re:Hrmm

[lennart78]

I think people are slowly beginning to realise that 'spam is evil'. Governments never have been the first ones to embrace 'new' ideas.

Once the majority of the people realizes that the Internet is turning into one huge advertisment brothel, where you will be flooded with advertisments, autodialers, etc. etc. unless you follow a 2 week course on how to protect yourself, things will turn ugly for spammers.

The /. crowd is ahead of this, and it is often hard to believe that people are /not/ seeing spam and popups and spyware as the threat we conceive it to be. Talk about it with your mother or your less 'educated' friends to see what they think of it and be surprised. We need to create awareness before we can create laws...

It's Freedom Spam now

[mao+che+minh]

If you want the US to do something about spam, then pony up the cash. Our government won't help you (or our own citizens) unless they get paid. I always wonder why the Europeans have a hard time grasping that simple fact. Microsoft is putting their money where their mouth is, and by doing so, are able to redefine spam and make it their own. $10 says that eventually (and probably soon) the US government will turn to Microsoft to "save us from spam". Why? Because Microsoft will pay them money, and also take on the expenses, both of which make our filthy politicians happy.

Ahh, the American way.

Re:It's Freedom Spam now

[tarquin_fim_bim]

Spam, like the environment, is a global issue, unless a worldwide consensus can be achieved there is little point individual nations taking action unilaterally. As seen by the Kyoto Agreement it only take one greedy country to fuck up the quality of life of all those living elsewhere.

Re:It's Freedom Spam now

[Malc]

When will Americans learn that leaving it to business will always be an inadequate solution? When will Americans learn that they pay for it either way: taxes or consumer costs (either directly for a company's products/services, or indirectly through other companies' products/servies that the price has trickled down to.) There are some things I would rather the government legislated on as they are *supposed* to be our representatives, whereas businesses only represent themselves or their shareholders.

Re:It's Freedom Spam now

[-brazil-]

Your libertarian propaganda is even more ridiculous. First, you're mixing up two very different aspects: the goals and the efficiency in reaching them. While democratic governments may not have a perfect track record in the efficiency department, at least they are theoretically bound to ethical standards and the common good in their aims. Not so businesses, which have only one aim: to make money, no matter the damage to everyone else. As for accountability, you call a seven-figure compensation even in the face of total cock-up "accountability" and losing your office with no compensation for relatively small mistakes "absolutely no accountability"?

Proactive vs Reactive

[Webtommy88]

The United States is considering a handful of bills that take an ''opt-out'' approach

I don't get it. Why are the states taking such a reactive approach to this instead of a proactive approach?

Both are useless without the enforcement of the legislatures, but "opt-in" is alot more hassel-free.

too late

[u-238]

Sigh..

before this thing is even PROPOSED, spammers have already implimented a method to deter this

http://www.symantec.com/spamwatch/

they've spread trojan viruses to moron AOL users who's PCs act as proxies thru which spammers safely and anonymously continue their work

Re:too late

[leerpm]

Legislation is not going to take out all of the spammers. In fact most of them will remain. But by forcing them offshore, to use proxies, and seek alternative methods we are making it harder and more expensive for them to do business. Spam is not going to be taken out in one swoop. It will take legislation, enforcement and probably changes in the protocol.

But every little bit helps. When they are forced to use proxies, all sorts of problems start to come up. None of them are insurmountable for the spammers but they do create obstacles. Their bandwidth is limited by the trojan proxy's connection, and they open themselves up to criminal charges for hacking. They run the risk of hitting the wrong computer, perhaps a machine administered by a particuraly ruthless and short-tempered sys admin.

An interesting experiement might be to see how difficult it is to set up a honeypot to catch the spammers using proxies.

Re:too late

[gav1n]

They've also been infecting students' machines on university networks, which have high bandwith. Also, some students have been agreeing to relay spam through their machines in 'spam-for-pay' schemes. Both of these occured at my school, causing SMTP servers to be banned on the residential network. This is forcing our Tech department to implement brash solutions such as an outright ban on SMTP until they get the resources for a more elegant solution. We are amidst a state-wide budget cut.

