Slashdot Mirror
Spammers Pleased with 'Anti'-Spam Act
grung0r writes "A post at Ed Foster's Gripelog explains why the new anti-spam law that Congress is passing isn't a good idea: 'it's clear that only the Direct Marketing Association, Microsoft, AOL and a handful of others had any input into the law, because it's carefully crafted to allow the big marketers free reign. And the loopholes it provides them will be more than big enough to provide aid and comfort for the smallest and sleaziest of spammers as well.' More about the problems with the law can be found at cauce.org." The direct marketers are dancing in the streets over it.
Best way is still just to grab the headers and complain to the account from which the e-mail came.
Condemnant quod non intellegunt.
With this new bill marketers must offer an unsubscribe link and respect it. However these is no guarentee your address might reappear by methods they'll claim were opt-in. Additionally we have all been trained that by clicking unsubscribe guarentees you MORE spam and not less. While *some* spammers might follow the rules and properly label their spam and offer reliable unsubscribe options, the shady spammers are guarenteed to gain. Their already operating illegally under a shroud of secrecy so being caught isn't really an issue and they might even see higher click throughs on their unsubscribe links :(
When spam reaches the point that other, more profitable ecommerce activities can't function, we'll see some real restrictions.
Politicians are useless. Law enforcement bodies don't even have cyber-crime issues anywhere on their priority list, much less the resources to fight it.
I encourage the population to engage in a number of active efforts to negate the value all these advertisers have, and their tendency now to bombard us all into oblivion with their repetitive, misleading and obnoxious messages.
* When you get spam, report it to Spamcop. Don't even bother with cutting-and-pasting the html source, the web hosting companies of spammers don't care about complaints. Make sure the complaints go to the ISPs who manage the IP space the spammer is operating from. But more importantly, when you report spam to spamcop, the source gets immediately flagged as a spammer and thousands of systems around the world refuse to accept mail from the source. It's VERY effective and the sooner you report spam, the more effective it is. The crap messages don't even get to peoples' mail servers this way. It WORKS!
* Turn off your TV and refuse to let yourself be turned into a quivering ADHD blob with the constant barrage of commercial suggestions. If you must watch TV, do yourself a favor and get a TiVo (it will be the best money you ever spent) and record what you want, when you want, take back your life and best of all skip the commercials!
* If you're feeling the need to waste time complaining, send a letter to your congressman and senators telling them that if they don't put more resources into cyber-crime enforcement you'll make it the center of your life to ensure they can't get elected to anything ever again.
* Spread the word that the only realistic solution to spam is licensing outbound mail relays via a sanctioned body that is nowhere near as incompetent as ICANN. We need an opt-in, international SMTP mail relay whitelist with ethical rules for being included.
* If you've had any bad experiences with companies who've ripped you off, do us all a favor and put up a web page on it and list it with the search engines. Peoples' apathy towards getting railroaded encourges the continuation of these scams. Know someone who's been burned by home-mortgage scams? Publish it! Put it out there forever. Every little bit helps to educate the feebleminded populace,make them more skeptical of suggestions (as well as editorial packaged as "news") and negate the value of quantum advertising.
* Forget client-side e-mail filtering as a spam solution. It will never work and it is a black hole of resources, time and money. Filtering is good for viruses and idiots who still insist on clicking attachments, but it won't ever do much for the spam problem.
* Encourage your ISP to employ relay blacklisting to thwart spammers so they can't even connect to remote systems.
* If you still find yourself occasionally watching tv and are annoyed at misleading ad campaigns, do what I do: dial the 1-800 number repeatedly over the course of the commercial's airing, making the advertiser's efforts counterproductive and sending a message that you're tired of being bombarded, emotionally manipulated and lied to.
* Don't buy any products advertised in any manner in which you find offensive or annoying regardless of the quality/desireability of the product.
* If you still feel your penis isn't big enough, just go to the local store and buy some multi-vitamins or just deal with it. You don't need a bigger penis, newer car, a George Forman grill, closet organizer, no-money-down real estate, second mortgage, questionable mexican placebos packaged as drugs, or to see Holly hump a German Shephard. Pick up the phone and go hang out with friends who like you for who you are and don't buy into the media's constant message that you're inadequate and money will solve this.
maybe the spam you get does, but most of the spam I get comes from Asia and South America. I sincerely hope you don't just see the masses of email that say they are from aol.com, hotmail.com, msn.com, and yahoo.com and believe them without tracing the headers (have a look at spamcop.net if you're not at all familiar with it). Basically Spam only comes 'from' the U.S. en masse in that there are people in the U.S. who offer the service of sending it. But they actually use offshore PCs, mostly in Asia and South America, because they would be perpetually signing up for new service providers if the used domestic servers, as the ISPs drop customers very quickly for such actions.
