Slashdot Mirror
Senate Passes Anti-Spam Bill
Zendar writes "Yahoo! is reporting that the 'U.S. Senate passed the first national anti-spam bill on Wednesday, giving momentum to an issue that has riled consumers almost as much as dinnertime phone calls.' However, the bill, referred to as the 'Can Spam' bill, is unlikely to pass the House and be signed by the President. Senator John McCain sums it up: 'The odds of defeating spam by legislation alone is extremely low, but that does not mean we should stand idly by and do nothing about it.' CNN also has the story."
"but that does not mean we should stand idly by and do nothing about it - we're not cops , after all..."
Meaning, 'What we do has no effect, but we need to look like we're doing something useful.' And of course there _shall_ be unintended consequences, which will require yet another government "fix".
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Now spammers will finally have that 'qualified opt-in list!' they always crow about.
Steve's Computer Service, Hobbs, NM
It's not going to help the influx of spam from China, Taiwan or Russia, which is where I seem to receive most of my spam.
I think the Senate, as usual, passed a do-nothing measure that will have not an ounce of effect on the literally 350 spams I receive a day. (Yes, I do use spam filtering.) Congress would be better off to provide tax credits for companies producing filters, starting a massive education campaign on how you can stop unwanted e-mails using these filters, and investing heavily in research projects to improve filtering.
But this is a bunch of more fucking useless bullshit--par for the course for this Administration.
Karma: Excellent Birds (mostly as a result of listening to Laurie Anderson)
It doesn't allow for mobs to tear the spammers limb from limb, lynching, or any other fun group activities.
(Grim) Humor aside, the only thing that I can see this doing is forcing spammers to move off shore, open shell companies in spam havens, and generally make things harder to do.
Hate to say it, but I think it is time to move beyond email.
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
The name of the bill is a little bit misleading. When I first read it, I read it as "[you] can spam" as opposed to "can (get rid of) spam".
It's a shame that they think it won't go anywhere, though...
-- Dr. Eldarion --
A co-worker got one yesterday "Get Viagra - Half Off!". Kinda defeats the purpose, no? :)
Sometimes I doubt your commitment to Sparkle Motion.
Passing a law to fix spam is a bad Idea. After they get this passed, then they will pass more laws to outlaw more "bad" things on the internet.
Just let the technology fix its self. Or if they want to help, maybe fund some research on an SMTP alternative.
Politician: I voted against spam!
Constiuent: Yay!
Ugh. Why don't they vote against rained-out baseball games? The odds of ending rained-out baseball games by legislation alone is extremely low, but that does not mean we should stand idly by and do nothing about it.
I downloaded and installed the latest version last night and am very impressed with this seemlessly integrated Bayesian Spam Filter (make sure anti-virus software is disabled before installing -- which can be difficult with McAfee as I discovered).
Very much recomeeded.
-- @rjamestaylor on Ello
when Congress used to work on laws that affected the Nation? These days, they would rather pass stupid (and worthless) laws about things that have no effect on the Nation (as a whole) instead of going after the real problems.
As well, add another (potential) law that will be ignored wholesale by the populace.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Legislation alone won't solve the problem. Technology alone won't solve the problem. Technology combined with legislation can HELP.
Sure, trying to end spam sounds nice and all, but the people in Congress almost never think of the repercussions that a new law could make, just to make it look like they're being effective in the public eye.
Rather than fucking around with new laws that have the high potential to create new problems, how about getting some useless and laws off of the books instead?
Until Slashdot fixes the funny modifier, use insightful or interesting. The poster knows your intentions.
Is go after the companies that sell ("rent") your information to the spammers. I know I didn't register for the national do-spam-me list, and I only gave my email out to "reputable" sights, so someone gave it away somewhere despite their privacy policy. You'd think there'd be a way to backtrack how these companies get this stuff.
slashdot, news for crazed liberal socialist zealots
Imagine trying to solve the powergrid problem with a law - people would simply laugh at that.
AC comments get piped to
When you start getting sued for sending your resume to 100 different companies, ask yourself, was it worth it?
It goes to show you -- when it's clear that there's a real consensus, legislators don't hesitate to act, cynical sneering about "buying votes" notwithstanding. As soon as it became clear that the popularity of telemarketers with Americans was somewhere above Osama bin Laden and below Saddam, you've never seen any legislation move so fast. And now that it's dawning on them that spamers are about as popular (true, they don't bother you during dinner, but then telemarketers don't send bestiality pictures to your kids) they figure there are additional points to be scored.
What I'm listening to now on Pandora...
Until some local yocal judge from Oklahoma decides that the bill is unconstitutional, just like the do-not-call list.
.01 spams per capita? Sounds democratic enough. And, hey!, we'd expand to 60 states in no time! If expansion is good for the NFL, it is good enough for the U.S. of A!
And, of course, I must unoriginally question just how they plan to enforce this? Perhaps we should just invade any country that originates more than
Great, now you've made it harder for "Joe Blow" to send spam. That's dandy, but over 70% of the spam in the world is accounted for by 20 or so people. Those 20 people also happen to be located offshore, and if they're not they'll be moving there shortly. I read an interesting story a couple of weeks ago that discussed the governments inability to stop spam from offshore. I don't know exactly what the answer is to spam but I know it's not legislation.
On a side note, as an end-user, I've experienced success with a service called Shadango.com. I started using it after my hotmail address became practically useless due to the amount of spam I was receiving. It has kept my inbox junk-free, and it allows me to check both my hotmail address and students address all from the same interface.It's definitely worth checking out.
Like I said this will only momentarily stop the hemorrhaging!
Brian Jensen
/. If the government wants us to respect the law, it should set a better example.
even if it doesn't stop spam. Its time the people of the world stood up against these bastards even if its just a symbolic gesture. What the spammers are doing should be considered "illegal".
their idea of a do not spam registry is interesting, *if* it was respected by spammers (or if there were penaltys imposed on those who ignore it) people who sign up for the resigtry aren't likely to respond to it anyhow.