Unless Asia and the US...

[robslimo]

I see the US doing something... after a bunch of wrangling with lobbiests and various red-tape cutting, but Asia? By Asia, do you mean, China, India, Japan, S. Korea, Taiwan and more? Gee, that's a large group of governments who'd likely have their own agendas and possibly reasons for not wanting to do anything official regarding spam.

Good luck waiting, but don't hold your breath. I think it will take an international entity like the UN to get anything done in a global scope and I don't have any great confidence in that either.

Money

[cspenn]

It's all about money. Until legislators and the rest of the folks who run systems that understand this, spam will not stop. Spam is a cost effective, if obnoxious, solution for advertising. Even if spam is illegal, unless the entire planet decides to take unified action, spam will not stop - it'll just relocate to places without extradition treaties. You'll end up having to blackhole entire countries to staunch it.

How many people and how many euros is the EU willing to pony up to enforce these laws? Probably about the same amount that the United States ponies up for speed limit enforcement. 55 MPH is the law, not the reality...

Chris
www.studint.com

Re:Money

[schon]

Spam is a cost effective, if obnoxious, solution for advertising

And burglary is a cost effective, if obnoxious, alternative to working.

Even though theft is illegal, it won't stop people from doing it. Does this mean that we should simply throw all of the theft laws?

Spam is not "cost effective", it's theft - and no legitimate business would engage in the process of stealing from people it wants to sell things to.

We need to start somewhere, and this is as good a place as any.

from where?

[geekmetal]

But questions remain about the law's enforcement and reach -- spammers are evasive, to say the least, and most of Europe's junk e-mail comes from elsewhere.

Where, where, where does this elusive, slippery spam come from? Some mysterious nation with a communist government or an evil dictator? Bomb them. $100 reward to the first person to come up with the leading offender.

Sorry, but....

[Stinky+Glen20]

Sadly, this is utter, utter shite.

While it is possible to forge headers, use open relays, trogan poor @Home users PCs, etc, etc then SPAM will not be defeated by legislation.

Tighten the protocols, then we have a fighting chance.

International Computing Organization

[dlosey]

While reading about Iraqis being trained in Linux, I saw that the United Nations supports Linux and its worldwide expansion. It got me thinking (always a bad thing for a /. reader), why can't we have an international group of policy makers for the computing world? They could be created by the UN and eventually form a separate organization which regulates such things as email, domain names, and spam. Sort of like ICANN, but more law enforcement based.

Maybe its just a pipe dream, but a nice thought anyways.

Re:International Computing Organization

[feldspar6]

One already exists ... or haven't you seen the black helicopters?

Re:International Computing Organization

[Peridriga]

I think that qualifies as the Bad Idea(tm) of the day...

Congrats..

Re:International Computing Organization

[mccalli]

why can't we have an international group of policy makers for the computing world?

Because then the schoolchildren of 2103 would have to learn about The Great Vi/Emacs War of 2012, where a group of rogue nations steadfastly clung to their VIM. With Switzerland, of course, using pico and generally keeping well out of things.

Cheers,
Ian

$2.5 billion per year?

[mofochickamo]

Analysts estimate that the approximately 10 billion spam messages sent via e-mail each day cost European businesses $2.5 billion per year.

Where do analysts come up with numbers like this? I identify an e-mail as spam in about 1.5 seconds (but my Outlook SpamBayes filter does it even faster). If an employee is going to get that distracted by a spam (or 50 of them a day) then they will probably also get easily distracted with other things, like Slashdot ;).

Re:$2.5 billion per year?

[gorbachev]

The article quotes a xs4all.nl spokesperson who says xs4all.nl has 14 of its 250 employees dedicated to handling issues relating to spam.

Let's say they get paid at about $15K / year. That's $200K on a single ISP in a single country.

Add the cost of site licenses on spam filtering software used in Europe. Add a fraction of the cost of all IT support people in every business that's connected to the Internet in Europe. Extra hardware costs to store all that junk, etc. etc.

It adds up.

AOL users alone, put together, pay several million USD every month, because of spam (AOL raised their fees by $2 / month sometime last year because of spam related costs).

