Slashdot Mirror
UK Spam Law Goes Live
loonix_gangsta writes "So, the UK has taken matters into its own hands and, as of today, is making it a criminal offence to send e-mails or text messages unless the recipient has agreed in advance to accept them. The law comes into force today. Unfortunately much spam originates from the US so the UK had previously asked the US to co-operate."
The laws make it a criminal offence to send e-mails or text messages unless the recipient has agreed in advance to accept them.
IANAL the article is not clear on whether they're going to prosecute the companies or the spammers working for a company?
If they are going to prosecute the companies then i would imagine someone's going to do a fake spam to frame their competitor.
with the current way of distributing spam via viruses and zombies this seems like a great law to use to annoy your competitor.
BOSS: "I'm going to call you about the meeting to accept messages about the meeting. Is that okay with you?"
EMPLOYEE: "I didn't agree to receive this e-mail!"
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
Personally, I see a lot more spam from China or Korea than the US. Sure, we get a fair bit from worm infected machines these days, but China and Korea are still the heavy hitters. Perhaps it would be more positive to amend the article, "Unfortunately, the UK is responsible for a very small segment of spam in the wild, so this is law is not likely to make a major difference to Internet users." Having said that, there are lots of people *responsible* for spam in the US, but it's next to impossible to tie most common spam to these respective (can I even use that word in this context?) people. Andypoo.
The register is running an interesting article on the difficulty people have had so far reporting their spam. It appears that the paperwork and procedures for complaints are not yet available. How useful.
2. Most spam is from US/Far east
3. Spam gets sent because really stupid ppl respond to it
The impact of spam will only be lessoned when people are educated to take care of the problem. I.e Not responding to spam and taking responsibilty for their internet connection rather than just calling for legislation.
The UK always has this "Something must be done" mentality without people ever thinking perhaps *they* could do something.
What worries me is that people who's machines get worm infected might be the ones getting sued.
This law is an EU wide law and therefore applies to all member countries, including from next year (2004) at least some of the Spammers favourite countries such as Poland, Estonia etc.
This both worries me and pleases me at the same time.
Whilst innocent users could get caught up in horrendous legal battles, it also means that class actions against certain companies making horribly bug-riddled mail clients may also be forced to take place.
Of course, I shouldn't really wish legal battles on anybody, but in the view of means to an end..
Andypoo.
(Yes, this time I will use Plain Old Text)
Critics of the UK approach say the laws do not go far enough and that the maximum 5,000 fine is not high enough.
5,000 fine for what? Laws like the California anti-spam bill (which unfortunately will be nixed by the new federal bill before it even becomes law) allow for fines on a per-email basis. If this is the same, then I see no problem with 5,000 per email. It will add up in the end. But if it is 5,000 per campaign!? Much to little.
This law does allow for individuals to sue for themselves, but I didn't see anything mentioning if the marketers could be sued as well as the spammers. So it's got a leg up on the US law, although it could be better.
Punctanym: alternate spelling of words using punctuation or numerals in place of some or all of its letters; see 'leet'
However, this provides more interference with the operation of the Internet while offering very little in the way of actual benefit. Already some people have experienced problems with overzealous realtime blackhole lists, others (me) have problems with ISPs implementing incoming filters without letting anybody know, silently dropping legitimate mail along with the illegitimate. And legal solutions rarely are -- it's just a matter of time before a loophole is found in this one (besides the obvious: since the empire has waned in recent years only the U.K. really trembles at U.K. law). Additionally, this may impede legitimate unsolicited commercial e-mail as well as that of the "Free Vitamins 7538" variety.
At the end of the day, we've really yet to mount a good defense to spam. And I still don't think laws are the way to do it.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
The spam sent from China and Korea is overwhelmingly sent by US based spammers exploiting the widespread open proxy problem in the Far East.
The other major source of spam from the Far East are the "bulletproof" spamming facilities provided to US based career spammers by greedy Chinese administrators.
It is not that difficult at all to track who is responsible for the spam, just see who's being advertised.
In addition, most of these types of spam has a "fingerprint" that pinpoints the spam to some career spammer. The fingerprint can be a domain name, method of operandi, language in the spam, anything really. Resources like ROKSO at spamhaus.org are very good at identifying the real source of the spam.