I don't want you to call me to sell me something, I'll call you.
I don't want you to mail me with advertisements, I'll mail you.
I don't want you to knock on my door to talk to me, I'll knock on your door to talk to you.
I don't want you to send me an e-mail, If I want your product, I'll send YOU an e-mail.
I don't want to drive down the street and look at your signs, I want to see the trees.
I, like many other intelligent people, like to buy things that we need, or want based on research, or discussion with friends and their experiences with the product or service.
So, in conclusion, remember two things,
1. Forcing your product on me is a good way to NOT sell it to me.
and
2. Don't call me, I'll call you.
That's not correct. Spamcop sends reports on your behalf from an anonymized address (something like anon30957@spamcop.net).
Alex Bischoff
HTML/CSS coder for hire
Some of the changes are listed in a news release from Sentator Burns' website:
The final CAN SPAM Act includes changes not in the earlier Senate passed version, including increased damages up to $250 per spam e-mail with a cap of $2 million that can be tripled for aggravated violations. For e-mails using false or deceptive headers, the cap does not apply. Additionally, the revisions to the earlier bill enhance FTC enforcement authority.
This means that the House gets to vote again on the revised bill - probably after Thanksgiving
I think we're preaching to the choir complaining about the effectiveness of the bill here, but it might not be a bad idea to address what someone else mentioned, of using technology, but NOT to deal with the spam problem. In truth, this isn't a spam problem, this is a law-enforcement, political priority problem.
Maybe this has been done before, but if not, it seems like a great idea:
How about if we get everyone within their local calling region with the resources to hang a modem on their PC and map an e-mail address that goes directly to the fax machine of their local senators, representatives and district attorneys?
While letting spammers hit these e-mails and bombard politicians' fax machines seems appealing, it might be even more effective to make it very easy for people within their regions to send an e-mail that goes to a politicians' fax machine. (We know most of them don't read e-mail)
I'd be willing to do this in my region. What if we got enough people to do this so we had a nationwide network of e-mail/fax gateways? It seems it would be much more effective to bombard a politician's fax machine with frustrated cries from their constitutients than home-mortgage scams.
Actually, it kind of does do this in a kind of weak manner in Section 11:
"The Commission shall transmit to the Senate Committee on Commerce, Science, and Transportation and the House of Representatives Committee on Energy and Commerce--a report, within 18 months after the date of enactment of this Act, that sets forth a plan for requiring commercial electronic mail to be identifiable from its subject line, by means of compliance with Internet Engineering Task Force Standards, the use of the characters `ADV' in the subject line, or other comparable identifier, or an explanation of any concerns the Commission has that cause the Commission to recommend against the plan."
That's pretty loose language, including the ability to say it shouldn't be done, but I doubt IETF is going to side with marketers here.
This is not the greatest sig in the world, this is just a tribute.
No. It's even narrower than that. It only applies to the specific line of business of the specific company being advertised. So one spammer can send you a Viagra spam, a mortgage-refinancing spam, an inkjet cartridge spam, a long distance spam, a cigarettes-by-mail spam, an extend-your-warranty spam, an online greeting card spam, a dating service spam, a credit card spam, a debt-consolidation spam, and a wireless video camera spam. You then have to opt out of each one separately.
I had the same question after reading the blog entry. Apologies in advance for the length of this reply, but I wanted to cite the portions of the bill that I think are relevant (as opposed to just declaring "yes" or "no" without providing any supporting evidence).
Technically, I believe the blogger is correct in this assertion, but after reading the full text of the bill I suspect the prohibition isn't quite as stupid as it initially appears. (For those who wish to follow the bouncing ball at home, a PDF copy of the actual bill is available here.)
The prohibition shows up in Section 13(b) of the bill:
So yes, there is a prohibition against defining identification labels in the bill.
But context is important here. Section 13(b) is placing restrictions on the preceding paragraph, 13(a), which states:
So Section 13(a) gives the Commission authority to start making regulations based on this bill immediately. But some sections of the bill weren't intended to be implemented immediately, and instead call for the Commission to do some research first and report back to the House and Senate with recommendations.
Section 5(a)(5)(A), the part which the Commission is explicitly not authorized to implement yet, is the portion of the bill that would require "clear and conspicuous identification that the message is an advertisement or solicitation". Obviously, before companies can comply with (or be prosecuted for failing to comply with) regulations related to 5(a)(5)(A), the Commission will have to specify exactly what qualifies as a clear and conspicuous identification.
And indeed, down in Section 11(2), we find that the commission has been tasked to come up with a report on how this identification is to be performed:
So it seems to me that Congress is leaning towards using an 'ADV' tag in the subject line to identity "legitimate" UCE, but that they're really not sure how any of this email stuff actually works, so they stopped short of making this a requirement in the current bill. Instead, they're telling the Commission to go off and get familiar with the relevant IETF standards, figure out if 'ADV' or some similar subject-line tag approach could be done without breaking anything, and have the Commission report back with either (a) rules on a workable method for identifying UCE from the subject line, or (b) a danged good explanation why this can't be done.