Proletariat of the world, unite to kil spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death

The article...

[deman1985]

The article fails to mention what the penalties are for companies that violate their new anti-spam laws. Are they simple little fines like are trying to be pushed here or do they have harsher punishments? Simply labelling SPAM as illegal won't do a whole lot unless violators have something serious to fear.

Who Decides What is Spam??

[Captain_Loser]

My job is maintaining a Web/E-mail server, and I know just what a pain it is to deal with spam. But, if the government starts to regulate "spam" how are they going to decide what is spam and what isn't? MY favorite phrase is "run your life so the government won't have to, you won't like it if they take over" that makes sense. Don't get me wrong, I despise spam, and want to get rid of it as much as the next person, but how is this going to be controlled? I think we should proceed with EXTREME caution in situations like this or things will just get worse.

Re:Who Decides What is Spam??

[frankie]

how are they going to decide what is spam and what isn't?

The EU definition pretty much matches with the one at SpamHaus: if an email is unsolicited and bulk, then it's spam. Make sure your mass mailings are confirmed opt-in and you're all set.

Well it goes something like this...

[Kjella]

EU thinks "no point, we need the US and Asia"
US thinks "no point, we need the EU and Asia"
Asia thinks "no point, we need the EU and US"

Laws have to start somewhere, and I'm sure there's a reason why all my spam is carpetbombed US crap. I'm pretty sure it's the local laws that are the cause that I have only recieved *one* spam mail in my local language, from a national company, ever. And I sent them a reply stating that next time I would file charges, and I've never heard from them again.

We need a new mail protocol, with proper digital signing and verification of authorithy (does 231.143.211.35 have permission to send mail using the domain name "hotmail.com"?) as well as integrated feedback possibilities both to mail servers, and if possible, to those administratively responsible for a given netblock (e.g. ISP) as well. If spam was more tracable, it would be a lot easier to shut down and blacklist.

Kjella

As a writer from Asia....

[cyberon22]

The vast majority of spam hitting *my* inbox starts coming in at around 9am California time, and then peters out early evening on the East Coast.

What's this about an international problem again?

Re:As a writer from Asia....

[CyberGarp]

And the vast majority of the Spam I receive is in Chinese. About 100/day. Don't know how I made the Chinese spammer's lists so deeply, but I did. By the way, the only language I speak is bad English. Just cause you don't have the problem, doesn't mean that others don't.

legislation not necessary

[aggieben]

I don't think legislation is necessary anyway. I'm leary of laws that tell me how and to whom I can send messages. Anyway, if large ISP's would just block ip the sources of the spam (btamail.cn comes to mind) they could do a lot to alleviate the problem. I would rather live with minimal amounts of spam limited by filters than be forced to have laws that forbid it.

Procmail is your friend.

Re:legislation not necessary

[maddvibe]

I agree. Do we really want more laws telling us what we can and can't do? Before we know it we won't be able to freely send email to whomever we want. I don't know how we're going to solve the problem of spam, but we should be careful about the laws that are made to stop it. No one wants these laws to be used against individuals to stop freedom of speech.

EU Convention on Unsolicited Email

[heironymouscoward]

Section 3, Chapter II:

Article 1: All unsolicted electronic communications (UCE) intended for commercial purposes, including but not exclusively for the sale of electronic products, personal services, errection-producing drugs, digital images of a pronographic nature, and percentage offers of the fortunes of deceased African dictators, shall follow the code of conduct established in Article 2.

Article 2: all business email sent to and from correspondents in the member states of the EU shall be provided in all four (4) of the following languages: English, French, German, and Italian, plus any two (2) of the following languages: Finnish, Swedish, Irish, Spanish, Portuguese. The Dutch language may only be used as an encryption device for confidential communications.

Article 3 - Sanctions. The minimum sanction for any natural entity sending emails in an illegal combination of languages shall be no less than twenty years of service in the customer service department of the European Union. ....

I don't see the problem, so long as all EU countries implement this convention fully. That, and castrating spammers should take care of things.