"Nyquil - The stuffy, sneezy, why-the-hell-is-the-room-spinning medicine."
So the obvious solution is to waste time making laws that do nothing about it.
Sometimes I wonder how people this dumb come to represent us... through feel-good do-nothing legislation like this, I suppose.
"Ask not what your country can do for you." --John F. Kennedy
But will this allow for LEGAL spam (something I don't think any of us want)?
:/
I guess we can all point to being on the "do not spam" list, but...
In a related note, I wonder if we'll be able to sign up a whole domain for the do not spam list? E.G. if I run a mailserver on example.com, will I be able to block out *@example.com from getting spam?
Lastly, will ISPs still be able to reserve extra latitude for punishing those spammers who violate their ToS? E.G. even if they send "legal" spam in contravention of the ToS, can the ISPs still ban the practice?
I just hope this law is "good enough" since a bad law could actually make our spam problems worse
MOD PARENT UP
That could be a problem -- after Afghanistan and Iraq, I'm not sure if we still have 20 Predator-mounted Hellfires in stock.
/. If the government wants us to respect the law, it should set a better example.
The bill, designed to stop unwanted e-mail pitches such as get-rich-quick scams and miracle drugs, would direct the Federal Trade Commission to create a "do-not-spam" registry similar to the recently inaugurated nationwide do-not-call list for telemarketers.
I suppose it'll be just a matter of time before spammers find ways to circumvent this, just like how telemarketers are finding ways to circumvent the DNC List. I'm not holding my breath.
Don't get me wrong--I'd love to be convinced! Personally, I'd like to see the content of the bill itself, but I suppose articles like this will do in the meantime.
I submitted the cnn version of this article about 3 hours ago
From CNN:
"State and federal law enforcers and Internet service providers such as EarthLink, Inc. would be allowed to pursue spammers, but individual users could not sue directly."
That's majorly unfortunate. It basically means that spammers will be able to buy (through settlements) access to ISPs, and the customers will have no recourse.
find the lost fwibble by midnight!
They also voted themsleves a new pay raise for the great and wonderous work they are doing in passing unenforceable laws. Aren't you just happy that while we're all getting canned and being forced to work at MickeyD's to put ramen noodle soup on your table, these asshats are giving themsleves raises. The argue its about increase of livimng since the average workers salary went up. I got news for you do, if your salary percent went up its cause either the number of lower salary people out of work is increasing hence giving a better percentage. If your personal alary went up, its becuase you actually did do a good job and got a raise. Note: DID A GOOD JOB. Last time i looked the economy was still in flush mode. So just remmeber that when you look at this law. This law, the time they wasted on it, and others like it is where your tax dollars are going. Gives you a whole a whole new perpective on this law now...
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
For anyone who doubted that Sir Whacksalot is a known troll, here is all the proof that you need. This guy should be modded down every time he posts, no matter what he posts, until Slashdot is rid of the scourge known as Sir Haxalot.
I thought spam was already canned... Like tuna, or soda...
This is still a step in the right direction, I can't understand how something like this wouldn't pass through, spam is a problem that is spread worldwide... The only reason I can see why this wouldn't be approved is if another bill is passed to the house first, the green kind... Can anyone suggest another reason why this bill would not pass? Does the house of Rep.s or the president really think spam is important enough to stop a bill like this?
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
Enjoy.
SpamPal is good, too. It uses a plugin architecture that currently supports a regex-based body text scanner and Bayesian categorization. It also natively supports filtering of mail using DSNBLs for those of us who want to also use something other than content scanning.
I agree that such a law will have little effect.
However, if our legislators feel the need to pass "look like we've done something" laws, they could have made this one a tad bit more effective.
Instead of an opt-in list that will end up completely ignored, a marginally more useful law would have two main points - One, no open mail relays; and Two, huge bounties for tracking down actual spammers.
Yeah, we all enjoy trying to track down spammers at the moment, but it can take quite a bit of time, and often leads to a dead end. Even when successful, the reward tends to include nothing more than personal satisfaction and a bit of good karma.
Make hunting down spammers profitable, and we'll have 1.5 million unemployed geeks all spending their far-too-plentiful free time hunting down spammers in the hopes of making a nice wad of cash. With a pool of legalized vigilantes like that, spammers would soon vanish from the planet.
Much more info about the bill:
Proud patriot and republican voter.
550 5.7.1 Spamming is illegal, as per S.B. xxxx passed by the xxx'th Senate.
(Reference the line still used by spammers that messages can't be considered spam as per section 301 S.1618, yada yada yada)
They need to go after the people who manufacture and sell the products being sold via Spam. Of course that won't address the 'Scam Spams', but if companies face serious penalties if their products are marketed via spam, it might make them look harder at who they are hiring to market said products.
How about "Just say no" to spam? That should work wonders, yes?
Yes, the spam mostly comes from IP addresses outside the U.S. However, it is almost always advertising something sold by an entity in the U.S.
This bill, if passed, can have an effect. If a company in the U.S. uses spam to advertise, and that spam has fraudulent headers, then the U.S. company can be prosecuted. That's the true origin of spam-- not the IP address of the sending machine. This allows for a non-technical approach to combat the true originators of the messages.
Why do spammers use fraudulent headers anyway? To evade technical spam-blocking techniques (RBLs, whitelists, etc.). As the spammers start to reduce their use of such methods, the technical techniques used by many ISPs and end users will be more effective. No silver bullet, to be sure, but every little bit helps.
I'm all about getting rid of spam it eats up bandwidth and is just overall annoying. But this will just be another step for governing the Internet. I'd rather have to deal with a little spam then have the government completely hose up the Internet. Isn't there a better solution from software designers? Maybe setting up servers so they don't allow mass junk mail. I know it would be hard to identify truly legit email from crap but lets keep big bro out of it. By the way my hat is lead, not foil, it's not good for the neck but keeps the Masons from reading my thoughts.