Proletariat of the world, unite to kill spammers. The more painful and slower, the better.
In Soviet Russia, I ruled you
A lot of spam does indeed 'come from' Korea, China, Brazil etc, but a vast majority of it is still being sent by US spammers, using open relays and proxies in the aforementioned locations. Same with bullet-proof hosting of spamvertized webpages.
"criminal offence to send e-mails or text messages unless the recipient has agreed in advance to accept them"
Examples of spam?
"I found your article at example.com very interesting, but I have some additional information you might be interested in..."
"Regarding the job posting in this Sunday's paper..."
"Excellent blog for today, I laughed my ass off"
Interestingly enough, businesses suffer most from spam, not only in jamming traffic and exhausting space on mail servers, but also losing money on employees sorting through or reading spam mail.
[Please sign here]
There seems to have been quite an escalation of spam over the last couple of months, with my mailbox receiving double the amount it used to. I've managed to cut that down to just a handful a day by adding a blanket delete rule on all mails coming from earthlink.com, juno.com, verizon.net, sprint.com, concentric.com, att.net, rr.com, ukscby.com, ukscby.net and any address ending in
It's a shame that all users of those domains/services are now blocked from sending me legitimate email, but until they get their act together and clamp down on spammers, that's the way it's going to stay.
My junk filter catches 99% of the rest, but at 1/2 a dozen a day, that's easily manageable.
Hopefully the impending US Law will make life harder for them. Ok, it's not the best solution, but it's a step in the right direction, and will make it easier to take similar small steps in the future so that we end up get legislation that really does the business.
And before anyone pipes up stating that you can get rid of spam by legislation alone, sure I acknowledge that. But there is no "one size fits all" solution to this problem, it has to be tackled on many fronts. Both legally and technically! So this is an important arrow to have in the quiver.
Macka
Yes, and all the papers that have headlines saying "Smith Wins" after an election are plagiarizing as well.
There's nothing particularly original about that headline. Besides, the Register headline uses "anti-spam", not "spam", so it's not verbatim.
I deal a fair bit with tracking of spam (I wouldn't say I'm an expert or trained in any regard), but a lot of the spam (mostly pharmaceutical, penis enlargements, etc) seem to point back to sites hosted in China. I'd say the vast majority of these.
.au :) Perhaps all the US spammers are ignoring me as an unlikely buyer
Whilst you can use a bit of 'guesswork' to determine that they may be from the US due to certain use of grammar, linked images, etc, the *majority* is just pointing to China and sometimes Korea (although this is more just delivery).
I don't know, maybe we're just being targetted differently being
I must say, that overall, US ISPs are fairly responsive to spam (at least in regards to hosted sites and DNS), as for delivery (which is mostly worm-related these days), I get very little response (if only I could get Comcast to act on those few hundred messages I reported).
Andypoo.
Here is some laws I would suggest:
A) Whoever has an open server can get fined/sued/whatever for at least a small amount if it sends spam.
B) Fine people who reply to spam.
C) Anyone who sells an email service or product should point to some good anti-spam software (the user can choose to use it or not).
D) Just make Murphy's Laws official for once and for all, dammit!
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
The Law
as published by the government itself.
-- Sorry, I can't think of anything funny to say here.
I've gotten several emails today from companies asking me to give permission to send me emails in the future.
But these emails that ask for permission -- I didn't ask for them! Those companies are _breaking the law_!
Meanwhile, today's spam count from Africa, the USA, etc: 40.
Whence? Hence. Whither? Thither.
I'd actually like to see a few people found guilty of this and fined a negligable amount on the grounds they were "less than technically competent" or whatever legal euphemism for "dumb" the court comes up with. Making companies, and even end users, liable for not patching their system could be a good thing all round. The big problem with this though is patch availability; if the patch has been out for months, as in the case of Nimda IIRC, then fair enough. But what happens if the first thing the world knows about a problem is when the worm hits the Internet? Can you guarantee that your judge and jury can tell the difference and pass an appropriate sentence? I suspect the answer is, and will remain for some time, "no".