Re:EU Convention on Unsolicited Email

[heironymouscoward]

I remember learning "the English Language" as a child, and it was amazingly close to what is also known as, uh, "English". I believe the intent of the drafters of the EU Convention on UCE when they said "the Dutch Language" rather than "Dutch" was to stress the "language" part, because there are many things "Dutch", including cheese, hash, beer, and large annoying humans. Many EU conventions have been sabotaged by michieveous Hollanders trying to write their memos in Gouda or Edam instead of prose. Sneaky kaaskoppen.

Also I believe your posting proves conclusively that only one in three people here can actually "read English" at all.

Wrong!

[www.sorehands.com]

If spam is illegal, and someone uses "affiliates" that spam to promote their pills, the seller is still responsible for their agents.

Even if the person is using a ralksy to send spam from servers in China, the person hiring the ralksy is still liable.

At some point, if the product originates or the money goes through the country that's laws have been violates, you may be able to get it.

Re:Wrong!

[www.sorehands.com]

I am not talking about going after the producer of the product. I am talking about going after the seller. If the seller is not the spammer, they are engaging the spammer to do the spamming.

Actually, Symantec has tracked down the person as selling the illegal copies of their stuff, Dr. Fatburn aka George Alan Moore and filed a lawsuit against him. AOL has also filed a lawsuit against him for using their servers.

I was about to file a lawsuit against him for spamming me, but figured that after AOL and Symantec finished with him, there would be nothing left.

One Region Can't Do It All

[chia_monkey]

I'm going to have to agree with the EU's stance that there should be similar objectives put in place by the US and Asia. I think there should be more countries involved also, but these were the two that were mentioned. In a similar stance, think about having just Iowa and Kansas (random states chosen) with strict anti-spam measures. Fine...spammers will move to VA and PA. Same will happen all over the world.

We DO need a worldwide organization to help curtail this. Isn't this the global economy nowadays? Let's treat it like one.

I would like to see however, someone being proactive. Yay EU! Pity Asia may wait and see. Pity the US may wait and see. If we all act at once, it may send the signal we're serious about this and not just testing the waters and not truly committed to ridding ourselves of this global economy drain.

what kind of opt-out?

[Draghkhar]

Unfortunately this discussion's overly simplistic. What kind of opt-out legislation is the US considering? There's 2 main kinds I can think of. The first is to opt out with each provider. That approach seems disastrous -- spammers just change their name or address, and what a miracle, they can spam you again. The second type is to opt out through a national registry, similar to the "do-not-call" registry that's been/being implemented in several states (including Massachusetts). If enough e-mail users opt out of spam (and why wouldn't they?) it could cripple the commercial viability of spam (at least in the US).

A final point: maybe the European approach is more effective, maybe not, but I don't see why legislative uniformity is necessary.... As long as all countries are effective in decreasing the incentive/legality for spammers to exist, does it matter? Silly example -- let's say large country A fined each piece of spam at $1 million, and large country B implemented the death penalty for spamming -- I think spam would decrease a lot pretty quickly. Anyway, if several competing approaches are tried on a large scale, and one is far and away a success, others will follow suit. Please don't posit US government conspiracies to protect spammers -- all the Nasdaq-100 companies hate spam (e.g., Yahoo, Microsoft, Apple). So do 99.9% of their online constituents. Those are the parties US legislators will (at least try to) protect.

Spammers Challenge Legislation....

[pauly_thumbs]

France surrenders.

Oh, we realize it.

[siskbc]

When will Americans learn that leaving it to business will always be an inadequate solution? When will Americans learn that they pay for it either way: taxes or consumer costs (either directly for a company's products/services, or indirectly through other companies' products/servies that the price has trickled down to.) There are some things I would rather the government legislated on as they are *supposed* to be our representatives, whereas businesses only represent themselves or their shareholders.

Oh, we understand that. Doing something about it when you have an incredibly strong and politically active business sector is rather difficult, actually. And here, with 280M people, political campaigns are very expensive. Hence, congressmen have to sidle up to Big Business.

