U.S. Spam Law to Take Effect Jan. 1

We lead with news that the U.S. 'anti'-spam law, written largely by the Direct Marketing Association, will enter into effect on January 1. The bill preempts existing state laws which are tougher (states' rights anyone?), so for many citizens, this is purely a pro-spam law. The FTC is thinking about bounty hunters to enforce the new law (which you can and probably should read for yourself).

Opt-in for all email...

[shakamojo]

The problem is that our current email system is flawed... one of the best solutions (or actually work-arounds) for the current protocol is obvious, and already being used by several major ISPs... opt-in for ALL email. I know a few people who do this (their server rejects email from all senders except those on an approved list) and it works very well for them, but the average Joe wants both convenience AND security for their email, so the hassle of having to "approve" folks is not worth it (apparently it's easier to weed the 30 or 40 legit emails out of the 100's of spam messages)

Face it, email, in its current incarnation, is inherently flawed. Until we actually change the way we implement and use email (perhaps even changing protocols) we will continue to have spam problems. Even Britain's "opt-in" version of anti-spam legislation has done little to curb the problem. The US "opt-out" version is even worse! When a prominent spammer is quoted as saying this 'anti'-spam legislation "makes my day", you KNOW it's a bad law!

I think that the problem needs to be tackled from a technical standpoint, rather than a legal one. If we were able to improve the system, legislation like this wouldn't be necessary!

Re:Opt-in for all email...

[TyrranzzX]

Our current e-mail system isn't flawed. It does it's job nicely; sending and receiving electronic e-mail. The problem is that it does this too well and without prejudice. So one or two assmunchers can fudge the entire thing up by abusing it.

The protocol can be changed, but at the end of the day I think we'll find e-mail has the same flaws as snailmail. This is why we call it an arms race; 2 sides continueously getting a bigger gun until one eventually blows the other out of the water and wins.

I may have to wade through 50 fucking advertisements from goddamn marketers, and lord knows those aren't minutes of time I'll get back and if I could get my hands on these scum I'd drop the hammer in a second. But at the end of the day, at least I get my e-mail unhindred, unfiltered, uncensored, and most importantly, unread. If I weren't so lazy, I'd setup mozilla's e-mail proggie with a bayesian filter or something else. There ARE ways to conquer advertisers, and the people already have weapons like the ones I mentioned to combat it that are far more powerful than the advertisers can think up.

My only worry at this point is how the US goverment is going to fsck up our free speech rights on the net. We've already got things like carnavore and echelon that are probably being used, I'v got a poster on my wall showing most traffic going through alternet and I know there's proof of the goverment putting taps on major lines. *gets shady eyed*

Isn't a weak federal law better?

[October_30th]

Isn't even a weak federal law bettern than a strong local law?

The federal law is general - you can't escape it across the state borders?

Re:Isn't a weak federal law better?

[Shalda]

Isn't even a weak federal law bettern than a strong local law?

No, definately not. Firstly, federal law should only ever trump state law when state boundries are crossed. A spammer that sends spam from Virginia to Virginia should still be held accountable to Virginia law on the subject. Secondly, the only provision in the new law that has any potential is the "do not spam registry". That won't stop the illegal spammers, but it will stop those that pretend to be legit (which for me is about 50% of my spam traffic.)

All this law has done is kill the few useful state anti-spam laws that are on the books. Besides, it's hard to escape state laws by crossing state borders. Recently, North Carolina extradited 2 spammers to VA for fellony spamming charges.

However, one area that can still be prosecuted at the state and local level is obscenity charges. If you can track down a porn spammer, who incorporates explicit images in their message, your local District Attorney can file charges. If the message was sent to a minor, that's usually a fellony. Yet, I'm amazed that no one is really persuing this that I've seen. Probably because it's a real pain to track down the source of messages sent over hacked machines.

hotmail

[Cat_Byte]

I have to wonder if some spammers are already backing off in anticipation of this or if hotmail did something about spam. I went from about 200/day to about 4/day as of about 3 days ago. I thought my account was messed up and had to email myself to see if it was working.

Wouldn't it be great if that was a preview of things to come if this bill works? Yeah it's not exactly what we wanted but it does restrict them quite a bit and opens them up for legal repercussions for spam-blasting pron to teenagers. Things won't be as easy as harvesting addresses & blasting users with crap. I personally like it. If they don't have working unsubscribe mechanisms, forge headers, relay off of unsuspecting users, etc they can be prosecuted.

It... will... not... work...

[heironymouscoward]

After the war on drugs, the wars on poverty, the war on terror... no the war on spam?

You cannot legislate away structural problems. Spam is the direct consequence of having an unprotected communications ecosystem. Communications represent a resource and spammers exploit weaknesses in protocols, interfaces, and operating systems to steal this resource from others.

This law will simply harden the existing bonds between spammers, criminals, and virus writers. Expect the fight to escalate, and your inbox to get fuller of junk.

Legislating against spammers will simply mean that spamming will become a criminal activity. Since some of the largest and most profitable and fastest growing businesses in the world are criminal (drugs, weapons, slavery, stolen antiques & art), what government can be so naive as to hope that this can succeed?

There is only one answer and I've bored Slashdotters with this often enough. Understand that the Internet acts like an organic ecosystem, where parasites evolve according to basic and unalterable rules that govern all ecosystems, natural or artificial. Understand that there are also ways to combat such parasites, based on variation, mutation, and recombination. Explore and develop these techniques.

Yeah, whatever

[Otter]

I understand there are people for whom spam is an essentially religious issue. (Despite the fact that most of them never actually used the Internet back when ancient notions of "netiquette" were still in play, they believe the unofficial rules of 1993 are somehow divinely ordained.) And I understand that any measure that doesn't address the purity of their positions is worse than nothing.

But most of us are just sick of getting 500 "PAR1S H1LTON S*X TAPE!!!!!" emails every day. And I'm particularly sick of the assholes forging my domain in headers, further flooding my inbox and prompting mailbombs and death threats from the aforementioned righteous and holy. If a measure bans domain forging and creates a national Do Not Spam list, I can more than live with the occasional opt-out mail from E-Bay. Sorry.

Read my lips, no more spam.

[zwanglos]

Three things strike me about this law:
1. After reading the text, it does not include the word "bulk" in any context for spam, which basically means that any single person email to another person (even if sent in good faith) could be applicable to the law if the receiver deems it "spam." I think that is a mistake.

2. It limits statutory damages for civil violations. This is ridiculous, is it really necessary to protect the spammers, basically the most hated group of people within the net?.

3. It still allows "spam" email from charities, religious organisations and government bodies. Now all I need is my penis enlargement emails coming to me from the church of large testicles. Seriously though, why is junk mail from churches or the even the government for that matter better than my daily breast enlargement emails?

Re:Please opt-out - 10,000 times

[Scrameustache]

Even if spammers follow the law, you'd have to opt-out for every "company" [that] spams you.

Well, at least no spammer would ever ruin their great brand recognition and close down shop only to open up again under a new name every couple weeks...

/sarcasm

California's tougher law still has some effect

[Animats]

California's tough spam law is mostly preempted by the new Federal law. But not entirely. The preemption clause reads

• This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.

So for any spam that has a forged header or a misleading subject, California's new law, with the $1000 per spam penalty, will still apply. California allows private suits in small claims court by any party. So you can haul the bozos into court. Maybe even across state lines.

A year or two from now, we'll be rid of the chickenboners, but we'll be getting even more spam from "legitimate businesses".

Re:What is going on in the US?

[wmspringer]

People complain about the bill because, due to the way it is written, it is likely to actually increase spam as people reply to spams believing they'll actually be removed.

And the parent is NOT flamebait :-p
It's a valid question.

More anti-government ranting...

[fmaxwell]

Technology could have solved this problem a better way. But leave it to the federal gov't to reign over another portion of our lives.

BULLSHIT, BULLSHIT, BULLSHIT! I've been listening to this anti-government crap for the past 5+ years in the discussions of spam. If technology has had the ability to solve this problem, then just when the hell was it going to happen? Are you waiting for Moses to come down from the mountain with a stone tablet proclaiming that it's time for you to deploy your technological solution? Spam has been increasing at an alarming rate and, with the exception of a tiny percentage of technically savvy users, most people have no technical solution to the problem. This law doesn't prevent you from rolling out the technical solution that you've been witholding for the past few years. Go ahead. Let me know when you've gotten every ISP, business, and individual running a mail server to adopt your heretofore secret spam solution.

It's like suggesting that we abolish laws against rape by reasoning that technology can solve that problem using chastity belts, mace, pepper spray, stun guns, and whistles.

If something is unethical and harms innocent people, then it should be illegal. The problem with the federal law is that it doesn't do nearly enough. But I'd rather that they outlaw some spam than make it all legal. Having a legitimate return address to clog with complaints is worth something to me.

Challenge accepted

[heironymouscoward]

The fix... OK.

Being a product of my time, my proposal is simply a mix of what I already see and know. Presumably what will actually happen is going to be totally different.

But here goes anyhow:

- First, treat viruses and worms and trojans as natural phenomena rather than the consequence of directed human activity. Assume that there will always be a new, smarter, more capable virus able to get around whatever locks we put into place.

- Second, assume that all data passing into a computer system is suspect, and must be discarded unless it can be accepted. Apply this paranoia at all levels from individual packets up to the contents of web forms.

- Third, use the techniques of genetic programming to evolve filters that work at each of these levels. Allow them to evolve rules for identifying valid and invalid data, and run them on live data mirrored from many places on the Internet. Use honeypot systems to attract parasitical software, and integrity checks to see how well filters perform, and to cull those that do worst.

In the final goal, every computer has a slightly different set of filters, inherited from other computers, recombined and improved over time.

Not just more variation in the landscape, but total variation, to the point where viruses will have to actively work to crack each individual computer (for this is the logical next step: if defences are built using the techniques of evolution, so will the parasites).

Using a biological model lets me predict some more effects:

- filters that find ways to co-opt parasitical software into the defense system
- computers having sex :) (but not geeks, oh no!)
- plagues

Webs of trust...

[Saeger]

Don't you want to be able to receive legitimate e-mail from people you haven't met yet?

I'd love to be contacted by strangers, depending on the distributed reputation of the person or machine contacting me.

If "James T. Kirk" sends me a message, and the fringes of my weighted Six Degrees of Separation net have never seen him before (newly generated cert for spam), or have seen him but say that he's a spammer (or maybe just an asshole in general), then I'll just ignore him.

If "Juicy Jane" sends me a message, and a few friends of friends trust her, even just a little bit, I'll give her the time of day.

--

Re:Quarantine Digests

[mjh]

Use opt-in, and if you get a message from somebody that isn't on the list, it gets quarantined. Once a day (or however often) you get a digest that lists all the quarantined messages, their senders, the subjects. Next to each list item is a link that allows you to release/view the quarantined mail.

As someone how uses a Challenge/Response (C/R) system, I'm not sure I understand what the point would be of getting a list of quarantined email. How is scanning that list and manually looking at the good things substantially different than scanning your list of emails and only reading the ones that don't look like spam?

For a quarantine system to actually improve the spam problem, you need some way of allowing legitimate email to get through without you having to check the list. In the case of C/R only people with legitimate email addresses who respond to your challenge get out of quarantine. Since 99.9% of spam uses fake addresses, C/R is incredibly effective.

Personally, I think that we need two additional things in order to start having effective spam prevention and enforcement:

1. A socially accepted introduction mechanism which allows us to introduce ourselves to each other only if we have real, working email addresses. (C/R is one way to do this.)
2. A legal framework for enforcing spam restrictions on anyone who continues to spam even though they have a real, working email address.

I like C/R. I think it's a good idea. I wish that everyone would get accustomed to it. Then everyone (including businesses) would be able to use it. Right now businesses don't like telling their customers that their email hasn't gotten through yet. That's a good way to lose a customer. But if everyone knew that this was the way that we had to operate, then even businesses could implement it. If everyone did this, then the cost of spamming would dramatically increase because every spammer would have to have a working email address. And if they had a working email address, then they'd have to deal with the bandwidth to handle all of the challenges (and bounces).

But even then I think that spammers will continue to spam even from working email addresses. Which is where I think a legal framework comes in. If everyone uses C/R, and everyone has to have a real working email address in order to get through, then everyone who spams is trackable and enforcement can have some meaning.

$.02

Re:+5 insightful? Re:Opt-in for all email...

[dasmegabyte]

Actually, don't bother, I can tell that your definition would almost certainly suck.

I don't know about his definition of it, but mine is pretty good. I've gotten my last three jobs because of email from people I didn't know. Former co-workers had referred me...co-workers whose current addresses I don't know. If email were opt-in, I'd probably still be fixing printers for $8 an hour.

And let's not forget this one: you email help@somecompany.com and get a personal response from JoeTheThirdLevelTech@somecompany.com. Guess what? Your email server bounces it. No help for you, opt-in boy!

Webslum, and hundreds of other businesses, rely on email as its sole infallible point of contact between customers, potential customers, and the supply chain. There's no way we'd survive opt-in only. We'd have to use a new method of contact that was wide open, like IM...and then the spammers would just use that!

And lastly: your girlfriend visits her uncle's house, and can't get her email working. She misses you, and sends a message from his account. You don't respond, so she sends another. Now she's pissed. Your smug opt-in ass has no way to reach her.

Opt-in only is the most retarded idea I've ever heard for the problem of spam aside from the email tax (buhahahahaha). It's throwing out the baby, the bathwater, and a whole bunch of other shit to solve a comparably minor problem.