Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Chief Bashes Anti-Spam Bills

Posted by michael on from the you-could-at-least-try dept.

teutonic_leech writes "According to an MSNBC report FTC chairman Tim Muris has indicated that the antispam laws being considered by Congress 'just won't work and may even be counterproductive - some of the proposed laws could be harmful, or at best useless.' He further concluded that 'In the end, legislation cannot do much to solve the spam problem, because it can only make a limited contribution to the crucial problems of anonymity and cost shifting.'" Other spam bits: an anti-spam service has a funny interview with one of their users, and reader der.hans submits a story and some pretty pictures discussing the quantity of Sobig.f virus emails.

15 of 296 comments (clear)

  1. Re:bash? by selfabuse · · Score: 0, Informative

    Troll?! I wasn't trolling! Here's the link!!

  2. Two evils by ArmenTanzarian · · Score: 2, Informative

    Going to read an article about anti-spam legislation and being bombarded with pop-up ads

  3. Re:bash? by selfabuse · · Score: 3, Informative

    and here's the text of the article, for those of you that don't have time subscriptions Jun. 16, 2003 Cable-TV descramblers! FDA-approved diet pills! Viagra without a prescription! Instant access to XXX movies! Dramatically enhanced orgasms! If you have ever received e-mails advertising products and services like these -- some quite within the law, some clearly outside it -- chances are they came from a guy like Howard Carmack, professional spammer. Using three computers and working out of his mother's home in Buffalo, N.Y., Carmack sent an impressive 857,500,000 unsolicited e-mails in one year, something that is perfectly legal in New York State. But Carmack crossed the line, according to EarthLink, his Internet service provider, when he set up 343 accounts using stolen credit-card numbers to send these e-mails. EarthLink took notice and began a year-long cat-and-mouse game to discover Carmack's true identity. "My name's not on anything," he boasted at one point, according to investigators, when they reached him on his uncle's cell phone. "You'll never catch me." Fingered by his upstairs neighbor and a former employer, Carmack went to ground. A private detective was hired to stake out his mother's house. Carmack was finally caught running from his car to the front door and was served with a complaint. Now out on bail, he has been found liable in a $16.4 million civil lawsuit by EarthLink. Charges of criminal fraud filed by state attorney general Eliot Spitzer are still pending. "There are many more like Carmack," Spitzer warns. "This sends a message that we are pursuing them." Spitzer, a man who knows how to put himself in the spotlight, was the avenging angel of Wall Street last year. Now he is on a cybercrusade against spam. And no wonder. In the space of a year, according to research firm IDC, the number of uninvited entries into U.S. In boxes has shot up 85%, to a total of 4.9 trillion. Driven by cheap technology and the promise of easy profit, spammers have gone from pests to an invasive species of parasite that threatens to clog the inner workings of the Internet. For the first time last month, according to MessageLabs, more than half the emails received by U.S. businesses were unsolicited. The time we spend deleting or defeating spam costs an estimated $8.9 billion a year in lost productivity. Sensing an enemy as unpopular as al-Qaeda, lawmakers are pondering a plethora of solutions -- some of which, spam watchers say, could end up doing more harm than good. Why do spammers flood the Internet with ads nobody wants to read? Because some people do read them, and a tiny fraction actually respond -- which in the world of direct marketing is like money in the e-bank. Take former spammer Scott Hirsch of Boca Raton, Fla., who sold his e-mail marketing business last year for $135 million and retired at the age of 37. Florida is home to more spammers than any other state, and Hirsch -- who started his first bulk e-mail list way back in 1996--likes to take credit for helping make Boca Raton "the spam capital of the world." Hirsch filled his mailing lists with the e-mail addresses of people who had "opted in" by checking (or forgetting to deselect) one of those ubiquitous boxes on website order forms. "When people want to receive [e-mail]," he explains, "you get a much higher return." But for an increasing number of Hirsch's imitators, spamming is a numbers game that rewards excess. "The more times they deliver the message, the more money they make," says Charles Curran, general counsel for America Online, which last week filed lawsuits against more than 100 spammers. "They all want to get as close to infinity as possible." This is getting easier all the time, as high-speed Internet access gets cheaper and computer processor power continues to double every 16 months. Meanwhile, the software tools for spamming continue to improve. Web crawlers harvest e-mail addresses en masse from chat rooms and newsgroups. Dictionary-attack programs string together words or names in multiple languages, random numbers, an "@" and

  4. Challenge/response spam filtering by Mwongozi · · Score: 4, Informative

    Is it just me, or is C/R spam filtering, really, intensely, annoying?

    If I e-mail someone, and I get one of those "I think you're a spammer, prove you're not" messages back, then fuck it, you're not getting my e-mail. Challenge/response breaks the whole concept of e-mail.

    I personally use SpamAssassin to drop mail scoring 5-10 into a crudbox, and 10+ just gets bounced.

    I don't get much spam anymore.