You have to remember, because America is so huge, we're faced with some interesting problems that Europe doesn't typically consider. Also, since we fashioned our modern democracy first, perhaps we didn't do it best, allowing others to learn from our mistakes in some ways.

However, none of that means that Americans don't realize how we're getting bent over in a lot of ways.

Re:Oh, we realize it.

[Malc]

A little off-topic, but...

"Also, since we fashioned our modern democracy first, perhaps we didn't do it best, allowing others to learn from our mistakes in some ways."

I would say a lot of the problems today aren't to do with being first at fashioning a modern democracy, but rather the revolutionary nature of that democracy. Things that are no longer particularly pertinent to the modern world have been set in stone and are no very hard to change. But then what do I know? I come from a country with no single constitutional document that evolved (and still evolves) in to a modern democracy over a thousand years. ;)

Until they target the spammer's clients,

[crovira]

the companies who want to sell you the damn Viagra and fine their butts off, its all useless.

The only way to stem the flood is to target those who think they benefit from it.

If the VENDOR who uses Spam has to cough up a massive fine, they will put the spammers out of business. It has nothing to do with who sent you the friggin' email but who's trying to get youto spend money. Once it COSTS THEM far more than their RateOfReturn, the Spammers will suck wind.

To Fix This Problem...

[mgeneral]

It's going to require more than just new laws and legislation. To fix the spam problem, you need to fix the SMTP protocol. At one time it may have seemed ok to allow anonymous, unverified mail services, but today, it is unpractical. A lot can be done to diminish spam if we can improve the SMTP protocol. Source address verification and usable certificate services wouldn't take that long to implement and would drastically reduce the quantities of SPAM.

Re: Universal Remove List (tm)

[gorbachev]

There're a lot of problems with the Universal Remove List (term coined by spamming scum) aka "do-not-call" approach.

Most of them do not allow sitewide opt-out or wildcards.

Most of them only allow number of Email addresses per user (I have an infinite number of potential Email addresses, and at least 25 active ones I use regularly).

A listing in DMA's list expires after a year or two. What sort of bullshit is that?

There is no way in hell there's going to be a "do-not-spam" list that will work, ever.

Still, I think, I'd personally welcome one, if it was managed by a pro-consumer 3rd party (not a .gov office, marketers or spammers) and there was some REAL sanctions on spammers that do not use it.

There's been plenty of examples of Universal Remove Lists ran by spammers (spammingbureau.com, Sanford Wallace had one, Walt Rines had one too, iemmc.org, etc. etc.). All of them are/were fronts set up by spammers to keep an appearance of respectibility.

Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death

No, we're fighting the *wrong* battle

[swb]

We've decided that the enemy is the guy sending a mail message to my inbox, which is exactly the wrong enemy, and the hardest to catch for all the reasons EU officials think it won't work (overseas mailers, hijacked systems, etc).

The enemy is the person operating an ongoing fraudulent enterprise which motivates the guy sending the mail to do that. This is also the EASIEST person to catch, since they have to get paid somehow and the money CAN be followed.

If governments were willing to actually police the fraud, the market for spam-senders would shrink dramatically.

What mystifies me is why they're not willing to do this. Is it some BS gung-ho pro-sales "caveat emptor" mentality? I find this hard to believe, since I don't think any of the products I've seen turn up in ~/mail/bogofiltered are even remotely legitimate -- quack potions, stock and money schemes, 419 scams, et al. We're not talking about laundry soap that really doesn't get my whites their whitest, we're talking about products that are prima faciae nonfunctional.

I suppose I shouldn't be surprised about this, though, since at least the US government doesn't really care about fraud generally. How long have we been putting up with slamming and cramming? Has anyone gone to jail, or just "admitted no wrongdoing and paid a small fine"? Shit, even the number of culpable execs who deliberately and systematically lied and lined their own pockets on Wall Street who actually will end up in jail is probably countable on my two hands.

Overall I think if the government actually was interested in prosecuting the fraudulent practices and business contained in spam, spam itself would have a serious dent in it.

Instead, they do nothing, letting the spam problem get so far out of hand that the only thing left is to implement heavy regulation of email -- why do I seem to see John Ashcroft smirking in the corner during the otherwise laughable keystone-cops debates on spam?