"...but we'll pacify the ignorant public with the appearance of trying to combat spam. That will get us elected to another term, at least!"
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
although any language other than "spammers can be killed and eaten" is too weak.
cant we do what they do in northern states and countries and allow a large no-limit hunt to thin out the herd?
Do not look at laser with remaining good eye.
The major problem with a do-not-spam registry is not that it would only affect domestic spam.. The major problem is that there will be a huge list of validated e-mail addresses that spamhauses can buy, send overseas, and spam all day and all night from offshore.
/me smacks the US patent system)
The only reason this isn't happening with the telephone do-not-call list is that the cost of international calls is still prohibitave... but I think VoIP might make this option attractive at some point. I'd just love to get a sales call from some guy in India trying to sell me a new car windshield. Also, phone numbers are published anyway, so there is no real need to harvest the do-not-call list.
I think the way this should be implimented is a national list of MD5's of the addresses. Make it illegal to email any address whose md5 matches one on the list (converted to lowercase so that capitalization is not a loophole). This would prevent address farming, and have the same integrity as the proposed do-not-spam list.
(BTW, consider this prior art in case anyone goes patenting md5's of email addresses...
Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
The only legislation that is really needed is to make it unlawful to send mail with forged mail headers. They could pin them with computer and interstate commerce fraud.
Got Code?
...is the "do not spam" list...providing a free ready-made list of valid email addresses for spammers in Eastern Europe.
According to the article, there would be a "Do Not Email List" component to the law...
... while one can debate the issue of child support, the fact of the matter is that much privacy is being lost in the process; an excuse to further erode the rights of all Americans.
A "Do Not Email List" would cause a further loss of privacy...government (and its contracters, some of which are sketchy) would be able to associate email addresses with IPs and possibly other information...
If implemented, it's very likely one would be asked to not only supply the email address(es) they wish to add, but would also asked for their real name, postal address, and phone number too.
Now anyone who thinks that information will remain confidential is kidding themselves. Did you know most U.S. states sell driver license information, including DL pictures to private entities...even those states that have laws against such actions share the information too due to various loopholes in their respective state laws; information also shared with other government agencies, including the Feds (don't think for a second it's not).
Ok, got on a tangent there, but to make a point...
If the government were to compile a "Do Not Email List"...the following will *likely* occur...
* Email and associated collected information would be stored and added to other unrelated government/private databases too.
* Government and other private entities will use the list to help track/monitor people - ie. "Deadbeat Dads"
* The email addresses and likely their related information will be used by politicians for sending out spam...yep, there's likely an exception for that; there is for the national do not call list.
* Various private entities, mostly offshore, will obtain the "Do Not Email List" and use it in the exact opposite way for which it was intended...that is they'll send spam to those addresses.
Opt-Out doesn't work for email; its debatable whether it works for phone numbers either, but that another topic for another day.
Bottom line is that any decent anti-spam bill should NOT have a "Do Not Email List" component, but rather instead require companies, non-profits, politicians, etc to use double-verified OPT-IN email lists for sending ubsolicited email.
Ron Bennett
This is yet another toothless waste of time of a bill. Toss it on the pile.
Now let's get real:
It's important to realize that there are certain characteristics of most spam:
1. Most "legitimate" promotional mail comes from a static, traceable source (i.e. mailing lists or a specific web site such as amazon.com) The more legitimate spammers, due to their visibility, are forced to maintain more responsible mailing practices or else they will be blocked or blacklisted.
2. The vast majority of spam comes from rapidly rotating sources difficult to trace and lock down (random IPs on the Internet that are either unauthorized or compromised SMTP servers). Regardless of the nature of the spam message content, most of these spam sources involve one or both: violation of the ISP's terms of service (which most disallow smtp relaying from direct client IPs), or an illegal exploitation of third-party computers.
#1 is easily dealt with. Any centralized operation that doesn't perform responsible mailing (opt-in/out, non-forged headers, published contact info, etc.) can be dealt with. We know who these people are and how to reach them; they are large, targetable operations.
#2 is the real problem and the major source of spam online. All the penis-enlargement, Nigerian scams, online pharmacies and home mortgage solicitations are promoted through the use of an ever-changing network of computers, most of which are broken into by spammers or otherwise re-routed through a plethora of foreign ISPs.
The key to solving the spam problem is nailing down #2. I believe that most of the rotating spam sources involve illegal computer exploitation and compromises. We're talking criminal activity - not civil wastes of time. This is the angle law enforcement should use. Go after relay hijacking and enact punitive damages on ISPs who have demonstrated a consistent disregard for the control of their IP blocks. If we go after the spammer-criminals, they will be forced to settle with spam-friendly ISPs or face criminal prosecution. At that point they either clean up their act, or their ISP will become blacklisted. So the solution is straightforward: go after the spammers who take over third-party SMTP servers and client machines. These are criminal offenses which the authorities have yet to actively enforce.
My solution to the Spamedemic:
Believe it or not, solving the Spam problem is really easy and practical. It does not involve infringing on freedom of speech. It does not involve denying ANY business interest the freedom to use e-mail for marketing.
1. FORM A DEDICATED CYBERCRIME ENFORCEMENT AGENCY. Populate the agency with well-trained IT people who know the laws and the nature of the problem. This agency does not need to encroach into areas covered by US Customs or the FTC (i.e. not be concerned with the content of spam, but merely focus on computer/network-tampering/exploitation). The FBI is not adequately equipped to fight cybercrime. A new agency separate from the other law enforcement organizations should be created.
How to fund this new agency? How about a small fee for domain registrations? I think most people would be willing to pay an extra $5/year per domain to ensure that the Internet is more secure and spam-free. In any case, there's plenty of frivolous spending that could be repurposed to fund this very useful agency.
