California Tries Spam Ban

Schlemphfer writes "Spammers have likely received their biggest setback yet, when California governor Gray Davis today signed a bill outlawing all unsolicited email sent to and from the state. Two things about this new law stand out: first, it puts the burden on senders to prove that they are sending solicited email. Second, it bans the entire practice of spamming, with no loopholes at all like allowing messages with ADV: in the subject. Keep in mind California has the world's fifth largest economy, and they are planning to enforce the law with fines amounting to $1000 per each piece of spam. This law could be ruinous to spammers when it takes effect January 1st."

Can we really enforce this?

[soren42]

The issue here is one of enforcement. What's to stop the dishonest from forging e-mail headers and the rest, to fine a company or individual out of existance?

There's a huge issue with the volume of spam potentially involved. In the case of "fraudulent spam", who's going to investigate it, since the burden is on the sender?

Not that I'm defending spammers, I think the law is a good idea, but if the execution is flawed, it could be short-lived.

Re:Can we really enforce this?

[the_bahua]

I think a zealous group of vigilantes will emerge, and make a killing on hunting down and exposing spammers, for a while, until the spam actually calms down.

Good move, CA.

Re:Can we really enforce this?

[miu]

People who have serious spam problems are not very good at dealing with it.

You are so wrong. My home email which I manage myself is mostly spam free - I see maybe one piece of spam a week. My work email is full of internal communications, mail from marketing, mail from customers, status reports, and so on. I cannot filter that mail aggresively and see 10 to 20 pieces of spam a day.

I know exactly how to deal with spam, but because of the use and exposure of that email address those options are unavailable.

Re:Can we really enforce this?

[randyest]

Stop the FUD and RTFL (Read The Fine Law):

The bill would instead prohibit a person or entity located in California from initiating or advertising in unsolicited commercial e-mail advertisements.

So:

1. Not commercial. Flame away in private.
2. The "spoofs" would need to include some commercial message or invitation to buy a product. If that spoof doesn't include a commercial offer, case closed. If it does include a commercial offer, it would be rather easy to show whether or not a business relationship exists between the acutal sender and the commercial entity on whose behalf the email was (allegedly) sent or spoofed (i.e. compensation was exchanged or not). In short: cuo bono (who profits?).
3. Commerical endeavors have always suffered more restrictions than non-commercial ones. This does not jeapordize that clear line in any way, shape, or form. Witness the anti-telemarketing Do Not Call registries that apply to commercial interests but not non-profits or politicians. There is no slippery slope here, please move along.

Oh, and kindly bite my minorly-irritated shiny metal ass ;)

Burden?

[Rkane]

The burden will ALWAYS be on the recipient of unsolicited emails. When I login to my computer and find 90 ads for viagra and mother-son sex sites, it is on MY shoulders to inform authorities of the sender. Also, with all of the masking of addresses and such, how are they going to possibly prove who sent what to whom? A smart spammer will still get away with it.

On another note, how will the law apply to someone from another state visiting CA and checking their mail? What about a Californian visiting another state checking their mail? What about someone using an out of state ISP to check their mail?

One state banning spam is just going to create a paperwork nightmare. Call me when you have a real solution.

OS flaws

[$exyNerdie]

So what if someone's computer is hacked (we hear about all kinds of Windows flaws) and used as relaying server for spam (without their knowledge), is the burden on innocent to prove that their computer was hacked or used as mail relay without their knowledge ?

Re:spam is ramping up

[ewhac]

Keep laws off the internet, use technology to fix technology.

Ordinarily, I'd agree with you; the fewer poorly drafted laws, the better. However, in this case, the problem (mostly) isn't technological, it's sociological.

There are a surprising number of very broken people out there who live their day-to-day lives with the maxim, "If it's not expressly illegal, it's perfectly okay." This idea is, of course, hogwash, since it completely ignores unwritten social custom, which often varies regionally.

On the local region known as The Internet, it is the custom that it is impermissible to send unsolicited bulk email, particularly when it is commercial in nature. However, it is not, per se, illegal. So these sociopaths clog the network because, hey, it must be perfectly okay.

Normally, the counterbalancing force to such aberrant behavior is social ostracism or, in extreme cases, pillorying (or equivalent). Spammers are aware of this, and go to great lengths to conceal their identities and escape accountability.

While technical measures can thwart these people, such as widespread deployment of SMTP AUTH, it does nothing to fix the underlying sociopathy. Spammers are already deploying viruses and worms to create a network of open SMTP relays. Who here honestly believes they won't escalate into stealing SMTP AUTH passwords? Hence, spam is mostly a social problem, needing a mostly social solution.

Schwab

Novel new approach to politics

[interstellar_donkey]

Simply amazing. The citizens want you gone, so you use your power to help pass laws that the citizen actually wants!

What's next?

Amnisty for p2p traders?
Caps on insurance hikes?
Regulation of energy to keep costs down?
Actually following the letter and intent of the weed decrimilization law?

As a Californian who isn't too fond of Davis, I have to snicker a bit. So the threat of being kicked out actually does make law makers push to enact laws that the average person wants, instead of pandering to corperations.

Gosh, the next thing you know, Davis will be the champion of providing a quality education.

Re:spam is ramping up

[scovetta]

I'd use the 80/20 rule here. If 80% of the spam is sent by 20% of the people, and we kill--err- i mean, sue, those 20%, then the problem is much reduced. I'd be fine with getting a *few* spam messages a week, but not 100+ a day. I say let the lawyers deal with the spammers, technology can handle the rest.

Meaningless

[rudy_wayne]

I hate spammers, but this law is meaningless, as are ALL anti-spam laws:

1. Spammers will ignore the law. Which leads to the next point:

2. Laws are meaningless unless enforced. How will it be enforced? When I get hit with spam that violates this law, who do I complain to? Who will investigate my complaint and then pursue and punish the spammers?

3. Where will all the money and resources come from to enforce this law (see point #2 above) -- to actually enforce this law will take FAR more money and resources than anyone realizes or will admit.

And even if significant money and resources are allocated to enforce the law:

4. What about all the spam originating from servers outside the U.S.