Slashdot Mirror
FTC Chief Bashes Anti-Spam Bills
teutonic_leech writes "According to an MSNBC report FTC chairman Tim Muris has indicated that the antispam laws being considered by Congress 'just won't work and may even be counterproductive - some of the proposed laws could be harmful, or at best useless.' He further concluded that 'In the end, legislation cannot do much to solve the spam problem, because it can only make a limited contribution to the crucial problems of anonymity and cost shifting.'" Other spam bits: an anti-spam service has a funny interview with one of their users, and reader der.hans submits a story and some pretty pictures discussing the quantity of Sobig.f virus emails.
My boss, Bill, bashes spammers. No really, he does. We're one of the first ISPs to sue spammers. Check last months (2months ago? don't remember) Time magazine. Awwwh yeah.
As long as there is profit to be made, there will be an enterprising capitalist there to take advantage. Especially in the case of spam, where there is no real barrier to entering. If you get a miniscule response, you can make a huge return on a limited investment.
It's akin to regulation of the traveling snake-oil salesman of the nineteenth century. That sort of charlatan is no longer allowed (by law), and the same could happen with strong (and strongly enforced) spam laws.
Stop corporate
best quote from the Knowspam.net interview:
At first glance, it sounds like the FTC cheif has his head up his ass. After reading the article, I realised the man just does not want to pass a lame ass law that makes it HARDER to prosecute spammers. He is looking for a simpler plan to make it EASIER to shut down mass-spammers. Sounds like he needs our help, not our hostility.
JP
The facts expressed here belong to all, the opinions to me. The distinction between fact and opinion is yours to decide.
How people spend so much time complaining about spam (unauthorized use of bandwidth) yet have no trouble at all making unauthorized use of someone else's data (file trading).
There shouldn't be much problem with a spam policy provided the proper definition of spam is included: bulk, unsolicited, commercial e-mail.
Defining spam as "any e-mail I don't want" is probably part of the problem with having a working anti-spam policy. It is also an incorrect definition of spam.
It also makes it impossible for people to do business, since it will be impossible for people to introduce themselves through e-mail.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
It is more problematic than just stopping the spammers. Any legislation should be based upon these criteria.
1) Spam cannot be routed via spurious methods.
2) Spammers can not blanket-target domains.
3) The companies who emply spammers should be held responsible.
4) The advertising should follow current laws and guidelines, with the consideration that minors may be using the internet. In general, follow the guidelines for movie trailers.
5) Transactions between companies and these 'advertising agencies' must be recorded.
6) Both the spammer and the company which sells the product must be held culpable.
Any deviation from these guidelines will only prove to make the anti-spam legislation exactly what the claims state it is, useless and filled with loopholes.
There's no need for a human to get involved. Have a protocol whereby in order to the receiver's machine automatically issues a small, dynamically-generated math problem which requires the sender's computer a few seconds of computing time to solve. The email only gets "authorized" if a correct solution is received. This would have very little impact on a regular user, but a spammer who sends out hundreds of thousands of emails would be facing some pretty prohibitive computational costs.
The bold print giveth, and the fine print taketh away
If you email me and get my "prove you're not a spammer" TMDA autoreply then you've never corresponded with me before (with the email address you're using). Any previous correspondence (to or from) and you won't get the autoresponse.
If you care enough to send email to me, you care enough to "hit reply" one time for a "new address". If I started the "conversation" you shouldn't ever get an autoresponder message.
Challenge/response breaks the whole concept of e-mail.
No. Spamming broke the concept of email years ago. The only question is how to fix things. Based on the hoops you're going through with SA, your email sounds just as broken. Been there, done that. If you don't want to email me, I'll cope somehow.
I agree that the proposed spam legislation is inadequate to solve the problem, and I commend the FTC for standing up, rather than passing more useless laws and backing an inneffective solution just to be able to say "look what we've done"
However, my problem has lately has not been the tradition UCE spam (Spamassasin does a pretty good job taking care of that); my problem lately has been outright criminal messages reaching my inbox.
Recently, I've been getting more and more messages spoofed as being from Paypal, Citibank, my ISP, etc, saying that my account has been suspended, and I need to verify my password, credit card number, even my mother's maiden name(!) These messages are getting more sophisciated, and appear to have (for example) a paypal.com address for me to click on.
After getting a few of these in a week's time, I checked the headers, and all seemed to come from China. I'm not sophicicated enough to trace them back any farther, but since these are so blatently criminal, I dont think they'd be originating in the US, as the potential for prosecution is so high.
Unfortunately, these messages are the most dangerous, and the hardest to stop (if they truly originate overseas.) I'd like to see some sort of internation cooperation to track and prosecute these degenerates.
OK...
I can do this. I am, after all,
a superhero!