2. ENFORCE CRIMINAL PENALTIES for computer exploitation: mail-relay-hijacking, trojan horse, worm, virus and vulnerability exploitation. There are already laws on the books criminalizing these activities, but since Americans like laws and have a short attention span, it wouldn't hurt to pass a new law which exclusively, specifically addresses the issue of computer/network/communications exploitation by third parties, and levies very intimidating CRIMINAL penalties. There should be no threshold of monetary damage before criminality is triggered: that only punishes diligent admins to catch attacks before extreme damage
... If they passed the telemarketing bill, then why wouldnt they pass this anti-spam bill? It's the same damn thing, just a different medium. Make a do-not-spam list and be done with it.. If someone spams you, then you get a few grand. If they're out of the country, have the local authorities bring them in or hold off any help from the us financially..
Spammers please note: Spammers will get 5 year prison terms. Trying to sell tool enhancement therpies in prison is not a good idea..you'll get to know what "choke her with your large johnson" really means.
I've thought of generating a bunch of legal addresses and putting them on a CD-ROM, to show to my congresswoman with the message 'Here are 60 million of my legal e-mail addresses. This disk is full. How many more should I make?'
I'm glad that this bill is unlikely to pass, though it makes up something like 70% of my mail. We need opt-in legislation, and we need it with teeth. Large and increasing fines, individual grounds to sue, and possibly even the death penalty after some number of convictions; maybe 10?
--
I don't want to rule the world... I just want to be in charge of mayonnaise.
This is a BAD bill besides the fact it is an opt-out approach:
... we have a lot more likelihood of actually finding them and hauling them into court).
/. twice last night, and it was rejected... yeash)
- it preempts all state SPAM laws (some that are halfway decent and let us sue the spammers ourselves)
- it depends on the guberment to enforce it (yeah, sure... most state laws let the VICTIMS go after the spammers themselves
(BTW, I posted this story to
I'd be more inclined to believe that way if I were convinced that our elected officials took the time to understand the issues they're so intent to regulate.
Spam won't be stopped with just a bill. Either they don't realize that, or they do realize that and want to give the semblance of doing something about it.
Call me a pessimist, but I vote for the latter.
It intercepts your pop3 mail first, then sends the mail with a classication you specify, which can be filtered using mail rules. Since it works pretty much by getting mail from your pop server directly, and setting up its own mail server for the mail program to connect to, it really should work with any e-mail program. It's written in perl, and although it has binaries for windows, you can get a cross-platform version for other platforms capable of running perl.
Like all things, it's not perfect though. No IMAP spport (although their faq indicates they're working on it).
Warning: Opinions known to be heavily biased.
Hell, the RIAA got such an absure bill introduced. Just imagine if anti-spammers had that kind of back-door infuence on the congressional process.
PJRC: Electronic Projects, 8051 Microcontroller Tools
I agree--nuts to SMTP, let's resurrect the old UUCP mail maps.
I wonder if that would make it easier to weed out misbehaving nodes?
What damn bullshit. A law like this legitimizes spam, and will waste even more bandwidth.
I'm an American. I love this country and the freedoms that we used to have.
After reading about this in the Washington Post, where they noted that only e-mail providers or government entities could bring suit, I decided to look up the actuall bill to see if I, as a private e-mail administrator, could bring an action against someone under this bill. The text in question, however, said only "A provider of Internet access service adversely affected" could bring action. So I wrote my Senators to find out if they meant this to be only those who provide actual ISP service, or if people like me who run private e-mail servers could bring complaints. Should be interesting to find out what they say.
How To Get Humans To Mars
Lets see if this deters the the penile or boob enlargement pill spams that I get everyday on my cellphone..
:
Personally, I like to see that the government is doing something.
On my desktop
Spam has become a work of art these days that even my bayesian filters have a hard time keeping up.
1) First I used email address to block spam.. they came at me with different email addresses.
2) Then I marked emails with certain words as spam. They changed that too. Started spelling viagra "vi-agra". Lost again.
3) Installed spammunition and stopped spam based on context. They started to remove all words from spam and started adding jpegs with the ads.
Even the jpeg names are different each time.. grrrr..
All these spam emails get sent, about 30 emails get sent over weekend.
Feels like the battle at Helms deep !
I say the bill should include a premise to not only punish the "spammer", but attack the advertiser itself. So whatever porn site or pharmacy or whatever incurrs charges for each bit of spam that it is involved with. I think the damages should not simply be fines, but also jail time. This would be more of a deterrant to spamming than someone being able to simply go out of business and just as quickly open a new one. Any thoughts?
For those of you interested, the bill is S.877
CAUCE (Coalition Against Unsolicited Email) opposes this bill.
The bill isn't "Can Spam" in terms of canning spam. It's "Can Spam" in terms of "You Can Spam. Sure. Go ahead." It's opt-out, not opt-in. Prepare to have your mailbox flooded. Legally.
Sec. 105 (a):
(4) PROHIBITION OF TRANSMISSION OF UNSOLICITED COMMERCIAL ELECTRONIC MAIL AFTER OBJECTION- If a recipient makes a request using a mechanism provided pursuant to paragraph (3) not to receive some or any unsolicited commercial electronic mail messages from such sender, then it is unlawful
(5) INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN UNSOLICITED COMMERCIAL ELECTRONIC MAIL- It is unlawful for any person to initiate the transmission of any unsolicited commercial electronic mail message to a protected computer unless the message provides--
On the other hand, Sec. 105 (b) (1) (A) (i) and (ii) make it illegal to use address harvesters or dictionary attacks to send spam.
I'm also worried that Sec. 105 (e)'s restrictions on sexually explicit advertising will be struck down as unconstitutional, and may have adverse effects on the rest of the law.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
It's not that he's a troll that gets me, it's that he uses the world's most obvious karma-whoring tactics, the stuff that's been around since karma was born, and the IDIOT MODS STILL FALL FOR IT! It's good to see him going for the FP crap that always gets modded down instantaneously.