Rather t
A marriage is always made up of two people who are prepared to swear that only the other one snores.
This is such complete bullshit!
Mail? Put "slashdot" in the subject to pass the spam filters.
Almost everyone is missing the fact that laws, even when well written and targeted, are poor substitutes for economic solutions when the undesired activity is economically driven and economic solutions are available. And this law seems particularly badly written. It is pointless to whine and wring our hands over this, since it's fundamentally bad policy to wait for someone else to save us from things we're unwilling to deal with ourselves. Anti-spam legislation was bound, if not to fail utterly, at least to start very badly, like Billy Bob's Mail Order Plans For Home Fusion Power. If you'd like to empower yourself, read the remainder of this post. If you'd just like to gain the satisfaction that there is hope,, read this post.
Why does spam exist?
Most spam seeks to sell something, directly or indirectly. Most spam solicits visits to what might be called "beneficiary Websites" -- the Websites where the touted products are actually sold, usually via e-commerce. Some small percentage of spam solicits responses by phone or fax, a smaller percentage by snail mail, and a very tiny percentage advises you to come to Jesus or some such with no response solicited.
So almost all spam exists because someone hopes to make money from it, and almost all spam solicits responses to beneficiary Websites.
Forget who sends it: Who is responsible for it?
OK, so the largest percentage of spam solicits visits to product or service Websites. Follow the money. Other than the rare "Joe job," such spam is obviously sent either by the Website operator or by a contractor acting on behalf of the Website operator. No one else stands to benefit from the responses to the spam, so no one else will lift a finger to attract traffic to the Website except in some very rare scenarios.
So the true beneficiary of the spam, who is also the party who funded sending the spam, is generally readily visible and reachable. The true beneficiary is almost always also the true source of the spam. The question is: knowing this, what can one do that will be effective?
Counterattack the source
Paul Graham, the researcher and LISP expert who advanced Bayesian filtering a little over a year ago, followed up a few months ago with a paper on Filters that Fight Back (FFB).
The fatal weakness in spam that attempts to attract visits to beneficiary e-commerce Websites is just that: it invites us to visit, and explicitly so. When we accept the invitation and visit the beneficiary Websites, the additional traffic marginally increases the costs of operating the Websites. "So what?" you might ask.
Here's what: the Websites count on the millions of recipients of the spam who are not interested, not to visit the Websites. The flip side of the near-zero cost of sending spam is the near-zero cost of the unresponsive among the recipients. The Website operators send or cause to be sent millions and millions of spam emails but they only have to pay for the server capacity and bandwidth for the tiny response rate from the morons who actually buy stuff. While we can't easily change the low cost of sending spam, we certainly can change the low cost of hosting the servers that have to handle the Web visits that can result from spam. We can do that simply by accepting the invitations contained in spam, and not only accepting the invitations but clicking on every link they have, to make sure to navigate through all their pages.
But that sounds like too much work!
Sure. And dangerous, too, because your browser may not be configured for maximum security. If it were, you wouldn't be able to surf most of the major sites on the Web. But there's a completely legitimate set of tools for downloading Websites for offline browsing. WebWhacker is an old one that
Look at the bright side: there's always seppuku.
It covers precisely the range and points that were widely accepted by the end of the conference. And yes, that means it ended poorly.
A few of us tried to make the point that filtering done at the receiving end does nothing to stop the wasted bandwidth. Furthermore, carrying that extra bandwidth, whether a given user ever sees it or not, means greater equipment purchase, maintanence and replacement costs, and those costs are passed along to the consumer.
Unfortunately even some of the supposedly anti-spam community got suckered into accepting "labeling" and "the false positive problem" and other nonsense. I think they were trying to be fair to the few truly ethical online marketing folks, but in so doing forgot to consider the actual numbers related to the issues, and lost track of perspective.
My hero of the conference was Commisioner Swindell, the older ex-Marine gentleman who found himself seperating a spammer's lawyer and his intended target it a near brawl. I spoke with him, and he was one of the few there who maintained the recognition that the problem is far greater than the stuff that annoys people when they find it in their inbox; an equal problem is that part of their bill due to spam whether they receive it nor not.
A suitable response to this law would be for everyone (in the US at least) to forward any spam they receive to the inboxes of the boneheads who initiated and supported this law, with the statement "IT AIN'T WORKING!"
"Nuke 'em from orbit. It's the only way to be sure." -- Lt. Ripley
"I may be synthetic, but I'm not stupid." -- Bishop 341-B