Re:No, we're fighting the *wrong* battle

[Ben+Hutchings]

What mystifies me is why they're not willing to do this. Is it some BS gung-ho pro-sales "caveat emptor" mentality? I find this hard to believe, since I don't think any of the products I've seen turn up in ~/mail/bogofiltered are even remotely legitimate -- quack potions, stock and money schemes, 419 scams, et al. We're not talking about laundry soap that really doesn't get my whites their whitest, we're talking about products that are prima faciae nonfunctional.

Marketers see this, and realise that if even obvious fraudsters can make money out of spam then legitimate businesses with legitimate pitches are likely to do even better, if only they can get the law to say that spam is OK.

LARTing Mallets

[heironymouscoward]

Unfortunately for LARTing fans, the use of physical violence against natural entities (even Italians) is strictly controlled by the EU Convention on Applied Interentity Violence, section 3, chapter III, articles 5 to 10. LARTing mallets are permitted but only from July 1 to July 14 (so you missed the season), and only if you hold a grade 3 license in applied LARTing.

Further (I know, this is a long post, but these conventions are very detailed), the number 20 is not a valid EU number. This may surprise some people, but in a ruling by the EU Commission on Trade and Industry in 2001 (ref. PB/221/2231) the number 20 was ruled as being "unfair" and "discriminatory". A great effort has been made to move all businesses to 19 or 21, and this has largely been successful. However, the EU is now faced with cheap imports of 20 from Eastern Europe and counterfeit 19's and 21's from China (since there is now a shortage of these numbers). There is a decision pending that will create a superfund to pay for the production of extra 19's and 21's, and some people have even suggested using 22's, but the Italians have vetoed this, saying that 22 is a fascist number. And they should know.

--- Brussels, July 15th, 2003.

Asia is not a problem, if

[Baki]

you just block all mail coming from Asia.

90% of spam I received came from Asia (korea, china etc) until I added the following to my postfix access config file:

202 554 All sites from Asia-Pacific NIC blocked due to excessive SPAM
203 554 All sites from Asia-Pacific NIC blocked due to excessive SPAM
210 554 All sites from Asia-Pacific NIC blocked due to excessive SPAM
211 554 All sites from Asia-Pacific NIC blocked due to excessive SPAM
218 554 All sites from Asia-Pacific NIC blocked due to excessive SPAM
219 554 All sites from Asia-Pacific NIC blocked due to excessive SPAM
220 554 All sites from Asia-Pacific NIC blocked due to excessive SPAM
221 554 All sites from Asia-Pacific NIC blocked due to excessive SPAM
61 554 All sites from Asia-Pacific NIC blocked due to excessive SPAM

Unless APIC Countries do something we are screwed

I have been running a spam honeypot for about 2 weeks now as an open relay. And as far as I can tell all the source ip addresses are from APIC countries.

Just for kicks I did the following:
grep queued /var/log/maillog* > count.tmp; \cat -n count.tmp

414686 /var/log/maillog.1:Jul 11 23:37:30 pot sendmail[16117]: h6C3bRV16117: to=, delay=00:00:02, mailer=esmtp, pri=30535, stat=queued

The above email is from a spammer checking the relay.....I have to manipulate the queue daily to make sure they get the response they are looking for:-)

In two weeks time It has nabbed about 400,000 spams and all of them originate from APIC addresses where the Sysadmins and upstream providers ignore complaints.

So all is useless unless apic countries do something.

Opt in in the us

[matfud]

I can't see how opt in would work in the US. As
soon as you opt in to one company their "business
partners" would start sending you "solicited
emails" too.

Would you not also need some form of personal data
protection legislation?

matfud

Which is great, if...

[Kjella]

...you have no business relatiionships there, no friends there, no people you know moved there. It works on your very own little personal server, but it doesn't deal with the spam problem for an ISP, a corporation, or anything else of magnitude.

Maintaining personal blacklists is pretty easy, but how much time would it take millions and millions of people to all do that? It'd be as bad as the problem it is trying to solve.

Kjella