UNIX? They're not even circumcised! Savages!
Perhaps in some cases, but it others I'm not so sure it's either. I think some companies are just in denial about sending spam. Sounds hard to believe, right? Well, I run a small web design company, and I specifically put a No Spam clause in my contracts. When I talk about this with clients, I get some pretty sad responses.
They are all shocked that I would suggest that they would spam -- because most of them think that 'spam' only refers to the pornography, penis/breast enlargement, Nigerian scam, fraudulent products, etc. emails. In their eyes, "we're just sending out a promotional email, it isn't spam!" When I ask them if they will only send emails to people who have requested it, the response is typically, "We have to send out to more people than that! We are planning on buying a list of email addresses from (fill-in-the-blank-"marketing"-operation) and using that. That's ok, right?"
Now I'm not talking about companies that knowingly hire spammers to do their marketing, I'm talking about the smaller companies that try to do it themselves, or maybe are convinced of the legality from a spammer wanting some more business, and end up becoming part of the spam problem with their purchased lists and "but we offer a legitimate service!" attitudes.
These people are just in denial.
Punctanym: alternate spelling of words using punctuation or numerals in place of some or all of its letters; see 'leet'
The law does apply to the entire EU, but it has not taken effect EU-wide, as it is up to each member of the EU to follow through. The UK has moved forward, but most of the other members (list below) have not. It's also not clear that they ever will.
From The Register:
The directive obliged individual EC member states to introduce anti-spam laws by October 31. However nine member nations of the 15 country European Union have so far failed to adopt anti-spam legislation. France, Germany, Belgium, Finland, Greece, Luxembourg, the Netherlands, Portugal and Sweden all face possible court action unless they provide an explanation on their lack of progress within the next two months. Austria, Denmark, Ireland, Italy, Spain and the UK have already taken steps to adopt the EU law.
Most spam is intended to make the recipient visit some destination and do business of some kind. Perhaps anti-spam laws needs to target the businesses that use spam to create business - the destinations of all those links in all those spams. Any company that sells viagra, ink jet cartridges, cell phone plans, or mortgages will have a more vulnerable point of presense than a spammer does. Even porn and gambling sites could be vulnerable because they require more permaneance than does a spam operation. If those companies where held accountable for their marketing affiliate's spams, then they might not engage the services of spammers.
Two wrongs don't make a right, but three lefts do.
I'm from Australia actually :) And not particularly fond of the US for a variety of reasons, but for the sake of spam, I don't think they're entirely to blame.
.net, etc are likely to be US-mostly for example), rather than go after .au and .uk domains (do you have only .uk addresses? Or .com/.net?) Whilst you may think this would take an overwhelming about of thought/preparation on the spammer's side, imagine the greater exposure they'd get from this slight targetting..
Just because a spam contains a US-style phone number (which is generally not the content of the spam) or identifies as a US-based business, only means they're trying to seduce the biggest market (the US) for their advertising campaign.
I don't see sufficient evidence in spams these days to suggest that the US are behind the majority of spam.
However, will definitely be looking more at ROKSO from spamhaus.org, although traditionally, most of the "big name" spammers I've seen on these lists are spam campaigns I've never personally seen. (Which is surprising, because a lot of my addresses are very exposed.)
I guess it just boils down to differences in targetted audience based on domain. Whilst you might not think any consideration goes into which addresses are spammed (since you may aswell just 'spam them all'), up until recently, most spam has worked off e-mail lists, and it makes sense to try to deliver to your most powerful segments first (.com,
Having said all that, I'm still assuming the US as the most lucrative and easily led market for spam.
All in all, not really saying that the US *aren't* behind the majority of spam. I just lack suitable evidence that they *are*, in my opinion.
Phew,
Andypoo.
But why not simply form a "National Do Not Spam List"?
:)
This sort of thing allows for blanket rejection of the bulk of spam. Legit companies could of course be made exempt, as with the DNC List (debatable).
We could then levy fines on a per-incident basis.
I'll admit that FINDING the spammers might be more difficult than tracking a telemarketer - but not a hell of a lot more difficult.