And how does the US senate plan to enforce these rules when all the spam is coming from outside the US? "I'm sorry China, but no more corn for you until you stop spamming"
boycott slashdot February 10th - 17th check out: altSlashdot.org
Clearly, you can't just give this database to a spammer and say "here, don't send these people email." What a great recipe for getting more spam.
Instead, the list would need to be secret, and a spammer could send a query: "Is joe@yahoo.com on the list?".
You need to avoid the naive solution, where the list-keeper says "yes" if the address is on the list and "no" if it is not on the list. Otherwise, a spammer could just do a dictionary-type attack on the list to discover as many email addresses as she could. "How about joeb@yahoo? joec?"
You need to instead say "yes" if the address is on the list and then randomly choose "yes" or "no" otherwise. This way if a spammer gets "yes" she doesn't know whether she has a real email address or not.
Ah, but more problems. If the response is truly random, then a spammer can make a repeat request for all the addresses that the list-owner said "yes" for. The ones that actually aren't on the list will have a chance of coming up "no" a second time. Repeat as many times as you want to get a higher certainty that you have obtained usable addresses.
So you instead need some history -- always say yes to "fooxyz@yahoo" even if it is not on the list. And now your memory requirement becomes infinite. Sure you could keep a cache of your most recent responses, but this just delays the time it takes for the spammer to find out who is on the list.
From this brief thought-exercise, I don't know if a "do-not-spam" list is doable. Maybe I'm missing something.
What is clearly much easier to implement is a "please-spam-me" list. The memory requirements would sure be smaller. And no problem making this a publicly-available list. Likewise, it would be easy to prove you are not on the list when you get some spam. And hey, if 90% of uses don't want spam, why should we force them to say "no"?
Like most of the posts I have read, I doubt that this bill will make much of a difference. Seems to me that at a minimum, any legal approach must include severe penalties against the businesses that are using spam for marketing as well as the spammers. Since every spam message that is trying to sell something has to have a contact point--a real URL or phone number--it should be easier to trace back to the business itself than to the source of the email.
One thing I noticed while scanning the bill text (on thomas.loc.gov, searching for bill #S.877.ES) is that the bill appears to outlaw anonymous remailers in any commercial transaction -- which could, depending on interpretation, outlaw cash transactions in the digital world. If you're interested, see section 1037(a)(2) of the bill.
You're blaming the Bush Administration for a do nothing bill that the Senate passed?! The bill hasn't even passed the house, but yet you're blaming "this Administration"?? WHY?!
The journey is better then the end.
I actually oppose any anti-spam legislation, not because I enjoy spam, or even think people ought to be able to blast out spam, but because of the potential loopholes in the law.
What I mean by that is this: the Do Not Call movement provided several exemptions; namely, politicians, charities, and anyone you've done business with in the past 9 months (?) is allowed to call you. What I fear is that similar loopholes in spam laws will actually make it harder to block certain spam. As it is today, I can forward spam to whoever owns the netblock it's on and request that they take action; network owners who don't often end up blacklisted, or at least shunned. Suddenly, however, it's harder to get people shut down. A _lot_ of spam comes from places that I've "done business" with in the past 9 months, even if doing business simply means giving my address to them.
All of a sudden, this bill is giving spammers loopholes to hide under; spammers could actually use the legislation in their defense.
________________________________________________
suwain_2
It's not the spammers - It's the customers of the spammers. This problem will not be solved by trying to block unwanted mail or by legislating against the practice.
There are already laws on the books against fraudulent advertising. Why not go after the "businesses" making all these ridiculous claims? If the FTC would apply the same standards to advertising via e-mail that they do via radio/tv/print, we'd soon see a dramatic drop in the use of spam.
When's the last time you saw a spam message for a legitimate sounding product? Or a tv ad promising to make your John Henry bigger?
*
Nuke 'em from orbit. It's the only way to be sure. . . .
I've said it before and I'll say it again: You have to make buying from spam illegal. You can't prosecute the international spam supply - you can target the domestic demand for spam, however. It's simple economics, people!
GL
did you see the poll in CNN?
Do you like recieving spam? yes/no
ROFL
Since when has legislation ever stopped anything before? Just another useless law on the books. If they really took a close look AT the spam they would realize its coming from outside the USA. Which we could never enforce the law, heck, we can't even enforce our own borders, what makes you think we can enforce this Spam bill on Joe Schmo?
This is a test. This is a test of the emergency sig system. This has been only a test.
Now I can:
# rpm -Uvh spamassassin
JAV
/me
I think it is interesting that they banned private civil litigation, since that appears to be making more headway than ISP suits.
Their first instinct is that the US government should control the Internet.
I'm sure that when pressed, they will (individually) admit that the US government does not actually own or control the Internet.
But there's no question that they fantasize about "taking control" of the Internet, and, as a group, they act out that fantasy.
In the end, it doesn't really matter whether their spam legislation is effective or not. The important thing is that they need to act out their control fantasy by passing new law. After all, what the hell good are they if they don't try to exert control over things?
A majority of spam usually includes links to a specific URL. What would happen if say, 100,000 people desided to show their "interest" in the site all at once? I'm not suggesting that people be like spammers, who have no problem launching DDOS attacks against anti-spam sites, but instead I am suggesting that people coordinate their interest in the spammers site to show their appreciation. There could even be a program much like SETI@Home, (no-spam@home?) that could help interested parties utilize their computers during off hours to access spammers sites in a coordinated manner.
The measure, approved 97-0, is considered the stiffest of a handful of anti-spam bills floating in Congress.
Doesn't the Senate have 100 members?
What I wanna know is; Who were those three slackers, where the fuck were they, and if they abstained form voting - WHO'S POCKET ARE THEY IN?
We need to find them out, and expose them as SPAM LOVING FACISTS!
