Slashdot Mirror
U.S. Spam Law to Take Effect Jan. 1
We lead with news that the U.S. 'anti'-spam law, written largely by the Direct Marketing Association, will enter into effect on January 1. The bill preempts existing state laws which are tougher (states' rights anyone?), so for many citizens, this is purely a pro-spam law. The FTC is thinking about bounty hunters to enforce the new law (which you can and probably should read for yourself).
The problem is that our current email system is flawed... one of the best solutions (or actually work-arounds) for the current protocol is obvious, and already being used by several major ISPs... opt-in for ALL email. I know a few people who do this (their server rejects email from all senders except those on an approved list) and it works very well for them, but the average Joe wants both convenience AND security for their email, so the hassle of having to "approve" folks is not worth it (apparently it's easier to weed the 30 or 40 legit emails out of the 100's of spam messages)
Face it, email, in its current incarnation, is inherently flawed. Until we actually change the way we implement and use email (perhaps even changing protocols) we will continue to have spam problems. Even Britain's "opt-in" version of anti-spam legislation has done little to curb the problem. The US "opt-out" version is even worse! When a prominent spammer is quoted as saying this 'anti'-spam legislation "makes my day", you KNOW it's a bad law!
I think that the problem needs to be tackled from a technical standpoint, rather than a legal one. If we were able to improve the system, legislation like this wouldn't be necessary!
The federal law is general - you can't escape it across the state borders?
The owls are not what they seem
Not far off topic (at least i hope) but what about companies that have a presense in other countries? like Sony? can Sony.jp spam you and get away with it?
obviously anyone can move their spaming practices off shore to where they don't care but what about those "legit" companies?
I'm confused about how this will preempt state law. The state and federal government regularly disagree on a particular issue and have different laws in place to handle such issues (see state marijuana laws vs federal) but that has never preempted a state law or deemed a state law unenforceable. Unless of course a court determines the law is unconstitutional.
What gives?
I have to wonder if some spammers are already backing off in anticipation of this or if hotmail did something about spam. I went from about 200/day to about 4/day as of about 3 days ago. I thought my account was messed up and had to email myself to see if it was working.
Wouldn't it be great if that was a preview of things to come if this bill works? Yeah it's not exactly what we wanted but it does restrict them quite a bit and opens them up for legal repercussions for spam-blasting pron to teenagers. Things won't be as easy as harvesting addresses & blasting users with crap. I personally like it. If they don't have working unsubscribe mechanisms, forge headers, relay off of unsuspecting users, etc they can be prosecuted.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
After the war on drugs, the wars on poverty, the war on terror... no the war on spam?
You cannot legislate away structural problems. Spam is the direct consequence of having an unprotected communications ecosystem. Communications represent a resource and spammers exploit weaknesses in protocols, interfaces, and operating systems to steal this resource from others.
This law will simply harden the existing bonds between spammers, criminals, and virus writers. Expect the fight to escalate, and your inbox to get fuller of junk.
Legislating against spammers will simply mean that spamming will become a criminal activity. Since some of the largest and most profitable and fastest growing businesses in the world are criminal (drugs, weapons, slavery, stolen antiques & art), what government can be so naive as to hope that this can succeed?
There is only one answer and I've bored Slashdotters with this often enough. Understand that the Internet acts like an organic ecosystem, where parasites evolve according to basic and unalterable rules that govern all ecosystems, natural or artificial. Understand that there are also ways to combat such parasites, based on variation, mutation, and recombination. Explore and develop these techniques.
Ceci n'est pas une signature
But most of us are just sick of getting 500 "PAR1S H1LTON S*X TAPE!!!!!" emails every day. And I'm particularly sick of the assholes forging my domain in headers, further flooding my inbox and prompting mailbombs and death threats from the aforementioned righteous and holy. If a measure bans domain forging and creates a national Do Not Spam list, I can more than live with the occasional opt-out mail from E-Bay. Sorry.
What I'm listening to now on Pandora...
Three things strike me about this law:
1. After reading the text, it does not include the word "bulk" in any context for spam, which basically means that any single person email to another person (even if sent in good faith) could be applicable to the law if the receiver deems it "spam." I think that is a mistake.
2. It limits statutory damages for civil violations. This is ridiculous, is it really necessary to protect the spammers, basically the most hated group of people within the net?.
