Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Chief Bashes Anti-Spam Bills

Posted by michael on from the you-could-at-least-try dept.

teutonic_leech writes "According to an MSNBC report FTC chairman Tim Muris has indicated that the antispam laws being considered by Congress 'just won't work and may even be counterproductive - some of the proposed laws could be harmful, or at best useless.' He further concluded that 'In the end, legislation cannot do much to solve the spam problem, because it can only make a limited contribution to the crucial problems of anonymity and cost shifting.'" Other spam bits: an anti-spam service has a funny interview with one of their users, and reader der.hans submits a story and some pretty pictures discussing the quantity of Sobig.f virus emails.

11 of 296 comments (clear)

  1. bash? by selfabuse · · Score: 5, Interesting

    My boss, Bill, bashes spammers. No really, he does. We're one of the first ISPs to sue spammers. Check last months (2months ago? don't remember) Time magazine. Awwwh yeah.

    1. Re:bash? by 4of12 · · Score: 4, Interesting

      excessive concentration on the supply side.

      You're quite right.

      There has to be a concentration on the demand side of the equation.

      Clients of the spammers need to feel it in the pocketbook for a solution to really work.

      Unfortunately, a 98% effective boycott of the spamhaus clients by recipients of spam won't do much, considering that response rates are less than 1% already. Rather than attack the spammers directly, the clients should be made to pay big time if they've employed a spammer for advertising.

      I don't trust Michael Powell. After caving in to media interests and allowing further consolidation in the face of absolutely zero public support for such measures (and widespread opposition once the results of his hearings became known), his current position on spammers seems to be an attempt to position future policy to insure that there is no possible anonymity on the Internet. I dislike that solution to that problem because whistleblowers, politic dissidents in repressive regimes, etc. would be silenced alongside the despicable spammers.

      BTW, along the same lines of supply and demand, there's a recent article about current and former law enforcement officials that want a different approach to the "war on drugs" than what's been not working for the last number of decades.

      --
      "Provided by the management for your protection."
    2. Re:bash? by Brian+Kendig · · Score: 4, Interesting

      They need to be shown, without any doubt, that they are indeed breaking the law.

      And then they'll stop, just like all those people who used to download music, right?

      Legal action can help curb spammers, *if* it's pursued aggressively -- but technology still has a lot more it can do. For example:

      - Why do mail servers accept email whose sender address is invalid (malformed) or gives a domain which isn't resolvable?

      - Why do mail servers accept email which is sent in violation of the SMTP protocol -- for example, 'spam blasters' which dump a whole lot of commands on the receiving server then disconnect without waiting for a response?

      - Why don't mail servers automatically check services such as Razor? If an incoming message happens to have the same checksum as a message which has been reported to Razor several thousand times within the past half-hour, why accept the message for delivery?

      - Why don't mail servers have a built-in 'tarpit' feature? In other words: if there's an incoming message, and if system resources aren't tight, the mail server could sit on it for sixty seconds before accepting it. If the sender disconnects before sixty seconds, the mail will be rejected. This obeys the SMTP protocol, and it will be unnoticed by anyone except people who want to blast tens of thousands of emails in one shot -- suddenly it becomes more time-consuming to spam, and the spammer can be stopped before he can get very far.

  2. What the government CAN do.... by weave · · Score: 3, Interesting
    What the government can do and should do is pass a law that says the matter should be handled by the private sector, and affirm a mail system owner's right to decide what gets delivered, and also word it so third party services like spamcop are legal so they don't have to be threatened with legal actions.

    Put an end forever to these bogus claims by spammers that their free speech is being interfered with, that businesses have to pay to provide means to deliver their crap, and that to do otherwise is to interfere with their business and all of their other bogus claims.

  3. Automate the challenge/response ... by tessaiga · · Score: 5, Interesting

    There's no need for a human to get involved. Have a protocol whereby in order to the receiver's machine automatically issues a small, dynamically-generated math problem which requires the sender's computer a few seconds of computing time to solve. The email only gets "authorized" if a correct solution is received. This would have very little impact on a regular user, but a spammer who sends out hundreds of thousands of emails would be facing some pretty prohibitive computational costs.