  5. No by w.p.richardson · · Score: 1, Informative
    Legislation is not the only way to go.

    Consider this article. Spam can be largely solved via technical means. If none of it gets through, then the incentive to spam in the first place is removed. Laws don't stop crime, they won't stop spam either.

    --

    Curb CO2 emissions: Kill yourself today!

  6. Re:spam is becoming a problem like pollution by ihummel · · Score: 2, Informative

    Ah, but much, if not most, of the spam that gets passed around on the Internet comes from outside our borders and therefore outside the reach of any anti-spam law. I don't think the same is true for telemarketers.

  7. Re:Comments.. by letxa2000 · · Score: 3, Informative
    Legislation is the ONLY way to get rid of spam.

    Absolutely incorrect.

    The "they will all go offshore" excuse is BS. Sure, some might, but many won't.

    You probably have it backwards. Many will go offshore, but some won't.

    Plus, it might not be necessary. There is so much spam and spammers are constantly dodging bullets to keep themselves anonymous I'm not sure if it'd really be necessary to go overseas. There are not enough resources to track down spammers that are covering their tracks unless some "public bounty" is authorized that gives the *public* an incentive to track them down themselves. Even then I think you'll find many of the shadier spammers will just use stolen credit cards and/or free ISP trials to send their spam. The trail is going to get awfully cold for a civilian trying to track down a spammer when you run into stolen credit card numbers or need to find the phone number that dialed into the ISP at a given date/time.

    Spam is a social problem, not a technological one. Social problems can only be solved by social contracts or laws.

    Spam is NOT a social problem any more than junk snail mail is a social problem. It takes advantage of available technology to serve a business purpose and as long as the technology is available to take advantage of, it will continue. The problem is that in the case of email the technology makes spam free.

    The solution is make spamming not free (with lawsuits based on existing laws) or make the technology harder to abuse (with filters, etc.). New laws are completely unnecessary and, as the FTC director said, most would be counterproductive.

    Technological solutions fail. Even bayesian filters, those much heralded bleeding edge anti-spam flavor of the moment, are being beaten regularly--my SpamBayes filter catches still a good deal, but more and more slip through despie over 150,000 'training' emails as the spammers get smarter.

    Then get a better Bayesian filter. With just 3000 good and 10,000 bad emails my Bayesian filter is running at 99.8%. 5 spams have gone through my Bayesian filter so far this month out of 2415 spams--2 were in a foreign language and the other 3 were on-topic enough that they got by and might have even been something I was interested in. My Bayesian filter accuracy has been going up constantly for the last 4 months.

    I'm willing to do deal with 1 spam in my inbox every 3 or 4 days to avoid federal legislation that will probably be less than perfect and certainly will not eliminate 99.8% of the spam.

    And, bayesian filters (even at the ISP level) don't begin to address the crucial problem of bandwidth use.

    Overnight, no. But if more and more people and ISPs implemented Bayesian less spam would be seen my users--including the dumb ones that respond to spam. In time the motivation to spam will decrease and that will decrease the bandwidth problem.

    Legislation is NOT the answer.

  8. Re:Comments.. by kevinz · · Score: 2, Informative
    Legislation is the ONLY way to get rid of spam. Effective legislation and prosecution, that is. The "they will all go offshore" excuse is BS. Sure, some might, but many won't. And then, the country that harbors the offshore spammer is squeezed just as korea was (do you see any korean spam any more? well, yes, but nowhere like the torrents we all received a year ago).

    So the spammers move their relays to another location, while they still cash the checks in Florida and Louisiana. How does that help? Even if we grant your Korea example, and I am not sure that I am willing to do that, we still have a number of other countries available to spammers with many targets for relay abuse. The number of third world countries that will improve their connection to the rest of the world without thinking about security is huge. Further, let's pretend that you are a small ISP in one of these thrid world contries. A spammer offers you the equivilent of 3 years profit to host a relay. What are you going to do? Even better, tech savvy spammers will respond to any law by increasing their reliance on virus spread residential gateways. Sobig could be the tip of the iceberg.

    Spam is a social problem

    No, spam is an identity problem. As long as you can get into my inbox without allowing me to know who you are I will get spam. By moving caller ID to email we can verify that the email was sent by a known sender. I've found that by requiring that senders authenticate the identity and agree to my terms of service that my spam problem is totally gone. No change to the law. No training a spam filter. No dealing with the few that slip through the filter. The only problem I have is those few people who don't know how to reply to an email, and there aren't many of those.

    --
    kevin zollinger - kevin@mailsoap.com Spam Free Email!
  9. Re:Comments.. by Kjella · · Score: 2, Informative

    Legislation is the ONLY way to get rid of spam. Effective legislation and prosecution, that is.

    There are already laws. But we're nowhere near a technically feasible way to gather evidence to prosecute, or even blacklist. Let's say Joe Q. Average gets a SPAM. How does he deal with it or report it? Something that doesn't take more of his time than to hit 'delete', and would lead to something effective?

