Slashdot Mirror
FTC Chief Bashes Anti-Spam Bills
teutonic_leech writes "According to an MSNBC report FTC chairman Tim Muris has indicated that the antispam laws being considered by Congress 'just won't work and may even be counterproductive - some of the proposed laws could be harmful, or at best useless.' He further concluded that 'In the end, legislation cannot do much to solve the spam problem, because it can only make a limited contribution to the crucial problems of anonymity and cost shifting.'" Other spam bits: an anti-spam service has a funny interview with one of their users, and reader der.hans submits a story and some pretty pictures discussing the quantity of Sobig.f virus emails.
and here's the text of the article, for those of you that don't have time subscriptions Jun. 16, 2003 Cable-TV descramblers! FDA-approved diet pills! Viagra without a prescription! Instant access to XXX movies! Dramatically enhanced orgasms! If you have ever received e-mails advertising products and services like these -- some quite within the law, some clearly outside it -- chances are they came from a guy like Howard Carmack, professional spammer. Using three computers and working out of his mother's home in Buffalo, N.Y., Carmack sent an impressive 857,500,000 unsolicited e-mails in one year, something that is perfectly legal in New York State. But Carmack crossed the line, according to EarthLink, his Internet service provider, when he set up 343 accounts using stolen credit-card numbers to send these e-mails. EarthLink took notice and began a year-long cat-and-mouse game to discover Carmack's true identity. "My name's not on anything," he boasted at one point, according to investigators, when they reached him on his uncle's cell phone. "You'll never catch me." Fingered by his upstairs neighbor and a former employer, Carmack went to ground. A private detective was hired to stake out his mother's house. Carmack was finally caught running from his car to the front door and was served with a complaint. Now out on bail, he has been found liable in a $16.4 million civil lawsuit by EarthLink. Charges of criminal fraud filed by state attorney general Eliot Spitzer are still pending. "There are many more like Carmack," Spitzer warns. "This sends a message that we are pursuing them." Spitzer, a man who knows how to put himself in the spotlight, was the avenging angel of Wall Street last year. Now he is on a cybercrusade against spam. And no wonder. In the space of a year, according to research firm IDC, the number of uninvited entries into U.S. In boxes has shot up 85%, to a total of 4.9 trillion. Driven by cheap technology and the promise of easy profit, spammers have gone from pests to an invasive species of parasite that threatens to clog the inner workings of the Internet. For the first time last month, according to MessageLabs, more than half the emails received by U.S. businesses were unsolicited. The time we spend deleting or defeating spam costs an estimated $8.9 billion a year in lost productivity. Sensing an enemy as unpopular as al-Qaeda, lawmakers are pondering a plethora of solutions -- some of which, spam watchers say, could end up doing more harm than good. Why do spammers flood the Internet with ads nobody wants to read? Because some people do read them, and a tiny fraction actually respond -- which in the world of direct marketing is like money in the e-bank. Take former spammer Scott Hirsch of Boca Raton, Fla., who sold his e-mail marketing business last year for $135 million and retired at the age of 37. Florida is home to more spammers than any other state, and Hirsch -- who started his first bulk e-mail list way back in 1996--likes to take credit for helping make Boca Raton "the spam capital of the world." Hirsch filled his mailing lists with the e-mail addresses of people who had "opted in" by checking (or forgetting to deselect) one of those ubiquitous boxes on website order forms. "When people want to receive [e-mail]," he explains, "you get a much higher return." But for an increasing number of Hirsch's imitators, spamming is a numbers game that rewards excess. "The more times they deliver the message, the more money they make," says Charles Curran, general counsel for America Online, which last week filed lawsuits against more than 100 spammers. "They all want to get as close to infinity as possible." This is getting easier all the time, as high-speed Internet access gets cheaper and computer processor power continues to double every 16 months. Meanwhile, the software tools for spamming continue to improve. Web crawlers harvest e-mail addresses en masse from chat rooms and newsgroups. Dictionary-attack programs string together words or names in multiple languages, random numbers, an "@" and
Is it just me, or is C/R spam filtering, really, intensely, annoying?
If I e-mail someone, and I get one of those "I think you're a spammer, prove you're not" messages back, then fuck it, you're not getting my e-mail. Challenge/response breaks the whole concept of e-mail.
I personally use SpamAssassin to drop mail scoring 5-10 into a crudbox, and 10+ just gets bounced.
I don't get much spam anymore.
Absolutely incorrect.
The "they will all go offshore" excuse is BS. Sure, some might, but many won't.
You probably have it backwards. Many will go offshore, but some won't.
Plus, it might not be necessary. There is so much spam and spammers are constantly dodging bullets to keep themselves anonymous I'm not sure if it'd really be necessary to go overseas. There are not enough resources to track down spammers that are covering their tracks unless some "public bounty" is authorized that gives the *public* an incentive to track them down themselves. Even then I think you'll find many of the shadier spammers will just use stolen credit cards and/or free ISP trials to send their spam. The trail is going to get awfully cold for a civilian trying to track down a spammer when you run into stolen credit card numbers or need to find the phone number that dialed into the ISP at a given date/time.
Spam is a social problem, not a technological one. Social problems can only be solved by social contracts or laws.
Spam is NOT a social problem any more than junk snail mail is a social problem. It takes advantage of available technology to serve a business purpose and as long as the technology is available to take advantage of, it will continue. The problem is that in the case of email the technology makes spam free.
The solution is make spamming not free (with lawsuits based on existing laws) or make the technology harder to abuse (with filters, etc.). New laws are completely unnecessary and, as the FTC director said, most would be counterproductive.
Technological solutions fail. Even bayesian filters, those much heralded bleeding edge anti-spam flavor of the moment, are being beaten regularly--my SpamBayes filter catches still a good deal, but more and more slip through despie over 150,000 'training' emails as the spammers get smarter.
Then get a better Bayesian filter. With just 3000 good and 10,000 bad emails my Bayesian filter is running at 99.8%. 5 spams have gone through my Bayesian filter so far this month out of 2415 spams--2 were in a foreign language and the other 3 were on-topic enough that they got by and might have even been something I was interested in. My Bayesian filter accuracy has been going up constantly for the last 4 months.
I'm willing to do deal with 1 spam in my inbox every 3 or 4 days to avoid federal legislation that will probably be less than perfect and certainly will not eliminate 99.8% of the spam.
And, bayesian filters (even at the ISP level) don't begin to address the crucial problem of bandwidth use.
Overnight, no. But if more and more people and ISPs implemented Bayesian less spam would be seen my users--including the dumb ones that respond to spam. In time the motivation to spam will decrease and that will decrease the bandwidth problem.
Legislation is NOT the answer.