    --
    The bold print giveth, and the fine print taketh away ...
  4. So how does one find a spammer anyway? by einTier · · Score: 4, Interesting

    It seems like these guys lay low so that geeks like us can't find them and harrass them. But, this has always begged the question in my mind, how do their customers find them?

    Not that I want to spam mind you, but it seems like they have more than a few customers, and yet, it seems next to impossible to find a point of contact for these people.

    --
    -------------------------------------------------- $665.95 -- retail price of the beast.
  5. Sender Verification for SMTP? by Adrian+Lopez · · Score: 4, Interesting

    I think the SPAM problem could be largely mitigated by altering the SMTP protocol to include cryptographic signatures which are used to authenticate the email address listed in the email's "From" field. The receiving SMTP server contacts the server listed in the From field to obtain a copy of the claimed sender's public key which the receiving server uses to authenticate the sender's true identity. The public key is user-settable so that alternate From addresses may be used as long as the sender is authorized to use that address in From fields.

    --
    "In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
  6. Anti-Spam Services by Goo.cc · · Score: 3, Interesting

    The interview in the story is from an anti-spam service called knowspam, which works pretty much like Blue Bottle: if you are not on my white list, you have to authenticate yourself to send me an e-mail.

    But what happens when two people, both using such a service, decide to send an e-mail for the first time? Couldn't such a setup create a endless loop of authentication requests?

  7. Too bad they don't realize this on every issue. by Maul · · Score: 4, Interesting

    Legislation isn't always the correct tool to fighting something. Whenever we consent to Congress passing more and more laws, we are sure to lose some of our freedoms along the way.

    I hate spam as much as the next guy, but it isn't worth letting Congress think up some hair-brained, rights-destroying scheme that probably won't work anyway.

    Too bad they don't realize this on most issues out there.

    --

    "You spoony bard!" -Tellah

  8. The guy's right by amcguinn · · Score: 4, Interesting
    First, in saying some recent bills may be counterproductive, he's only echoing what many anti-spam campaigners have been saying: the bills actually legalise a lot of spam.

    Now, a good anti-spam law can contribute by driving spam further into the criminal underworld, but let's face it, it's most of the way there already, and you're not going to cut it down much more in that direction.

    The key point is anonymity. If you can send email anonymously, you can send spam, legally or illegally. If you are willing not to receive anonymous email, you can receive zero spam (using whitelisting), or next to zero spam (counting on blacklisting of known spammers by name). Contrary to what some people say, the existing technical SMTP protocols are perfectly adequate for spam-free email: you just need a virtual email network using smtp, to which anonymous users are not admitted. I think it quite likely that MSN, AOL, etc. will be setting this up within the next 12-24 months. They might screw it up by trying to lock out competitors, but it can only be useful if it's reasonably inclusive.

    Personally, I want to receive anonymous email, from people who've seen my web sites, or old friends who've looked up my address, or whatever. But to get these emails, I'm bound to get spam as well, legally or illegally, and I'm prepared to live with it.

  9. Re:Anti-Spam laws are the only way to go by boatboy · · Score: 3, Interesting

    The illogic of your comment is that it ignores the other side of the coin. As long as there is profit to be made stopping spam, capitalism will find the cheapest, best way to do so- much cheaper and much better than any politician ever could. It also, as this century has proven for marxism, ignores the fact that where there is profit to be made, there will always be an enterprising politician to take advantage.

    Your analogy is also incorrect. Snake oil salesmen were frauds. Fraud became illegal, not snake oil. I may buy snake oil (or magnet bracelets or crystals) as long as the seller is honest about what it is. Spammers may be frauds also, but the point is, if they are frauds-or in violation of other existing laws- then they should be prosecuted under those laws. If new laws are needed to clarify what sorts of advertisement are illegal, they should not deal with the technology but rather the core issue (ie. it is illegal to advertise indecent material to minors.)

    I have a feeling most /.ers, if they thought about it, would trust technology over a politician any day...