You also have to consider that, unless it's an outright scam like #419, somebody is paying the spammer. Making it illegal to purchase "leads" from spammers would also be a REALLY SWELL THING TO TRY. After all, buying stolen property (even if you didn't KNOW for sure that it was stolen) is still illegal. It's not really that hard for these mortgage brokers and discount drug companies to know if they're dealing with a legitimate source or not.
Just a few thoughts. Comments are encouraged
** Chigusaaa!!! You're the coolest girl in the WORLD!!! **
Again, you missed his point. These people are operating completely via proxies. The websites, the trojaned open-relays, the dns hosting, are based in Asia and operated discretly by career spammers in the US. The only way you can trace it, is either the fingerprint in the spam or by "reverse-hacking" those already trojaned machines to find the path back to the original spammer's location.
Spam is no more free speech than your local bookie painting his ad on the side of your house or car is free speech. In fact, to come close, he would have to bill you for the paint.
Given the difficulty the US is having of not only enforcing but also legally maintaining the "Do-Not-Call" Phone Registry federal initiative, I have doubts that the US would ever be able to implement an effective anti-spam law
While spammers don't have the political clout of telemarketers, it is easier to enforce laws aimed at telemarketing than spam as the major customers of telemarketers tend to be large corporations (long distance phone companies) and phone calls are easier to trace back to source than e-mail.
Yes, interesting factoid for the day! The UK is actually an independent nation that actually has its own laws! Gosh!
Who would have thought we could just block BocaRaton. Also, looks like if I have a contest and tell people that register that they get additional entries for people that they refer - they are now breaking the law by spamming their friends.
comment directly in my journal
I tried to email my complaint to them, but they didn't agree to accept my email first, and now I'm looking at 2-5 :(
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I'd actually like to see a few people found guilty of this and fined a negligable amount on the grounds they were "less than technically competent" or whatever legal euphemism for "dumb" the court comes up with.
That euphemism would be "negligent," at least here in the US.
as ignorance of the law is no defence, i am going to e-mail all my contacts at once and tell them about this. i also encourage all of you to mail everyone in your address book and tell them. maybe, even do a good deed and e-mail some people you never have before to spread this excellent news.
the more the merrier!
I wouldn't be surprised if the article left out that this only applies to commercial emails. If it doesn't then it should.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
Being a British citizen recieving spam to a personal mailbox, I phoned the "Information Commission" to get them to so something about the 50 or so spams I have had since midnight when the act came into force.
Their procedure is for me to print out a 4 page Word document (no rtf, html or any other version!), manually fill in dozens of mostly irrelevant questions, and then snail-mail(!) the form to them.
I pointed out that mailing them 200 pages of handwritten notes every 6 hours was a bit impractical, and they told me they would ONLY investigate cases where I had CONTACTED THE SPAMMER AND ASKED TO UNSUBSCRIBE!
I told the person on the other end that replying to Spam is the best way to get deluged with more, and they agreed with me.
The only bright side is that they will soon put up details of how to bypass the Information Commission and take action on your own.
A pizza of radius z and thickness a has a volume of pi z z a
This law is only really enforceable against reasonably legitimate companies with UK addresses. It needs a test case, and I've found a real doozy of a target!
For years now, Yahoo have been sticking html and text adverts on the end of messages on YahooGroups mailing lists, which bugs the hell out of me. So I just mailed Yahoo UK to tell them I'm not consenting to recieving adverts from them.
Technically, I can claim 5,000 for each one I get from now on. It will be interesting to see how this works out - maybe they will unsubscribe me from everything?
A pizza of radius z and thickness a has a volume of pi z z a
The paperwork/procedure is available now, from this site.
It's ineffectual paperwork, naturally -- and to use it you have to be able to read documents created in a secret proprietary format (MS Word) -- but then, just look at the ineffectual law it's supporting!
Yup, looks like the politicians have dropped the ball again...
If I research potential customers and send them an email to sell my services, am I a spammer?
I claim that mass mailings would be spam however if I have taken the time to hunt down contact information for potential customers sending them my marketing information via published contact addresses (Phone, Post or Email) should all be viable methods.
What do slashdot readers think?
comment directly in my journal