Great press!
s'wut i sed.
...is that it pre-empts existing (and much stronger) state laws. At least one known spammer (Netcreations) is already licking their collective chops about its passage.
Another bad thing is that there is no right of private action for spam recipients. Only ISPs.
It's important to set a precedent, but this bill is not the way to go about it. Not without some modifications in any case.
Bruce Lane, KC7GR,
Blue Feather Technologies
I see a lot of valid complaints about how effective this is going to be, but honestly, I don't see it having any reverse effects. The spam problem can't possibly get any worsek, so whatever is done is a step in the right direction, however token it may be.
~Knautilus
However, the bill, referred to as the 'Can Spam' bill, is unlikely to pass the House and be signed by the President.
They should have called it something like "Mary Sue's Law for Liberty and Freedom". It would have been signed by dinnertime today.
Also, have a link between spam, Bin Laden, Hussain, and peodphiliac drunk drivers.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
I remember reading a while back that the major spam blacklisting sites were against all of the current spam bills. It's not good if the guys who fight spam daily think your spam bill is a bad idea and will make the problem worse. I don't know what all of their positions are on this particular bill, but I will quote from one of them, spamhaus.org:
"With all of Europe set to implement Opt-in legislation by October, Europe has taken the lead in banning spam. But the United States is going in the opposite direction, legislating Opt-out instead of Opt-in and looks set to explode the spam problem many times worse than it is today, incredibly by actually legalizing spam instead of banning it. US Congress is just months away from giving Unsolicited Bulk Email the green light and unleashing the spamming power of 23 Million American businesses onto an Internet which already can not cope with the billions of unsolicited bulk mailings sent today by just 200 professional spammers."
Once spam is legal, spammers can flood the backbone with messages to the people who haven't opted out, and anyone trying to block this now legitimate spam can be sued.
A - "Do Not E-mail List"
Every person on the planet has to sign up for this enormous database, which would also likely involve an extensive creation of an "IP identity system" whereby one central source would now know who is connected everywhere on the network. Now there is no such thing as true anonyminity online. This IP database has tremendous privacy-invasion potential.
Furthermore, such a list would be a beast to maintain and place the administrative burden both on end users as well as the database maintainers.
It ultimately wouldn't work because the majority of spammers are small, mobile operations that are already engaging in illegal activity with impunity, so why anybody thinks they're going to suddenly adhere to a do-not-email list is foolish.
B - SMTP relay licenses
Every ISP or company that maintains an SMTP server is "licensed". This puts no burden on end users and results in a dramatically smaller database of authorized mail relays. The end user can choose to use an ISP that accepts mail only from authorized relays. The entity maintaining the database sets specific standards mail servers must adhere to (no header forging, accurate contact info, proper message labelling, etc.)
While I was writing this, I just got a spam.. the header says it's from yahoo.com but an IPWHOIS shows the source of the spam is from a mail relay in LATVIA; an IP with no reverse lookup defined.
With the SMTP whitelist, we don't have these problems. If the Latvian ISP wants to e-mail the Internet proper, it registers the addresses of its mail servers and adheres to industry standards. If not, the mail systems and ISPs that are sick of spam who subscribe to the whitelist tell them to piss off. Problem solved.
This is a pure stupid politics pandering to the dumb. Stopping spam is a pure technical issue. Redesigning the SMTP protocol is the only way to fix this issue. Making it so that the From: addresses has to match to the MX record that sends the mail is going to fix a lot.
Passing a bill in any country to ban spam without technical improvements will do nothing.
Linux O Muerte!
I know, I know -- nobody would actually follow this particular law, but still... How about a law requiring all "unsolicited commercial email" to include information on exactly who the "agreement to receive 3rd-party email from marketing partners" came from. In other words, name those companies that we opted-in with so we can go back to those original companies and opt-back out. Yeah, I know there are loopholes. But I like the general idea.
Can you imagine a world in which congress always sided with the majority they are supposed to represent? *sigh* So nice.
So let's say my address is ClintXYZ@unix.org. I could sign up for something as ClintXYZ+ajkfdsjdfasjoifdoj@unix.org and the email would still be received by me.
Come up with a system, like ClintXYZ+yahoodotcom@unix.org. Then, if a spammer ever harvests your address, and doesn't cleanse out the extra characters, and then spams you, you will know it was yahoodotcom that did it. [This is just an example; don't sue me Yahoo.]
This has worked at least once for me (After doing it for a few years). A yahoo store violated yahoo privacy policy by doing this, and I reported them to yahoo. Never followed up though.
It's also good for mailfiltering. ClintXYZ+slashdot@unix.org for example if I wanted to filter everything that came from slashdot into its own filter.
Beware of webforms that don't allow +'s in the email addresss. It's a grey area of email address validity.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
I am running an experiment to learn which spammers harvest from Slashdot. Please do not mod this down, as it is imperative that this message remain on the main page of the story. Thanks for you cooperation.
ThisIsAnExampleAccountGL@yahoo.com
ThisIsAnExampleAccountGL@yahoo.com
Perhapse combining Bayesian statistical analysis with pattern recognition email clients?
Even simple OCR with normal email filtering would work better...
tasks(723) drafts(105) languages(484) examples(29106)
Simple. Allow the government to sieze spammer's property (computers, vehicles, houses, etc), same as they do under drug laws.
I guarantee you'll see law enforcement jumping all over spammers then.
Come on people! Credit where it's due! Every little helps! Spam filters alone are not going to kill spam. Legislation alone is not going to kill spam. Actions taken by ISPs alone are not going to kill spam. It is the combination of these efforts that is going to make the difference.
Drill baby drill - on Mars
The article clearly said that it is not likely to be passed fully this year. The summary of the article is incredibly misleading and makes it seem as though the House or President will reject the bill.
Senator John McCain sums it up: 'The odds of defeating spam by legislation alone is extremely low, but that does not mean we should stand idly by and do nothing about it.'
