Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Chief Bashes Anti-Spam Bills

Posted by michael on from the you-could-at-least-try dept.

teutonic_leech writes "According to an MSNBC report FTC chairman Tim Muris has indicated that the antispam laws being considered by Congress 'just won't work and may even be counterproductive - some of the proposed laws could be harmful, or at best useless.' He further concluded that 'In the end, legislation cannot do much to solve the spam problem, because it can only make a limited contribution to the crucial problems of anonymity and cost shifting.'" Other spam bits: an anti-spam service has a funny interview with one of their users, and reader der.hans submits a story and some pretty pictures discussing the quantity of Sobig.f virus emails.

8 of 296 comments (clear)

  1. bash? by selfabuse · · Score: 5, Interesting

    My boss, Bill, bashes spammers. No really, he does. We're one of the first ISPs to sue spammers. Check last months (2months ago? don't remember) Time magazine. Awwwh yeah.

    1. Re:bash? by 4of12 · · Score: 4, Interesting

      excessive concentration on the supply side.

      You're quite right.

      There has to be a concentration on the demand side of the equation.

      Clients of the spammers need to feel it in the pocketbook for a solution to really work.

      Unfortunately, a 98% effective boycott of the spamhaus clients by recipients of spam won't do much, considering that response rates are less than 1% already. Rather than attack the spammers directly, the clients should be made to pay big time if they've employed a spammer for advertising.

      I don't trust Michael Powell. After caving in to media interests and allowing further consolidation in the face of absolutely zero public support for such measures (and widespread opposition once the results of his hearings became known), his current position on spammers seems to be an attempt to position future policy to insure that there is no possible anonymity on the Internet. I dislike that solution to that problem because whistleblowers, politic dissidents in repressive regimes, etc. would be silenced alongside the despicable spammers.

      BTW, along the same lines of supply and demand, there's a recent article about current and former law enforcement officials that want a different approach to the "war on drugs" than what's been not working for the last number of decades.

      --
      "Provided by the management for your protection."
    2. Re:bash? by Brian+Kendig · · Score: 4, Interesting

      They need to be shown, without any doubt, that they are indeed breaking the law.

      And then they'll stop, just like all those people who used to download music, right?

      Legal action can help curb spammers, *if* it's pursued aggressively -- but technology still has a lot more it can do. For example:

      - Why do mail servers accept email whose sender address is invalid (malformed) or gives a domain which isn't resolvable?

      - Why do mail servers accept email which is sent in violation of the SMTP protocol -- for example, 'spam blasters' which dump a whole lot of commands on the receiving server then disconnect without waiting for a response?

      - Why don't mail servers automatically check services such as Razor? If an incoming message happens to have the same checksum as a message which has been reported to Razor several thousand times within the past half-hour, why accept the message for delivery?

      - Why don't mail servers have a built-in 'tarpit' feature? In other words: if there's an incoming message, and if system resources aren't tight, the mail server could sit on it for sixty seconds before accepting it. If the sender disconnects before sixty seconds, the mail will be rejected. This obeys the SMTP protocol, and it will be unnoticed by anyone except people who want to blast tens of thousands of emails in one shot -- suddenly it becomes more time-consuming to spam, and the spammer can be stopped before he can get very far.

  2. Automate the challenge/response ... by tessaiga · · Score: 5, Interesting

    There's no need for a human to get involved. Have a protocol whereby in order to the receiver's machine automatically issues a small, dynamically-generated math problem which requires the sender's computer a few seconds of computing time to solve. The email only gets "authorized" if a correct solution is received. This would have very little impact on a regular user, but a spammer who sends out hundreds of thousands of emails would be facing some pretty prohibitive computational costs.

    --
    The bold print giveth, and the fine print taketh away ...
  3. So how does one find a spammer anyway? by einTier · · Score: 4, Interesting

    It seems like these guys lay low so that geeks like us can't find them and harrass them. But, this has always begged the question in my mind, how do their customers find them?

    Not that I want to spam mind you, but it seems like they have more than a few customers, and yet, it seems next to impossible to find a point of contact for these people.

    --
    -------------------------------------------------- $665.95 -- retail price of the beast.
  4. Sender Verification for SMTP? by Adrian+Lopez · · Score: 4, Interesting

    I think the SPAM problem could be largely mitigated by altering the SMTP protocol to include cryptographic signatures which are used to authenticate the email address listed in the email's "From" field. The receiving SMTP server contacts the server listed in the From field to obtain a copy of the claimed sender's public key which the receiving server uses to authenticate the sender's true identity. The public key is user-settable so that alternate From addresses may be used as long as the sender is authorized to use that address in From fields.

    --
    "In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
  5. Too bad they don't realize this on every issue. by Maul · · Score: 4, Interesting

    Legislation isn't always the correct tool to fighting something. Whenever we consent to Congress passing more and more laws, we are sure to lose some of our freedoms along the way.

    I hate spam as much as the next guy, but it isn't worth letting Congress think up some hair-brained, rights-destroying scheme that probably won't work anyway.

    Too bad they don't realize this on most issues out there.

    --

    "You spoony bard!" -Tellah

  6. The guy's right by amcguinn · · Score: 4, Interesting
    First, in saying some recent bills may be counterproductive, he's only echoing what many anti-spam campaigners have been saying: the bills actually legalise a lot of spam.

    Now, a good anti-spam law can contribute by driving spam further into the criminal underworld, but let's face it, it's most of the way there already, and you're not going to cut it down much more in that direction.

    The key point is anonymity. If you can send email anonymously, you can send spam, legally or illegally. If you are willing not to receive anonymous email, you can receive zero spam (using whitelisting), or next to zero spam (counting on blacklisting of known spammers by name). Contrary to what some people say, the existing technical SMTP protocols are perfectly adequate for spam-free email: you just need a virtual email network using smtp, to which anonymous users are not admitted. I think it quite likely that MSN, AOL, etc. will be setting this up within the next 12-24 months. They might screw it up by trying to lock out competitors, but it can only be useful if it's reasonably inclusive.

    Personally, I want to receive anonymous email, from people who've seen my web sites, or old friends who've looked up my address, or whatever. But to get these emails, I'm bound to get spam as well, legally or illegally, and I'm prepared to live with it.