3. It still allows "spam" email from charities, religious organisations and government bodies. Now all I need is my penis enlargement emails coming to me from the church of large testicles. Seriously though, why is junk mail from churches or the even the government for that matter better than my daily breast enlargement emails?
I see this as a dangerour move for the legislators who passed the bill. If they go about trumpeting it in their re-election campaign then it could backfire HARD.
Look, we all know that a bill on the books in even a country as influential as the US won't do any good for technical reasons.
If the senators talk about how they're doing it for the little guy and then said little guy looks in his inbox to find just as many, if not more, penis ads then confidence in the reps could waver.
Not only that, but I'll be that overseas spammers are smiling at this bill. Just because you clicked on an opt-out link in an email from a company based on China doesn't mean that they have to remove you from their list any more than they did before. In fact, now I'd bet that you're going to see even more spam because people in the US will be doing just that; clicking on all the opt-out links thinking that now they're protected by the new bill.
this should be fun to watch =]
Well, at least no spammer would ever ruin their great brand recognition and close down shop only to open up again under a new name every couple weeks...
You can't take the sky from me...
So for any spam that has a forged header or a misleading subject, California's new law, with the $1000 per spam penalty, will still apply. California allows private suits in small claims court by any party. So you can haul the bozos into court. Maybe even across state lines.
A year or two from now, we'll be rid of the chickenboners, but we'll be getting even more spam from "legitimate businesses".
People complain about the bill because, due to the way it is written, it is likely to actually increase spam as people reply to spams believing they'll actually be removed.
:-p
And the parent is NOT flamebait
It's a valid question.
Twenties Retirement
Email is a problem that transcends State's borders (It's an interstate problem, not an intrastate one)... hence, it's a federal issue and transcends State LAw.
No actually, they're not just a good idea, they're a GREAT idea.
Unlike criminal bounty hunters, there's no violence involved. It's all intellect to intellect. Who can study and understand the most about everything involved. (Which can be everything from OS's, to protocol stacks, to network topology, to application exploits, worms viruses, daemons, services, ect.)
But how are they going to determine bounties??? This is a tough question.
Will it be by volume (amount of spam sent)
Will it be by complexity? (How hard will it be to decipher what the spammer did?)
Will it be by difficulty? (How well did the suspect cover up their tracks?)
Or will it be by the amount of time unsolved?
I think all of the above would make a great basis to calculate a bounty. I also think an audit trail of some type has to be established with evidence gathering, because it's not too hard to point the finger at an innocent person.
So if you say it's ok to bounty hunt as long as you're white hacking in the "name of the law" how far will you be allowed to go with your evidence collecting before you've crossed the line into privacy invasion?
See, that's the real conundrum with bounty hunters on the net. It's not like the days of the old west when you could hang up a picture of a guy, point and say "That's the one!" With the net there are so many complex ways to frame a person that it's unpractical to give goverment, let alone private netizens the type of evidence collecting power they would need in order to procescute people.
So maybe it isn't such a great idea after all. Sounds more like someone trying to equate the net with some spaghetti western. What we need to do is replace the current mail system with something better (something discussed many times here)
I'm one of those people that wouldn't screw someone over for a buck. I'm in the minority.
Technology could have solved this problem a better way. But leave it to the federal gov't to reign over another portion of our lives.
BULLSHIT, BULLSHIT, BULLSHIT! I've been listening to this anti-government crap for the past 5+ years in the discussions of spam. If technology has had the ability to solve this problem, then just when the hell was it going to happen? Are you waiting for Moses to come down from the mountain with a stone tablet proclaiming that it's time for you to deploy your technological solution? Spam has been increasing at an alarming rate and, with the exception of a tiny percentage of technically savvy users, most people have no technical solution to the problem. This law doesn't prevent you from rolling out the technical solution that you've been witholding for the past few years. Go ahead. Let me know when you've gotten every ISP, business, and individual running a mail server to adopt your heretofore secret spam solution.
It's like suggesting that we abolish laws against rape by reasoning that technology can solve that problem using chastity belts, mace, pepper spray, stun guns, and whistles.
If something is unethical and harms innocent people, then it should be illegal. The problem with the federal law is that it doesn't do nearly enough. But I'd rather that they outlaw some spam than make it all legal. Having a legitimate return address to clog with complaints is worth something to me.
Besides, even assuming that the law did work, who's to say that spammers can't skip the US and go live in, well, Nigeria? As long as spam makes money, there will be at least one country that invites spammers so as to boost their economy. Hence, this law, even if it had teeth, would be meaningless.
#define DRM chmod 000
I read over most of this law, and there doesn't seem to be anything unreasonable in it. Certainly nothing the DMA would want, does anyone have any proof of the claim that they drafted it?
I fear that this will not affect penis-enlargement spam but instead will be used to suppress mass e-mail dissent. China has a very similar law which prohibits the spread of 'false information'. Since the government defines what the 'truth' is, any antigovernment speech is automatically outlawed. In America, coprporations control the 'truth' through the corporate media as well as the government. Thus I predict in the future that anyone who sends anti-corporate or pro-union (for example) mass emails will be penalized under this law.
The fix... OK.
:) (but not geeks, oh no!)
Being a product of my time, my proposal is simply a mix of what I already see and know. Presumably what will actually happen is going to be totally different.
But here goes anyhow:
- First, treat viruses and worms and trojans as natural phenomena rather than the consequence of directed human activity. Assume that there will always be a new, smarter, more capable virus able to get around whatever locks we put into place.
- Second, assume that all data passing into a computer system is suspect, and must be discarded unless it can be accepted. Apply this paranoia at all levels from individual packets up to the contents of web forms.
- Third, use the techniques of genetic programming to evolve filters that work at each of these levels. Allow them to evolve rules for identifying valid and invalid data, and run them on live data mirrored from many places on the Internet. Use honeypot systems to attract parasitical software, and integrity checks to see how well filters perform, and to cull those that do worst.
In the final goal, every computer has a slightly different set of filters, inherited from other computers, recombined and improved over time.
Not just more variation in the landscape, but total variation, to the point where viruses will have to actively work to crack each individual computer (for this is the logical next step: if defences are built using the techniques of evolution, so will the parasites).
Using a biological model lets me predict some more effects:
- filters that find ways to co-opt parasitical software into the defense system
- computers having sex
- plagues
Ceci n'est pas une signature
I'd love to be contacted by strangers, depending on the distributed reputation of the person or machine contacting me.
If "James T. Kirk" sends me a message, and the fringes of my weighted Six Degrees of Separation net have never seen him before (newly generated cert for spam), or have seen him but say that he's a spammer (or maybe just an asshole in general), then I'll just ignore him.
If "Juicy Jane" sends me a message, and a few friends of friends trust her, even just a little bit, I'll give her the time of day.
--
Power to the Peaceful
Of course the law was written by, for and of the Direct Marketing Association. Karl Rove, President Bush Junior's boss at the White House, built his career on direct marketing (junk mail). That's where he developed his high respect for the American people.
--
make install -not war
For a quarantine system to actually improve the spam problem, you need some way of allowing legitimate email to get through without you having to check the list. In the case of C/R only people with legitimate email addresses who respond to your challenge get out of quarantine. Since 99.9% of spam uses fake addresses, C/R is incredibly effective.
Personally, I think that we need two additional things in order to start having effective spam prevention and enforcement:
- A socially accepted introduction mechanism which allows us to introduce ourselves to each other only if we have real, working email addresses. (C/R is one way to do this.)
- A legal framework for enforcing spam restrictions on anyone who continues to spam even though they have a real, working email address.
I like C/R. I think it's a good idea. I wish that everyone would get accustomed to it. Then everyone (including businesses) would be able to use it. Right now businesses don't like telling their customers that their email hasn't gotten through yet. That's a good way to lose a customer. But if everyone knew that this was the way that we had to operate, then even businesses could implement it. If everyone did this, then the cost of spamming would dramatically increase because every spammer would have to have a working email address. And if they had a working email address, then they'd have to deal with the bandwidth to handle all of the challenges (and bounces).But even then I think that spammers will continue to spam even from working email addresses. Which is where I think a legal framework comes in. If everyone uses C/R, and everyone has to have a real working email address in order to get through, then everyone who spams is trackable and enforcement can have some meaning.
$.02
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
As the director of spamhaus said on british television when asked about how the new british anti spam laws would help, he said, "well, actually, it'll stop, let me see
His argument was correct: basically spam will stop being sent from within jurisdictions that have anti spam laws, so the spammers will move offshore. Then you then need an international agreement - how the hell are you going to enforce anti-spam against an smtp originator from china that uses a local relay, even the US defence department can't get it right (http://www.interesting-people.org/archives/inter
Have international IPR laws have completely eliminated fake goods ? No. Will international spam laws completely eliminate spam ? No.
There's no silver bullet. Stop your moaning to suggest that anything that's happening isn't a silver bullet.
As the economist pointed out, the real issue is economics. Fundamentally, it costs virtually nothing for a spammer to send so much spam. The only effective way to resolve the problem is to change the economics so that a spammer incurs some cost. When I say cost, I don't actually mean monetary cost. For example, the anti-spam systems that rely upon individual tokens replies institute a resource/time cost on the sender: this kind of works on a small scale.
I don't know what the proper solution is either; but it'll be a mix of (a) law, or psuedo-law (just like the laws we have with anti-invasitory direct marketing phone calls and junk mail), (b) technical measures.
It looks like the ball on (a) is rolling. Sounds like the technical community needs to put some work into (b) - spam catchers / filters / etc don't seem to be the real solution, something has to alter about the way we send and receive email itself.
Nope. For one thing, American companies sending spam, even if they were to do it through a server in Nigeria, could still be prosecuted. Even if it were difficult to enforce, making it explicitly illegal would discourage many would-be spammers.
But this law, it is not irrelevant. It encourages them to collect email addresses, which will be sold to less scrupulous spammers. Spammers from other countries will be pretending to be Americans subject to this law, just so they can collect functional address lists when people reply to "unsubscribe". It couldn't possibly be much worse.
Spam is normally untargetted, bulk email.
UCE, without the bulk modifier, is called doing business in the USA.
If I see a website that I want to do business with, I find the contact information and send an email. If you aren't careful in the law, my email can be construed as spam.
Targetted lead generation is part of how small businesses generate new business.
Under this law, AT&T's new subsidiary can email ANYONE, but my small business that competes with it cannot?
This isn't pro-spam, it's anti-small business, pro-big business regulations...
Ah, when the GOP's fascist wing (state and big business in combination) combines with the Democrat's communist anti-business wing, and they can wrap it all up in populist rhetoric.
A frustrated Republican,
Alex
i use hushmail, and it has a human authenticator system...
any user not on my allow list is sent an email to validate they are a person (it sends them to a link and they have to click on a moving icon in a picture)...
if they do this, their email automatically goes to my inbox, otherwise it gets grouped with the spam...
it actually works pretty well...
a system like this combined with an opt-in system would work pretty well, i think...
I no longer have my e-mail address posted on my web-site because I was getting so much spam. I use a PHP SMTP form instead which sends me e-mails from one of my accounts to another of my accounts which bypasses all filters except content. If they want me to e-mail them back they can include their e-mail address.
E-mail addresses change constantly anyway. Give people you don't know your domain and just have a web-form. If you want to e-mail them, add them to your white-list. It's easier to remember a domain name than an e-mail address anyway.
Ben
Work Safe Porn
Actually, don't bother, I can tell that your definition would almost certainly suck.
I don't know about his definition of it, but mine is pretty good. I've gotten my last three jobs because of email from people I didn't know. Former co-workers had referred me...co-workers whose current addresses I don't know. If email were opt-in, I'd probably still be fixing printers for $8 an hour.
And let's not forget this one: you email help@somecompany.com and get a personal response from JoeTheThirdLevelTech@somecompany.com. Guess what? Your email server bounces it. No help for you, opt-in boy!
Webslum, and hundreds of other businesses, rely on email as its sole infallible point of contact between customers, potential customers, and the supply chain. There's no way we'd survive opt-in only. We'd have to use a new method of contact that was wide open, like IM...and then the spammers would just use that!
And lastly: your girlfriend visits her uncle's house, and can't get her email working. She misses you, and sends a message from his account. You don't respond, so she sends another. Now she's pissed. Your smug opt-in ass has no way to reach her.
Opt-in only is the most retarded idea I've ever heard for the problem of spam aside from the email tax (buhahahahaha). It's throwing out the baby, the bathwater, and a whole bunch of other shit to solve a comparably minor problem.
Hey freaks: now you're ju