The odds of legislation doing anything to decrease spam are just about zero. The odds of legislation increasing spam approach unity. This bill certainly would, since it destroys existing state law prohibiting real spam (which this one doesn't), including California's law that makes spamming a criminal offense.
I think Mr. McCain spent a little too much time in his bamboo cage anyway.
How about if we just mock the hell out of the relative few people that buy from these sources. I mean, point and laugh at them. I met one once, "I wish they'd do way with SPAM....except the home mortgage ones. I like those." I looked at him and laughed my ass off, "You're an idiot! Your one answer to an e-mail made it so three million other people got an unwanted e-mail. Friends don't let friends respond to SPAM." If I could have figured a way to contact his family members I would have shamed him more!
Outlaw spam, and only outlaws will get spammed?
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
There are reverse effects:
* Our tax dollars have been wasted
* Valuable time our leaders could have spent debating something more productive have been wasted
* Once again, people receive a bogus sense of security that this totally-ineffective bill will make ANY difference
* When people see that yet another spam bill dosn't change a thing, their disenchantment with the government's ability to solve the problem increases, as does their apathy, which makes it even harder to solve the problem
* Spammers throw a party and celebrate that the government is still completely clueless and they have nothing to worry about so they ramp up their efforts even more
Non-US spammers buying the list for a big pile of confirmed email addresses. Of people who get lower than average spam perhaps (for a little bit?).
Slay a dragon... over lunch!
McCain is yet another stupid senator who prefers symbolic feel-good legislation over real laws that can be enforceable (at least in the USA). No, of course senators should not stand idly by and do nothing about it. But neither should they pass useless legislation, either. If he truly wants to solve the problem (as opposed to vote-getting fodder) then he and the others would pass some strong legislation with jail terms involved.
now we need to go OSS in diesel cars
I don't know how so many people can claim that this is unenforceable. All spammers have to provide some way of contacting their clients to purchase whatever they're selling. If someone spams you, then that contact information can be used to prove that the company was contracting spammers. It's not rocket science.
Those of you who know the old saying about the camel gettings its nose under the tent know that getting the government involved in legislating the Internet is a bad idea, even if it's for an apparently good reason. I hope this bill fails miserably. My email programs filter out spam for me just fine. I want technology to do my fighting for me, not some airheaded tech-clueless legislator who will use this bill as a justification for pursuing some other "great idea" about how the Internet should work in the future. This is a bad precendent, I think. I hope it takes a massive nosedive.
--Rick "If it isn't broken, take it apart and find out why."
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
I mean, with all the spoofing and crap, aren't you just giving them a nice, fresh, clean list of email addresses to bombard?
I mean, this anti-spam list will have to be available to spammers, how can you ensure the "bad" ones don't get the list and use it for nefarious purposes?
I did not know that.
I assume it doesn't work with Exchange? Seems to work great with my mail servers.
DO NOT mod this down!
ummspambait@yahoo.com
joeymikeandjaycee@hotmail.com
ummspambait@yahoo.com
joeymikeandjaycee@hotmail.com
ummspambait@yahoo.com
joeymikeandjaycee@hotmail.com
ummspambait@yahoo.com
joeymikeandjaycee@hotmail.com
ummspambait@yahoo.com
joeymikeandjaycee@hotmail.com
ummspambait@yahoo.com
joeymikeandjaycee@hotmail.com
ummspambait@yahoo.com
joeymikeandjaycee@hotmail.com
ummspambait@yahoo.com
joeymikeandjaycee@hotmail.com
ummspambait@yahoo.com
joeymikeandjaycee@hotmail.com
What really defines an ISP? Last time I checked, the FBI classified a few journalists as ISPs to get their notes. You can probably qualify as an ISP by getting a business DSL line, then adding a wireless router, so anyone on your driveway or nearby can use the Net. When you get spammed, just claim that you are an ISP for anybody near you....
we just "liberate" the country the operation resides in......
C Pungent
Well, I appear to have missed the boat on this one, but anyway: Does anybody else have a problem with Internet or Technology specific laws? Does the technological revolution raise any actual, new issues that require new legislation? It is my opinionv that most percieved problems can be equated to equivalent problems in 'real' life with appropriately fast and/or large communication system. Perhaps all that is needed is to establish how the 'old' system relates to the new and how we should move forward in enforcing it, without removing or negating any of the considered rights, checks and balances.
For instance, I do not see bulk/direct messaging as a problem specific to the Internet; junk mail, junk faxes and direct telemarketing seem to be found just as much a problem. Wouldn't it be more sensible if we created a system that addressed all of hteses problems and hopefully may cover future communications environments? As someone suggested most spam is already criminal under fraud laws.
Beating a dead horse here: DRM and TPM are a problem too, because in most countries, people can make non-infringing copies to non DRM enabled platforms; the infringing copies are already criminal by existing copyreight laws. Instead of creating a government mandated monopoly on information perhaps it would be a wiser idea to seriously fund, investigate, and run a program to expand the enforcement of laws on the new platform?
Other examples I won't go into include Import and Export, Wireless Networks and property, Trespass; I welcome any conter arguments to any of these, so hopefully I can smack them down. :P Here's hoping for replies.
Now every @#$!ing spam I get will cite their bogus compliance with the new Senate bill. More wasted electrons. Nothing to show for it.
Marshall's Generalized Iceberg Theorem: Seven-eighths of everything is hidden.
... but a step in the right direction...
Has any stopped to consider that so long as SMTP exists in it's current form to transfer email on the internet, the problem of spam will not go away ?
What we really need is a new mail transfer protocol, not legislation.
-Xian
The registry does not have to give out their list to spammers. They can require clients to submit a list of email addresses, delete any addresses that are in the registry, and return the modified list to the client.
Mea navis aericumbens anguillis abundat
It would send jobs created by SPAM to 3rd world countries. The same spam will be there, just all those Americans employed by spam will be out of a job. The same with the Do Not Call list.
Then I'll just blacklist all IP's outside of the U.S. How many of us get legitimate mail from China, Russia, etc? And if countries persist in not cracking down on junk email, then I'm going to set up rules so that whereever the originating country is from, I'll forward the junk email to the country's diplomatic corps. They're supposed to be diplomats, right, negotiating stuff? They can negotiate killing the spammers in their countries.
Screw root@127.0.0.1..... All you have to do is put in the email address of your representative whenever something on the Internet asks for an email address =). All you gotta do is get them on a few mailing lists... then the spamers will trade the addresses around =).
Anti-spam country, here we come.
Instead of trying to trace the SPAM. Pass a law that makes all commercial Email opt=in only. Then when the flow continues, fine the linked websites owner. Yes the company that is trying to sell something. The funding for the SPAMMERS will dry up fast at $1000.00 per Email in fines. The companies will be much more careful how they advertise, and bandwidth will return for something useful.
It might work.
Professional Politicians are not the solution, they ARE the problem.
i want to know how it can be unlikely to pass the house and have the pres sign it if it passed unanimously in the senate. that makes no sense to me. the house and senate are both fairly evenly divided between dems and repubs, and if they all agreed in teh senate, why shouldn't they all agree in the house or come pretty close to it? and if it got so much praise in the legislature, why would bush not sign it?
i agree that it won't put an end to spam, but at least there'd be a way to really do some damage if you catch a spammer.
please me, have no regrets.
Want to put your competitor out of business? Just spam every .gov email address with your competitions sales pitch. Competition gets sued, spammer wins. If the headers are spoofed, there's no way to prove who sent it regardless of the content. It won't work. Congress is yet again wasting our tax dollars, they need to get to effin' work on problems they can comprehend.
i need penis enlargement as little as the next guy (maybe even LESS!), even though the only spam i get is the occasional offer for helping some foreign expatriot smuggle some quadrillion dollars overseas every few months...
but, there's some potential for some important information being stifled by people's politics. generally such censure gives me an icky feeling, and i have no problem with that.
Leave your mailserver unsecured and have it hijacked by spammers? Get blacklisted by the major mail relays and lose your business. Your screw up, you pay. That'll improve global mailserver security almost instantly.
Run chinanet.cn and actively solicit spammers? Get blacklisted not only by mail relay but also by routers by US companies tired of your crap. How long will chinese ISP's continue to allow this when their network starts getting cut off from the world?
Companies have to find the guts to actually hold other companies accountable for their making spam and fraud possible. They're the ones bearing the burden, and they're the only ones who actually have a significant cluestick to weild. If UUNet, AT&T, AOL and the RBOCs decided to cut off the enablers, those slimy hosting services and undisciplined problem children would either have to shape up or disappear.
Relaying TCP and UDP traffic is a _priviledge_, not a _right_.
Companies have to find the guts to actually hold other companies accountable for their making spam and fraud possible. They're the ones bearing the burden, and they're the only ones who actually have a significant cluestick to weild. If UUNet, AT&T, AOL and the RBOCs decided to cut off the enablers, those slimy hosting services and undisciplined problem children would either have to shape up or disappear.
You don't get it do you?
UUNet, AT&T and other providers PROFIT FROM SPAM because they sell bandwidth. The cluestick needs to be bonked on people who don't understand the dynamics of this situation and therefore waste time with ineffective solutions.
First, the Senate bill is "opt-out", not "opt-in". After January 1, spam in California is simply a crime. You don't have to opt out.
Second, the Senate bill has no private right of action. It can only be enforced by Government action, and only in Federal court. California lets any victim sue. You can sue in small claims court (which goes to $10,000 in California), and you can sue in a class action, so the usual ambulance-chasers can go for the business.
Third, the California law lets you sue anyone who "sends, or causes to send" spam. "The true beneficiaries of spam are the advertisers who benefit from the marketing derived from the advertisements.", says the law. This lets you go after the advertiser, rather than the spammer. Just find out where the money goes when you put in a credit card number, and sue them. The Senate bill doesn't let you do that.
Fourth, the Senate bill preempts stronger state anti-spam laws. No more private anti-spam suits, no "ADV:" requirement, etc.
Finally, the Direct Marketing Association supports the weak Senate bill. As they put it, "Legitimate e-mail marketing is a promising vehicle for global commerce." That's a good reason to oppose it.
they also voted themselves a pay raise.
Risks Some web forms choke on the "+". Some humans do too :-) Dictionary Spam can be very ugly if somebody spams millions of potential usernames at your subdomain (or your pseudo-subdomain at yourname.fastmail.fm, but they've got spam protection available which can kill those.)
Mitigations If you're running your own subdomain and your own inbound mail server, be sure that mail sent to more than a couple of bogus or honeypot addresses gets noted and either blocked or teergrubed at the envelope level.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Feds have disliked anonymous communication for years. You'd think that if they wanted to ban anonymous communications using this as an excuse, they'd have done a clearer job of it, and that I'm just a raving paranoid, but hey, raving paranoids are the type of people that court rulings on anonymous speech are intended to protect, and given that they can't write a bill that does even a half-assed job of forbidding spam, their lack of completeness in banning anonymous speech may just be incompetence rather than malice. Or it may be a competent understanding of how far they can toe the line, and how much they can leave in slack for regulators and prosecutors to finish the job later.
Meanwhile, the spam bill is full of so many holes that are big enough to drive a fleet of truck bombs through that it's good that it probably won't pass. The bad part is that many of these sections may be trial balloons for later bills, though many of them are just in there to make incompetents like Schumer look good.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I want a massive class action suit against the Viagra corporation. I mean if we really want to go after the sources then lets put Viagra out of business.
The email protocol is what is screwed up. As long as you have access to a computer you can send out mail to anybody from anybody. And you can do it from anywhere.