    In case you haven't noticed, in the MS blaster fallout there's kazillions of "You've been sending virus email" when in fact the sender is spoofed. I've gotten those earlier myself. I'd be happy for a system that made me sure that mail "from" joe@hotmail.com actually came from the user joe at hotmail. Right now, that's not the case at all.

    Kjella

    --
    Live today, because you never know what tomorrow brings
  10. Re:Sender Verification for SMTP? by lpontiac · · Score: 2, Informative
    I think the SPAM problem could be largely mitigated by altering the SMTP protocol to include cryptographic signatures which are used to authenticate the email address listed in the email's "From" field.

    SMTP doesn't know about the From: field. Or the To: field, for that matter.

  11. You're the one who can't define "spam" by Len · · Score: 2, Informative

    I don't care whether spam is advertising a product, or asking for money, or asking for my vote. If it's unsolicited, bulk email then it's spam. Note bulk, not a single email to a single person about a topic that concerns him specifically. I don't see how you could confuse an offer to invest in my company (which couldn't be part of a bulk mailing, right?) with spam.

  12. Re:Sender Verification for SMTP? by Adrian+Lopez · · Score: 2, Informative
    SMTP doesn't know about the From and To fields? What do you mean? SMTP requires that users specify a From and To field, and while it might not respond immediately with information about the validity of an email address, it is nevertheless possible for SMTP servers to establish the validity of an email address. My server, for instance, does this:
    helo caribe.net
    250 OK
    mail from: me@caribe.net
    250 me@caribe.net OK
    rcpt to: nosuchuser@caribe.net
    550 is not a valid mailbox
    SMTP seems like the natural place to verify the validity of a mailbox, but ultimately it could just as easily be implemented as a separate service.
    --
    "In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
  13. Anonther Interesting Article on Spam by twoallbeefpatties · · Score: 2, Informative

    This story was printed recently as the cover for a weekly indie paper in Boston. The story reads more as a cover sheet for neophytes rather than for the hardcore Slashdot crowd, so you've probably heard most of it already, but there are a few points of interest:

    -- Some legislators have built up backing for a "do not email" list, similar to the "do not call" list that can get telemarketers in trouble. However, there's little hope it will pass. Not only would most offshore spammers ignore the list, but a list full of working emails would be gold to most spammers.

    -- The article briefly restates the idea that putting a price tag on emails could help the problem. The idea is that spammers make profits only because they can spam freely in such large quantities. If there were a 10 cent bill attached to emails sent, spammers would see greatly diminished returns. Small price to pay?

    -- The article also gives this interesting thought in a "do's and don't's" sidebar: Use "plus addressing" (offered at EFN) if you care about who's giving out your e-mail address. Here's how it works: Get an e-mail account. For example, nospam@efn.org. What's different with plus addressing is that nospam1, nospam2, nospam3 and so on will also be sent to you, only they'll each come into individually labeled folders. Next, when you sign up for a Victoria's Secret card and they ask for your e-mail, you give them one of those plus addresses, such as nospam14. If you ever get a spam e-mail sent to the nospam14 folder, you know which organization sold or shared your e-mail, and therefore where not to buy your panties.

    --
    Libertarians somehow believe that private businesses should be stronger than governments but weaker than individuals.
  14. Target the vendors by spagiola · · Score: 2, Informative

    The spammers can and do try to remain anonymous, but their very purpose is to make people buy something, which means that at some point there has to be a way for customers to reach the vendor paying for the spam to be sent. And that's what should be targeted. Fine those who pay to have spam sent, and they'll stop doing it. There need to be some safeguards, of course, so that a competitor does not maliciously have spam sent in another's name, to get their competitor fined, but that should be something that can be addressed.

  15. Re:I just don't understand.... by swordgeek · · Score: 2, Informative

    Here's the big deal.

    1) Bulk paper mail subsidises personal letter mail. They pay well for the privilege of sending out stuff that no one reads.
    2) Spam recipients pay for the spam they get. Disk space is used, bandwidth consumed, and ISP bills are higher. Not to mention the fact that we now need extra software (more computer resources, more maintenance, more time, more money) to filter this shite out.

    YOU ARE PAYING for every spam you receive, as well as every spam you filter. By the time it's left the spammer's computer, the load has been incurred, and the costs go up.

    FURTHERMORE, it's easy to tell the difference between paper junk mail and real mail. It's not always as easy (esp. for filters) to distinguish, and as a result you have spam that gets through to you, as well as real mail that gets trapped by your filters. Worse yet, the spammers are exploiting this--they've turned it into a war of escalation, with better crafted spam vs. better filtering. As long as they have free reign, we will be paying higher costs and continue to have the value of email service degraded.

    Of course nearly all of the "I don't get it" comments come from spammers, so you probably already know this and are just trying to excuse your behaviour.

    --

    "People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban